Great news for people who hate spam emails. Three employees of a company that targeted folks with spam pleaded guilty in federal court to hijacking Internet Protocol (IP) addresses to send spam.

The three Amobee employees, Jacob Bychak, Mark Manoogian, and Abdul Mohammed Qayyum, joined Daniel Dye and Vincent Tarney in pleading guilty to violating the federal CAN-SPAM statute for their involvement in misusing the stolen IP addresses to send spam.

The defendants’ employer, Adconion Direct Inc. agreed to forfeit $4,939,526 as the fraudulent proceeds of a wire fraud conspiracy in which its employees hijacked more than 500,000 IP addresses to send over 10 billion commercial emails to people in the United States and elsewhere.

IP addresses are the beginning and ending points for sending data via the internet. In this case, the defendants pleaded guilty to using fraudulent Letters of Authorization (“LOAs”) to take control of large blocks of IP addresses registered to eleven different entities without the registrants’ knowledge or consent. As part of the fraudulent scheme, the defendants used email accounts set up to impersonate the IP blocks’ true registrants. In particular, the defendants used and created email addresses with the true registrants’ domain name (e.g., ect.net) to impersonate real and fictitious employees. They then emailed the fraudulent LOAs, which were written on fake letterheads and included forged signatures, from these imposter email accounts to various Internet hosting companies to falsely represent to the hosting companies that the true registrants authorized them to use the IP addresses.

Internet Service Providers like Yahoo and Google routinely employ filters to block spam from reaching a recipient’s inbox. Once an IP address is associated with spam, the filters typically block messages sent from that IP address. Spammers need a constant supply of fresh unblocked IP addresses to deliver the unwanted commercial email.

The defendants’ jobs with Adconion were to acquire fresh IP addresses and employ other measures to circumvent the spam filters. To conceal Adconion’s ties to the stolen IP addresses and the spam sent from these IP addresses, the defendants used a host of DBAs, virtual addresses, and fake names provided by the company. While defendants touted ties to well-known name brands, the email marketing campaigns associated with the hijacked IP addresses included advertisements such as “BigBeautifulWomen,” “iPhone4S Promos,” and “LatinLove[Cost-per-Click].”

Today’s guilty pleas arise from an October 2018 indictment for which trial began on May 23, 2022. Following opening statements, the trial was interrupted by the recent COVID surge and had yet to resume. In exchange for misdemeanor pleas, the defendants have each agreed to admit their involvement in the scheme, to undertake 100 hours of community service, and to pay a maximum $100,000 fine.

“The defendants generated millions of dollars for their company by high-jacking hundreds of thousands of IP addresses, enabling them to illegally inundate consumers with over 10 billion email ads,” said U.S. Attorney Randy Grossman. ““This case was the first in the nation to charge violations of the CAN-SPAM Act’s provision against using hijacked IP addresses to send spam. We are committed to using all the tools at our disposal to protect the internet and everyone who depends on it.” Grossman thanked the prosecution team as well as the investigating agencies, the American Registry of Internet Numbers, Yahoo, The Spamhaus Project, and The National Cyber-Forensics and Training Alliance.

“These defendants spent years illegally sending billions of spam emails nationwide which made millions of dollars,” said FBI Special Agent in Charge Stacey Moy. “The FBI remains committed to pursuing these criminal conspiracies, no matter how long it takes, and holding them accountable in a court of law. I want to thank the United States Attorney’s Office for their ongoing support and partnership in bringing this case to an end.”