The Man of Spam

By Shamus Posted Thursday May 31, 2007

Filed under: Links 29 comments

A nefarious villain is caught:

A 27-year-old man described as one of the world’s most prolific spammers was arrested Wednesday, and federal authorities said computer users across the Web could notice a decrease in the amount of junk e-mail.

Sure he’s an evil, thieving, destructive, lying, plague on the face of the internet, but you gotta hand it to him: He was good at what he did.

Sadly, I think there’s probably some language in the justice system that prevents us from having him burned at the stake. I’m holding out hope that a loophole may be found.

 


From The Archives:
 

29 thoughts on “The Man of Spam

  1. Knastymike says:

    Are you freakin’ serious?? ONE GUY gets caught, and we’ll notice a decrease in spam? That dude must have been busy.

  2. Adam says:

    If you read the artical he was able to launch millions of bulk spam a week. This causes bandwith lag and cost company hundreds of thousands a year.

    I hope they lock him away in remote prison in Siberia with not even a rotary phone and a very large cell mate named Boris who has a longing desire for a warm embrace from his new “roomy”.

  3. LethalSpoon says:

    Thank god for amendments, so we might actually get him burned at the stake.

  4. Aaron says:

    It’s amazing how good some of those smammers are. Glad they caught him!

  5. Matt P says:

    Not that I totally agree with it but this is an interesting take on spam and anti-spam legislation:
    http://www.cosmoetica.com/B68-DES33.htm
    Bit bombastic (man I’ve wanted to use that word for a while now) but interesting.

  6. Aaron M says:

    I’m generally a pretty liberally-minded guy when it comes to crime and punishment. However, I’m also an email administrator. When it comes to spammers, particularly zombie spammers like this guy, I’m fully in favor of punishment by flaying. Slowly.

  7. Phlux says:

    What I don’t get is how, if spam is illegal (is it now, actually?)that businesses are able to advertise in this way. Are they not also party to something illegal?

    Thanks,
    Matt

  8. Jeremiah says:

    I’m no expert, but I imagine there are some forms of spam that aren’t necessarily illegal. But things like what this guy was doing (taking over other people’s computers to send out bulk e-mails) definitely is.

  9. Matt P says:

    It’s a pretty confusing field is spam legality.

  10. Dead Horse says:

    What I don't get is how, if spam is illegal (is it now, actually?)that businesses are able to advertise in this way. Are they not also party to something illegal?

    Have you ever seen a legitimate business use spam? The “cheap Cialis” spam I get isn’t from Eli Lilly.

  11. Deacon Blues says:

    What got him sent to prison was the zombifying of other people’s computers – they used a fairly new law, relating to “aggravated identity theft”, since people were being spammed from third-party IPs.

    Spamming is technically illegal, but as long as you’re using your own IP and include an “opt-out” button that actually works as advertised, there’s a loophole for you. (If the opt-out in fact only tells the spammer that your email address is valid, he’s still a crook.)

  12. Gary's Friend Jim says:

    Allow me to add my voice to the chorus of boos for this person. I hope they throw the book at him so hard it leaves a dent on his forehead.

    Part of what makes me sick about spammers is their unbearable arrogance. They really do act as if they firmly believe that the internet was created solely for them to make a killing by abusing it, the same way that an insane burglar might think that people have windows on their houses solely as a means to allow his unlawful ingress.

  13. Luke says:

    @Knastymike – this is not really a surprise. Most of the spam is indeed sent by few skillful individuals who control large botenets and zombie farms. Sure, there are many spammers out there. But the few of them who control hundreds of thousands of infected machines really do make a difference.

    Phlux – spamming purely for advertising legal businesses is not technically illegal in most states, but this is not what this dude was doing. The list of charges against him from TFA:

    A federal grand jury last week returned a 35-count indictment against Soloway charging him with mail fraud, wire fraud, e-mail fraud, aggravated identity theft and money laundering.

    It’s not only that he was sending unsolicited emails to people. He was tricking them into getting infected with mallware, and was apparently running various scams, phishing and identity theft campaigns which are of course illegal.

  14. Knastymike says:

    Well then, color me glad that we only have to catch a relative “handful” of jackasses! Can we use orbital death rays on them once located?

  15. Adam says:

    Did anyone else notice that this guy has already paid millions in fines and had 4 bank account seized and the judge still believed him to have more than enough money to sustain his own defence. This is a prick of jerks and need to be made an example of.

  16. Hanov3r says:

    Matt P,

    The ‘interesting take’ on spam that you linked to has a number of *huge* flaws.

    1) It’s 5 years out of date. The AOL figures quoted (30 million mails a day, 30% spam) became, in just a year, 2.5 *billion* emails a day, 80% of which are spam.

    2) As they say in car commercials, “Your Mileage May Vary”. The author claims to get a couple of dozen emails a day, about 80% of which is spam. I get about 1200 emails a day, about a thousand of which are spam (that’s just to my regular personal address – let’s not talk about work, or the Hotmail account I keep for old times’ sake). I’ve got some spam filtering in place, but it’s still got to get to my server (over bandwidth that I pay for), and chew up CPU time for processing. I’d much rather that that go to something I *want*.

    3) His comparison between the cost of sending paper junk mail and junk email misses an important point: the high cost of paper junk mail is not in the creation, but in the *postage*. There’s no cost difference to the spammer to send out a hundred emails or ten million emails, so it makes sense to the spammer to send out as many emails as possible. Paper mailers have to target much better, because their investment is so high.

    There’s a lot more. He does a lot of “this is a lie” handwaving in that article, and most of it is falacious. The author seems to be focussing on spam recipients as individual users of ISPs like AOL and Road Runner. Not everyone pays $40/month for a DSL line with an email address provided by their ISP – my office is paying $300/mo, and we run our own mail server in-house. Spam costs us local disk space, processing power, and network bandwidth. My personal email account is run out of a box sitting in a colo facility for which the owner pays $250/month *plus* extra charges when he uses more than a certain amount of bandwidth.

    Let’s not even talk about things like the spammers who send out spam using real e-mail addresses that are not their own in the “From” line, so that bounces and rejections flood the mailboxes of innocent people (ask me how I know!), or the spammers who take ‘remove me’ requests as proof that an email address is valid (so they can sell it to another spammer), or the spammers like Robert Soloway (from the original article) who abuse countless millions of innocent machines to blast as much of their crud out into an Internet that doesn’t want it and, really, can’t take it.

  17. WysiWyg says:

    There’s one kind of spam that I don’t really understand. I do understand why someone would want to send out commercials, or scams, but I regularly get mails only containing random (often “adult”) words. What’s the point with that?

  18. Robert says:

    >What's the point with that?

    Possibilities:

    1) Experiments to see what gets through the filters. (One one machine, you send out the mail. On another, you have an e-mail account that’s on your spam list. Does message #1 get through the ISP-level spam filters? Nope. OK, let’s change it. Does message #2 get through? Etc.

    2) Chaff to fool/overwhelm the filters. Send a billion crap messages using one strategy and a million real ones using a different strategy – maybe the spam people will focus on the billion and let your million slip through.

  19. Deoxy says:

    >What's the point with that?

    3) The same thing as most viruses: bored a–h—s.

  20. Cenobite says:

    BEWARE: AmeriTrade is selling e-mail addresses to spammers.

    http://yro.slashdot.org/article.pl?sid=07/05/30/1444236

  21. moonglum says:

    WysiWyg : it makes huristic, and fingerpritn style filtering very difficult to do. you should see less of this as image spam takes off (that gets around almost all filters)

  22. John says:

    @moonglum

    I dont know, I get quite a bit of image spam, and gmail correctly identifies all of that

  23. Matt P says:

    Hanover: thanks for the comments. The truth is I didn’t quite trust the article and I was a bit annoyed by the constant “I’m right, they’re wrong” throughout but I didn’t have the know-how to judge it. I was kinda hoping someone would tell me how accurate it was.

  24. Matt P says:

    And sorry to double post but… how do you know? :P

  25. Matt P: “Not that I totally agree with it but this is an interesting take on spam and anti-spam legislation…”

    That guy is a moron.

    When he discusses the “big lie” he gets to Lie #2: “Spam costs alot of wasted resources & money!”

    To which he responds: “Not so, not so, not so.”

    To be fair, he then backs this up with supporting points. His logic is fairly faulty, but he is at least putting together an argument.

    Then we get to Lie #4: “Many large ISPs have suffered major system outages as the result of massive spam campaigns.”

    To which he says: “As a telecom worker for the past 5½ years I can state unequivocally that this is the most egregious lie yet. THE REAL REASON that outages occur has little to do with spam, but alot to do with poor management, & corporations that refused to invest the needed capital in updating their lines to handle the burgeoning Internet traffic.”

    So (a) spam isn’t a problem because it doesn’t actually cost anyone money to deal with it; and (b) the outages caused by spam could be prevented if people spent more money deal with it.

    This blatant contradiction is just the most obvious bit of idiocy in this essay. Another favorite bit can be summarzied as: “It doesn’t cost the recipients any money to deal with spam because the ISPs will just charge their customers for the extra storage space”.

  26. Hanov3r says:

    Matt P,

    I know because I’ve been doing anti-spam stuff since 1996 (when I first started to get spam to my then-work address). I’ve been working professionally in the anti-spam field (as an investigator for one of the first blocklists, or working abuse for a large ISP, or investigating clients for an email whitelisting service… now working for a law firm that specializes in anti-spam and anti-abuse prosecutions) since 2001.

  27. Dihydrogen says:

    Awhile ago (like 2 years) there was a legitimate spammer who was featured in a newspaper interviewing him. They withheld his address but from the newspaper article Slashdot readers were able to figure out his address and sign him up for tons of real mail to the point where he was no longer able to check his own mailbox for bills due to all the spam. He then complained about it being obnoxious preventing him from being able to do his work as well. Yet, he had no qualms about being responsible for something like a quarter of the spam in the US at the time.

  28. Matt P says:

    Hanov3r: Wow. That’s a lot of Profession: Anti-Spam right there.

  29. Lo'oris says:

    omg. Last month I was getting more or less 900/1000 spam messages per month, not I get “only” 700/800. Maybe it’s a coincidence…

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!

You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>

Leave a Reply to Deoxy Cancel reply

Your email address will not be published.