US Charges Pair in Largest Email Breach in ‘History of the Internet,’ UK Cybercrime Dragnet Nabs 57

March 9, 2015

US Charges Pair in Largest Email Breach in ‘History of the Internet,’ UK Cybercrime Dragnet Nabs 57 Law enforcement agencies in the U.S. and U.K. brought two significant cybercrime investigations to a close last week with arrests and indictments. The U.S. Department of Justice on Friday unsealed an indictment against two Vietnamese citizens living in the Netherlands who the agency said had stolen more than a billion names and email addresses from email service providers. Assistant Attorney General Leslie Caldwell said the men, who operated from Vietnam, the Netherlands and Canada, had perpetrated the “largest data breach of names and email addresses in the history of the Internet.”

While the investigation said the email addresses were used primarily to spam consumers rather than hijack identities and accounts, the scale of the thefts was the remarkable aspect.

“This case reflects the cutting-edge problems posed by today’s cybercrime cases, where the hackers didn’t target just a single company; they infiltrated most of the country’s email distribution firms,” said Acting U.S. Attorney John Horn.  “And the scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data—they then hijacked the companies’ own distribution platforms to send out bulk emails and reaped the profits from email traffic directed to specific websites.”

Also on Friday, the U.K.’s National Crime Agency (NCA) concluded a cybercrime dragnet, arresting 57 people for hacking, phishing and DDoS attacks against a host of companies and individuals including Yahoo and the U.S. Department of Defense. The four-day operation comprised 25 raids in several U.K. cities. The NCA leveraged the media, allowing the BBC access to one of the operations, in an effort to show cybercriminals they are not completely safe from prosecution.

“One of the reasons that cybercrime has become so widespread is that the chances of getting caught are too close to zero, so its good news that the NCA’s teeth is biting,” Malcolm Marshall, KPMG’s cyber security practice leader, told a U.K. publication. “The success of their efforts will depend upon the justice systems ability to respond as effectively. Cybercrime is no longer a niche crime, but pervasive.”