Big data and data science is not just for good guys. If properly leveraged, it also provides competitive advantages for criminals, over their competitors, or to avoid detection.
Traditional Botnets (used for spam, phishing and other crimes) require a large network of infected machines to work. With better data science capable of identifying these zombie machines and shutting them down, spammers have found a new solution. This new solution is also less illegal as it relies on real email accounts that they own.
So how do they do it on a large scale? They open millions of accounts on Gmail, Yahoo and especially Hotmail. To open these accounts, they use automated web robots deployed in an highly distributed architecture, possibly using a traditional Botnet.
I know this because they actually resell these accounts. Once you have purchased 10,000 of these verified Yahoo email accounts for $100 on Bulkaccounts.net, you receive the list of logins/passwords in a spreadsheet, and now you can start sending your spam. You will need another web robot to log on automatically on all these accounts, compose a message and then get it sent out - but it's easy to find a hacker working remotely overseas and paid via Paypal. I'm assuming that after a few hundred messages per account, these Yahoo accounts will be terminated, but in the meanwhile, they have offered the criminal a possibility to massively deliver his payload - typically spam messages with links to get your computer infected, turned into a bot, or get your personal info stolen.
We see a huge number of these zombie users trying to sign-up automatically on social networks, bypassing the captcha and other sign-up filtering mechanisms. For now, they are easy to identify because
I'm sure they know how to do better, but it must be working for them since they've been doing this activity relentlessly for more than 6 months now, without being shut down. In our case, we do not ask you to confirm your email address after sign-up, as these email addresses could be used as traps to get us blocked by Yahoo mail or Gmail, in what is known as bounce attacks or other related schemes.
To compound the problem, large email providers such as Gmail generate so many false positives (when flagging a message as spam) and change their system all the time (read about they most recent innovation) that I believe some rogue companies - not just criminals anymore - will be tempted to pay for these new Botnet services, hoping to achieve better email delivery rate than what newsletter management vendors currently offer.
I can even imagine, one day, a rogue company, trying to kill its competitor by running giant spam campaigns to promote the competitor website. Until the competitor website gets shut down or their clients have vanished.