Two plead guilty to stealing personal information of millions
Database theft generated $2m in illegal profits
Two men have admitted to running a computer hacking and identity theft scheme which hijacked customer email accounts, stole personally identifiable information (PII) from millions of people, and generated more than $2m in illegal profits.
In a press release the US Department of Justice named Tomasz Chmielarz, 33, of Rutherford, New Jersey, and Devin James McArthur, 28, of Ellicott City, Maryland as pleading guilty to a series of fraud-related activities in connection with computers and email.
Chmielarz claims he was approached by Timothy Edward Livingston, 30, of Boca Raton, Florida, who allegedly operated a business that specialized in sending unsolicited, or “spam,” emails on behalf of its clients.
According to documents filed at court, Chmielarz admitted that he had been asked to write computer programs that send spam in a manner that conceals the true origin of the email and bypasses spam filters.
Livingston, Chmielarz and McArthur are alleged to have worked together to steal databases containing the PII of millions of Americans for use in spam campaigns.
McArthur worked as a sales representative at a corporation identified in the indictment as “Corporate Victim 4,” which is understood to be Comcast. In a series of online chats in August 2014, Livingston, Chmielarz, and McArthur discussed using McArthur’s position at Comcast to steal confidential business information, including the PII of millions of the company’s customers, said the release.
McArthur estimated that they had succeeded in stealing 24.5 million records from Comcast.
In another online chat, Livingston told Chmielarz that the database they were going to steal from Corporate Victim 3 contained 10 million records. Livingston subsequently paid Chmielarz to write a computer program to steal the database.
Livingston and Chmielarz allegedly used proxy servers and botnets to remain anonymous, hide the true origin of the spam, and evade anti-spam filters and other spam blocking techniques.
The charges of conspiracy to commit fraud and related activity in connection with computers and conspiracy to commit fraud and related activity in connection with electronic mail to which Chmielarz pleaded guilty each carry a maximum potential penalty of five years in prison and $250,000 fine, or twice the gain or loss from the offense.
The conspiracy to commit wire fraud charge to which McArthur pleaded guilty carries a potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or loss from the offense. Sentencing for both defendants is scheduled for Sept. 13, 2016.
Livingston is scheduled for trial on Oct. 13, 2016, before Judge Martini. The charges and allegations against him are merely accusations and he is considered innocent unless and until proven guilty. ®
Sponsored: Becoming a Pragmatic Security Leader