Slashdot Mirror
California ISP Sues Spammer and Wins
San Jose, CA, August 2, 1999 -- In one of the first cases of its kind, San Francisco Bay Area Internet service provider (ISP), Kepnet, took a spammer to court in order to recover damages and won. On July 29th, Los Gatos Small Claims Court awarded Kepnet $600 compensation plus court costs for damages caused by a spammer's unauthorized use of its network.
Kris Rallapalli, President of Kepnet, caught the spammer abusing his network by sending large quantities of unsolicited e-mail messages. By filing a suit in small claims court, Rallapalli took advantage of California Assembly Bill 1676, passed in the summer of 1998, which makes it easier for ISPs to collect damages from spammers.
"Our objective with the suit was simply to collect those damages that were tangible," Rallapalli said. "That is, the number of hours it took us to find the problem and minimize its adverse effect on the network. It didn't include potential harm to our reputation."
Until this new law took effect, ISPs had to bear the burden of costs associated with repairing network damage due to spammers, who send mass e-mail messages using an ISP's network facilities. This can cause jams and sometimes crash servers. The new law expands and clearly enumerates the list of prohibited advertising practices to include spamming, making such activity illegal and allowing significant punitive penalties.
"I hope that other ISPs in California will pursue this kind of action if they have spammers, too." Rallapalli said after the verdict. "Because now there is legal recourse they can take." Using small claims court expedited the process for Kepnet. "It was fast and inexpensive," added Rallapalli. "We didn't even need an attorney, and the judge's decision came back in just a few weeks."
Hoping that other ISPs will follow suit IF they have spammers?
Seems to me that any ISP which doesn't have some sort of substantial and followed-up-on policy to discourage spammers (and some that do) is going to have spammers sending from their service from time to time.
"Somebody exploded a letter-bomb today
I don't see why not. News messages are propagated by an ISP's news servers, and end up on other news servers. The spammer is still misusing the ISP's hardware, albeit the recipient list is probably smaller. The Usenet "community" is pretty good about finding spam messages in the higher groups-- cancel bots handle a good portion, and rogue cancellers catch some others. Most of the times I find that a spam message has already been canceled by the time I get to click on it. This only works if your news server supports cancels, though. A side note: If you do find spam and don't want to decode all the headers yourself, take the message (headers included) and paste it into SpamCop. They generate the emails to the appropriate abuse addresses, and even send them out to you if you register (it's free; I use a decoy hotmail account to do my spam reporting). Only you can help prevent spam.
The ISP I work for did this too a while back, the first of it's kind in Canada, I believe. Here's the release they sent out:
I.D. Internet Direct. Ltd. successful in suit against junk emailer
April 1, 1999, Toronto - In the first successful lawsuit of its kind in Canada, independent Internet service provider (ISP) I.D. Internet Direct Ltd. today announced that the court has ruled in its favour in its recent application for an injunction against junk emailer Cory Altelaar. The ruling grants I.D. Internet Direct. Ltd. an injunction preventing Cory Altelaar from delivering junk email through its systems and awards the ISP a reimbursement of its legal costs.
"This is a ground-breaking ruling in the struggle against junk email in Canada," says John Nemanic, President of I.D. Internet Direct. Ltd. "If Mr. Altelaar violates the court order and attempts to use our services for junk email again, he'll be looking at some serious charges."
Nemanic says that his company received several calls and emails of support from other ISPs who were similarly abused by junk emailers (also known as "spammers"). "We want to thank our lawyer, Andrew Lundy of Brunner and Lundy, for his fine work in this case," says Nemanic. "This ruling sends junk emailers a serious message: this activity is not legally acceptable in Canada. You can try to hide, but you will be caught and risk prosecution if you abuse the Internet."
Jeff Higgins
www.hal9000.cc
- el jefe -
www.hal9000.cc
Exactly. If you intentionally run an open relay, you are implictly authorizing access to everyone.
Also true. I doubt this ISP was intentionally running an open relay. They probably got hit with the quoting exploit that's in a lot of pre-8.9 sendmails (or could be any number of other sendmail exploits). ORBS has a good list of them.
This message has been scanned for memes and dangerous content by MindScanner, and is believed to be unclean.
I'm not worried about ISP's who sue spammers for abusing their networks...I'm worried about ISP's who take cash up front from spammers...kind of like the USPS does from Ed Whathisface. You know its coming, and you don't get to sue for GETTING spam, do you?
Problem is, most ISPs won't sue. ISPs are in the business of providing IP connectivity, not suing spammers. Small ISPs don't generally have the money to bring about such suits in the first place, and large ISPs don't have the time to launch a dozen suits against every day's load of new dialup spammers.
What I want is something like the WA state law, which allows for a "private right of action" against the spammer. This allows the recipient of the spam, not the ISP, to sue. If the spammer doesn't show up in court to defend itself, a default judgement is entered against it, and the judgement can be sold off to a debt collection agency.
(Yes, if you live in Washington, that next spam could be worth up to $500! MAKE MONEY FAST!)
What's interesting about the WA state law is that most of the cases where people have collected $500 for being spammed haven't gone to court. Often, a demand letter in an amount less than $500 is all that's required, and the spammer, knowing it hasn't a hope in hell of winning in court, and wishing to avoid an encounter with the legal system, merely forks over the cash.
OK, that's the theory. Now the practice. Here's a guy in Washington, who sues spammers for fun. He's collected $3,900 to date.
If you live in Washington - go thou and do likewise.
I've gotten a few spams in Chinese. Romance languages I can handle, but I have no idea what "Remove" looks like in Chinese.
Laws against the private use of encryption between two willing parties are bad. They infringe on my right to free speech and privacy.
Laws against spam are good. They infringe on a spammer's ability (not right) to steal bandwidth and services from others without fair compensation. If you really want to send or receive spam, there are many opt-in bulk email services out there that will be happy to serve you (getting back to the "private use" and "willing parties" thing again).
I don't see anything wrong with being in favor of not regulating voluntary, willing free speech, while having laws against theft.
Because the laws are only good if we use them, I've been working on a project to help ISPs and network administrators sue spammers using existing laws. The URL is (drum roll, please)... http://www.suespammers.org. Thanks to Paul Vixie of MAPS for hosting it.
If you'd like to get involved, sign up for the mailing list and/or write to me directly. I need state coordinators, commentators, tech support, legal advice... just about everything. Mum's the word...
--Tom
Tom Geller
Progman said:
As someone who's been fighting the good fight against spam for some time ;), I can tell you that yes, indeed, spammers do exploit security holes. A rough list:
Third-party relaying being turned on by default IS a security hole anymore, and spammers increasingly target sites that have poorly configured or ancient versions of sendmail or other "wide open" mail daemons. (Particularly bad ones in this regard are foreign servers in Asian or African countries (there's an increasing amount of spam being relayed through open servers in India and Pakistan and breakaway "formerly-Soviet" countries), unsecured standard IRIX sendmail, unsecured older Sun sendmails...don't even get me started on IBM mainframe mail daemons... :P)
Some spammers increasingly target mail daemons with othervulnerabilities as well. Older versions of IRIX sendmail and unpatched versions of IBM VM SMTP (a mail daemon for IBM mainframes running VM/CMS or VM/EISA) in particular can be and have been abused by spammers to hide the true source of a spam by forging paths; both of these have two separate security flaws in that they are both wide open to third-party relaying AND they leave no identifying info (IP lookup, etc.) in the headers--in other words, they can be used as essentially anonymous sites for spamming, and the only way to find where the spammer is really from is to talk to the admin and have hir look through the logs. It's also fairly non-trivial to fix these, as IBM no longer supports VM SMTP (I spent a fun summer sending "unsupported" patches to sites running IBM mainframes that had been relay-raped... :P) and most IRIX boxen still running those old versions of sendmail aren't supported by SGI anymore.
Spammers have, on occasion, been known to launch denial-of-service attacks against others, usually admins or anti-net.abuse activists who have reported on their behaviour. This is so common that it's now known as "joe-jobbing" (after joes.com, attacked by the "Herbalife serial spammer" after the spammer's web-page was yanked; the spammer forged a spam appearing to be from joes.com's admins and meant to get him mailbombed, and the resulting volume of mail was so heavy that it knocked both joes.com and its upstream site off the net). Spammers have also been known to "listserv-bomb" (taking advantages of security flaws in some list-servers that don't "ack" whether someone wants to be added to a list), abuse mail-2-news gateways to mailbomb someone (taking advantage of security flaws), abuse *.test autoresponders to mailbomb people, abuse the "sendsys" command in Usenet news to send mailbombs (sendsys bombs are nasty) and "Hipcrime" (use a Usenet script to send forged supercedes to a group) persons. Many of these attacks themselves abuse security flaws.
Usenet spammers abuse open NNTP servers (servers available to posting by anyone; usually the admins don't intend for this to happen), mail-2-news servers, or sites known to have lax policies against net.abuse. Most spammers use the open NNTP route; it is precisely because of abuse of open NNTP servers and mail-2-news gateways that very few legitimate servers are still around.
It's been reported as of late that spammers are taking advantage of a specific flaw in sendmail to defeat blocks against third-party relaying.
There have been a very few confirmed reports of spammers who have actually compromised the machines of others to spam.
This isn't a case of someone finding a security hole, changing a web-page to say something clever, and saying "OK, you got owned, here's how we did it". The spammer tends to use a security hole either to make it more difficult or impossible to be traced (to make it harder to tell the admin to spank the Bad Person and make him go away), to use a third party's machine without permission because they know that their home site will spank them (and you try telling an admin whose server has been relay-raped that they should be "grateful" that the spammer found the hole--especially if the poor guy is in Pakistan, and is using an ancient machine, and has to pay by the byte to the national telco, and his country doesn't HAVE that much bandwidth to begin with...), or to get back at someone who has caused them to be spanked. It's the same as a script-kiddie who got pissed off he got k-lined from an IRC server for excessive use of nuke scripts, and now he's gonna try to break into somewhere else so he can nuke folks for jollies or he's gonna try to crash the server that gave him the boot. No different, really.
Also--just as an aside, and speaking from experience dealing with 'em--most serial spammers (those who get bounced from site to site, yet continue to spam and spam and spam--folks like Jeff Slaton, "Krazy" Kevin Lipsitz, and Sanford Wallace when they were actively spamming) are probably sociopaths of some sort. It takes it literally making it a) impossible for them to spam or b) costing them so much in time and money that it's no longer worth it to them to make them stop; they have no consideration for others outside of themselves. Sanford Wallace is an especially interesting case in this regard; he is the main party responsible for getting junk faxes banned in the US (he used to be one of the larger junk faxers in the US), kept spamming till he was almost literally run off the Internet and thrown in jail for contempt of court, and may well be one of the main parties responsible for spam being banned in many states. I'm not certain what is to be done with the main problem; hell, psychiatrists can't figure out how to cure sociopaths, and many psychiatrists think the only thing to be done for them is to lock them away so they can't hurt themselves or others. *shrug*
-Windigo The Feral (NYAR!)
A slightly off-topic comment on part of your comment:
Perhaps the script kiddies have a point when they say "you should be glad we pointed out your security holes." After all, would you rather have a mostly harmless script kiddie point out the security hole to you (without actually doing anything other than changing your webpage, and often even backing up your original page for you) than have the security hole remain open and undetected for truly malicious people, such as spammers, to exploit?
10 PRINT CHR$(205.5+RND(1)); : GOTO 10