New York Spam Ring Lawsuits

Iphtashu Fitz writes "Microsoft and the Attorney General of New York have announced multiple lawsuits against what they term as a spam ring operating throughout New York and responsible for sending billions of illegal junk e-mail. According to articles at ABCNews.com, CNet News.com and elsewhere the state of New York has filed 6 lawsuits against alleged notoriuous spammer Scotty Richter and accomplices. Richter is well known among the anti-spam community, holding the dubious distinction of being ranked number 3 on the Spamhaus Registry of Known Spam Offenders. Microsoft has seperately filed 5 other lawsuits."

Re:How about the people who hired the spammers?

[belmolis]

According to the article in the New York Times (p. C1, continued on C3) the suits are against three companies. The actual spammer named is a Paul Boes, who was employed as a marketer by the other two companies, Synergy6 and OptInRealBig. OpInRealBig is owned by Scott Richter, the guy named by Spamhaus as the world's number 3 spammer. So, yes, assuming that this is the way it works, they are going after the people who direct the spammers.

Re:Let the games begin!

[gorbachev]

This has nothing to do with prohibition, but the dubious background of the players in the game. A very large number of career spammers are career conmen with convictions for some type of fraud. Eddie Marin is a convicted coccaine dealer. Alan Ralsky has a number of shady business dealings in his past. Thomas Cowles defrauded his spamming partners and got jailtime.

In addition, large parts of the spamming business is ALREADY in the hands of organized crime, especially in countries like Russia where the mafia has moved onto every profitable business to get their cut.

Proletariat of the world, unite to kill spammers. The more painful and slower, the better.

Excerpts from OptinBig.com

[GillBates0]

Check out the website of one of the companies mentioned in the CNETNews article. It REEKS of hypocrisy.

Some interesting quotes from their website:

"TRUST: In most industries, especially in the Opt-in E-mail business, trust is the most vital, but surprisingly overlooked aspect of business. OptInBig and its employees not only understand this concept, but embrace and practice it on a daily basis."

"FYI: There are approximately 100 million unique e-mail addresses in North America-OptinBig has access to nearly half."

"OptInBig: Possesses over 45 million online consumers in its database;
Has lists available with a reach from 500,000 to up to 16 million online consumers;
Produces over 20 million page views per month on our clients' websites; and,
Delivers an average of 350,000 individual website orders per month.

For a free consultation and to learn which list is best for your current or future business needs, please call (303) 464-8164 to set up an appointment.

And most interesting: From their Acceptable Use Policy:
. SYSTEM AND NETWORK SECURITY AND INTEGRITY
Falsification of Origin. Forging of any TCP-IP packet header, e-mail header or any part of a message header. This prohibition does not include the use of aliases or anonymous remailers.

4. E-MAIL You may not distribute, publish, or send any of the following types of e-mail:
Unsolicited promotions, advertising or solicitations (commonly referred to as "spam"), including, without limitation, commercial advertising and informational announcements, except to those who have explicitly requested such e-mails.

Commercial promotions, advertising, solicitations, or informational announcements that contain false or misleading information in any form.

Harassing e-mail, whether through language, frequency, or size of messages.

E-mails containing forged or falsified information in the header (including sender name and routing information), or any other forged or falsified information.

In addition, you may not use Optin's mail server or another Web site's mail server to relay mail without the express permission of the account holder or the Web site. Posting the same or similar message to one or more newsgroups (excessive cross-posting or multiple-posting) also is explicitly prohibited.

INDIRECT OR ATTEMPTED VIOLATIONS OF THE AUP, AND ACTUAL OR ATTEMPTED VIOLATIONS BY A THIRD PARTY ON YOUR BEHALF, WILL BE CONSIDERED VIOLATIONS OF THE AUP BY YOU.

Re:How about the people who hired the spammers?

[Liselle]

The problem is that the order-taking/filling is just as distributed as the spammers themselves. There isn't a penis-pill warehouse the FBI can raid and shut down the whole operation. Small operators abound, and when you consider they can sell a $2 bottle of pills for $50, and take into account the zero cost of spamming... any idiot can do it.

It's like trying to smash hundreds of ants with your fingers. You can catch a few, but the rest are scattering all of the place, and none of them individually amount to anything important.

Re:Guantanamo Bay... - firing squad

[chimpo13]

Utah does (along with Idaho and Oklahoma). In Utah and Idaho (not sure about Oklahoma), it's an old Mormon thing about the need for blood atonement. Although, it's one of those things that most Mormons don't know/care about.

Like how it wasn't until the 1970s that black people could become God on their own planet when they die. Yes, when die a Mormon and you lived a good life, you become God of your own world. Although, I think that still applies only to men.

If someone reading this is Mormon and you get mad, don't get your special marriage panties in an uproar -- all religions are nutty. LDS is just more recent so it's pretty easier to pick apart.

For my next shot, I'll pick on Catholics for believing they actually eat the body of Christ and drink the blood of Christ. It's not just wine & bread once it's been consecrated. Most Catholics don't think about that, but ask a priest about it.

Re:Let the games begin!

[JimBobJoe]

I believe that you're on a good track. Not necessarily that the War on Spam will drive spammers into international crime, but the War on Drugs likely does serve as a good economic model for spam.

Right now states are taking out the dozen or so really big spammers. With time, it's possible that spamming will be changing scales, from a bunch of big spammers with a few little ones, to all little ones, which will prove much harder to find and prosecute.

The economic equivalent to this is catching large drug shipments as they are imported, and that causing a reduction in supply, increasing the price of drugs, and therefore the potential profits, for new entrants. There is after all .1% or something, of people who buy products from spam, as long as that does not go down (and it's at the very least stable) there will always be a place for new entrants. The internet has minimal barriers of entry and is very decentralized, and profits are likely worth it for the one individual spamming a few hours per day (unlike drug smuggling, which reaps rewards from centralizing services, and has the profits to justify the bureaucracy.) With that in mind, I can't see spamming going into the international crime rackets, except possibly as a way of protecting the spammers from legal action.

Actually, as I write this, I think a great economic based argument can be made that taking out the big spammers will increase spam. After all, any one big spammer selling penis enlargment pills was not in competition with himself. If we now have ten smaller spammers taking his place, and they are vying for that .1% who may possibly glance at the email, they will be differentiating themselves through more emails that are more creative. And that's when economic realities whack you in the head....

Re:In need of SPAM

[Lizard_King]

Tis nice retribution, but you would also be giving a notorious spammer a valid email address. Your own.

Re:So...

[sniggly]

Well the vulnerabilities have not been exploited to set up OPEN relays, theyve been set up to be closed email spam relays and web servers.

http://www.wired.com/news/print/0,1294,60747,00.ht ml ...his group controls 450,000 "Trojaned" systems, most of them home computers running Windows with high-speed connections. The hacked systems contain special software developed by the Polish group that routes traffic between Internet users and customers' websites through thousands of the hijacked computers. The numerous intermediary systems confound tools such as traceroute, effectively laundering the true location of the website. To utilize the service, customers simply configure their sites to use any of several domain-name system servers controlled by the Polish group, Tubul said.

450,000 of hijacked windows boxes are being used as spam relays and webservers and this only by one group...

MS is like the guy who left his carkeys on the bar while taking a leak and now suing whomever stole their car. While exploiting the weakness may be illegal it's also the stupidity of microsoft (not writing secure software even though win95 already necessitated it) that causes the thieves to have such an easy time.

Re:How about the people who hired the spammers?

[jcr]

It just goes to show that if companies are responsible corporate citizens (like mine!)

Umm, NO.

You're not a "responsible corporate citizen", you're a spammer. The burden of due diligence is *yours*, when you hire anyone to feed you leads. Hopefully, you're an ex-spammer, but time will tell.

-jcr

Where was the C&C warning on this???

[Eggplant62]

I'm in the middle of a community college library, trying hard not to laugh out loud at the news that Snotty Richter is going to get a taste of the legal hammers of NY State and MSFT combined. Remember, the current AG in NY, Eliot Spitzer, is the same fellow who sued spam factory Monsterhut in 2002. Monsterhut had sued PaeTec, their ISP, after service was withdrawn for AUP violations for their mass emailing. Monsterhut prevailed in front of the first judge in that case, however an appeals court ruling overturned that verdict. The whole legal mess pretty much left the principles behind Monsterhut, Todd Pelow and Gary Hartl, financially ruined (yay!) so that they easily closed their doors and ran. I've not heard an update on the story but if you can ping me on NANAE (Rev Egg Plant), I'd love to hear.

You Can Break "invisible bulletproof"

[NetworkImpossible]

If you are a major provider, it's quite possible to bugger up. Do NOT pass DNS traffic (udp originating at an arbitrary unprivileged port, terminating at port 53) across your peering points to arbitrary hosts.

You set up your own caching NS to never issue forwards to another NS. (but forwards go from 53 to 53).

Of course, the spammers will react to this by using non-standard ports, and probably by turning zombied machines into their DNS-poisoning faux servers. But that's no reason not to do it.

Of course, a certain large OS software vendor's inability/unwillingness to address security except as a PR problem for whitewashing, is why there are skillions of zombied boxes out there, and an important part of why spam is burgeoning. Still, they're doing better than the nineties when their 'security chief' was some bozo with a PR background.

That's usually Interstate Commerce - Feds' job

[billstewart]

Lots of states are making laws against spam, which let the legislators tell their constituents that they're Doing Something About It, which could theoretically lead to more votes if anybody got enough less spam to notice. In practice, almost all spamming is interstate commerce, and therefore the US Constitution puts it under Federal jurisdiction, not state. There are occasional places like California where a spammer based there might be annoying an email user in California to sell products from companies that are also based in California (mostly porn-website spammers), but it's rare.

State laws against spam usually make bogus attempts to claim that the spammer somehow is under that state's jurisdiction, and usually make bogus attempts to claim that the spammer should have known that the annoyed recipient is located in the state, but they're basically stretching most of the time. The main exception is for products that are sold by actual multi-state companies, e.g. if some Detroit car company marketing-critter were spamming about why you should by their product, they'd reasonably be under recipient-state jurisdiction because they've got dealers in the recipients' state, even if the message got emailed from Detroit or Korea.

It's way too easy for spammers, even under the new US Federal You-Can-Spam law, to generate cut-outs at the expense of a couple of disposable corporations. The corporations do contracts with each other absolutely guaranteeing not to ever ever spam, at the cost of not getting paid their commission, optionally with one of the corporations outside the US, and the worst penalty that happens is that if the direct spammer gets caught, John Ashcroft gets to burn their corporate charter papers at the stake but the real beneficiary has a nice paper trail indicating that they're perfectly innocent and they're shocked to find spamming going on in this establishment. And then they got spend another $50 for another disposable corporation and give them a contract requiring them to never ever spam again like their evil twin Zut did or they'll be spanked also.
A typical cutout situation is that New Jersey-based FakeViagra Inc sells a dozen cases of product to Bahamas FakeViagraByMail, Mon, Ltd, which isn't a dealer, it's just a supplier to health food stores. You can bust them, but not very effectively, and they can disappear if they want.