Adconion Execs Plead Guilty in Federal Anti-Spam Case

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

In October 2018, prosecutors in the Southern District of California named four Ad employees — Jacob BychakMark ManoogianPetr Pacas, and Mohammed Abdul Qayyum —  in a ten-count indictment (PDF) on felony charges of conspiracy, wire fraud, and electronic mail fraud.

The government alleged that between December 2010 and September 2014, the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive.

Prosecutors said the men also sent forged letters to an Internet hosting firm claiming they had been authorized by the registrants of the inactive IP addresses to use that space for their own purposes.

All four defendants pleaded not guilty when they were charged back in 2018, but this week Bychak, Manoogian and Qayyum each entered a plea deal.

“The defendants’ jobs with Adconion were to acquire fresh IP addresses and employ other measures to circumvent the spam filters,” reads a statement released today by the U.S. Attorney for the Southern District of California, which said the defendants’ employer agreed to forfeit $5 million as fraudulent proceeds of the conspiracy.

“To conceal Adconion’s ties to the stolen IP addresses and the spam sent from these IP addresses, the defendants used a host of DBAs, virtual addresses, and fake names provided by the company,” the statement continues. “While defendants touted ties to well-known name brands, the email marketing campaigns associated with the hijacked IP addresses included advertisements such as ‘BigBeautifulWomen,’ ‘iPhone4S Promos,’ and ‘LatinLove[Cost-per-Click].’”

None of the three plea agreements are currently available on PACER, the online federal court document clearinghouse. However, PACER does show that on June 7 — the same day the pleas were entered by the defendants —  the government submitted to the court a superseding set of just two misdemeanor charges (PDF) of fraud in connection with email.

Another document filed in the case says the fourth defendant — Pacas — accepted a deferred prosecution deal, which includes a probationary period and a required $50,000 “donation” to a federal “crime victims fund.”

There are fewer than four billion so-called “Internet Protocol version 4” or IPv4 addresses available for use, but the vast majority of them have already been allocated. The global dearth of available IP addresses has turned them into a commodity wherein each IP can fetch between $15-$25 on the open market.

This has led to boom times for those engaged in the acquisition and sale of IP address blocks, but it has likewise emboldened those who specialize in absconding with and spamming from dormant IP address blocks without permission from the rightful owners.

In May, prosecutors published information about the source of some IP address ranges from which the Adconion employees allegedly spammed. For example, the government found the men leased some of their IP address ranges from a Dutch company that’s been tied to a scandal involving more than four million addresses siphoned from the African Network Information Centre (AFRINIC), the nonprofit responsible for overseeing IP address allocation for African organizations.

In 2019, AFRINIC fired a top employee after it emerged that in 2013 he quietly commandeered millions of IPs from defunct African entities or from those that were long ago acquired by other firms, and then conspired to sell an estimated $50 million worth of the IPs to marketers based outside Africa.

“Exhibit A” in a recent government court filing shows that in 2013 Adconion leased more than 65,000 IP addresses from Inspiring Networks, a Dutch network services company. In 2020, Inspiring Networks and its director Maikel Uerlings were named in a dogged, multi-part investigation by South African news outlet and researcher Ron Guilmette as one of two major beneficiaries of the four million IP addresses looted from AFRINIC by its former employee.

Exhibit A, from a May 2022 filing by U.S. federal prosecutors.

The address block in the above image — — was reportedly later reclaimed by AFRINIC following an investigation into the findings by Inspiring Networks has not responded to requests for comment.

Prosecutors allege the Adconion employees also obtained hijacked IP address blocks from Daniel Dye, another man tied to this case who was charged separately. For many years, Dye was a system administrator for Optinrealbig, a Colorado company that relentlessly pimped all manner of junk email, from mortgage leads and adult-related services to counterfeit products and Viagra. In 2018, Dye pleaded guilty to violations of the CAN-SPAM Act.

Optinrealbig’s CEO was the spam king Scott Richter, who changed the name of the company to Media Breakaway after being successfully sued for spamming by AOL, MicrosoftMySpace, and the New York Attorney General Office, among others. In 2008, this author penned a column for The Washington Post detailing how Media Breakaway had hijacked tens of thousands of IP addresses from a defunct San Francisco company for use in its spamming operations.

The last-minute plea deals by the Adconion employees were reminiscent of another recent federal criminal prosecution for IP address sleight-of-hand. In November 2021, the CEO of South Carolina technology firm Micfo pleaded guilty just two days into his trial, admitting 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 700,000 IPs from the American Registry for Internet Numbers (ARIN) — AFRINIC’s counterpart in North America.

Adconion was acquired in June 2014 by Amobee, a Redwood City, Calif. online ad platform that has catered to some of the world’s biggest brands. Amobee’s parent firm — Singapore-based communications giant Singtel — bought Amobee for $321 million in March 2012.

But as Reuters reported in 2021, Amobee cost Singtel nearly twice as much in the last year alone — $589 million — in a “non-cash impairment charge” Singtel disclosed to investors. Marketing industry blog reported in February that Singtel was seeking to part ways with its ad tech subsidiary.

One final note about Amobee: In response to my 2019 story on the criminal charges against the Adconion executives, Amobee issued a statement saying “Amobee has fully cooperated with the government’s investigation of this 2017 matter which pertains to alleged activities that occurred years prior to Amobee’s acquisition of the company.”

Yet as the government’s indictment points out, the alleged hijacking activities took place up until September 2014, which was after Amobee’s acquisition of Adconion Direct in June 2014. Also, the IP address ranges that the Adconion executives were prosecuted for hijacking were all related to incidents in 2013 and 2014, which is hardly “years prior to Amobee’s acquisition of the company.”

Amobee has not yet responded to requests for comment.

from Krebs on Security

En Google Chrome se añadirá una serie de funciones basadas en aprendizaje automático

Los desarrolladores de Google dieron a conocer mediante un anunció que en su navegador web, Google Chrome, se integraran una serie de funciones de seguridad nuevas y actualizadas, la mayoría de las cuales se basan en modelos de aprendizaje automático (ML), junto con algunas nuevas e ingeniosas funciones basadas en ML que tienen como objetivo facilitar un poco la navegación web, incluida una nueva función que suprimirá las solicitudes de permiso de notificación cuando su algoritmo crea que es poco probable que las acepte.

A partir de la próxima versión de Chrome, Google presentará un nuevo modelo ML que bloqueará muchas de estas solicitudes de permiso de notificación.

Google Chrome tiene una detección de phishing incorporada que escanea las páginas para ver si coinciden con sitios falsos o maliciosos conocidos. Esta vez, esta tecnología se ha beneficiado de mejoras. Por ejemplo, Google dice que en Chrome 102, Chrome se basará en el aprendizaje automático que se ejecuta completamente en el navegador para ayudar a identificar sitios web que solicitan permisos no solicitados para notificaciones y los bloqueará, incluso evitando ellos de aparecer.

«Navegación segura en Chrome ayuda a proteger miles de millones de dispositivos todos los días, al mostrar advertencias cuando las personas intentan navegar a sitios peligrosos o descargar archivos peligrosos (ver el gran ejemplo rojo a continuación). A partir de marzo de este año, implementamos un nuevo modelo ML que identifica 2,5 veces más sitios potencialmente maliciosos y ataques de phishing que el modelo anterior, lo que da como resultado una web más segura.

“Para mejorar aún más la experiencia de navegación, también estamos evolucionando la forma en que las personas interactúan con las notificaciones web. Por un lado, las notificaciones de página ayudan a enviar actualizaciones a los sitios que le interesan*; por otro lado, las solicitudes de permiso de notificación pueden convertirse en una molestia. Para ayudar a las personas a navegar por la web con interrupciones mínimas, Chrome predice cuándo es poco probable que se otorguen solicitudes de permiso en función de cómo el usuario ha interactuado previamente con solicitudes de permiso similares y silencia esas solicitudes no deseadas. En la próxima versión de Chrome, lanzaremos un modelo ML que hace estas predicciones completamente en el dispositivo.

En una versión futura, Google planea usar la misma tecnología para ajustar la barra de herramientas de Chrome en tiempo real, haciendo que diferentes botones, como íconos para compartir o búsqueda por voz, aparezcan cuando y donde es probable que los use.

En cuanto a otras funciones nuevas basadas en el aprendizaje automático, Chrome también está obteniendo un nuevo modelo de identificación de idioma que determina mejor en qué idioma se encuentra una página determinada y si debe traducirse en consecuencia ayudar a las personas a volver sobre sus pasos en línea. Por ejemplo: podría pasar semanas planificando una visita a un parque nacional: investigando atracciones, comparando vuelos y comprando equipo. Con ML y Journeys, Chrome reúne las páginas que ha visitado sobre un tema determinado y le permite continuar fácilmente donde lo dejó (en lugar de desplazarse por el historial de su navegador).

“Cuando regresa a esas botas de montaña y guías de campamento, también usamos ML para que esos sitios web estén disponibles en el idioma que elija. En particular, lanzamos un modelo de identificación de idioma actualizado para determinar el idioma de la página y si necesita traducirse para que coincida con sus preferencias. Como resultado, vemos decenas de millones de traducciones exitosas todos los días”.

El equipo de Chrome dice que su objetivo es «construir un navegador que sea verdaderamente y continuamente útil, y estamos entusiasmados con las posibilidades que ML tiene para ofrecer».

“Cada vez que ingresa a una página nueva, Chrome evalúa una colección de señales sobre la página para ver si coincide con las de los sitios de phishing. Para ello, comparamos el perfil colorimétrico de la página visitada, es decir, la gama y frecuencia de colores presentes en la página, con los perfiles colorimétricos de las páginas actuales. Por ejemplo, en la imagen de abajo, podemos ver que los colores son en su mayoría naranja, seguido de verde y luego un toque de púrpura.

“Esto te beneficia de dos maneras cuando usas Chrome. Primero, usar menos tiempo de CPU para hacer el mismo trabajo mejora el rendimiento general. Menos tiempo de CPU significa menos consumo de batería y menos tiempo con ventiladores girando.

Finalmente si estas interesado en poder conocer mas al respecto, puedes consultar los detalles en el siguiente enlace.


from Linux Adictos