Forwarded from: William Knowles <wk@private> http://www.ajc.com/business/content/business/1203/14spammain.html By BILL HUSTED and ANN HARDIE The Atlanta Journal-Constitution 12/14/03 In the small Louisiana city of Slidell, Flo Fox feeds the hungry by day but spams by night. The graying grandmother in a "What Would Jesus Do?" T-shirt proudly recalls stretching two turkey carcasses into enough gumbo to feed 100 of the city's poor. To keep from joining their ranks, she spams. Fox lays out $1,000 a month for the kind of high-speed Internet connection that businesses and some small Internet service providers use. She harnesses that power all night using a couple of shopworn computers in her home, spitting out millions of junk e-mails for merchandise ranging from land in Belize to blessed coins. Fox doesn't own the stuff she sells, but gets paid to pitch it for people who do. These days, she says, she barely gets by, but that's better than nothing. "We're in the computer age," says Fox. "This lets the little guy compete." In a Snellville bedroom, another grandmother fires up her computer. Awaiting Ardie Brackett, 70, a small woman with big pink bifocals, are 114 e-mails. All but a handful are from folks she doesn't know and doesn't want to hear from. Some want her to grow bigger breasts; others offer to enlarge an organ she doesn't have. Some send lurid images of sexual depravity. Brackett banishes her 8- and 10-year-old grandchildren -- whom she watches after school -- to the living room while she deletes the "yucky" stuff. Five hundred miles and worlds apart, these two forces of cybernature work at cross-purposes -- Flo Fox churning out spam as fast as she can, Ardie Brackett deleting it as quickly as her slim index finger and mouse will move. The scene is being played out on countless computers across the globe. More than half of all e-mail traffic this year is junk, experts say, up from 8 percent just two years ago. That's 15 billion spam messages crisscrossing the Internet daily, or 25 spam e-mails a day for every person online in the world. Many of the 117 million Americans logged on are losing faith in e-mail, which is hands down the Internet's most popular application. More than half of e-mail users trust it less because of spam, while one in four uses it less, according to a recent study by the Pew Internet and American Life Project. Americans are doing their best against the rising torrent flooding their in boxes. About three-fourths of e-mail users now avoid giving out their addresses, the Pew study found. Most favor Brackett's means of dealing with spam: the delete key. Some are resorting to old lines of communication: the telephone and U.S. Postal Service. Yet the spam keeps coming. Its volume is growing 15 percent to 20 percent a month, limited only by the speed of computers and the creativity of spammers, whose messages have evolved from ink toner ads to dead-on impersonations of eBay and Best Buy designed to steal credit card numbers. If something doesn't give, experts say, nine of 10 e-mails will be spam a year from now. "There is a very real threat that the e-mail function is going to rot before our very eyes," says Nicholas Graham, a spokesman for America Online, the country's largest Internet provider. AOL estimates that 80 percent of the mail coming into its network is spam. Like most providers, AOL filters out most of the junk before it reaches subscriber in boxes. But much spam still gets through. Plenty of people are trying to stop the deluge. Some efforts may be making matters worse. Internet service providers, bombarded by spam on one side and angry subscribers on the other, are spending hundreds of millions of dollars to improve their spam-blocking technology. They are taking spammers to court and even joining forces with their competitors to stop spam. Many private companies filter spam before it reaches employees' in boxes, but the cost of doing that is enormous. U.S. businesses spend an estimated $10 billion a year managing spam. Last week, the U.S. House of Representatives gave final approval to anti-spam legislation that authorizes the creation of a "do not spam" registry and imposes tough penalties for fraudulent e-mail. But some consumer groups say the bill -- which President Bush is expected to sign into law Tuesday -- will just give spammers a license to operate. Regulating what spammers can't do legitimizes anything else, they argue. For now the anti-spam forces are making the lives of many spammers harder, putting some into bankruptcy, some behind bars. Three Arizona spammers recently prosecuted for conning victims out of more than $75 million for organ enhancement pills are scheduled to be sentenced this week. While a few spammers have made fortunes, industry experts say most, like Fox, are small operators earning a modest income. Together they could drown e-mail. "Can e-mail be saved?" asked AOL's Graham. "The answer is yes. But time is running out." Easy to start up Fox is one of the thousands of faces behind the countless junk e-mails. She lives 30 miles from New Orleans in Slidell, a city of 26,000. Shuttered stores fill a large outlet mall near I-10. For sale signs have popped up in yards like mushrooms. Fox shares her small one-story house with her two grown children, a young grandson, and her husband, Bruce Connelly. Inside, a big-screen TV blares cartoons and the 2-year-old is everywhere. The walls are covered with paintings of Jesus, the Virgin Mary and assorted saints. A devout Catholic, Fox works through her church to feed the hungry and volunteers at a senior citizen center once a week. But when the neighbors' windows are dark, the lights stay on until all hours as Fox's computers invade millions of unsuspecting in boxes. A convergence of factors lies behind the spam boom of the past few years. Computers have gotten faster and Internet access cheaper. Anyone with a little technical know-how and $1,000 for a computer and some e-mail addresses can become a spammer -- and with jobs hard to come by, many do. Fox and Connelly began by hawking a religious newsletter for a client in 1996 after failing to make a go of a more conventional computer business. Freedom from regular office hours allows them to work around their escalating health problems: his heart condition, her bad back and migraines. Fox often wears a headband, convinced that the pressure eases her headaches. A reclusive but talkative woman, Fox characterizes herself as a small fish in a sea of big-time spammers. The several million spams she sends out each night are nothing compared with the hundreds of millions a big operator might manage. Some spammers own the stuff they peddle. In contrast, Fox is the high-tech equivalent of a hired gun. Typically a marketer is tipped to Fox's business by word of mouth and a deal is done on the telephone. Fox then taps into her list of 40 million e-mail addresses -- 1,500 times more names than Slidell has people -- for possible targets. She is paid based on how many prospective buyers she delivers to the marketer. Until recently she made a good living spamming, she says, pulling in $4,000 in a good week, $2,000 in a slow week. Some weeks produce no income. A list of e-mail addresses is a spammer's stock in trade, far more valuable than hardware. In the beginning Fox used software programs that harvested e-mail addresses by searching Web sites and chat rooms for the @ symbol, vacuuming up names and domains. The harvesting software costs about $50 and is highly efficient. Valuable addresses In an effort to determine how easy it is to harvest e-mail addresses, Federal Trade Commission investigators recently placed 250 e-mail addresses on Internet locations, including Web pages, news groups, chat rooms and online directories. After six weeks, the addresses had received 3,349 spams. It took just nine minutes for one address, posted in a chat room, to get junk e-mail. Addresses can come cheap -- a CD of 1 million names can cost as little as $25. A compilation of e-mail addresses of those who have purchased items offered in spam -- known as the "suckers list" -- costs more. On occasion Fox will pay several thousand dollars for 1 million premium names. These days she accumulates new addresses mostly by trading portions of her list with other spammers, many of whom use automated programs that generate almost every conceivable name, then attach them to large domains such as AOL, EarthLink and other big Internet providers. Fox knows spamming is a risky way to make a living. She was once stiffed $7,000, she says, by a client whose spam promised recipients a 48 percent return on a $5,000 investment. After she delivered 400 prospects who showed interest in the deal, the client disappeared with federal investigators on his trail. "It's easy to rip people off you have never even seen," Fox says. The same is often said of spammers. But Fox and Connelly have their limits. They don't peddle Viagra, breast enlargement pills or smut, they say. "When I defend what we do, I talk about free speech," says Connelly, a rugged man with silver hair and a full beard. "When it comes to porn, I don't care about [the pornographers'] free speech." As Fox sees it, she is no different from those who barrage mailboxes with catalogs from Lands' End or Pottery Barn. All about volume In most ways, however, spam is nothing like junk mail. It doesn't require a printing press or paper by the truckload. Spammers pay next to nothing to spread their messages. With catalogs, merchants pay shipping costs. With e-mail, Internet companies and their subscribers bear most of the freight. For that reason, spammers don't bother to target potential customers by demographics or interests -- as is common with direct mail -- but flood as many in boxes as possible. It's nothing to them if some of the ads for Viagra land in "her" in box and the hot flash remedies in "his." Because their cost of doing business is so low, they don't have to sell much to turn a profit. A company embarking on a traditional direct mail campaign may need a 2 percent response rate to make money. But a spammer may get by with one in a million. On a good day, Fox and Connelly get a response rate of one-quarter of 1 percent. "You could be selling dirt," says Jon Praed, a Virginia lawyer who has sued hundreds of spammers on behalf of Internet companies. "If one person out of a million, a billion, a trillion -- you pick the number -- is going to buy it, you send out however many e-mails you need." To circumvent U.S. Internet companies, spammers may ricochet their e-mail through less secure networks in China, South Korea or South America before the junk winds up in in boxes from Georgia to California. They share or sell information on how to crack various systems. Spammers can conduct business with virtual anonymity because portions of e-mail are easily forged. A recent study by the Federal Trade Commission found that two-thirds of 1,000 e-mails sampled were likely to contain false information, often including the sender's identity. The federal legislation imposes criminal and civil penalties for faking the "from" line. While anonymity protects spammers, it may also appeal to customers who would never buy the products in a store. In May the owners of C.P. Direct, based in Scottsdale, Ariz., admitted to bilking 420,000 consumers in two years for supplements that did not do what they promised -- enlarge penises by 3 to 5 inches, increase bustlines two to three cup sizes and elevate stature 3 to 4 inches. The company bought supplements for $2.50 per bottle, then marketed them through spam and other media for $59.95. "These people preyed on the insecurities of society," says Desi Rubalcaba, the Arizona assistant attorney general who prosecuted the case. The con artists pleaded guilty to fraud and money laundering and agreed to pay restitution. But a spokeswoman for the attorney general said not many victims had claimed refunds. The big moneymakers often are hard-core pornographers and peddlers of organ enhancement products. Praed says big-time spammers fit a profile he compiled over years of suing them: They have never been as successful at another profession. They drive fast cars, travel and squander their riches. "They are hackers gone bad," Praed says, "or crooks gone geek." The founder of the Anti-Spam Research Group, Paul Judge, suspects spammers have infiltrated the group. "I'm sure they download our white papers and study the technology," says Judge, whose nonprofit consortium includes technologists, Internet providers and software makers. 'Just like racketeering' Fox's days of carefree spamming are past, and so is the good money. She worries that bankruptcy is just around the corner and blames the Internet companies -- who have become more adept at filtering out spam. Fox and Connelly see Internet providers who market their goods and services as spammers themselves. "This is just like racketeering," Fox says. "It's the big guy squeezing the little guy out." To get around the filters, Fox at times has turned to another Slidell resident, Ronnie Scelson, aka the Cajun King of Spam. Scelson isn't Cajun. But he is a cocky showman who has boasted of blasting as many as 180 million e-mails onto the Internet in a single day. Last spring the high school dropout stunned the Senate Commerce Committee with testimony that he had cracked sophisticated spam filters in 24 hours. It was Fox who taught Scelson how to spam. In return, he has shared his technological bag of tricks. "He has helped keep us running," Fox says. To keep their business going, Fox and Connelly have established Internet accounts in countries where spam isn't controlled, though they won't say where. These accounts cost 10 times as much as U.S. providers charge, Connelly says, but they are necessary to keep the spam flowing. "You're not going to stop it," Connelly says. "Most of us go offshore now. You have to hide where you are." Chances are Ardie Brackett has heard from Fox or Scelson at some point. 'I'm on the clean joke list' Until four years ago, Brackett relied on a stencil, a ditto machine and the U.S. mail to send weekly updates to relatives from Hawaii to Boston. A cousin suggested setting up a family e-mail group. Now her updates move with the push of a computer key. She receives photos of her great-niece, reports on the antics of her 1-year-old grandchild, and her cousin's jokes. "He has two lists," she says. "I'm on the clean joke list." But Brackett gets the filthiest spam. "When I first started getting the junky stuff," she says, "I sent them back an e-mail saying, 'I don't want it.' It seems like the spam got worse." It probably did. Brackett's response gave spammers a way to verify her address as "a live one." Once an address is deemed active, it can end up on a CD, sold and resold. Brackett has no plans to return to the ditto machine, but her experiences with spam have made her a more cautious Internet user. "Spam is something I deal with," Brackett says, noting, "If something comes along, Satan is going to find a way to use it." And so, as she prepares to deal with the latest batch in her in box, Flo Fox gets ready to blast out another couple of million spams. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org ================================================================ Help C4I.org with a donation: http://www.c4i.org/contribute.html *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 15 2003 - 06:05:41 PST