Adconion Employees Accused of IP Address Hijacking and Spamming

• Four Adconion Media Group employees are now facing criminal charges from federal prosecutors.
• The individuals are accused of hijacking, fraudulently stealing, and buying IP addresses for spamming.
• Adconion has been under close monitoring by the U.S. Justice Department since at least 2013.

The FBI has discovered that four Adconion Direct employees have exploited their position to carry out large-scale spamming campaigns from hijacked IP addresses. The individuals are now facing criminal charges in a California District Court, after Federal prosecution submitted an indictment about conspiracy, electronic mail fraud, wire fraud, aiding and abetting, and criminal forfeiture. The four defendants are Jacob Bychak, Mark Manoogian, Mohammed Abdul Qayyum, and Petr Pacas. All of them hold higher managerial positions in Adconion, while Pacas used to work there in the past, serving from the position of the director of operations.

According to the accusations made, the four employees engaged in a conspiracy to identify IP addresses that were registered to others but were inactive. They sent forged letters to hosting services claiming that they had received authorization to use these addresses themselves. Then, they used the defalcated IP addresses to send out millions of spam email messages. This whole operation took place between December 2010 and September 2014, and the main hosting firm that was victimized and tricked was Hostwinds. The particular hosting firm is known for fostering spamming campaigns at that time, although they later changed their practices and abolished clients of this kind.

The FBI has been following Adconion’s activities since at least 2013, as the company is believed to be responsible for some of the most massive spamming campaigns that the world has ever seen. In fact, ARIN (American Registry for Internet Numbers) has talked about the company’s spamming practices through the hijacking of large numbers of IP addresses back in October 2016, during one of their presentations. Back then, the presentation didn’t name the company, but it is revealed by the metadata of the Powerpoint document file used for presentation purposes. The metadata shows an original filename of “Adconion-Arin”, and indicates that it was created in 2015 by someone at the U.S. Department of Justice.

Simply put, spammers need IP addresses because the activity of aggressive spamming gets your IP on the blacklist. Email providers block any mail that comes from blacklisted IPs, so the spamming campaign is interrupted. This problem, combined with the shortage of available IP addresses, have taken their market price to the range of $15-$25 per item. In the past, tech companies have fraudulently obtained hundreds of thousands of IP addresses from ARIN, only to resell them to spammers. As it is pointed out in the charges, Adconion paid and bought IP addresses from an individual named Daniel Dye, who is a system administrator for Optinrealbig, a known and already convicted spamming entity.

Have something to comment on the above? Do so in the comments down below, or on our socials, on Facebook and Twitter.