Data Backup Digest

There’s an incomprehensible amount of spam sent every day. The frustrating thing is that spammers can send out huge amounts of emails and still succeed even if a small percentage of their hooks catch. Even though more internet users are aware of spam email, and the risks associated, those sending out the malicious emails are still able to have success. Not only will they be able to trick those less technology-savvy, but in recent years they’ve capitalised on headlines about data leaks.

One spammer group known as River City Media (RCM) claims that it’s a legitimate marketing agency, but at one time was sending out over 1 billion emails per day with the aim to take email addresses and personal data. The company have been on the Register of Known Spam Operations (ROSKO) since the list’s inception.

RCM use several different methods to obtain people’s information. One of these is using CoReg, which is where users sign up for an email service, like a newsletter, and then have their email addressed circulated amongst spam groups.

Another method is to use warm-up accounts, which are email addresses that RCM own. They send emails to these and obviously don’t mark them as spam. In turn, email service providers and affiliate programs then consider them not to be spam, allowing them to slip through the wider filter.

There’s loads of other tactics they can use to ensure the job gets done – for example, sending email from older domains is considered more trustworthy than email addresses recently created, allowing them to sneak through spam filters.

Everything said and done, then, RCM is a slimy company that is only out to harvest data. Which makes the fact that all their information got breached into thanks to some bad backups.

MacKeeper security researcher Chris Vickery could enter their servers because someone at RCM didn’t lock down the data backup – their Rsync server had been poorly configured, which allowed him to do so. Vickery uncovered 1.4 billion email addresses, linked to names, IP addresses and physical addresses.

Using what Vickery calls “automation, years of research and a fair bit of illegal hacking techniques”, the company have sent out billions of emails. Amusingly, RCM founder Alvin Slocombe sent out an internal email to his dozen employees in February, asking them to change their Skype and HipChat passwords after fearing that the company had been hacked.

In this case, the fact that the backups weren’t secured ended up being a good thing for the public, but not so much for RCM. Legitimate companies – ones that don’t rank in the top ten of the ROSKO – need to keep their databases secure virtually and physically.

As for the spam? RCM didn’t have many employees, but were still able to dominate the spam game. It also raises flags that your users need to be educated on safe email usage – even if you think they’re sensible, you need to have the security measures in place to ensure that if someone makes a mistake that your data isn’t going to be breached.