Florida Man Guilty Used Stolen Email Accounts to Hack and Spam

Florida Man Guilty Used Stolen Email Accounts to Hack and Spam

A Boca Raton, Florida, man on Thursday, October 27, admitted his role in a computer hacking and identity theft scheme that generated $1.3 million in illegal profits by hijacking customer email accounts to send unsolicited “spam” emails.

Timothy Livingston, 31, pleaded guilty to Count One, Count Two, and Count Six of a superseding indictment charging him with conspiracy to commit fraud and related activity in connection with computers and access devices, conspiracy to commit fraud and related activity in connection with electronic mail, and aggravated identity theft.  Livingston pleaded guilty today before U.S. District Judge William J. Martini in Newark federal court.

According to documents filed in this case and statements made in court:

Beginning as early as 2011, Livingston operated A Whole Lot of Nothing LLC – a business that specialized in sending spam emails on behalf of its clients. Livingston’s clients included legitimate businesses, such as insurance companies that wished to send bulk emails to advertise their businesses, as well as illegal entities, such as online pharmacies that sold narcotics without prescriptions.

Livingston admitted that beginning in January 2012, he solicited Tomasz Chmielarz, 33, of Rutherford, New Jersey, to write computer programs that would send spam in a manner that concealed the true origin of the email and bypassed spam filters.

Livingston admitted that he then used these programs to transmit spam. In addition, Livingston used proxy servers and botnets to remain anonymous, hide the true origin of the spam, and evade anti-spam filters and other spam blocking techniques.

Livingston admitted that he hacked into individual email accounts and utilized corporate mail servers to further his spam campaigns. For instance, Livingston and Chmielarz created custom software designed to hack into the customer email accounts of a company identified in the indictment as “Corporate Victim 1” so that those accounts could then be used to send out spam. By using proxy servers and Corporate Victim 1’s customer accounts, Livingston was able to send out massive amounts of spam without identifying himself as the sender.

Livingston also admitted that he and Chmielarz created custom software that appropriated a corporate website, identified in the indictment as “Corporate Victim 2,” which allowed Livingston to use Corporate Victim 2’s servers to send spam that appeared to be from Corporate Victim 2, but in reality was transmitted by Livingston.

Livingston also admitted that he used, without lawful authority, the username and password for an email account belonging to an actual customer of Corporate Victim 1 during the above-mentioned felony violations.

The charge of conspiracy to commit fraud and related activity in connection with computers and access devices carries a maximum potential penalty of five years in prison. The charge of conspiracy to commit fraud and related activity in connection with electronic mail carries a maximum potential penalty of three years in prison. The charge of aggravated identity theft carries a mandatory consecutive term of two years in prison. All three charges are punishable by a fine of $250,000, or twice the gross gain or loss from the offense.

Livingston also consented to the entry of a forfeiture money judgment in the amount of $1,346,442, as well as the forfeiture of property obtained using illegal proceeds from the scheme, including a 2009 Cadillac Escalade and a 2006 Ferrari F430 Spider.

Sentencing for Livingston is scheduled for Jan. 27, 2017. Chmielarz pleaded guilty for his role in the conspiracy on June 2, 2016 and awaits sentencing.