U.S. arrests three men over hacking scheme targeting 60 million people

(Reuters) - Three men were arrested on Monday for engaging in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people including Comcast customers, U.S. prosecutors announced Tuesday.

Cybersecurity researcher Billy Rios points to a computer line reading "Gods Password," a password he was able to uncover by analyzing the software in a Pyxis medical supply dispenser that he says he purchased on Ebay for a few hundred dollars, in Redwood City, California October 10, 2014. REUTERS/Robert Galbraith

Timothy Livingston, 30, Tomasz Chmielarz, 32, and Devin McArthur, 27, were named in an indictment filed in federal court in Newark, New Jersey that charged them with conspiracy to commit fraud and related activity among other offenses.

Prosecutors said Livingston, a Boca Raton, Florida, resident, was the leader of a series of computer hacking and illegal spamming schemes that targeted multiple companies and generated illegal profits exceeding $2 million.

The three men were arrested at their respective residences on Tuesday morning, a spokesman for U.S. Attorney Paul Fishman in New Jersey said.

Michael Koribanics, Chmielarz’s lawyer, said his client would plead not guilty at a court hearing on Tuesday. A lawyer for Livingston did not immediately respond to a request for comment, and an attorney for McArthur could not be identified.

Prosecutors said Livingston, who owned a spam company called “A Whole Lot of Nothing LLC,” hired Chmielarz of Rutherford, New Jersey to author hacking tools and other programs that facilitated the hacking and spamming schemes.

Among the companies they targeted was a Pennsylvania-based telecommunications company that employed McArthur, a resident of Ellicott City, Maryland, who installed hacking tools in company networks to gain access to records for 50 million people, prosecutors said.

The company was not identified by name in court papers. But McArthur’s LinkedIn page says he worked at Comcast Corp during the period in question. A Comcast spokeswoman had no immediate comment.

Livingston and Chmielarz also compromised tens of thousands of peoples’ email accounts, including customers of a New York telecommunications company, which they then used to send spam, the indictment said.

Other companies targeted in the schemes included a New York-based technology and consulting company whose website was compromised and a Texas-based credit monitoring firm that was hacked, the indictment said.

In the case of the unnamed credit monitoring firm, the indictment said Livingston paid Chmielarz to write a program to steal a database containing 10 million records.

When law enforcement seized Livingston’s computer in July, they discovered a database with 7 million of that company’s records, the indictment said.

Reporting by Nate Raymond in New York; Editing by David Gregorio