In Believe it or not, between November 2008 and March 2009, 43-year-old Sanford Wallace is alleged to have hacked into 500,000 Facebook accounts to harvest friend lists. Also known by the aliases, Spamford Wallace and David Frederix, Wallace was arrested in Las Vegas two days ago. It is alleged that he used the compromised lists to make more than 27 million unsolicited postings on Facebook walls that appeared to come from friends.
Whenever the unsuspecting targets clicked on links within the messages, they were presented with a website designed to fool them into handing over their full name, email address and password. Finally they would be redirected to affiliate websites that would allegedly pay Wallace substantial revenue for traffic.
According to the indictment, the scheme relied on vulnerabilities that Wallace discovered in Facebooks spam filters. To accomplish his scheme, Wallace had first tested his spamming capabilities between two Facebook accounts. He used the fake Facebook account in name of David Frederix and his legitimate Sanford Masterwb Wallace account to test variations of spam messages in order to evade Facebooks filtering mechanisms.
After he had discovered the way of evading Facebooks spam filters he employed an automatic scripting process to sign into a compromised Facebook users account, retrieve a list of all the users friends, and then post a spam message to each of the users friends Facebook walls.
For Wallace this isn't the first brush with law. It was in the 1990s that he first gained notoriety as a spammer. In 2008, he lost a civil case brought against him by MySpace, but got released on $100,000 bail. Now he faces up to three years in jail and a $250,000 fine for each of the six fraud charges and up to 10 years in jail for each of the three charges of intentional damage to a protected computer.
Facebook has welcomed the arrest.
Add new comment