The infamous Sanford Wallace has finally pleaded guilty to sending 27 million spam messages on 500,000 Facebook accounts he illegally accessed Reuters

Sanford Wallace, a Las Vegas man who proclaimed himself the 'Spam King', has pleaded guilty to illegally accessing about 500,000 Facebook accounts in order to send out 27 million spam messages. The posts were disguised as messages from friends and sent to Facebook users over a three-month period.

Prosecutors said that Wallace gained access to the Facebook accounts by sending phishing emails that tricked users to provide their social network passwords. He then logged into victims' Facebook accounts and posted spam messages with malicious links on Facebook profiles belonging to friends of the victims between November 2008 and February 2009.

Wallace faces three years in prison and a $250,000 (£159,240) fine for electronic mail fraud, intentional damage to a protected computer and criminal contempt when he is sentenced officially in December. In addition, by sending the messages, he also violated an existing restraining order banning him from accessing Facebook's servers issued in 2009.

A long history of spamming

Sanford Wallace, the self-proclaimed "Spam King"
Sanford Wallace, the self-proclaimed "Spam King", in a picture posted to his Google Plus page Sanford Wallace, Google Plus

In March 2009, Facebook sued Wallace and two other spammers in an effort to cut down on spam and phishing schemes being carried out on the social media network, and a federal judge ordered Wallace to stay away from Facebook.

Wallace later filed for bankruptcy after being told to pay Facebook $711 million in civil damages for violating the Computer Fraud and Abuse Act in October 2009, but this was not the first time he had been sued.

Before the internet, Wallace was known to send people junk faxes, but after the dot com boom, his email marketing firm Cyber Promotions was one of the largest sources of unsolicited emails in the world.

He also infected computers with spyware using SmartBOT, another firm he owned, and was sued by AOL and Concentric Network in 2006. He was eventually ordered to pay damages in the amount of $4.1m, before MySpace sued him successfully for $234m in 2009.

Wallace returned to Facebook, violating a court order

Since then, Facebook has not seen any of the damages it is owed by Wallace, but despite all the trouble he had caused, Wallace was never convicted on any criminal charges, until a federal grand jury decided to indict him in August 2011.

Following Facebook's lawsuit in March 2009, the FBI embarked on a two-year-long investigation into Wallace's activities on Facebook, discovering in the process that he had logged into Facebook in April 2009 during a flight from Las Vegas and New York, just one month after he had been issued with the restraining order.

Investigators also found Wallace had set up a new Facebook profile in January 2011 using the name "David Sinful-Saturdays Fredericks".