ATLANTA – A Canadian has been charged after computer hackers stole a whopping one billion email addresses from U.S. marketing companies in what authorities described Friday as one of the largest digital data breaches in history.
Three people were indicted on federal charges in what U.S. Assistant Attorney General Leslie Caldwell called “the largest data breach of names and email addresses in the history of the Internet.”
One of the accused is David-Manuel Santos Da Silva, 33, of Montreal. He is charged with taking part in a money-laundering conspiracy that allegedly netted $2 million between May 2009 and October 2011.
Prosecutors allege he entered into a marketing agreement with the other two men charged that enabled them to profit from sales generated by the spam emails.
The other men are Viet Quoc Nguyen, 28, and Giang Hoang Vu, 25, who are both citizens of Vietnam.
Vu pleaded guilty to a single count of conspiracy to commit computer fraud before a federal judge last month. He has not been sentenced.
Nguyen has been indicted on 29 counts including charges of wire fraud and computer fraud.
He remains a fugitive.
Unsealed documents from the U.S. Justice Department allege Da Silva used his Montreal-based company 21 Celsius, which ran a website called Marketbay.com, to “promote Nguyen’s hacking and spamming activities by providing him with a platform, through Marketbay.com.”
“Da Silva allegedly knew that Nguyen was spamming to stolen email addresses in order to direct high volumes of internet traffic to his affiliate marketing websites with Marketbay.com,” read a news release from the U.S Attorney’s Office.
The Justice Department documents describe Da Silva as a co-owner, president and a director of 21 Celsius.
U.S. authorities say Da Silva was indicted by a federal grand jury Wednesday for conspiracy to commit money laundering with Nguyen and others.
He was arrested at Fort Lauderdale International Airport in Florida on Feb. 12 and was scheduled to be arraigned in an Atlanta courtoom on Friday.
Calls to 21 Celsius, were not returned Friday.
Authorities said the case is significant because of the scale of the information stolen.
Acting U.S. Attorney John Horn said hackers targeted marketing companies that send bulk emails to customers of their commercial clients. They gained access to the firms’ computer systems by sending emails with hidden malware to the marketing companies’ employees.
The hackers not only stole hundreds of millions of email addresses, Horn said, but also succeeded in using the marketing firms’ own systems to send the hackers’ spam messages.
The case is being prosecuted in Georgia because that’s where computer servers were located for two of the marketing firms that were hacked. Nguyen and Vu were indicted in October 2012 but those charges were sealed from public view until after the case against Da Silva was filed Wednesday.