A drop in the bucket


This week another spammer-scammer was sentenced for stealing your data. He’ll be off to federal work camp for 17 months starting next month to serve his time. A drop in the bucket.

Let’s run a quick thought experiment. Think for a minute. What’s your go-to password? You know it. Your spouse probably knows it. It’s someone’s (or maybe your own) birthday. A familiar phrase or a favorite thing, sometimes with an exclamation mark stuck behind it when a site requires a symbol (hate those!). And you’ve used it more than once. Probably a lot. In fact, the practice of using a password on multiple websites fueled the latest big breach out of Arkansas by Kyle Milliken.

It’s estimated that the FBI’s latest catch affected over 168 million users of the internet’s most popular sites. This on the heels of Facebook’s breach which is said to have affected the data of 87 million users.

Milliken is said to have perfected an underground innovation called “contact spamming.” This is where automated tools are used to rapidly take over email and social media accounts of real people, blast out messages to all their friends promoting everything from work-at-home opportunities to miracle diet products. All just another day in trading data on the underground.

Milliken was trading data and collecting commissions on spam products and services, affording him a 25,000 sq. ft. home in Burbank Hills, a private chef and a personal driver. He was only caught because he missed a step (the same step that has vexed hackers from time immortal) and didn’t first log into a staged VPN that he set up in another state before going to “work”.

Some companies report breaches when discovered. Others wait years. Others wait until they’re forced to admit the truth. The bigger issue is that for every Milliken, there are at least 20 who have yet to be caught. It’s easy money, and valuable data is traded like baseball cards on the underground.

Contact spamming is nearly impossible to stop. Entry into a consumer’s (resident’s) account is facilitated by their own behavior (clicking on an illicit spam email). Educating our residents through newsletters and other community information is our best shot at saving at least some unsuspecting users against invasion.