On October 30, Oleg Nikolaenko flew from his home in Moscow to JFK airport, and then on to Las Vegas. He checked in to the Bellagio Hotel, where he attended the Speciality Equipment Market Association car show, a show he had attended last year as well.
Bad move—because the feds nabbed him in Vegas just before the show ended, leaving his wife and young son back in Russia. At a November 4 hearing before a judge in Las Vegas, Nikolaenko needed a Russian interpreter and a public defender, but it didn't take much interpretation to see that he wasn't about to go free. That's because Nikolaenko was one of the biggest spammers in the world.
Nikolaenko doesn't come across in court documents as a man who learns his lessons well. He's allegedly one of the parties behind the Mega-D botnet, at one time "the largest botnet in the world, accounting for 32 percent of all spam," according to the FBI.
Yet he keeps coming to the US. When he was in Vegas for the 2009 car show, a security firm called FireEye actually managed to cripple Mega-D by shutting down its US-based command and control servers and redirecting much of the botnet traffic to "sinkhole" locations. Nikolaenko, poor guy, had to leave the US two days early to "repair the damage caused by FireEye."
So how did the FBI get its man this time around? By busting the US-based distributor of fake Rolex watches who used Mega-D to send a good chunk of his spam. That led them on a trail that culminated in ePassporte, a money transfer service, and they found Nikolaenka's name and e-mail addresses attached to his account.
Nikolaenko had made another mistake: the e-mail accounts were Gmail addresses, and it was no trouble at all for the US to get a subpoena, forcing Google to cough up the account information. FBI agents found copies of the botnet software and much else of interest among the e-mails.
With what they needed in hand, they waited—and it didn't take long for Nikolaenko to enter the US again at JFK. A few phone calls later and he was located at the Bellagio in Vegas. The FBI obtained and then executed an arrest warrant, and now Nikolaenko faces CAN-SPAM Act charges in, of all places, Milwaukee (where the FBI agent tracking him was located).
Read the comments on this post