Oleg Yegorovich Nikolaenko (Russian: Олег Егорович Николаенко; born July 17, 1987) is a Russian computer criminal who created the Mega-D botnet, violating the CAN-SPAM Act of 2003.[1] Federal investigators believe his activities may have been responsible for as much as one third of the world's electronic spam.[2]

Oleg Nikolaenko
Photo by U.S. Marshals
Born
Олег Егорович Николаенко

(1987-07-17) July 17, 1987 (age 37)
NationalityRussian
Other names"Docent"
"King of Spam"
Criminal chargeViolation of the CAN-SPAM Act of 2003
Criminal statusPled guilty and sentenced to time served plus three years probation

Background

edit

Oleg Nikolaenko, a resident of Vidnoye, Moscow Oblast, Russia,[3] was identified as the "King of Spam" by the U.S. Federal Bureau of Investigation.[4] He is suspected of running the "Mega-D" botnet to create a "zombie network" of as many as 500,000 infected computers.[5] Investigators stated that his operation was responsible for producing up to 10 billion unsolicited e-mails per day,[2] accounting for about 32% of all spam. The messages allegedly promoted counterfeit versions of Rolex watches, herbal supplements and prescription drugs such as Viagra.[3] In October 2008, the U.S. Federal Trade Commission moved to freeze the assets of individuals involved with the Mega-D botnet, though Nikolaenko's identity was not yet known at the time.[6]

Investigation

edit
 
Nikolaenko had been in the United States to attend the 2009 SEMA auto show at the Las Vegas Convention Center.

The FBI got a break in the case in August 2009, when Jody M. Smith pleaded guilty in Missouri to selling counterfeit Rolex watches.[3] Federal agents used grand jury subpoenas to trace financial payments of $459,000 from convicted New Zealand spammer Lance Atkinson to Nikolaenko, who had been using the alias of "Docent". Google provided the FBI with Nikolaenko's e-mail records. Investigators subpoenaed his travel records from the U.S. State Department, which indicated that he had visited New York City, Los Angeles, and Las Vegas over the course of two trips in 2009.[7] However, the Constitution of Russia specifically prohibits the extradition of its citizens.[5]

In November 2009, FireEye, a computer security firm, was able to shut down servers in the United States under the control of the Mega-D botnet. Nikolaenko, who had been in Las Vegas, Nevada to attend the 2009 SEMA auto show, was forced to return to Russia two days early to undo the damage to Mega-D's functionality.[8] By the end of 2009, Nikolaenko was able to restore capacity to generate 17% of worldwide spam.[9]

edit
 
The Bellagio Hotel in Las Vegas, where Nikolaenko was arrested in 2010

Nikolaenko returned to Las Vegas to attend the 2010 SEMA Show and was apprehended by federal agents at the Bellagio Hotel on November 4. He was found with two passports and $4,000 cash. Nikolaenko was transported to face charges in Milwaukee, Wisconsin, where an undercover agent ordered Viagra from an alleged e-mail spam and instead received herbal pills.[10]

Nikolaenko was indicted on November 16 at the U.S. District Court of Eastern Wisconsin and faced up to five years in prison.[2] He was accused of deliberately falsifying the header information of commercial e-mails and sending over 2,500 spam e-mails per day, both in violation of the CAN-SPAM Act of 2003.[10] He was extradited to Wisconsin and assigned a case #: 2:10-cr-00246-CNC-1 in the Eastern District of Wisconsin. Nikolaenko pleaded not guilty and retained defense attorney Christopher Van Wagner, who stated: "We're prepared to present a rigorous defense."[2] Wagner requested that Nikolaenko be released on bail as his wife and daughter were planning to travel from Moscow to the United States to attend the trial. However, bail was denied by U.S. Magistrate Judge Patricia Gorence.[10] On December 21, 2010, Federal prosecutors turned over 4,600 of 6,000 pages of documents to Nikolaenko's attorney for pre-trial discovery.[11] Information was redacted for the protection of witnesses. The trial was scheduled to begin by February 11, 2011, but later was adjourned.[10] Nikolaenko later fired Wagner and retained criminal defense attorney Arkady L. Bukh who stated that "the previous motions by Nikolaenko's lawyers had been ruled by the judge in favor of the prosecution".[12]

In June 2012, Nikolaenko agreed to a plea deal. On February 27, 2013, he was sentenced to time served plus three years of probation.[13]

The M86 Security company stated that spam output from Nikolaenko's Mega-D botnet fell below 5% of the worldwide total by December 2010.[9] Spam e-mail traffic dropped sharply worldwide during the 2010 holiday period while Nikolaenko was detained, though Paul Wood of computer security firm Symantec attributed the downturn to the disruption of various other botnets, including Rustok, Lethic and Xarvester.[14] According to information technology experts, Mega-D is no longer considered a very large network, though it may have been the largest designed specifically for spam.[15]

See also

edit

References

edit
  1. ^ Norton, W. W. (29 April 2015). "The Rise and Fall of a Spammer". Medium.
  2. ^ a b c d Vielmetti, Bruce (December 3, 2010). "Milwaukee FBI agent trips up Russian 'king of spam'". Milwaukee Journal Sentinel. Retrieved December 3, 2010.
  3. ^ a b c Barrett, Joe (December 3, 2010). "Accused Spam King to Be Arraigned". Wall Street Journal. Retrieved December 5, 2010.
  4. ^ Simon, Mallory (December 3, 2010). "Man allegedly responsible for a third of your spam e-mail to be arraigned". CNN. Archived from the original on December 4, 2010. Retrieved December 3, 2010.
  5. ^ a b Leyden, John (December 1, 2010). "Feds pursue Russian, 23, behind ⅓ of ALL WORLD SPAM". The Register. Retrieved December 3, 2010.
  6. ^ Stone, Brad (October 14, 2008). "Authorities Shut Down Spam Ring". New York Times. Retrieved December 5, 2010.
  7. ^ "FBI Targets Young Russian Spam Kingpin". The Smoking Gun. November 30, 2010. Retrieved December 3, 2010.
  8. ^ Anderson, Nate (December 3, 2010). "How the FBI nabbed a Russian spam king in Las Vegas". Ars Technica. Retrieved December 5, 2010.
  9. ^ a b Schwartz, Mathew J. (December 2, 2010). "FBI Busts Alleged Mega D Botnet Mastermind". Information Week. Retrieved December 5, 2010.
  10. ^ a b c d "Russian Man Pleads Not Guilty in Spam Case". Wall Street Journal. Associated Press. December 3, 2010. Retrieved December 3, 2010.
  11. ^ Vielmetti, Bruce (December 22, 2010). "Prosecutors hand over 6,000 pages in Spam King case". Milwaukee Journal Sentinel. Retrieved December 23, 2010.
  12. ^ Russian "King of Spam" has a new lawyer, Press Release. June 2011. Bukh Law Firm, PC - 14 Wall St, New York NY 10005 - (212) 729-1632. NYC Criminal Lawyer
  13. ^ "Russian king of spam avoids prison in plea deal".
  14. ^ Jani, David (January 6, 2011). "Global Spam Levels Sharply Drop Over Christmas". IT Pro Portal. Retrieved January 27, 2011.
  15. ^ Шадрин, Иван (April 12, 2010). "Mega-D: не крупнейшая и не последняя сеть 'зомби-компьютеров'" [Mega-D: not the biggest nor the last network of 'zombie computers'] (in Russian). RIA Novosti. Retrieved December 6, 2010.
edit