Internet Defense Technology

I am getting back to my email spammer series with Michael Dolan as he was recently (a few days ago) sentenced in Connecticut federal court to seven years in jail plus three years of supervised release. He’s pled guilty to fraud and aggravated identity theft.

His crime (along with others who all pleaded guilty, as did Michael Dolan in 2007) was to hunt through AOL chat rooms for user ids. Those user’s would get a “greeting card” spam seeming to come from places like Hallmark.com or BlueMountain.com.

These email spams would actually installed malware (programs which spied on all the activities you did on your computer and sent the information to someone) on the victim’s computers. So, the next time the victim attempted to log onto AOL, the malware would ask for credit card numbers, bank accounts, and other personal info. If the user refused to cough up, the malware prevented them from logging in.

Allegedly Michael Dolan engaged in various forms of witness tampering, including a death threat, during the trial.

Dolan’s scam brought in over $400,000 from 250 victims.

Previous criminal record (he is only 24 years old) include being sentenced to two years of probation after pleading guilty to a misdemeanor count of accessing a computer without authorization. His probation was revoked in 2006, after the ruling judge discovered that he had taken several trips out of state, including at least one trip overseas. Dolan was then sentenced to nine months of imprisonment, and was charged in the AOL scam on September 28, 2006.

After an unusually long sentencing hearing (it lasted two-and-a-half days), Judge Marsha Pechman handed down her sentence in the U.S. District Court for the Western District of Washington in Seattle.

Per the Official Press Release from United States Attorney’s Office: “ROBERT ALAN SOLOWAY, 29, the owner of NEWPORT INTERNET MARKETING CORPORATION of Seattle, Washington, was sentenced today in U.S. District Court in Seattle to forty-seven months in prison and three years of supervised release for Mail Fraud, Fraud in Connection with Electronic Mail, and Willful Failure to File a Tax Return. In addition, he was directed to perform 200 hours of community service. At a later hearing, U.S. District Judge Marsha Pechman will determine the total amount of restitution SOLOWAY owes to the victims of his spamming.”

There has been a lot of press on this being this is one of the biggest trials of an email spammer to date. Just some of the articles I found:

• Blogger News: Will One Spam King’s Conviction and Another’s Escape Mean Less E-Trash on the Internet?, July 25th
• The News Tribune: A lovely prison term for the ‘spam king’, July 25th
• Biz Journal: ‘Spam King’ Soloway given 47-month prison sentence, July 23rd
• PC World: Top Spammer Sentenced to Nearly Four Years, July 22nd
• The Spam Diaries: Word from the Soloway sentencing hearing, July 15th
• CIO: Soloway Case Reveals Big Business Behind Spam, July 15th
• Computer World: Judge delays ’spam king’ sentencing, July 14th
• Komo News: Victims testify at Spam King’s sentencing, July 11th
• Seattle PI: ‘Spam King’ defied Feds, now faces up to 20 years, July 11th

McAfee did an interesting little experiment of signing up a bunch of people to answer every single email spam they got.

The idea scares me to no end, but if someone else is going to fund it all and set me up with separate identities so my real stuff doesn’t get hit, then I might do it.

There was a lot of coverage of it while it happened like here and here.

You can see the conclusion at their site the S.P.A.M. Experiment.

John R. Levin, author of The Internet for Dummies and Fighting Spam for Dummies, was kind enough to answer some of my questions for my blog. You can find out more about him at his website http://www.johnlevine.com/.

1. What do you see as the worst ramification of spam?

It makes people lose confidence in e-mail, which is one of the most important advances in communication in the past 40 years.

2. Will we be seeing an increase or decrease in spam in the next few years?
2b. Why?

The amount sent will increase, the amount that ends up in people’s mailboxes will be about the same. The spammers don’t seem to be advancing any faster than the filters.

3. Where do you think spam is heading?

I fear it’s still on track to destroy e-mail. At this point spam is about 95% of all mail, which means there’s 20 spams for every real message. That’s an enormous burden on the people and systems that handle e-mail. Also, although a decade ago spam was an annoyance primarily caused by small scale amateurs, these days it’s entwined in major criminal enterprises that rake in millions of dollars a year from the suckers who respond to spam.

4. Does the CAN-SPAM act actually do anything to reduce spam?

No, of course not, since it makes most kinds of spam legal. (Think of it as short for “You CAN SPAM if you follow these simple rules.”) There are quite effective anti-spam laws in Australia and New Zealand, moderately effective ones in the EU, and a promising one working its way through the Canadian parliament. But not here. CAN SPAM is in practice only useful against fraudulent spam, which would be illegal for other reasons anyway.

5. What do you think it will take to stop spam?

A will to stop it. The reason we have all this spam is that at way too many levels it’s easier to duck the issue than to face it. For example, most spam these days is sent through “zombies”, Microsoft Windows computers that are remotely controlled via a virus or worm. Do we hold Microsoft responsible for shipping defective software that is so easy to compromise? Nope. Do ISPs quarantine infected customer PCs that are sending spam? A few do, most don’t. You get the idea.

6. What type of spam filtering is most effective?

Spammers evolve to evade filters, so you need a filtering system that uses many techniques and is frequently updated to adjust to the latest tricks. Large ISPs like AOL and Yahoo tend to do a good job of filtering, as do some of the dedicated filtering companies.

7. Tell me about yourself and your involvement in email spam.

My background is quite technical, with a PhD in computer science. In 1993 I wrote “Internet for Dummies” which turned into a surprise smash publishing hit, and since then other books. In each book I’ve put an address for readers to write to, which means that I’ve gotten a lot of mail and, in the past decade, an increasing torrent of spam. (You think you get a lot of spam, imagine what it’s like for someone who’s had the same e-mail address for 15 years.) So I started figuring out what to do about the spam, and seem to have evolved into a Famous Expert.

8. Any other thoughts you would like to share?

Spam is a really interesting social phenomenon, from the crooks to send it to the suckers who fall for it to the ragtag bunch of people who try to deal with it. Some of the anti-spam people I know are among my closest friends, others seem to be using it to work out personal issues that might better be addressed via something like primal scream therapy.

Oh, and check out “Mobile Internet for Dummies”, coming to a bookstore near you this month. It doesn’t say too much about spam since there isn’t much mobile phone spam. Yet.

I found this article today and thought I would share it. I haven’t checked to see if this is in fact the first one, but his research looks pretty good and gives you a good idea of how this whole email spam thing started:

Reaction to the DEC Spam of 1978

Intro line says:

“Possibly the first spam ever was a message from a DEC marketing rep to every Arpanet address on the west coast, or at least the attempt at that.”

So, if you get an email that falls in one of these categories:

• Seems suspicious or makes you wonder if it is real in some way
• From someplace you don’t have an account as far as you can remember
• From someplace you do have an account but the message doesn’t seem right (and sometimes even if it does seem right)

Don’t click on the link in the email!

One of the ways spammers make money is by stealing your personal information and then using it (definition of phishing).

This doesn’t always have to be your bank account number.

For example, say you are paying someone to advertise for your business (like Google AdWords). Someone pretending to be the advertiser send you an email that says you need to login to your account and check/verify/change/fix something.

You click the link from the email into the site.

You think you are going to adwords.google.com but you are actually going to adwords.google.cn.com or something similar.

When you put in your account username and password, you have just given the spammer your username and password.

Sometime later you login to the account yourself and discover that you have been running ads for another website and you got charged for it.

The morale of the story:

If you get an email, don’t click on the link in the email. Instead open your browser and type the address yourself. Then you can check it yourself and make sure there isn’t really something you need to do and you don’t give your information to a spammer.

Want more survey results for my Email Spam Survey, will only take a few minutes if you don’t mind.

Continuing my Who are the Biggest Spammers series:

Mr. Alan Ralsky’s organization, based in Michigan since 1997, uses Chinese, European and US-based servers to host and send spam to millions of email boxes daily. He apparently began his spamming career when his licenses to sell insurance were revoked in Michigan and Illinois in 1996.

He personally (well, his company) sends millions of unsolicited email messages selling everything from diet pills to online gambling. He claims that his business is legitimate and that his emails are not spam.

Unlike most spammers, he has provided interviews to various newspapers, although he claimed to be a commercial e-mailer rather than a spammer. He stated that his was a legitimate business which complied with all laws.

He gained much of his notoriety following a December 2002 interview with The Detroit News. The article was soon posted to Slashdot and the address of his newly built home was posted to Slashdot not long after that. Hundreds of Slashdot readers then searched the Internet for advertising mailing lists and free catalogs and signed him up for them. As a result, he was inundated with junk mail. In a Detroit Free Press article on December 6, 2002, he is quoted as saying “They’ve signed me up for every advertising campaign and mailing list there is … These people are out of their minds. They’re harassing me”.

Another fun tidbit - Not only does Ralsky operate as a spammer, but he also provides hosting services to other spammers.

Alan Ralsky legal history:

In January 2008, Ralsky and ten others were indicted based on results of a three-year investigation. The indictment included stock fraud charges stemming from a “pump and dump” scheme. Ralsky was arraigned on the charges but was silent during the arraignment, so a plea of not guilty was entered on his behalf.

In early October 2005, a warrant was unsealed, showing the Federal Bureau of Investigation (FBI) raided Alan Ralsky’s home in September. In the raid, the FBI took computers, financial records, and even The Detroit News article cited earlier.

In 2002, Verizon sued Mr. Ralsky for causing their network to freeze twice. The lawsuit originally sought $37 million, but was settled out of court for an undisclosed amount. Ralsky is no longer allowed to send email over Verizon’s networks, but admits no wrongdoing in the case and has vowed to continue sending bulk email.

In 1994, Mr. Ralsky was convicted for falsifying documents to defraud two banks in Michigan and Ohio and was fined $74,000.

In 1992, Ralsky was sentenced to 50 days in jail and ordered to pay $120,000 in restitution for failing to deliver a contract involving unregistered securities.

More good stuff for the Who are the Biggest Spammers series:

Robert Alan Soloway is the founder of “Strategic Partnership Against Microsoft Illegal Spam,” or SPAMIS, but is said to be one of the Internet’s biggest spammers through his company, Newport Internet Marketing (NIM). He is also considered one of the top spammers on the planet (well, until he got arrested).

Soloway used computers infected with malicious code to send out millions of junk e-mails since 2003. The computers are called “zombies” because owners typically have no idea their machines have been infected.

He has been sued multiple times (more below). In the summer of 2005, a court ordered him to no longer break the law. That didn’t help as he continued.

Recently, he was arrested on May 30, 2007 after a grand jury indicted him on charges of identity theft, money laundering, and mail, wire, and e-mail fraud. He was nicknamed the “Spam King” by prosecutors. In March of 2008 he pled guilty to most of the charges against him.

The indictment (actually the third indictment, since each time Soloway asked for a postponement, the government got to refile with more charges) made three categories of charges.

Counts 1-10 were mail fraud, due to Robert Soloway delivering his spamware through the mail, notably including 30 million addresses purported to be opt-in. Counts 11-17 seven were wire fraud, sending spam making false claims about the product, support, guarantee, etc. Count 18 was CAN SPAM fraud, forged mail headers. Counts 19-25 were identity theft, sending spam forging other people’s return addresses. Counts 26-27 were for failure to file income taxes, and 28-40 were money laundering, using his ill gotten income to pay for further lawbreaking.

According to news reports he pled guilty to wire fraud, CAN SPAM fraud, and tax evasion, but not identity theft.

Previous legal problems include:

Microsoft filled a lawsuit in December 18, 2003, against NIM and 20 “John Doe” defendants for spam sent through MSN and Hotmail services. Microsoft won a $7.8 million civil judgment against him.

In early 2005, a King County (Washington) superior court judge ruled that Soloway was in default on the spam lawsuit originally filed by Microsoft (Microsoft never got paid, not that they need it).

Later in 2005, Robert Braver, an internet services provider based in Oklahoma, was awarded $10,075,000.00 in another spam-related case against Soloway. In this lawsuit, a permanent injunction was issued against Soloway, enjoining him from further spam activities.

Update: Robert Soloway Update: 4 Years in Prison

Continuation of Who are the Biggest Spammers series:

Now we have Vincent Chan is the top Chinese spammer and stays near the top of all major spammer lists (possibly why we have seen such a dramatic increase in spam from this country).

He works together with (presumably his brother) Lap Chung Chan and a small group of Chinese spammers. They specialize in pharmaceutical type spam (viagra, enlarging body parts and so on) but have also been known to spam for watches, toner, ink cartridges and mortgages.

Chan and company were the first to massively abuse Geocities redirectors in 2004/05. He automated the building of pages whose sole purpose was to redirect the user to the actual target website. This allows the spammer to get around numerous well-established spam filters, which would never block a geocities domain, since Yahoo is widely whitelisted on most block lists.

Now they seem to be into hosting redirectors on compromised Windows machines. In addition, Vincent Chan has his own hosting set up (which he also sells to other spammers) that have popped up all over China.

He seems to have an unlimited supply of compromised machines as you can’t just block any one address. In addition he is regularly compromising other’s machines to use to send out his spam.

Sites he creates are characterized by hidden links and site redirections.

Doesn’t sound like he is going to change his ways anytime soon. Best to just get a good email filter to block it all.

Continuation of Who are the Biggest Spammers series:

Next up is Sanford Wallace (also known as “Spamford”) because of the recent case he lost again Myspace, to the sum of $230 million. See Walter Rines for more information on what they have done together.

Wallace, previously owned Cyber Promotions (also called Cyberpromo), a Philadelphia-based junk e-mail firm, which reportedly sent out 30 million spams a day until two ISPs forced him to shut down.

While head of Cyber Promotions, Sanford Wallace was considered cyberspace’s most hated person in the 1990s. Tactics like false return addresses, relaying, and multihoming were among the questionable practices used by Cyberpromo to ensure the penetration of their advertising.

In April 1998, Wallace publicly announced that he was quitting the spam business. Cyberpromo was converted to an opt-in email marketing company and renamed GTMI. The new company was plagued by major financial problems, as well as the spectre of its former self, with large numbers of people unconvinced of Wallace’s change of heart. Wallace pulled out of the new venture quickly. GTMI’s unshaken legacy eventually led to its rapid demise.

In 2001 he was linked to a website, passthison.com, which utilized multiple-window launching to snag Web viewers, an advertising practice rarely seen outside of the online pornography industry.

An additional spyware case landed a $4 million judgement against him in 2006.

Prior to his email spam ventures, Wallace had gained notoriety in other questionable marketing circles, as a heavy utilizer of junk fax marketing, a practice outlawed in the U.S. since 1991.

Might want to pull out while he still has some money left and enjoy a quiet vacation somewhere.