Twitter v1.0

In the spam game staying current with the trends is just as important as any other marketing job. I’ve always had an eye for trends and being able to predict the next big social media website. By 2011 Twitter had grown to over 250 million members and had no plan of slowing down. This made Twitter a prime candidate for my next spam operation. Back then there was no security, I don’t even think they had a security team to be honest.

The operation would be fairly simple and would have the same concept as most of my operations. Take the email and password combinations from the databases I owned and check to see if they used the same password. I was amazed at not only how many worked, but how many people actually had a twitter account. The thing is, if you had a twitter account you probably used the same password you signed up to any other site with. The raw number was about 10% (that’s not excluding if the email address was even registered on twitter). At the time that was somewhere in the neighborhood of 3 million valid twitter accounts.

The second function of the software would DM the account’s followers and send out a tweet. The first campaign I ran was a bizop offer. Bizop was my goto because it appealed to everyone and yielded the highest return. I mean who doesn’t want to make money from home?

While the campaign was a success with netting thousands of dollars a day, the risk didn’t seem worth it. What I mean is there were hundreds of websites asking “Did Twitter get hacked?” And “Help! My twitter account has been hacked”. Not only that, journalists and bloggers alike were writing about the havoc I was causing on Twitter.

twitter2011

For now, the operation was on the back burner and I would revert back to the more quiet operations.

The Expansion of Contact Mail

In a previous post, I described how hotmail and their users were the first to experience the effects of contact mail. When accounts on hotmail started producing less and less money, it was time to explore other email providers. In 2011, Yahoo would be the next email provider to experience contact mail. Now Yahoo was different, they actually had some security measures which would prevent me from abusing them the same way I was able to on Hotmail.

One of the most notable security features they had implemented was IP address rate limiting. This meant I wasn’t able to mass verify login credentials from my databases without being banned from Yahoo. It was a problem, but a fairly easy one to solve. All I needed was a massive pool of IP addresses. Luckily for me, because of some of the communities I was in, I knew where to purchase this type of service. For $400 a week, I could rent 10,000 online botnet proxies. This would be more than enough to bypass any rate limiting Yahoo had implemented.

And just like that I had restored my contact mail operation back to it’s full glory.

Singlesnet.com – Hacked.

There wasn’t ever any reports made by media or even a response from Singlesnet. Now I’m not sure exactly when it was hacked, but I came into possession of this database from a trade I did with a friend. The date on the file was 2011 so I’m assuming it was hacked not long after eHarmony. In fact, this database was just as glorious as eHarmony. It contained 16 million records of emails and plaintext passwords. I treated this database the same way I did eHarmony. The contact mail operation was back in full force. I actually found the farticle (fake news article) I used to promote the work from home programs.

cnbc7

The Birth of Contact Mail

After receiving the eHarmony database, I had to do some serious brainstorming on how I could maximize the profits with this data. I knew that the people who already had the database would be sending all kinds of dating offers to the e-mail addresses. I also knew that I would be able to mail to the same list, but I didn’t want to compete with the other guys. I had to think outside of the box, so I thought back to my very first MySpace operation nearly three years ago and came up with the brilliant idea to e-mail the contacts in the address book. Little did I know how much this method would change the spam game forever.

The software created would attempt to login to hotmail.com and check whether the user used the same password as they did on eHarmony. You have to remember this was back in 2010 and people weren’t as educated about security as they are today.  So after running the accounts through the software about 25% of the people used the same password. When it was finally done I had around 1 million valid hotmail accounts that I could mail with.

I had just moved from Florida to downtown Los Angeles with a girl I met online, paying $3,800/mo for a condo that I probably couldn’t afford. In fact, at the time, I only had a couple hundred dollars to my name. Hurting for cash and Christmas being right around the corner, this operation had to work.

condo2

With little to no start-up cash, I had to bootstrap and think outside of the box once again. I remembered back to my first mailing operation where I used a service that rented cloud servers that allowed you to pay as you go. It was easy to trick the payment processing by using a prepaid gift card, as they would only check your card for $1 and bill you at the end of the billing cycle. It cost me $20 for a prepaid tracfone which was used to verify my account on the cloud service. It was their security precaution for my previous endeavors with their service.

I created 15 servers which meant that I was able to place my mailing software on each one. This meant that I had the power of 15 mailers. At approximately 100 mails per second across 15 servers, I was sending nearly 100,000 e-mails a minute. I didn’t realize exactly how fast this was, but I was soon going to find out. At the time I was promoting a bizop offer which is basically a make money from home program. It was a program that would pay me around $40 per sign up. At the peak hours of the day I was making something like $10,000 an hour. The adrenaline rush, excitement, and anxiety that this caused was unmatched to any drug I had ever tried. Over the weekend, I had accumulated something like 8,000 sign ups. That’s right, over 15,000,000 e-mails sent and $300,000 in revenue generated from a free database, a $20 tracfone, and a $10 gift card.

SOk9x

This was the first time that the internet was introduced to “contact mail”. It was also the first time that the advertiser (the person who owned the program) experienced this type of traffic. The advertiser was irate once he found out how the sales were generated and called it all fraud. While in a sense, I did agree it was deceptive, but what couldn’t be disputed was the fact that there was a ton of money generated and sitting in his bank accounts. We ended up settling on an agreement of $100,000 and parted ways. I was 21 years and this was definitely the most money I had ever seen. It was a moment in my life where I knew had discovered something great and would be set financially for a very long time.

Eharmony.com – Hacked! The Database that Changed Everything

The first reports of eHarmony.com being hacked came out in 2011 and supposedly only a portion of the users was hacked. It’s ridiculous how wrong these “security researchers” and journalist can be. The truth is this database was actually hacked in June of 2010 and finally came to the public/underground market of Carder.biz in 2011. I came across this database from a user on the now defunct forum DigitalGangster.com. I didn’t know the guy, but I boasted about my mailing operation and told him we could make a ton of money off this data. He ended up sending me the entire database of 20+ million usernames, emails, and MD5 hashes. To be honest, I blocked the guy as soon as I received the SQL file and never heard from him again. Back then I only knew of 4 people that had this database and I knew it would be a race to hit it first.

eharm

I knew if I did everything right I would easily make a million dollars of this database. There was a problem though, all of these passwords were encrypted in MD5. Now for those who don’t know what MD5 is, it’s the most basic encryption and looks like this.

Hash: e10adc3949ba59abbe56e057f20f883e
Decoded: 123456

Since I didn’t have the computing power to crack these hashes, I went ahead and used the Chinese operated service cmd5.org. They gave me a great deal and solved most of the hashes easily. The encryption was actually the users password in UPPERCASE and hashed using MD5. So after all the hashes were decrypted, I just had to convert them to lowercase. The fun was about to begin.

My First E-mail Spam Operation

I knew a guy that did white hat mailing for a living, so I decided to consult him. Now he was from the AOL scene too and you could say that there was a certain level of camaraderie between people from that scene. We came to an agreement that he would provide e-mail data for a revenue share.

I decided to use the hotmail accounts from the Hi5.com database to mail from, after all 25% or more of the people used the same passwords for everything. I partnered with a programmer to create software that would verify which accounts used the same password on hotmail and additional software that would mail with those accounts.

I did it, I was in business, I was officially an e-mail spammer. I remember it like it was Christmas, because it actually was a day before Christmas 2009. I made something to the tune of $17,000 the first month of e-mail spamming, or so I thought. My programmer and partner at the time actually took the majority of the money and took off to the Dominican Republic for an extended vacation.

Things in my life got pretty rough after that, mostly because of drug abuse. I ended up moving to Kissimmee, Florida. It was a chance to get a fresh start with 2 other guys from the AOL scene that started an affiliate marketing company. It was a win-win situation for all of us, I could focus on mastering my craft, and I would in return help the company grow by promoting their offers.

Upon arrival, I couldn’t help but to feel like Will Smith in the Fresh Prince of Bel-Air. I grew up in a small town, in a small house outside of Little Rock. This house was 4,400 square feet and came equipped with a movie theater, pool, and jacuzzi. Although it wasn’t necessarily a mansion, we still deemed it the “Spamansion”.

spamansion

spamansion2

spamansion3

Everyday for 5 months, we got up at 5 A.M. to launch our campaigns, cook breakfast, and sparked a blunt to get the day started. I was promoting everything from dating websites to credit report offers, making anywhere from $300 to $1000 a day. It was the beginning of me realizing my potential and what I could actually achieve if I worked hard and stayed focused. We celebrated daily and frequently invited other internet marketers to come visit and party with us. I was 20 years old at the time and I’ll always remember this as being one of the greatest summers of my life.

My First Hacked Database – Hi5.com

The year was 2009 and I had just brokered the sale of the database Hi5.com for the late developer and hacker Ryan D. Johnson aka Rj2. This was the first time that I had my hands on a massive set of raw data. Now I’ve had phish lists before, but this was different. This was 20+ million records of usernames, emails, and passwords. I was astonished. I had a massive trove of data and the opportunities that came with it was endless.

hi5

With Facebook on the rise and other social networks starting to die out I needed to change my approach to spamming. This is when I decided to get into the e-mail spam game, but I didn’t have a clue where to start…

Meetup.com and the Year of the Flog

At the end of 2008 and the beginning of 2009, I started exploring more into affiliate marketing. I discovered that there were far more offers to promote that would yield a higher return. Weight loss was a hot niche and people were making a ton of money by selling nutraceutical products. I wanted in.

Now, affiliate marketing is a copy cat industry. Everyone copies each other in one capacity or another, but most commonly copied is landing pages. I don’t remember where I copied mine, but I did find the very first landing page I used back in 2008-2009 thanks to WayBackMachine. It was titled “Maria’s Weight Loss Blog“.

Screen Shot 2017-12-04 at 8.25.32 PM

Spamming on MeetUp was my first endeavor on promoting weight loss products. I was new to the niche, but I was excited to take on the new challenge. Meetup.com was a fast growing social website that allowed people to create groups and meet each other with the same interest/hobbies. This was a great potential target for me, because I could infiltrate these groups as a new member without being introduced by an existing member. There was also an e-mail address assigned to each group that would distribute an e-mail to everyone in the group. So if there were 5,000 members in a group, all I would have to do is send 1 e-mail. It was essentially the key to the castle.

In my previous spamming operation on MyYearBook, I learned the process of scraping data. That technique would play a huge part in the success of this campaign. I needed to scrape every group and even join the group with an account to grab the otherwise hidden e-mail address. To achieve this I needed multiple accounts even more frustratingly, I had to activate the accounts by clicking a link in the e-mail. I used a trick that’s still around today. I used one throwaway gmail account and used a variation of it by putting periods randomly in the email address. This would allow me to use the same account and automate activating the accounts using IMAP.

When it was said and done I had successfully captured the e-mail assigned to 70,000+ groups on MeetUp. I guess this would be considered my first e-mail campaign even though it wasn’t the traditional e-mail campaign. Everyone got an e-mail about Maria’s weight loss success and a huge percent bought the products “she” used.

The next day MeetUp addressed and released a blog post detailing how to disable the e-mail for the group feature. It’s since been taken down, but it was very fascinating to have a response to my operation.

The Second Spam Operation, MyYearBook.

After MySpace combatted the techniques and implemented new security features, it was time to take what I learned and use it elsewhere. I don’t recall the exact time period that I launch my campaign, but I believe it was sometime late 2007. The site was not particularly large, but it was fresh and the users were extremely active.

myyearbook

My goal was to send a message to every user on the website. To achieve this, I first had to get the user ID string of each user. This was a fairly straightforward task, all I had to do was scrape the member directory. Now I needed accounts to send messages from. I discovered a trick to bypass account activation, meaning the link that they send you in the email to activate your account wasn’t necessary. All you had to do was sign up with an AOL e-mail address. I believe they were having problems delivering email to AOL so they disabled activation for these type of accounts. This would enable me to create a massive amount of accounts using fake AOL email addresses.

myb

I found a programmer that agreed to create the software I needed for a revenue split. It took a couple days for him to complete the software, but only took an hour to spam every member on the website. At the time I was promoting a raunchy cam site, which probably wasn’t the best choice for a classmates/college website, but I knew the guy who owned the website and he was paying $40 per sign up. This wasn’t the most exciting operation, but it gave me experience in dealing with other websites and ideas on how to collect data from a website.

The First Hack, MySpace.

I’m taking you back to 2007 and although it wasn’t the first social network, it was the one of my era, and the one that introduced me to making money online. I remember browsing MySpace and being intrigued by all of the comment spam of free ringtones and $500 gift cards to Macy’s and other retail stores. Now at the time, I didn’t exactly understand how this spam worked, but I knew Macy’s or any other retailer wasn’t giving out free $500 gift cards. I did some researching and found out that these were actually affiliate marketing offers. The person who sends out the link would earn somewhere between $1 to $2 for each time someone filled out the form. For ringtones it was somewhere in the neighborhood of $6 to $12.

myspace_spam

Now that I understood the process, it was time to get to work. Before I do anything, I always brainstorm on the most effective way to achieve the best results. In this case, I wanted to get the most sign ups, which meant I needed to get as many people as possible to see my spam. At the time, I was employed at a local pet store that was paying me a whopping $7/hr. After saving a couple of paychecks, I paid $400 to a programmer from the AOL scene to build a custom mass messenger for MySpace.com. I then created a fake profile of an attractive female and mass messaged about 300 celebrities and musicians to check out my new pictures. Little did they know, I created a clear-div overlay (a transparent image that lays on top of my entire myspace profile) that redirected them to my phish page, regardless of where they clicked on my profile.

I successfully phished the majority of the accounts and continued the process of adding a clear-div overlay on their profiles, which acted as a phishing worm. Soon I was phishing anywhere from 20,000 to 50,000 accounts per day. There was a program called MyChanger that helped automate my entire operation. After the phish were loaded into the software, I would launch my very own free gift card and ringtones campaigns. With this program I could update their profiles, send out bulletins, and even leave comments on their friend’s profiles.

main

I was 17 years old and cleared $5,000 in my first week of online entrepreneurship. From that day forward, I knew exactly what I wanted to become.