SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
10 Mar 2017

Spammers expose over a billion email addresses after failed backup

At its height, River City Media, run by Alvin Slocombe and Matt Ferris, sent out a billion emails a day, slamming Gmail servers with fragmented traffic in order to ensure all of its email went out on time.

After failing to password-protect a remote backup, however, the company has exposed its nearly 1.4 billion email records, some of which contain real names and addresses. The company, for all intents and purposes, is sunk but the privacy implications of this trove of data are staggering.

Discovered by a security researcher for MacKeeper, Chris Vickery, the leaked data appeared as a result of a failed rsync backup – essentially a remote backup gone wrong. The data sat on an exposed server for months, allowing Vickery – and anyone else – access to chat logs, emails, and, most important, the company’s massive email list. Vickery feels, well, victorious.

“I found an rsync server on port 873 that they had not put any password or security of any sort on and it has led to he downfall of a criminal enterprise,” he said. “I’m hoping that they’ll be out of business soon but that would largely depend on actions by law enforcement. If you’re sitting behind bars it’s hard to spam.” He also found the list to be quite unruly.

“I’m still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate,” Vickery told. “The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location.”

Slow Loris

The multiple RCM spam techniques were extraordinary. The company would first send out tens of thousands of “warm-up emails” to their own email addresses on Gmail and other servers. Because these emails would never bounce or send complaints – they were owned by RCM after all – the security systems wouldn’t notice the rest of the emails exploding out of the servers.

Further, the spammers would send fragmented data slowly – technically a “slowloris” attack – while requesting multiple connections under the guise of error correction. Then, when all the servers were accepting data, they would “stuff as much packet data” into the servers as they could before disconnection. Vickery has spent the last few days going through the massive data dump and has found the weapons spammers use to attack mail servers.

“There are scripts in here for all sorts of nefarious things that may or may not be patched already. I will go into more detail after I talk to Gmail, Microsoft, and Yahoo,” he said. He estimates that the company had only twenty actual hardware servers and instead used “backroom dealings” with friends and affiliates to send out the bulk of their spam, partners who are now refusing to work with RCM. Ad partner Amobee, for example, has disowned the company. “They have tons of developed software for hiding their own mail servers, making themselves look like other people, and spoofing email address,” said Vickery. They called these “Projects” and there were hundreds of them.

Flatline

RCM has always been on The Register of Known Spam Operations (ROKSO) and has used over 2,199 IP addresses to send out email making it wildly difficult to block. It has done campaigns for Nike, Gillette, Victoria’s Secret, Covergirl, and AT&T, among others although these big names didn’t use RCM directly but were shunted onto the spammers by other, presumably legitimate, marketing firms. Vickery believes this leak and the associated data will put RCM out of business indefinitely.

“As far as the RCM email spam empire goes it’s going to be very hard for them to operate in the near future,” he said. But this won’t stop all spam forever. This, in the end, is a major victory in an ongoing war. “I’m sure somebody else will step into the void they left,” Vickery said.

Tags:
information leaks spam
Source:
TechCrunch
1516
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015