Who is Servman? (now that Bulkerforum is down)

Since Feb. 12th, bulkerforum.biz has been dormant. Domain does not resolve and it's not hosted on any of the previously known hijacked IP's. That's interesting in itself, in light of the slew of recent arrests involving illegal spammers.

But there's other interesting news regarding that site. Several members have suddenly been unceremoniously removed. I'll report back on a few of them in the coming weeks, but for now I thought I'd cover one particular member who seems to have actively wanted to cover his tracks: ServMan.

Back in November when Marion Lynn created his blog, spamgossip, he began exposing individual members of bulkerforum.biz, the go-to forum for illegal spammers.

Initially he listed handfuls of people per day, then removed a bunch, then removed a bunch more. Since then it's remained pretty dead, and numerous postings have been removed altogether. As one would expect, this caused people (like me) to dig a little deeper. I checked out some of the postings of the exposed users. At the time, none of it seemed particularly important.

I and many others had recently noticed (before the forum was shut down, if that's what's taken place) that some of those members have suddenly "gone dark" on that forum, notably Phantom (aka: Norman Keith Holmes.)

Then in mid-January I noticed that one of the members, ServMan, had either been systematically deleting any postings he had on the forum, or getting someone else to. (Or, alternatively, one of the admins of that forum may feel that having his particular info on that forum is a bad idea.)

Whenever I see this kind of thing happen, it definitely seems to indicate that there is truth to the exposed information. Why would somebody suddenly shut up unless the name was correct? Especially in light of how that group has acted whenever someone like myself has done this in the past (claiming libel, claiming my info is way off base, etc.) it is stunning just how silent some of the members have become.

Servman was listed as one Adam J. Minic. Searching for that turns up very few hits, but there is one interesting one from the NANAE newsgroup:

Newsgroups: news.admin.net-abuse.email
From: DarkFiber
Date: Sat, 24 Nov 2007 20:46:21 -0000
Local: Sat, Nov 24 2007 3:46 pm
Subject: Re: TURKEY STUFFING: ANOTHER SHITBAG!

On Thu, 22 Nov 2007 19:46:51 -0800, spamgossip wrote:
> SPAM AND EGGS! On Thu, 22 Nov 2007 19:46:51 -0800, spamgossip wrote:
> SPAM AND EGGS!

> The spam is in your mail and the egg is on the faces of these Bulker
> Forum members!

> servman - Adam J Minic - Boise, ID

Highly believable as there is evidence as recent as summer 2007 that Adam Minic associates with veteran spammer Todd Springer of the S & S Global LLC spam business that Todd and his brother, Scott used to run. Adam is perhaps a protege of theirs.

Kind of makes one wonder if Todd and Scott Springer didn't really retire from the spam business.

One also has to wonder if KEVIN JAMES MINIC #18299 who was discharged (as an inmate) from the Idaho Department Of Correction on 03/21/2005 is any relation.

On Dec. 27th, 2007 - the last time I bothered to check into it, Servman was responsible for 11 postings. Prior to that the number was much higher, around 30 or so.



I checked it on Jan. 28th, 2008, just out of curiosity. There were zero postings from Servman. None.



As it happens, I still have copies of some of his postings on the forum. In my opinion, while they are definitely damning evidence pointing to a string of the usual offences associated with illegal spamming, they aren't terribly different from those of numerous other members of the site. Nonetheless, either Servman or someone else must have assumed that this was too much exposure for him.

Here are the details I managed to glean from the postings I was able to archive from bulkerforum.biz last year following the exposition of Servman:

• He expressed interest in Hotmail and Yahoo email list verifier software.


• He was interested in purchasing lists from numerous members.


• He offered a new RX program (ie: Pharmacy spam, like we needed more of this crap.) He paid a 45% commission per sale.


• He used (or uses) DarkMailer (aka: DM) to perform his spam runs.


• He was (or still is) an active member of Sancash, the now-renowned "herbal remedy" spammer affiliate program with ties to Genbucks and Tulip Lab. (yes, VPXL / Elite Herbal / Manster / Megadik, again: like any of us wants to hear about it.) He liked spamming for them and made okay commission apparently. His conversion ratio indicates that he's spamming lots of people who definitely do not want to hear about these products: "My conversions started at 1:80 and have been at 1:150-1:250 ever since." More on this below.


• He was also a member of the bulker.biz affiliate program. (Canadian Pharmacy, I believe, is one of their properties.)


• He has dealt with diploma spamming in the past. Whether he actually mailed it himself is unknown. This is very obviously illegal activity.


• He was in need of new servers in Sept. 2007. He had very specific requests as to the specs of these servers, which were to be used for "proxy mailing", in other words: to use a botnet to send spam, which is illegal. It appears that he may have done a deal with RackSpace06 for those servers, and that he got ripped off by him (or nearly so.)


• In March 2007 he stated "We have entered a new era in mailing. Botnet is your best canidate for re-entering this industry." He then outlined how to get started in the bot-spamming business. It's pretty clear he knows a lot about how to send spam using hijacked and infected computers, to lists of people who very likely don't want to hear from him.


• He hates "antis" (such a stupid term.) Yet he continues to mail to people he knows would prefer not to hear from him. Their complaints make him angry.

What other dealings does Mr. Minic feel would be threatened by exposing him as a spammer? A google search for "Adam Minic" (with quotes) and "boise idaho" (without quotes) turns up a posting dated Jan. 23rd, 2008 on the forum "averyoutdoors.com" from a user named Camo Coatings discussing goose hunting. He is also located in Boise Idaho. I had previously suspended this posting because someone claiming to be Mr. Minic complained that someone was threatening his life based solely on my posting on this blog, ignoring completely that this information was already widely publicized last year by Marion Lynn on his spamgossip blog.

Since he has not shown me any proof of these alleged threats, this posting has been reactivated, with his comments intact. I have excised the contact info, which as mentioned before is already available elsewhere.

I mentioned his "conversion ratio." Conversions are the meat and potatoes of the spam industry if you spam on behalf of an affiliate program. A ratio of 1:80 is not good, by legitimate marketing standards. That means that for every 80 people who end up clicking through to your site, only one of them bought something. Legitimate companies, companies like (let's say) Amazon.com, or Lavalife.com, or any other above-board business which relies on third parties for some of their marketing needs would be hoping to see conversions more along the lines of 1:4, or 1:10. Even 1:10 is not considered a good ratio by legitimate companies. This goes quite a way to explaining the spammer mentality. They don't care how many people (like me) don't want to hear from them, they want money. They want the money for as little effort as possible. They want to follow only two steps:

1. Hit "send"
2. Get paid

Your complaints mean nothing to a guy like Adam Minic / Servman. He can't be bothered to clean his lists because that involves more steps than the two outlined above. Steps like: cleaning your list. Or possibly: choosing NOT to promote fake herbal remedies or illegally supplied fake pharmaceuticals which have no proven medicinal value.

A posting from January 2007 is probably the biggest indicator as to why he doesn't want his personal data out there. It's in response to a posting by mcproxy regarding exposing the personal data of someone who scams you in the spam industry:

The thing is, maybe not posting personal info. but enough to get the point across. Ie: icq, alias, etc.. In a perticular section of the forum. I was just expressing my idea in hopes that we could build something workable. I vote for a scammer section for misconduct and wrong-dooing un-becoming of a valid contact in this biz type of section.. hehe.

Currently if any of us get scammed, I can speak for myself anyways, I will post their alias info at least. I have never posted anyone's personal info. and I am sure never will. But many of us know each other past our alias. So therfor thats the assumed risk we take in business through gui interface..

Maybe my "quick reference section to scammers" is not a great or even good idea, but just wanted to convey my thoughts about this issue.

Any-thoughts guys???

Maybe he's worried about being perceived as a scammer. Or maybe he does business in other areas which would be impacted by having his real name associated with activities like spamming or using a botnet. Aside from the purely legal ramifications, I guess that would definitely impact his bottom line. But then why continue to spam? Why knowingly participate in these activities if you weren't already well aware of the risks?

I'm intrigued to see if he appears anywhere else out there in terms of forum postings. Having said that: I have a life. I'm not going to knock myself out about it. Digging this bit of info didn't take long at all. I like to keep it that way.

It appears that Lynn was correct in identifying Servman. (Surprise!) I'm still not sold that he's effectively identified anyone else, or that doing so has had the desired effect.

SiL / IKS / concerned citizen

Marion Lynn Is Wrong (Again)

It was brought to my attention recently that Marion Lynn (yes, him again. Bear with me, I'll try to be brief) is under the erroneous assumption that I am posting all over the place about him, and essentially harassing him in forums unrelated to spam using the nickname "snap_pop_no_crackle".

An example can be found here, in which Marion responds to the user named snap_pop_no_crackle regarding a story about Auschwitz (warning: not a lot of sensible discussion going on over there.)

14 January 2008 at 8:15 p.m.

snap_pop_no_crackle (Anonymous) says...

snap writes:

marion

,

do

you

think

this

book

will

be

more

profitable

than

outingbulkerbiz's

tome

?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

14 January 2008 at 8:34 p.m.

Marion Lynn

Marion (Marion Lynn) says...

Well, Sil, A**hole or "Snap"; whatver is appropriate, I intend to make my recollections and research available as a free downloadable E-book because I believe that it contains infomation which cannot be found elsewhere and that the information is important to our understanding of history.

Just to set the record straight: I am not that user. Nor do I post on ljworld. Nor would I ever.

I also am not the same username (snap_pop_no_crackle) who is posting on Marion's own rather ridiculous forum, rivercitytalk. (I'm not linking to it. You can find it pretty easily yourself.) I personally believe that snap_pop_no_crackle is a user who originally commented on my blog anonymously back in June 2007:

Anonymous

Anonymous said...

See: http://www2.ljworld.com/onthestreet/2007/jun/01/mos_spam/
for a mass spanking of Marion.

6/07/2007 06:32:00 PM

I could be wrong. It could be someone else. I hadn't even seen that posting, and you can see numerous comments by that user. This was the first I'd ever heard of it, or the username snap_pop_no_crackle. It's still a pretty good read, but that is not me.

Just to further clarify: The only monikers I have ever used to identify myself in all things spam-related are:

• SiL (short for SpamIsLame)
• IKS (short for IKillSpammers)
• concerned citizen

Marion can believe what he wants, but he's (as usual) mistaken.

Which calls into question the quality of the information he's been using to out several members of Bulkerforum. I notice all posting has come to a complete halt at spamgossip.blogspot.com since last November. Much of what he posted didn't amount to actual "evidence" in the first place. Just a litany of names. Clearly he was on the right track with a few of them, notably Phantom. But where's the beef?

I've got one for him to try and dig up: the admin of bulkerforum.biz. What's his name? Where does he live? What else does he run besides bulkerforum.biz?

I would bet dollars to donuts that Marion hasn't got a clue. Not that it really matters anyway; that forum has essentially cannibalized itself.

Anyway. Now that that's off my chest, back I go to fight more VPXL spam.

SiL

2007: A Very Bad Year For Illegal Spammers

2007 is winding down, and I thought I'd take a moment to list just how many big achievements were met by the dedicated research and hard work of all the members of the numerous anti-spam forums such as KillSpammers and CastleCops, and organizations such as SpamHaus, the FBI Cybercrime Division, the i-Law Group, IronPort, SecureWorks, Shadowserver, F-Secure and countless others. Just look at how many large-scale arrests, convictions, and media stories regarding cybercrime and illegal spamming came about in the past twelve months.

In this synopsis I will make reference to several key members of what once was the Kill Spammers forum which was DDOS'd out of existence in August, 2007. The loss of that forum has absolutely not diminished or impeded the continued efforts of its members, all of whom continue to investigate and report all manner of illegal spamming, server hijacking and botnet operation. If anything it's only lead to more and more of us banding together via other means.

Make yourself some hot chocolate and join me in a look back at 2007, the worst year so far for any illegal spammers out there.

January 2007:

• Chris "Rizler" Smith is sentenced to 30 years in prison for drug trafficking, witness tampering and illegal spamming practices.


• Many members of the KillSpammers forum report on an illegal / fake charity known as "Save Childs". It appears to be related to a spate of spam for both Discount Pharmacy (Vincent Chan) and My Canadian Pharmacy (Yambo.) After reporting their multiple spammed addresses to law enforcement agencies and hosting companies, all of the sites are eventually shut down.

February 2007:

• Spaminator creates the spamwiki. SiL creates a lengthy report on My Canadian Pharmacy based on a lengthier report which was already widely cirulated to many security companies and law enforcement agencies around the world. Red Dwarf writes and updates numerous sections. A crucial tool for collecting and exposing evidence is made. Law Enforcement and Spamhaus eventually take notice.

March 2007:

• The Vancouver Sun (among many others) publishes a story about the death of Marcia Bergeron of Quadra Island, BC due to fake drugs purchased from a spamvertised source


• SiL begins performing research on the Yambo sites in assistance of the i-law group (Jon Praed) and IronPort (Patrick Peterson.) His research and other data are eventually used in a web seminar covering the a-z of the My Canadian Pharmacy spam group (Yambo Financials) including an indepth look at their supply chain processes, message dissemination, botnet size and implementation, and server hijacks.


• The SEC suspends trading on 35 spamvertised stock symbols in Operation Spamalot. 14 of the stocks are tracable to Vancouver stock traders. International law enforcement is given huge amounts of data on these companies and the illicit trading manipulation that took place.

April 2007:

• After being inundated with spam for Discount Pharmacy, SiL decides to write a synopsis about their known functionality and operations. AlphaCentauri and Red Dwarf assist greatly.


• ILoveCrapfloods creates FsckChickenboners! (a bot for crapflooding spammers' forms) It slowly gains a following and is refined and modified throughout the year, sending thousands of fake orders to illegal pharmacy and replica watch sites, resulting in wasted time and lost profits for several illegally promoted websites selling counterfeit products.

May 2007:

• Renowned bulkerforum member and proxy reseller mcproxy retires from the spam and proxy reselling business after nearly having his personal data exposed by spam-court.com. This indicates that the research posted on that blog is very much on the right track and leads to a lot of illegal DDOS activity against that site on behalf of members of BulkerForum.


• Notorious repeat spammer Robert Alan Soloway is arrested in Seattle after a federal grand jury indicts him on 35 charges ranging from wire fraud to identity theft. The lawsuit against him is ongoing and he remains in prison in Seattle pending commencement of the trial.


• The country of Estonia has its entire computer infrastructure come under a massive DDOS attack. Everything from train schedules to utilities and banking is completely knocked off the grid for several days. The investigation into this attack is still ongoing and thought to lead to Russian and Ukranian sources. Several rumors floated around at this time that the Russian government itself was behind these attacks. None of this has been proven. This event has the effect of raising the awareness of DDOS attacks and the criminal groups behind them.

June 2007:

• SiL posts a lengthy description of the illegal activities of Nick Danger / Marion Lynn to the newsgroup NANAE.


• AlphaCentauri and SiL begin a coordinated series of reports regarding the Discount Pharmacy hijack of Windows 2000 / 2003 servers. This results in the eventual shut down (or cleanup) of several hundred hijacked servers and a great deal more data on the hijacking process for Windows servers on behalf of Vincent Chan. We eventually see a complete stop in any spam runs for this spamvertised product line around August of 2007.


• Darrel and Jack Uselton are arrested for "hijacking personal computers across the country to send mass e-mails and inflate prices on at least 13 stocks."

July 2007:

• SiL is interviewed in Forbes Magazine for an article about Patrick Peterson from Ironport Systems. The article covers Peterson's investigation of the My Canadian Pharmacy operation, run by Yambo Financials.


• E360 files numerous motions against Spamhaus for labelling them as spammers. All of these charges would later be either withdrawn or dismissed.


• The FBI's Operation Bot Roast identifies over one million computers as being under the control of illegal botnets. This is the first of two such investigations which later results in several arrests directly related to illegal hacking and owning or operating botnets generally.

August 2007:

• Several anti-spam and anti-fraud websites come under a huge, unrelenting DDOS attack. Sites attacked include the Kill Spammers forum (whose domain has remained down since then,) CastleCops, 419eater, thescambaiter, and countless others. Kill Spammers operator KyferEz mitigates the attack on the KS forum to the best of his abilities, but the domain eventually folds. Several of us take up temporary residence in CastleCops (many of us stay active there also.) The criminals behind these attacks idiotically think this will slow us down.


• In what is arguably one of the bigger blows against spammers everywhere, Red Dwarf introduces his diabolical Complainterator™ application for the automated reporting of illegally hosted domains. Over the next several months, several people start using it and it undergoes numerous upgrades and improvements. Use of this tool leads to even some of the more highly unresponsive domain registrars taking notice and removing several thousand offensive domains from their registries.


• Members of the CastleCops Phishing Incident Reporting and Termination Squad (PIRT) as well as their other Termination Squads for spam (SIRT) and malware (MIRT) begin joining the KillSpammers forum.


• Red Dwarf releases the AutoSA application for automated reporting of malware phishing and spamming sites to Site Advisor. He inevitably gets several other sites to provide extended services for users of this tool, notably dnsstuff.

September 2007:

• Red Dwarf begins automating a method of monitoring, researching, collating and ultimately reporting the existence of hijacked PC's using what would eventually become the Botnet scanner. Over a few months he single-handedly reports several tens of thousands of infected IP's, resulting in more of a significant response from ISP's than most of us probably expected.

October 2007:

• Several news stories from October to November 2007 track the Russian Business Network (RBN), exposing its ties to Russian politicians, their multiple shifts in locations from Russia to China to disappearing completely, and interviewing its so-called representative.


• Porn spammers Jeffrey Kilbride and James Schaffer are sentenced to five years in prison, convicted of "conspiracy, money laundering, fraud, and transportation of obscene materials".


• Greg King, 21, of Fairfield California is arrested for performing a DDOS attack on CastleCops in February of 2006. He faces a maximum sentence of ten years in prison and a $250,000 (USD) fine.

November 2007:

• Spaminator creates numerous international domains for the spam wiki and attempts (where possible) to get several large-scale sections of it translated and duplicated into these mirror sites. This proves to be very helpful in its use as evidence against illegal spam operations, and leads to big changes at several previously spammer-friendly domain registrars.


• Marion Lynn creates a blog (spamgossip.blogspot.com) which exposes the identity of several known, high-level spammers who were members of bulkerforum.biz, including Phantom (Norman Holmes), Lizza (Steve Joseph), Dollar (Christopher Brown) Dave (David Oleg Barsky), bigjohnson (Igor Shaposhnikov) and others. Notable omissions are Crypto and moneyminters. It's unclear what prompted this sudden need to tell the world about the identity of these spammers, but he did it. SiL works with members of Spamhaus in collecting whatever is posted on spamgossip and sending it back to them (and law enforcement), and correlating it to the already massive amount of collected information on the members of bulkerforum.biz.


• While we're at it: several other members of bulkerforum.biz begin exposing each other in a spate of scammer outcries on the forum. We didn't even have to do anything.


• SiL transcribes a lot of the content from the spamgossip blog into his own blog (which you are now reading) which has the curious effect of reaching higher page ranks than Marion's blog. Marion later takes down quite a bit of personal data without any explanation.


• Jason Michael Downey is arrested for running a botnet consisting of 6,000 compromised PC's.


• New Zealand law enforcement break up a major international botnet and arrest its ringleader.

December 2007:

• The FBI's Operation Bot Roast II results in the arrests of 8 individuals who owned or operated large-scale criminal botnets.


• Secureworks investigates spamming runs in relation to US presidential candidate Ron Paul and discovers a connection with known porn spammer and botnet operator "nenastnyj", aka Andrew Nenastnyj, known on bulkerforum as "Nena".


• Justin Daniel Medlin is sentenced to 72 months in prison in connection with pump-and-dump stock spam runs he committed during 2004.


• Akhil Bansal is sentenced to thirty years in prison for illegally distributing medications without any prescription. This followed a lengthy investigation dubbed "Operation Cyberchase", documented in a multi-part investigative series in the Philadelphia Inquirer.


• BBC 4's "The Investigation" do some digging into the group behind the rampant spam for "Elite Herbals", leading to a very thorough investigation of GenBucks, Tulip Lab, and one of their spammers, Shane Atkinson. Burgeoning illegal spam blog Spam In My Inbox is also consulted for this story, and much of his evidence matches that of the BBC. This eventually leads to a police raid in Christchurch, New Zealand, resulting in the seizure of "22 computers and boxes of documents from four Christchurch addresses", including that of Atkinson.

Definitely a very active year for people who fight online crime in all its facets, and absolutely a very bad year for illegal spammers.

This kind of activity will only continue. As long as people like myself continue to be on the receiving end of unwanted illegal spam from asshole criminals like the ones listed above, we'll continue to do everything we can to get to the bottom of it. There is a difference between general commercial email, and spam for products that are illicit, fake, counterfeit, or outright illegal - and in some cases lethal. We are not going to stand for this any longer, and this year's numerous arrests prove that.

SiL / IKS / concerned citizen

Marion Lynn's Continuing Rat-Out

This summary is not available. Please click here to view the post.

Nick Danger's Mouth Rides Again (by night)

So as I mentioned, Nick Danger (aka: Marion Sidney Lynn) has been blabbing away on NANAE regarding the alleged treasure trove he claims to have regarding the personal data of several high-ranking members of Bulkerforum.biz.

On Sept. 15th, he created what appears to be a very crude site outlining the personal data and recent malicious activity of bulkerforum member "lizza", who he claims is actually named Stephen Joseph. He posted a new entry to NANAE featuring a link to his glorious creation. I thought I'd take a gander and outline some of the details of the posting here in the event it all goes down (which these things have a nasty habit of doing.)

As I mentioned before: Nick Danger is both a gasbag and a small fry, and my subsequent research, tempered with his own blatherings, has borne out that he probably hasn't ever sent email 1 for promotional purposes. This doesn't preclude him from acting illegally of course. Aggravated identity theft and fraud, not to mention stock manipulation, are still very serious crimes -- at least: the last time I checked. He's still never disavowed performing any of those acts despite boasting loudly on bulkerforum about alllll the sordid instructions concerning how to do so and never get caught.

So. First off, here's a screenshot of the site as he created it (oh and of course, this is definitely NSFW, knowing mr. Danger's prowess with the profanity):

[Edit, June 2008: Due to changes at HideBehind, this screenshot is missing. It will be re-uploaded momentarily.]

Note: it's rather long. This is Marion Lynn we're talking about. The man needs to hire an editor. I have an entire copy of the page should anyone require its full contents. I have not altered a single line of it.

In the lengthy one-pager, he outlines where Lizza / Joseph lives, and that on a certain night between 1:13 AM and 1:21 AM, lizza boasted about ddos'ing or otherwise attacking the bulkerforum website, at ip address 201.0.8.247. That IP address is in Brasil, and is one of five ip addresses which the forum has routinely bounced between since I started doing my own research on them (Sep. 2006.)

He lists some very non-threatening personal details such as where he went to highschool, and what his MySpace identity is. Not much anyone can dig up from that.

He alleges that Joseph lives in Chula Vista, California. How does he know this? Likely from a variety of lengthy conversations they may have had via a variety of means. It sounds like Marion and Steve had some kind of close contact in the past while. I'm not sure what that would be regarding but it certainly seems to point that way.

He also divulges one of lizza's email addresses (steve_joseph87@yahoo.com). I'm sure by now even lizza doesn't even use email for any legitimate communication, thanx to the damage done to that medium by scumbag spammers like him.

The more interesting stuff is in the variety of postings which Marion has posted below that. It's a lengthy re-posting of what appear to be forum postings from a variety of members. I'm not sure if this is from bulkerforum or what, but there are conversations between a variety of members. It's possible that these are even private messages from bulkerforum, or another forum. I can't be sure. The members which are quoted include:

• lizza


• icanspam


• Third Eye

How did he get this information? And who gave it to him?

He also divulges that lizza (on bulkerforum) also goes by the usernames "Flores9xxx" and "nugs". In the previous NANAE posting he also lists the usernames "proyboy", and the nick names "Stevie" or "shorty". He also claims (apparently erroneously) that lizza also went by the name "seven" at one point.

Then "Nick Danger" claims to be quoting a pm between lizza and himself, but using the username "Third Eye". He goes into a great deal of detail about lizza's connection to a company called Lead Point (leadpoint.com. lizza claims that's a red herring but who knows? This is either good research or a massive, meandering wild goose chase.

Also: Does everyone on bulkerforum have this many usernames and aliases?! It's a bit ridiculous event to me. You'd think this was the Lucchese crime family family for god's sake.

Finally: the geocities site makes it clear that bulkerforum appears to be a leaky boat at the very least, and that several higher-up members seem to be sharing private member information in a very loose fashion. Nick Danger wants to make it sound like a problem of some urgency ("IS PHANTOM GIVING OUT YOUR INFO?", etc.) but again: since phantom barely ever says anything on there lately, it's hard to be sure whether Nick is on the right track or not. But clearly: somebody got this info via some means unknown to members of that forum, and it somehow made its way to Marion Lynn. I guess only he will know who gave it to him, or when, or why. I don't personally care. As long as law enforcement are watching all of this it's just fine by me. :)

Since the chat transcript makes it at least semi-clear that lizza is willing to perform a cyber attack against a forum he's already a member of (!!), this makes him a pretty prime target for folks like me whose forum is currently under an anonymous sustained attack (week #5, and my threat still stands.) As I mentioned, this is only one of several attacks currently underway.

So I have handed all of this over to law enforcement in the event it turns out to be useful. :)

I personally feel that the sustained attacks against all of the spam and fraud research sites are being coordinated from Russian sources, and I am narrowing down a list of who that might be. I'll obviously post more as I get it. (Though not before notifying several legal channels first.)

I've also begun several investigations into the background of Steve Joseph / flores99x / nugs / lizza in the event anything can be turned up in that regard. He probably knows enough shady scumbags to pull off one or more of these types of events.

Lizza has always struck me as easily the most paranoid of the bulkerforum members (a close second would be phantom or Crypto, but they now post so seldom it's impossible to tell anymore.)

An aside: a representative of spamhaus named Susan responded to Nick Danger's NANAE posting (linked above), referring to bulkerforum member phantom as "the Australian megalomaniac". That's tantalizing. He rarely gives up any information whatsoever, so I'm digging into that also. (And handing whatever I find over to Spamhaus and Australian law enforcement, if that's where he truly is located.)

This is a bad year to be a spammer of any sort. By my count there have been 7 major arrests just since March of 2007, and three very large-scale court cases (two of which are still pending.) On a daily basis we see new news items of several investigations discovering new suspects and illegal operations, all fed by spam. It's a zero-sum game which just appears to be taking longer than usual to be taken down from the inside out. Why on earth would anyone knowingly become an email spammer in this climate? Why would anyone want to keep doing it? The profits are outweighed by the obvious risks. Apparently nobody in that community appears to be aware of any of this.

Which is a good thing, ultimately. I hope they lock up the whole lot of them and throw away the key. I've never in my life been bombarded on such a frequent basis by illegal advertisements from such a huge group of idiot scum in my entire life.

Keep it up, spamming morons. You'll see exactly where it gets you.

SiL / IKS / concerned citizen.

Spammers = Still Whiny - But Also Somewhat Startled.

Well it turns out I didn't even have to do anything! (Or at least: not as much. :) )

Of all people: Nick Danger went and posted this on NANAE.

Curiouser and curiouser...

I guess he has recently been kicked off of a variety of spammer forums. (Nice job on that one, btw.)

My statement still holds true. I'll make sure the very wrongest of people get the very most of several people's personal information until these attacks stop.

SiL

The Attack Begins...

Interesting that "suddenly" both Spamhaus and several of the spam Blocklist sites are all under a large-scale and sustained DDOS attack. Probably the same one that Nick Danger was threatening to undertake (with help from others.) Could this be "the treatment" he had in mind?

A reader posted in a comment on my previous posting that Nick Danger / Marion Lynn is now being lambasted by his fellow comment-posters on ljworld.com.

I'd just like to add that since I'm nowhere near that region, nor do I care to bother with it, I am not a member of that site, and I'm not doing any posting there at all. (It looks like I didn't have to anyway.)

Marion made the following posting:

5 June 2007 at 12:13 a.m.

Marion (Marion Lynn) says...

Oh yare not only getting ready to help with the sales of my book but to bring down Spamhaus and Spam-Court; both of which have malingned me with out proof but with malice aforethought.

Note the date. June 5th. I'm not the only one who did.

On June 8th, a contributor named "Guntrainer" posted the following:

8 June 2007 at 6:25 a.m.

GunTrainer (Anonymous) says...

Compare that with the June 7 news item at http://thespamdiaries.blogspot.com/
"Thursday, June 07, 2007
Spamhaus, uribl, surbl under DDOS attack

This has been ongoing for a couple of days now. Spamhaus and two other major blocking list providers have been under a distributed denial-of-service (DDOS) attack."

I wonder if Nick's buddies realize just how much self incrimination is going on here? How did Nick Danger / Marion Lynn know about this attempt to "bring down Spamhaus" as he puts it, at the very moment it began?

This turkey is asking for an early Thanksgiving.

Indeed!

As a followup: Spam-court.com appears to be back so my previous (lengthy, so apologies) posting on its demise was premature.

DDOS attacks always remind me of a three year old having a tantrum. "Spammer doesn't get what he wants, spammer cries. Spammer want!!"

I would love it if someone would instantiate a "turn off your pc day", where everyone - no matter where they were - HAD to turn off their computer or disconnect it from the internet. Make it some kind of grassroots operation so it fed into the promotion of greenspaces or a music festival of some sort.

Even half of one day with all the infected zombies in the world off the network would sincerely damage these criminals' ability to perform these attacks.

I don't know what it would take to do it but I for one would donate to such a cause.

My thoughts go out to the diligent crews behind these blocklists. People around the world have no idea how much effort they put in to reduce the flood of unwanted crap email that we would all literally be buried under. The term "just delete it" doesn't even come close to solving this obvious problem. Spammers want every one of us to have 10,000 copies of their messages every single day. They get mad when it's "only" 20 or 30 copies a day. Then they throw a tantrum.

I hope this leads to several arrests, since a lot of eyes are watching this one. Nick Danger may not be actively participating in this attack (and in fact it's highly unlikely) but it's clear he and others have been in touch with several individuals, either on bulkerforum.biz or via other means, who could make sure it happened.

SiL

P.S. This has further exposed that Marion Lynn is also involved with a non-profit called "Computer Waste Solutions", who I'm sure would not be happy to learn of his unscrupulous beliefs regarding the treatment of homeless people or operating as a trader of stocks, not to mention the charming company he keeps over on bulkerforum.biz. (Whether he spammed or not, ever in his life, he definitely has a very skewed view of what constitutes fair trading in the stock market.)

It's also brought up that he appears to be a militant pro-lifer with a new book which is about to be published. I'll try researching that one as well, but as I say I'm kind of done with him. I could never have dreamed that the ljworld community would take this and run with it as they have. :)

Spam-Court - Gone but not forgotten.

Well there we have it. The members of Bulkerforum.biz have successfully managed to bully spam-court off the grid:

spam-court.com is currently under maintenance, has crashed, gone to pieces or whatever. ddos or hacking are also possible explanations. But we have no idea what the specific reason may be. We could be back shortly or not at all. Thank you for your eternal patience. Now do something useful, like hunt down a spammer.
Contact DucksInTwoRows@gmail.com if you have any questions.

This is likely due to their ISP receiving some manner of frivolous lawsuit. If you go over to bulkerforum.biz you will see a lot more bluster from Nick Danger a.k.a. Marion Lynn. I find his whole approach to all of this interesting. In sequence, the following events took place to get us to here. See if you can follow his "logic":

• spam-court and I both began discovering a series of interesting links which made it clear that Nick Danger was very likely to be Marion Lynn.


• We slowly began exposing that information, largely because the man is an unconscionable windbag with no moral fibre whatsoever. That seemed to hit a nerve.


• Nick Danger posted a threat directed at spam-court:

These fuckers need the TREATMENT!

"Spamhaus, Junior"!

SOMEONE needs to do a "Blue Security" on them, like RIGHT THE FUCK NOW!

If this post reads as though I am calling for open warfare on these bastards; that is EXFUCKINGZACTLY what I am doing!.

• Spam-court correctly assumed that that must mean some manner of DDOS attack, since that is precisely what happened to Blue Security.


• His DDOS threat was removed by the admins of bulkerforum.biz, and Nick Danger suddenly started backpedalling, stating on the forum that he would send a cease and desist letter, implying that spam-court had somehow stated things which he had not said, or had stated things which were untrue. He never backs any of this up with actual proof.


• He starts posting statements that spam-court are "are going nuts over there just as I predicted." Why he feels this way is beyond me. (Or anyone else for that matter.)


• He then begins posting on bulkerforum that he is, as we assumed, Marion Lynn, and that in general we have been right on the money.

Well, by now nearly everyone on the planet knows that my given name is "Marion".

"HI!"

Oh, well.

Big Fucking Deal.

What they do not know is ME!

• This is an odd thing to say when you're in the midst of telling someone else to cease and desist from doing so. He further confirms that he does indeed have indepth knowledge of how to cover his tracks and how to profit from an illegal market manipulation like stock spamming. But that the knowledge of the act and performing the act are two different things.


• He posts another tersely-worded entry on bulkerforum.biz stating that he has never spammed, and that (for example) he might know how to build an atom bomb, but that doesn't mean that he is actively making one. The line was edited by one of the admins mere moments after being entered. He also claims he sent what he thinks was a threatening image to someone at spamhaus. (From the description he gave it sounds really ridiculous, not threatening.)


• In the same posting he claims he mistakenly left his real name when he registered to bulkerforum.biz. What he's completely missing is that that is NOT how any of us discovered his real name. It was painfully obvious that he was the same person posting on numerous other forums. (ironically: something that "anyone" genuinely could discover with a little Googling.)


• A few posts later he claims that he's always been interested in spamming and that he can't wait to get started doing so, calling it "both the best thing going and the real future of advertising on the internet."

If he's trying to clear his name, he's certainly not going about it the right way at all.

If you are claiming that someone is defaming you, that has to be because:

a) What they are saying about you is not true and could never be proven.
b) What they are claiming you said or did has never been said or done by you.

He clearly HAS said these things. And if he "has knowledge" of how stock spamming works, especially to the level that he seems to, he would have to have acquired that knowledge from someone else who was that much more advanced in performing this (illegal, did I mention?) act.

And what better place to find such a person than on a forum specifically tailored to large-scale spamming, especially of illegal content such as stock spamming?

And now he's re-confirming - on bulkerforum.biz - that he said all of this, and that he is who we thought he is, but that suddenly it's "no big deal." This is thoroughly confusing.

Lynn has since re-countered (at length, ad nauseum) on the NANAE news group that "anyone" could have found out the same information by merely performing a few google searches, and he provided three links to very basic top-level descriptions of what a pump-and-dump stock scam looks like. I know for a fact that that's complete bullshit. It was impossible to discover ANYTHING regarding how stock sponsors work in a stock spam operation, nor did any of these news websites he listed point to any further detailed information regarding the timing of the spam run, when to buy, when to sell, and how to cover your tracks while doing all of this. I know this because I was mad enough about the deluge of stock spam I receive every day that I read everything I could possibly find on the subject, and no major news website covered it to that level of detail.

The only place I ever saw any of this information - all of which can be covered under the charge "conspiracy to commit fraud" - was in his postings on Bulkerforum.biz.

And now he's saying that he DID say these things. So which is it? If you're going to sue someone, you tend to need to stick to your story. I know that spam-court was aware of this, and they let their ISP know that this guy was probably going to be all bluster and hellfire, serving some ridiculous cease and desist.

Marion Lynn should just learn to shut up. After awhile: if you talk enough about performing a criminal act, the cops won't even care that you actually carry it out: they'll just ask you why you're mouthing off about it so much. I get the feeling that day will fast be approaching, and it won't even take a blog posting like mine (or spam-court) to make it happen.

But as you probably all know: I'd certainly love to help it along. :)

I honestly could care less about Marion Lynn anymore, and as such I don't plan on posting anything more about him (unless he starts piping up about this site also.) :) The man has no scruples, and he doesn't care who he pisses off. He should. Because if any legitimate businesspeople discovered he liked to hang around with the likes of the other charming members of a massive spamming forum, I imagine they wouldn't want much else to do with him.

One can always hope.

My thanks go out to the owners of spam-court wherever they are. Hopefully you can come back online someday. Meantime we'll continue to expose these fraudsters and criminals for what they really are.

SiL / IKS / concerned citizen