Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Forged Spam a Crime?

Posted by CmdrTaco on from the buy-toner-now dept.

PJRC2 writes "ABC News.com has an article about a man who claims he commited no crime in sending millions of AOL users porn and make-money-fast spam and making the messages appear as though they came from ibm.net. " We're going to see more of this in the future. I think forged spam should be punishable by death, but I probably get more of it than most people ;)

21 of 249 comments (clear)

  1. Trademark Infringement? by BoLean · · Score: 5

    Wouldn't this count as Trademark Infringement? Since domain names have precedent as being covered under Trademark law, shouldn't abuse of domain names also fall under Trademark/IP law? Unfortunatly this would put the onus on the abused company to do anything. Matbe IBM should get in on the action.

    1. Re:Trademark Infringement? by Sloppy · · Score: 3

      Wouldn't this count as Trademark Infringement?

      Hmm... is IBM known for sending spam? If so, then I guess they could make a case that the perp misled people into thinking they were getting name-brand spam when it fact they were getting a cheap knock-off.

      On the other hand, if IBM isn't in the spam business, then it should be hard to convince a judge that a trademark was infringed.


      ---
      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  2. Treat it like any other form of forgery. by Bowie+J.+Poag · · Score: 4



    Ding-Ding-Ding! All aboard the Logic Train! (tm)

    If I try and pass a check at a band with a signature other than my own, that's illegal. I'm convicted of check fraud, and I go to prison.

    If I walk into a bar with a fake ID, or attempt to purchase a firearm go with false identification, I'll get busted as well.

    If I send a piece of mail through the US Postal Service posing as someone I'm not, then bingo, i'm guilty of mail fraud.

    Now, in the case of fradulent spam, I attempt to tell tens of thousands of people I am someone who I'm not. Worse yet, i'm trying to use that identity to sell something. Why should that form of fraud be punished any differently than other forms of fraud?



    Bowie J. Poag

    --
    Bowie J. Poag

  3. Actually, these forgeries are very common by BlueUnderwear · · Score: 5
    Am I the only one who occasionnaly takes a (cursory) look at the spam they get? Forged spams are really common. The next time you get some spam, take a look at its headers. 7 times out of 10 the easily visible, and also easily forgeable From header doesn't agree at all with the more diffultly forgeable Received headers. This makes sense: within hours, the spammers (apparent) ISP is flooded with complaints, and closes the spammers account if he was careless enough not to forge his headers.

    However, there are always a certain percentage of readers who know about these forgeries, and the spammer will lose his account eventually anyways. Btw, there is even a even a web site in which you can paste your spam, and which automatically sends complaints to the correct places: Spamcop.

    So, unless this forgery was done with the express purpose of annoying someone at IBM, don't make it into a criminal case; it's just business as usual.

    --
    Say no to software patents.
  4. Nail 'em to the wall! by Tackhead · · Score: 5
    There's ample precedent for this:

    Juno and Hotmail have sued spammers (e.g., the "TCPS" spammer from a couple of years back) for forging their domain names into fake email addresses inserted in the From: header. The forging caused clueless people to send countless bogus abuse reports to Juno and Hotmail abuse desks, consuming their resources. IIRC, uu.net got into the act too, as most of the spams were coming from a long series of uu.net dialups in an area of NYC that didn't have caller-ID.

    There's the "flowers.com case", where a spammer issued a forged HELO flowers.com when doing a spam in order to fool (ancient) versions of Sendmail into hiding the spammer's originating IP address when raping a third-party relay. $65000 in damages because it defamed the legitimate owner of flowers.com at the time.

    It's trademark infringement as well. You purport that your mail comes from AOL, it's AOL's business that you're using their domain name. AOL's landsharks have been known to sue spammers for falsely implying that spam comes from AOL. More power to 'em.

    Finally, in the cases of "joe jobs" - where a spammer will forge spam in the name of someone in order to target the forged party for harassment - it's obvious that there's intent to defame, harass, and of course, willful misrepresentation.

    The forging of headers in unsolicited bulk email should be at the very least a civil, if not a criminal, offense.

    The real problem, of course, is that since your average spammer lives in a trailer surrounded by beer cans and chicken bones, collecting anything from a spammer can be a real problem.

    Which is why it's relatively rare that ISPs sue or press criminal charges against spammers. More's the pity. There's a group of spammers operating out of Earthlink dialups in a manner identical to that of the TCPS spammer's abuse of uu.net dialups a few years ago, and Earthlink is doing nothing about it. More's the pity.

    But back to the original article on ABCNews:

    The son of a bitch not only spammed, but he raped a relay to do it. That's theft of computer services at a minimum, and given the number of bounced spams that probably came back to the raped relay at Market Vision, probably a DOS attack too.

    Throw the book at the son of a bitch and put his head on a pike. Pour encourager les autres.

  5. Why is this even a question? by Millennium · · Score: 4

    Forgery is already a crime in the physical realm. Why, then, should it not be also a crime in the digital? Leave the spam issue out of it, if you want; a forged letter is still a forged letter.

    1. Re:Why is this even a question? by muldrake · · Score: 3

      Forgery is already a crime in the physical realm. Why, then, should it not be also a crime in the digital?

      Indeed. Incidentally, while it may or may not be a crime to forge spam, it's a misdemeanor of the first degree to use a computer without authorization. (18 USC 2701.) I'm surprised this one isn't used more often. The "victim" of the crime would be the site used as a spam relay, and the result (overload of the system), being something any reasonable person would expect, could be construed as malice, resulting in the act being a felony, since obviously they are using the other person's system with the intent of avoiding their own system being wiped out by spam.

      A number of cases have shown that relay hijacking and use of trademarks in spam is trademark infringement.

      I think the argument that "forging spam" is itself a crime is somewhat bogus, I don't know why they don't go forward with some state version of the "Unlawful Use of Computers" statute, as this is a slam-dunk, while this "forged spam is crime" argument is pretty thin.

      Forgery generally refers to the forgery of documents for the benefit of the forger. This is a trickier claim to make. (Definition of forgery here.)

  6. Fake Spam? by StudentAction.CA · · Score: 3

    But isn't SPAM itself just fake ham? Seems like it's been fake from the start....

    --
    Driven by 100% sarcasm - fueled by the need to be heard.
  7. It's not even about spam, or email by mindstrm · · Score: 4

    The important thing to remember is not to get too technical.
    At a certain level, of course we can tell the message didn't come from IBM.
    But...
    The guy sending the spam.
    a) new that he was making his messages appear to come from IBM.net to the average user.
    b) was probably doing this without authority from ibm.net
    c) Was doing this for the express purpose of misleading the recipients of the spam into reading the spam. THIS is the really bad part. It's fraud.

  8. Re:Localhost.com spam lawsuit by __aapbgd5977 · · Score: 3
    The Localhost.com spam lawsuit was very similar to this, and that was a few years back. Didn't this set a legal precedent(or something similar)?
    I am a lawyer, but I'm probably not licensed in your jurisdiction. Regardless, I am not giving you legal advice. Please consult an attorney in your area before acting upon information in this post.

    The Localhost claim is different because the host there was suing for defamation. That's a civil claim, not a criminal charge. Also, it wouldn't be binding precedent - it was merely a low level ruling in a Colorado state court.

    No, I think this IBM case is much better. I've pursued cases like this with no success, because there is some question of consent by the "victim" if they were running an open relay. Regardless of how stupid it is, open relays are still very common, and spammers regularly abuse them. If the spammer somehow hacked the relay, that will help the case.

    The other aspect is the forgery - use of IBM's name. Another thread on this topic had a post talking about a guy who was calling other people and leaving a third party's name and phone number. Depending on your state law, that might not be forgery, because it's a voice communication. That's why the appropriate criminal charge there was phone harassment, which is usually an extremely low-level felony or a misdemeanor. Spam involves printing the actual text of the name IBM.COM in the email. That's the forgery. Making it appear as if IBM was sending it, that's the fraud. If it was my case, I'd also charge theft for any damage caused to IBM by the actions of the spammer - time lost on machine downtime, and cost to fix machines. Manpower and overtime to fix the problem might be worth asking for, too (probably depends on the judge).

    But if the IBM.COM machine was an open relay.... I dunno.
    ==
    "This is the nineties. You don't just go around punching people. You have to say something cool first."

  9. Re:Spam sucks, but worse than government? by Sick+Boy · · Score: 4
    Hell no it's NOT. We're using existing law to bitchslap a spammer. Not making new ones. This existing law doesn't harm our privacy, doesn't give any wiggle room that some of the state's laws give, ie the "well, what if I decide to sue somebody I do know for sending me (and only me) a single e-mail I didn't want (instead of bulk mailing something I didn't want)" winge.

    There is no opt-out.
    There is no invasion of privacy (those spammers obviously wanted to be contacted, or they wouldn't be sending out communications)
    There is no new legistation (fraud, forgery and misrepresentation are already on the books).

    In short, this could be just the ticket to stop spam. If forging headers is found illegal, then the spammers will have to use their real address. Then we can do a quick whois, hunt them down and kill them. Slowly. Uh- I mean, get their accounts cancelled.

    --

    --
    Does narcissism count as a hobby? --Shawn Latimer
  10. New York Times also covered this by new500 · · Score: 3

    Additional commentary can be found at the NYT

  11. No crime? by rde · · Score: 3

    What worries me more than the spamming is the fact that he hijacked someone else's box to do his spamflooding. However, I'm always suspicious of figures like $18,000 in caused damage.

    One thought: surely if AOLusers have a use, it's as spam fodder? If it wasn't for THEM we'd probably all be getting thee times as many invitions to vist mandy being spanked in her dorm.

  12. I can see his defense lawyer angling for.... by BranMan · · Score: 3

    An insanity defense!

    "Your honor, this man not only spams, deals in pornography, and forges addresses to hide his identity, but he truely believes he has committed no crime. He is obviously insane and should be cared for, not caged like a criminal. I have here several psychologists who have would like to testify as to..."

  13. Spam sucks, but worse than government? by tbo · · Score: 3

    Spam sucks big-time (especially forged spam), but do we really want to bring the government into this? The more the 'net community asks the government to get involved in regulating the net, the more they will... The problem is they won't ever stop. This is exactly the kind of ammo that anti-anonymity supporters want.

    Are there any technological solutions to this, especially forged spam? What about tighter permissions on mail servers, the Real-time Blackhole List, etc?

    Given a choice between dealing with spam (i.e., adding the sender to my spam filter), and dealing with an overzealous government, which would you pick?

    I'm all for vigilante anti-spam lynch mobs, though :-)

    1. Re:Spam sucks, but worse than government? by tokengeekgrrl · · Score: 3
      Given a choice between dealing with spam, and dealing with an overzealous government, which would you pick?

      If I were a business that had my network go down for any number of hours or days at a loss of thousands of dollars to my company, damn straight I would want the government involved.

      I atleast need to be able to seek recourse in the courts so that I can file a civil suit to collect compensation to cover the financial damage my company suffered by the network-trespassing-spamming-scum.

      - tokengeekgrrl
      "The spirit of resistance to government is so valuable on certain occasions

  14. Depends on the judge by ElecCham · · Score: 4
    Of course, IANAL...

    Many years ago, I had this guy from my school leave a bunch of very bizarre and often threatening messages on other people's answering machines and voicemail - and leave my phone number on it.

    I finally found one sympathetic company willing to play the message back to me over the phone - I recall it had something to do with "and I'd better be seeing that money soon, understand?" Of course, I recognized the voice, and I called my local police department to see what the law had to say on the matter... and guess what? It counted as telephone harassment, same as if he'd have called me directly.

    So, if'n I was IBM's bigshot lawyers, I'd go after them for either theft of services or harassment. It seems to me that ibm.net must have gotten flooded with "die fsckin' spammer" and "delete this account" messages... sounds like the same concept to me!

    --
    Make Money on the 'Net

    --
    Sig broken, watch for .finger
  15. Spam punishable by death... by Threemoons · · Score: 5

    On a related note, a number of my colleagues are insisting that China recently EXECUTED some spammers. Any stories/f.u. on that would be great!

    I wonder if the guards yelled "JUST HIT DELETE" before shooting the offenders...

  16. Defense? by calibanDNS · · Score: 3

    I hope that this trial somehow gets televised; I'm dying to know how this guy claims that no crime was committed. This should be more interesting than the OJ trial.

    ~CalibanDNS

  17. For a bunch of geeks... by DonkPunch · · Score: 3

    ...you guys sure don't know your RFCs very well.

    I'll give you a topic:
    SMTP IS NEITHER SECURE NOR AUTHENTICATED.

    Discuss.

    It says so right there in the RFC. You can lie in the headers. There is nothing to verify that the sender is who they say they are.

    If you're relying on the "From:" line of an e-mail to tell you from whence a message was generated, well, that's your problem. I guess you think hotsexx@youroffice.com is a real address, too.

    I hate spam as much as the next guy, but let's get real here.

    Being slashdot, I'm surprised nobody is claiming they have a First Amendment right to create bogus headers. What if he's doing it to make a political statement?

    --

    Save the whales. Feed the hungry. Free the mallocs.
  18. Localhost.com spam lawsuit by pnevares · · Score: 3

    The Localhost.com spam lawsuit was very similar to this, and that was a few years back. Didn't this set a legal precedent (or something similar)?

    Pablo Nevares, "the freshmaker".

    --

    Pablo Nevares, "the freshmaker".