Oleg Nikolaenko


Oleg Yegorovich Nikolaenko is a Russian national who created the Mega-D botnet, violating the CAN-SPAM Act of 2003. Federal investigators believe his activities may have been responsible for as much as one third of the world's electronic spam.

Background

Oleg Nikolaenko, a resident of Vidnoye, Moscow Oblast, Russia, was identified as the "King of Spam" by the U.S. Federal Bureau of Investigation. He is suspected of running the "Mega-D" botnet to create a "zombie network" of as many as 500,000 infected computers. Investigators stated that his operation was responsible for producing up to 10 billion unsolicited e-mails per day, accounting for about 32% of all spam. The messages allegedly promoted counterfeit versions of Rolex watches, herbal supplements and prescription drugs such as Viagra. In October 2008, the U.S. Federal Trade Commission moved to freeze the assets of individuals involved with the Mega-D botnet, though Nikolaenko's identity was not yet known at the time.

Investigation

The FBI got a break in the case in August 2009, when Jody M. Smith pleaded guilty in Missouri to selling counterfeit Rolex watches. Federal agents used grand jury subpoenas to trace financial payments of $459,000 from convicted New Zealand spammer Lance Atkinson to Nikolaenko, who had been using the alias of "Docent". Google provided the FBI with Nikolaenko's e-mail records. Investigators subpoenaed his travel records from the U.S. State Department, which indicated that he had visited New York City, Los Angeles, and Las Vegas over the course of two trips in 2009. However, the Constitution of Russia specifically prohibits the extradition of its citizens.
In November 2009, FireEye, a computer security firm, was able to shut down servers in the United States under the control of the Mega-D botnet. Nikolaenko, who had been in Las Vegas, Nevada to attend the 2009 SEMA auto show, was forced to return to Russia two days early to undo the damage to Mega-D's functionality. By the end of 2009, Nikolaenko was able to restore capacity to generate 17% of worldwide spam.

Arrest and legal proceedings

Nikolaenko returned to Las Vegas to attend the 2010 SEMA Show and was apprehended by federal agents at the Bellagio Hotel on November 4. He was found with two passports and $4,000 cash. Nikolaenko was transported to face charges in Milwaukee, Wisconsin, where an undercover agent ordered Viagra from an alleged e-mail spam and instead received herbal pills.
Nikolaenko was indicted on November 16 at the U.S. District Court of Eastern Wisconsin and faced up to five years in prison. He was accused of deliberately falsifying the header information of commercial e-mails and sending over 2,500 spam e-mails per day, both in violation of the CAN-SPAM Act of 2003. He was extradited to Wisconsin and assigned a case #: 2:10-cr-00246-CNC-1 in the Eastern District of Wisconsin. Nikolaenko pleaded not guilty and retained defense attorney Christopher Van Wagner, who stated: "We're prepared to present a rigorous defense." Wagner requested that Nikolaenko be released on bail as his wife and daughter were planning to travel from Moscow to the United States to attend the trial. However, bail was denied by U.S. Magistrate Judge Patricia Gorence. On December 21, 2010, Federal prosecutors turned over 4,600 of 6,000 pages of documents to Nikolaenko's attorney for pre-trial discovery. Information was redacted for the protection of witnesses. The trial was scheduled to begin by February 11, 2011, but later was adjourned. Nikolaenko later fired Wagner and retained criminal defense attorney Arkady L. Bukh who stated that "the previous motions by Nikolaenko's lawyers had been ruled by the judge in favor of the prosecution".
In June 2012, Nikolaenko agreed to a plea deal. On February 27, 2013, he was sentenced to time served plus three years of probation.
The M86 Security company stated that spam output from Nikolaenko's Mega-D botnet fell below 5% of the worldwide total by December 2010. Spam e-mail traffic dropped sharply worldwide during the 2010 holiday period while Nikolaenko was detained, though Paul Wood of computer security firm Symantec attributed the downturn to the disruption of various other botnets, including Rustok, Lethic and Xarvester. According to information technology experts, Mega-D is no longer considered a very large network, though it may have been the largest designed specifically for spam.