Posts Tagged: Peter Holden


2
Sep 19

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company’s commercial email practices.

Prior to its acquisition, Adconion offered digital advertising solutions to some of the world’s biggest companies, including Adidas, AT&T, Fidelity, Honda, Kohl’s and T-Mobile. Amobee, the Redwood City, Calif. online ad firm that acquired Adconion in 2014, bills itself as the world’s leading independent advertising platform. The CEO of Amobee is Kim Perell, formerly CEO of Adconion.

In October 2018, prosecutors in the Southern District of California named four Adconion employees — Jacob Bychak, Mark ManoogianPetr Pacas, and Mohammed Abdul Qayyum —  in a ten-count indictment on charges of conspiracy, wire fraud, and electronic mail fraud. All four men have pleaded not guilty to the charges, which stem from a grand jury indictment handed down in June 2017.

‘COMPANY A’

The indictment and other court filings in this case refer to the employer of the four men only as “Company A.” However, LinkedIn profiles under the names of three of the accused show they each work(ed) for Adconion and/or Amobee.

Mark Manoogian is an attorney whose LinkedIn profile states that he is director of legal and business affairs at Amobee, and formerly was senior business development manager at Adconion Direct; Bychak is listed as director of operations at Adconion Direct; Quayyum’s LinkedIn page lists him as manager of technical operations at Adconion. A statement of facts filed by the government indicates Petr Pacas was at one point director of operations at Company A (Adconion).

According to the indictment, between December 2010 and September 2014 the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive.

The government alleges the men sent forged letters to an Internet hosting firm claiming they had been authorized by the registrants of the inactive IP addresses to use that space for their own purposes.

“Members of the conspiracy would use the fraudulently acquired IP addresses to send commercial email (‘spam’) messages,” the government charged.

HOSTING IN THE WIND

Prosecutors say the accused were able to spam from the purloined IP address blocks after tricking the owner of Hostwinds, an Oklahoma-based Internet hosting firm, into routing the fraudulently obtained IP addresses on their behalf.

Hostwinds owner Peter Holden was the subject of a 2015 KrebsOnSecurity story titled, “Like Cutting Off a Limb to Save the Body,” which described how he’d initially built a lucrative business catering mainly to spammers, only to later have a change of heart and aggressively work to keep spammers off of his network.

That a case of such potential import for the digital marketing industry has escaped any media attention for so long is unusual but not surprising given what’s at stake for the companies involved and for the government’s ongoing investigations.

Adconion’s parent Amobee manages ad campaigns for some of the world’s top brands, and has every reason not to call attention to charges that some of its key employees may have been involved in criminal activity.

Meanwhile, prosecutors are busy following up on evidence supplied by several cooperating witnesses in this and a related grand jury investigation, including a confidential informant who received information from an Adconion employee about the company’s internal operations. Continue reading →


3
Aug 15

‘Like Cutting Off a Limb to Save the Body’

This author has spent many years chronicling the exploits of black hat spammers who use hacked computers to relay junk email. But I’ve dedicated comparatively little time delving into ways of email marketers who technically follow U.S. anti-spam laws yet nevertheless engage in spammy practices. The latter is able to ply their trade because there are thousands of Internet hosting companies operating on thin profit margins that are happy to host spammy but lucrative clients. This is the story of how one hosting company heroically kicked out all of its email marketing customers at great expense and ended up building a stronger, more profitable company in the process.

emailgraphicA serial entrepreneur as a young teenager, Peter Holden founded several online companies by the time he turned 20 and started Tulsa, Okla.-based hosting firm HostWinds. The company grew modestly but steadily — relying on more than two dozen servers and bringing in revenues of about $15,000 per month.

That is, until Holden got his first email marketing client who offered to double HostWind’s monthly income in one day.

“I remember driving down from Tulsa to Oklahoma City to visit this client,” said Holden, now 25. “It was July 2012, and it was super hot in the car because I didn’t have air conditioning. But I remember thinking it was really cool to have a client who was local and interested in using our services.”

That one client’s business would not only double HostWind’s income, but it gave the company much-needed funds to invest in building out the firm’s technical infrastructure. Good thing, too, because the email marketing client soon referred more e-mailers to HostWinds, which was forced to petition the American Registry for Internet Numbers (ARIN) for thousands of additional Internet addresses to accommodate its new clientele.

“Fast forward about two years, and we now have a lot of mailers on our network,” Holden said. “Throughout all of this, one client introduced me to another client, and another.”

All of them swore up and down that they were following U.S. anti-spam laws to the letter. The CAN-SPAM Act was intended to make it more expensive and difficult for email marketers and spammers to send unsolicited junk email, but critics say it is essentially toothless and rarely enforced. Under CAN-SPAM, commercial emails can’t be spoofed (i.e., the address in the “from;” field can’t be faked or obfuscated), and the messages must give recipients a simple way to opt-out of receiving future missives.

“Legally speaking, we didn’t have any client on our network who broke the law. My dad was a lawyer and we’d routinely terminate anyone who violated our policies,” Holden said. “Ultimately, I think the fact that these clients were able to pay their bills on time — and their bills were massive — gave them some sort of air of legitimacy.”

HOW MANY SPAMS CAN A SPAMMER SPAM IF A SPAMMER CAN-SPAM SPAMS?

From the perspective of anti-spam groups, the main problem with the CAN-SPAM act is that it doesn’t require marketers to get opt-in approval from people before spamming them. Also, many large-scale junk email operations are not too dissimilar from spam campaigns run by cybercrooks — except instead of routing the mail through PCs that have been seeded with malware, commercial emailers send email from huge numbers of distinct Internet addresses that they rent from a vast network of hosting companies. Continue reading →