On Wednesday, the U.S. Justice Department announced that it had obtained convictions against a cybercrime gang that committed securities fraud through the use of botnets and spam. Oddly enough, none of the botmasters or spammers who assisted in the scheme were brought to justice or identified beyond their hacker handles. This blog post may change that.
The defendants who pleaded or were found guilty in this case were convicted of orchestrating “pump-and-dump” stock scams. These are schemes in which fraudsters buy up low-priced stock, blast out millions of spam e-mails touting the stock as a hot buy and then dump their shares as soon as the share price ticks up from all of the spam respondents buying into the scam.
A press release from the U.S. Attorney for the District of New Jersey noted that ringleader of the scam, 44-year-old Christopher Rad, of Cedar Park, Texas, communicated with the spammers via Skype, addressing them by their hacker aliases, such as “breg,” “ega,” “billybob6001” and “be3ez12”. But something in my memory clicked when I saw that last nickname.
So I had a look at the data on the top spammers who worked for SpamIt, a cybercrime organization that paid spammers to promote rogue Internet pharmacies. Sure enough, it turns out that a SpamIt affiliate who used the screen name “be3ez12” made more than USD $186,000 blasting junk email for SpamIt between 2007 and 2010. Be3ez12 registered with SpamIt using the email address dpsmteam4@yahoo.com, which has a rich history dating back to at least 2003. A hacker using the nickname “be3ez12” also spammed for a competing rogue online pharmacy program — Rx-Promotion — although I don’t have earnings data for that account (for more on how I acquired the SpamIt and Rx-Promotion data, see my Pharma Wars series).
In 2003, prior to the creation of either pharmacy program, a user named Rahul123 registered with that dpsmteam4@yahoo.com address on the (NSFW) adult Webmaster forum gofuckyourself.com. Over the course of the next year or so, Rahul123 posted at least 40 discussion threads blatantly offering to spam just about anything for anyone who would hire his services.
It’s not clear yet what botnet or other method Rahul/be3ez12 used to blast out his spam during the time he allegedly aided in these stock scams, but there are some intriguing clues about his identity in real life. The dpsmteam4@yahoo.com address is tied to a single Facebook account, which features the identity of a Rahul Sachdeva, a 26-year-old currently living in Deer Park, NY. Further searching on this individual shows that he is the owner of a company in Deer Park called Online Business Marketing Management Inc.
Granted, this could all be a hoax or a strange coincidence. To my knowledge, Mr. Sachdeva has not been charged with any crime. Nobody answered at the phone numbers assigned to Sachdeva or his company, and requests for comment sent to the dpsmteam4@yahoo.com address went unanswered.
Nice. Good work. I always look forward to seeing new posts on this blog. It’s fascinating reading about these not so bright individuals.
I think he is not so dumb since he has made many 100s of thousands of $ running this scam. Clearly Brian is smarter though…
I’ll say this… If I was making hundreds of thousands of dollars spewing out spam, you couldn’t find me if you used clairvoyance or magic. 🙂
Why don’t these guys ever think about devoting some of that money to insuring their own security? It’s not rocket science.
Minor typo. Last paragraph, “has not be charged”
Excellent research and thanks for keeping it real…
Once again I’m sort of amazed (I get less and less amazed as it happens over and over) at how lax these criminals are about hiding their identity.
How hard is it to keep your “legitimate” manifestation of your online identity – eg. a Facebook account – seperate from your criminal online identity. It’s not hard to make another email account, use another user account etc etc to keep these two identities seperate…. at least that’s how I look at it.
That would mean he made $186,000 as a 17 year old. And here I was, making $8/hr at that age.
Again, just today I read that the UK cops caught one of the Anon guys by matching his handle via a Google search. He re-used a handle from his legit activities for his criminal activities. How stupid is that?
I don’t know how many hackers have been caught that way, but it’s a lot.
If you’re going to do crime online, you need an absolutely air-gaped, isolated identity for that.
And that means you can’t even use the same PHRASES you use in conversation under the legit identity. Remember the movie, “The Italian Job?” Charlize Theron was detected by Ed Norton as Mark Wahlberg’s plant when she quoted her father’s favorite phrase. Yes, the cops do look for stuff like that!
I can think of some factors, first is as a nobody they’re looking for contacts and other criminals tend to not do “business” with people they don’t know. So they’re building basic confidence… (and at some point start a careless journey).
Note: that “single facebook account” link is now returning “No results found for your query.”.
So he definitely knows about your story, it appears. 🙂
SiL / IKS / concerned citizen
Ah. I thought that might happen. So I took a screen shot.
http://krebsonsecurity.com/wp-content/uploads/2012/12/Rahul.png
Lol he looks like a wantabe Gangsta . Sounds like he is running great work Brian .