Boing Boing
Loading ...

'Spam King' Sanford Wallace gets 2.5 years in prison for 27 million Facebook scam messages

A hacker who called himself 'Spam King' and sent 27 million unsolicited Facebook messages for a variety of scams has been sentenced to 30 months in jail.

Sanford Wallace, 47 was also ordered to pay more than $310,000 in fines.
The hacker also known as "Spamford" is reported to have compromised over 500,000 Facebook accounts from November 2008 to March 2009, and messaged victims links to external sites that harvested their log-ins and Facebook friend lists. Then, Wallace spammed the Facebook users with links to other websites.

In August, 2015, he pleaded guilty to electronic mail fraud and criminal contempt of court, according to sentencing documents filed Tuesday in U.S. District Court in San Jose, CA. He got the contempt charge for disobeying prior orders from one of his many court cases to never access Facebook in the first place.

Loading ...

“Judge Edward J. Davila also sentenced King to mental health treatment and five years of probation once he's released,” NBC News reported. “And he barred King from possessing or using any computer without the permission of his probation order.”

Here's the Justice Department announcement today on the end of the Spam King's reign:

Sanford Wallace was sentenced yesterday to 30 months’ imprisonment and was ordered to pay $310,628.55 in restitution for sending millions of spam messages to Facebook users and disobeying a court order not to access Facebook announced the Office of the United States Attorney for the Northern District of California and the Federal Bureau of Investigation.

Wallace, 47, of Las Vegas, pleaded guilty on August 24, 2015 to one count of fraud and related activity in connection with electronic mail, in violation of 18 U.S.C. §§ 1037(a)(1) and (b)(2)(A); and one count of criminal contempt, in violation of 18 U.S.C. § 401(3). According to the plea agreement Wallace admitted to executing a scheme from approximately November 2008 through March 2009 to send spam messages to Facebook users that compromised approximately 500,000 legitimate Facebook accounts, and resulted in over 27 million spam messages being sent through Facebook’s servers.

Wallace illegally obtained, stored, and exploited Facebook user account information and earned money by redirecting users to other websites. Specifically, Wallace admitted he opened a fictitious Facebook account in the name of “David Frederix” to test his spam messages and created an automated process to sign into a Facebook user’s account, retrieve a list of all of the user’s friends, and then send a message to each of the user’s friends’ Facebook accounts. The message was designed to trick legitimate Facebook account holders into accessing a website listed in the message that was purportedly from a Facebook friend. Once the user entered his or her information, the user would be redirected to an affiliate website. Wallace further admitted that he earned money for directing traffic to the websites and stored users’ email addresses and passwords in order to continue sending spam messages.

In addition, Wallace admitted that during three time periods he accessed Facebook’s computer network to send spam messages to Facebook’s users. First, on or about November 5, 2008, and continuing to November 6, 2008, he accessed Facebook’s computer network in order to initiate the transmission of a program that resulted in more than 128,883 spam messages being sent to Facebook users. Second, he admitted that on December 28, 2008, he accessed Facebook’s computer network in order to initiate the transmission of a program that resulted in nearly 300,000 spam messages being sent to Facebook users. Third, he admitted that on February 17, 2009, he accessed Facebook’s computer network in order to initiate the transmission of a program that resulted in more than 126,000 spam messages being sent to Facebook users.

Facebook filed a lawsuit against him in United States District Court for the Northern District of California alleging violations of the CAN-SPAM Act of 2003, the Computer Fraud and Abuse Act, and California’s Anti-Phishing and Computer Data Access and Fraud Acts. (Facebook, Inc. v. Wallace, et al, No. C-09-00798 JF). On March 2, 2009, March 24, 2009, and September 18, 2009, U.S. District Court Judge Jeremy Fogel ordered Wallace not to access or attempt to access Facebook’s computer network in any manner whatsoever nor create or maintain a Facebook account. Wallace admitted that on April 17, 2009, he willfully disobeyed Judge Fogel’s order by logging into his Facebook account while aboard a flight from Las Vegas to New York.

From The Verge:

Wallace's spamming career didn't begin with Facebook messages, but stretches all the way back to the '90s, when he sent junk fax messages. He faced civil suits from both Myspace and Facebook in 2007 and 2009, respectively, and racked up nearly $1 billion in fines from the two companies that he was unable to pay. This recent sentence, is the first time Wallace has been convicted of a crime, with the Spam King pleading guilty to one count of "fraud and related activity in connection with electronic mail." His two-and-a-half year jail sentence is just short of the three year maximum he was facing.

IMAGE: A shoop by Xeni for Boing Boing, using an Associated Press shot of 'Spam King' Sanford Wallace.

Loading ...