Spammers Built a list of 1.4 Billion Emails and Leaked it over the Internet. Do you read all the terms and conditions of any service you use or sign up for? Or do you just click on ‘I Agree’? Most of us do. Mainly because we do not understand the legal print and its meaning. We do not have the skill set to interpret it.
But sometimes the simple click on ‘I Accept’ and lead to something hazardous. Sometimes the service has written that they will share our personal details with ‘carefully selected partners’ who then share the details with their ‘carefully selected partner’ and on and on, and suddenly our details are not so personal anymore.
It was through this, and many other more complicated methods the legitimate marketing company, River City Media (RCM) was successful in creating a list of 1.4 billion email addresses, along with people’s real names, IP addresses, and their physical addresses.
The company, RCM was responsible for an enormous amount of spam sent with almost a billion emails sent out each day. They created a sophisticated method and confusing techniques to overpower email providers protection.
According to Chris Vickery, a researcher with MacKeeper Security:
“… a RCM co-conspirator describes a technique in which the spammer seeks to open as many connections as possible between themselves and a Gmail server. This is done by purposefully configuring your own machine to send response packets extremely slowly, and in a fragmented manner, while always requesting more connections.
Then, when the Gmail server is almost ready to give up and drop all connections, the spammer suddenly sends as many emails as possible through the pile of connection tunnels. The receiving side is then overwhelmed with data and will quickly block the sender, but not before processing a large load of emails.”
This technique is known as is known as a Slowloris attack; it overwhelms the target into handling large quantity of bulk mail. The details regarding this have been forwarded to Apple, Microsoft, and relevant law enforcement agencies.
RCM didn’t lose its massive email list through hacking, but by having an unsecured Rsync directory. It should be mentioned here that decisive action has been taken by Spamhaus which has blacklisted the entirety of RCM’s infrastructure.