Monday, August 18, 2008

Some Spammers Are "Getting Out Of The Business"

If you've been reading any tech news sites lately, you've probably noticed two distinct trends:

1) Lots of reporting of the storm worm, with sub-stories related to mass hijacks of publicly-owned websites for the purposes of infecting the public's PC's with the Storm worm. (With still further subsets focusing on the "Russian Business Network" (or "RBN") being behind the whole setup.)
2) Lots of arrests, convictions, and imprisonments of large-scale illegal spammers. (Including one murder-suicide of a previously incarcerated illegal spammer.)
3) More raids in Romania of online scammers, predominantly eBay scammers.
4) Lots of arrests and indictments related to the TJ Maxx identity theft incidents from last year.

As with last year, 2008 is proving to be an extremely bad year for illegal spammers.

I define an illegal spammer as the following, which is more specific than CAN-SPAM:

- They don't care who they send to, or whether they actually ever wanted to hear from them in the first place.
- Further to that point: they actively seek out email addresses of total strangers to start spamming them. They know that these email addresses are not actively seeking to be sent spam. They don't care.
- They try to get as much deliverability out of their messages whenever they know that their messages are being specifically filtered against (remember: they know these people don't want the messages in the first place.)
- They spam the same individual numerous times per day. (And in many cases: per hour.)
- They spam urls representing largely illegal or fraudulent websites, selling either fake or counterfeit products, in violation of international law.
- They never opt anyone out, ever, and never honor any inbound communication regarding spamming.
- In many cases, their sites actively filter for any words related to spamming in their email or contact forms. They are well aware that they operate in violation of the law, and the public's privacy.
- Their "opt-out policy" is to tell anyone who complains to "find your delete key."

Robert Soloway was just such an individual. He knowingly spammed millions of people, several times per day, promoting "products" which either didn't work (his so-called "turnkey email marketing solution") or a variety of other bogus products. He ignored, and then later actively retaliated against any complaints regarding spamming.

Soloway was recently quoted as saying "I can honestly say, even though I'm going to federal prison, for once in my life, I have a focus. I'm very sorry for what I did. I'm hoping people can forgive me." (source) This is in very stark contrast to previous statements he had made in chat rooms and web forums. e.g.: "I always win ... regardless of the judgment amount ... losing is not an option, and I never ever, ever have to pay a single cent to anyone." (source)

Well we now know just how wrong he was.

I'm not going to comment on the Eddie Davidson murder suicide. It was very tragic and ultimately had very little to do with his prior spamming exploits (other than the fact that he escaped from the prison he was sent to for doing so.) What I will comment on is that Davidson was an active and willing informant to the FBI and other law enforcement agencies, something very few press outlets covered. He was already providing lots of information on how stock spamming worked, and was allegedly assisting in the case against his former business partner Darrel Uselton, known to be a rampant, unrepentant stock spammers for years. Jack and Darrel Uselton are both awaiting trial on Sept. 29th and continue to be under investigation by several states and the US Securities and Exchange Commission (SEC). (See the Texas AG's press release dated July 9, 2008.)

That doesn't bode well for many spammers, and could also have the ancilliary effect of further damaging Alan Ralsky, currently under a similar indictment in Michigan related to his repeated stock spamming activities, and profiting from stock market manipulation.

There was also the conviction of Michael Dolan relating to his AOL phishing and spamming practices.

All of this is summed up rather nicely in a recent forum thread I was made privy to in the past few weeks.

If You Live In The U.s.a - Please Stop Spamming, It's just not worth it anymore

Posted: Jul 16 2008, 03:45 PM

On a roll...

Group: Members
Posts: 253
Member No.: 1368
Joined: 21-September 04

I have met online and dealt with many of you throughout the years, and some of you are simply terrific people who got caught up into something a long time ago that used to be innocent and legal, but now has been blown into astronomical proportions of bad.

People all over the USA are going down for illegal activity related to spam. I myself became a target for the IRS and was questioned by the fbi all because I told the truth about the fact that I had received 1099's from two spammers that had spam lawsuits against them.

Surveillance technology and the Patriot Act and further bills being signed into being are completely destroying liberal, human, and privacy rights for citizens in the united states.

I don't know if some of you guys realize it but these guys do not close, they do not stop. They take our tax dollars and get paid to sit in rooms and spy and follow leads, and investigate and do whatever it takes to catch whoever they can whenever they can. They are relentless and uncaring. If you're going to spam and you have to, hey, a man (or woman) has gotta do what they gotta do. But using proxys or botnets or unauthorized access on anyones computer is simply not worth it anymore.

They will put you away for years, no ifs, ands, or buts about it. I'm not trying to scare anyone, Im just saying, be careful, and watch your asses, because they are out to get you 24/7.

The thread contnues with a lot of basically "shrugging" comments about how this has always been the case, followed by general agreement that everybody should be careful not to use their real identities when "doing business", and then referring to the US as a "fascist" country.

They are all missing the point.

All of these recent arrests are pointing to a rather obvious point: if you commit crimes, no matter where you are or who you claim to be, you will be found, you will be arrested, you will be prosecuted, and you will be convicted. The few times this has not happened, it still results in suspects vastly changing their lives by moving to a completely different geographic location, and setting up whole new identities. If you're spamming illegally, and especially if that spamming is surrounded by other illegal acts (hacking, hijacking of public computers, infection of public computers, fraud, wire fraud, computer trespassing, unauthorized sale of controlled substances, securities fraud, etc. etc. etc.) trust me: you are going down. Maybe not today. Maybe not this year. But you will.

Regarding the Russian Business Network: this shadowy group are continuing to erode the public perception of the country of Russia. Russian cybercriminals are behind perhaps 90% of the virus-laden emails the general public has been receiving. There are several reports that have linked them to the following:

  • Recent attacks against websites and network infrastructure of the country of Georgia, starting at precisely the same moment as the attacks on the ground.

  • Spam messages claiming to be from either MSNBC or CNN featuring links to bogus "breaking news" stories.

  • Server hijacks and exploits causing them to deliver these same infections.

  • Spam for "Canadian Pharmacy", a known Spamit / Glavmed sponsored property.

And of course there are the less-substantiated claims that they also have been behind spam campaigns and hijacked hosting for a variety of child pornography website operations, and that they were also involved in the cyber-attack against Estonia last year.

Prosecution of whoever is behind this group, especially within Russia, is unlikely. But that's soon going to become less of a problem since much of their target audience is actually geographically located within the US, as are (it is believed) several of their operatives. Also: a lot of the people who spam on behalf of these Russian groups and individuals (notably Spamit / Glavmed) are located in the US, Canada, and several countries in Europe. Arresting them can cut off a major source of cashflow and infrastructure. It also can draw out further details of where these individuals can be found, and subsequently arrested, if not by Russian police, then by international law enforcement. It's a pretty small planet, after all.

The cyber-attacks against Georgia have garnered some very widely viewed headlines, and not just in tech publications. This does not help the Russian government in its bid for entry into the WTO. That was previously hindered by the renowned shuttering and resurrection of (Which now alternately operates as MP3Sparks and MemphisMembers.) It also isn't doing any favors for Russia in terms of how international law enforcement sees them, which I'm sure is of no consequence to the Russian government anyway. That the recent cyberattacks have gained significant news attention is now raising some questions for other governments: if they can attack Estonia and Georgia, who's to say they can't attack a larger western power? Or a specific government, or utility, or financial network? The fact is: they can. Illegal spammers and their supporters have killed off any site which gets close enough to the truth to make them uncomfortable: the KillSpammers forum (which is not completely gone, just on hiatus. :) ,) spam-court, castlecops, blue frog, etc. They will do it whenever it suits them, or when they feel that the evidence is such that it will cause problems with their cashflow. I don't doubt that they'd eventually try to attack Citibank, or PayPal, or the US Federal Reserve if it suited their needs at the time.

But that can only keep going for so long. A very bright light has been shone upon the RBN, and they are certainly aware of it. One day, inevitably, something's gotta give, one way or the other.

In any case, the past two years have made two things abundantly clear:

1) While the process may be slow, law enforcement and the courts do enforce laws against these criminals, and apply penalties resulting in real jail time
2) The public at large is definitely fed up with continually receiving email spam (or really spam of any type.)

The tally so far this year:

  • Indicted:

    • Alan Ralsky

    • Scott Bradley

    • Judy Devenow

    • John Bown

    • William Neil

    • Anki Neil

    • James Bragg

    • James Fite

    • Peter Severa

    • How Wai John Hui

    • Francis Tribble

    • Albert Gonzalez, AKA Segvec

    • Christopher Scott

    • Damon Patrick Toey

    • Maksym Yastremskiy, AKA Maksik

    • Dzmitry Burak

    • Sergey Storchak

    • Aleksander Suvorov, AKA Jonny Hell

    • Hung-Ming Chiu

    • Zhi Zhi Wang

    • Sergey Pavolvich

    • An unknown hacker named "Delpiero"

  • Arrested:

    • Alan M. Ralsky [but out on bail]

    • Albert Gonzalez, AKA Segvec

    • Maksym Yastremskiy, AKA Maksik

  • Convicted and Imprisoned:

    • Robert Soloway

    • Michael Dolan

That's 25 total. And that's actually an incomplete total since there were an additional 22 arrested back in April, notably including "Vladuz", a Romanian cybercriminal behind rampant amounts of eBay phishing attempts. So for 2008 alone, we're nearing 50 criminal prosecutions against these criminals, and it's only August.

So I think I would have to agree with ol' "gerogeyboy0101" up there: if you're spamming at all, do us all a favor and get the hell out of "the business."

SiL / IKS / concerned citizen

Oh and P.S.: anybody notice that a lot of inbound spam purporting to be for VPXL or "Canadian Healthcare" now redirect to the SpamWiki entry for SanCash? :)

e.g.: [a king replica site]

now points to:

Hehe. Nicely done, whoever you are.