Spam king Sanford Wallace indicted for Facebook spam

Prosecutors say he hacked 500,000 accounts to send 27 million messages

Notorious spam king Sanford Wallace is facing federal fraud charges for allegedly breaking into Facebook accounts and sending 27 million spam messages in 2008 and 2009.

Wallace, 43, allegedly used a phishing attack to steal usernames and passwords from victims and then used the stolen credentials to post spam to victims walls, the U.S. Department of Justice said. Wallace allegedly made money from the scam by driving Web traffic to affiliate marketing companies, who pay their members by the number of clicks they can deliver to websites.

The charges are outlined in an indictment, filed July 6 but made public Thursday after Wallace turned himself in to federal authorities.

Wallace gained fame as one of spam's most vocal defenders back in the 1990s and he has faced numerous civil actions over his activities, including lawsuits from MySpace and the U.S. Federal Trade Commission.

However this is the first time he's facing criminal charges.

Wallace has also been sued by Facebook, which won a US$711 million civil judgement against him. As part of that judgement, he was banned from Facebook, and the criminal indictment accuses Wallace of contempt of court for allegedly logging onto the social network during an April 2009 Virgin Airlines flight from Las Vegas to New York. Wallace also allegedly set up a Facebook profile in January of this year under the user name David Sinful-Saturdays Fredericks.

"We applaud the efforts of the U.S. Attorney's Office and the FBI to bring spammers to justice," Facebook said in an e-mailed statement. "Now Wallace also faces serious jail time for this illegal conduct. We will continue to pursue and support both civil and criminal consequences for spammers or others who attempt to harm Facebook or the people who use our service."

Wallace could get more than 16 years in prison, if convicted.

He was released Thursday on a $100,000 bond. His next appearance is set for Aug. 22 at the U.S. District Court for the Northern District of California in San Jose, California.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Tags cybercrimeinternetFacebooklegalsocial networkingInternet-based applications and services

Show Comments