Spam king Sanford Wallace indicted for Facebook spam

Prosecutors say he hacked 500,000 accounts to send 27 million messages

Notorious spam king Sanford Wallace is facing federal fraud charges for allegedly breaking into Facebook accounts and sending 27 million spam messages in 2008 and 2009.

Wallace, 43, allegedly used a phishing attack to steal usernames and passwords from victims and then used the stolen credentials to post spam to victims walls, the U.S. Department of Justice said. Wallace allegedly made money from the scam by driving Web traffic to affiliate marketing companies, who pay their members by the number of clicks they can deliver to websites.

The charges are outlined in an indictment, filed July 6 but made public Thursday after Wallace turned himself in to federal authorities.

Wallace gained fame as one of spam's most vocal defenders back in the 1990s and he has faced numerous civil actions over his activities, including lawsuits from MySpace and the U.S. Federal Trade Commission.

However this is the first time he's facing criminal charges.

Wallace has also been sued by Facebook, which won a US$711 million civil judgement against him. As part of that judgement, he was banned from Facebook, and the criminal indictment accuses Wallace of contempt of court for allegedly logging onto the social network during an April 2009 Virgin Airlines flight from Las Vegas to New York. Wallace also allegedly set up a Facebook profile in January of this year under the user name David Sinful-Saturdays Fredericks.

"We applaud the efforts of the U.S. Attorney's Office and the FBI to bring spammers to justice," Facebook said in an e-mailed statement. "Now Wallace also faces serious jail time for this illegal conduct. We will continue to pursue and support both civil and criminal consequences for spammers or others who attempt to harm Facebook or the people who use our service."

Wallace could get more than 16 years in prison, if convicted.

He was released Thursday on a $100,000 bond. His next appearance is set for Aug. 22 at the U.S. District Court for the Northern District of California in San Jose, California.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Tags: Internet-based applications and services, security, legal, social networking, internet, Facebook, cybercrime

Heartbleed panic drives flood of enquiries to Symantec's Melbourne CA

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Get Powerful Protection for All of Your Mobile Devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.