[ISN] Dozens Charged in Crackdown on Spam and Scams

From: InfoSec News (isn@private)
Date: Wed Aug 25 2004 - 03:17:50 PDT


http://www.nytimes.com/2004/08/25/technology/25spam.html

By SAUL HANSELL
August 25, 2004

Federal and state law enforcement agencies have quietly arrested or
charged dozens of people with crimes related to junk e-mail, identity
theft and other online scams in recent weeks, according to several
people involved in the actions.

The cases, which have been brought by law enforcement offices around
the country, are expected to be announced by Attorney General John
Ashcroft in a news conference in Washington on Thursday.

The federal authorities have stepped up efforts to crack down on junk
e-mail messages, or spam, since Congress passed a law in December
criminalizing fraudulent and deceptive e-mail practices. The law
subjects spammers to fines and jail terms of up to five years.

So far, the law has had little noticeable effect. Spam represents 65
percent of all e-mail, up from 58 percent when the law was passed,
according to Symantec, a company that makes a widely used spam filter.

The new cases are also expected to involve charges of credit card
fraud, computer crime and other offenses that carry significant
penalties. Many of the cases were developed by an investigative team
that combined federal law enforcement officials and executives from
industries that do business through the Internet. Nearly two dozen
investigators work in an office in Pittsburgh operated by the National
Cyber-Forensics and Training Alliance, a nonprofit organization with
close ties to the Federal Bureau of Investigation.

Much of the financing for the effort, known as Operation Slam Spam,
comes from the Direct Marketing Association, a trade group that wants
to promote what it considers is the legitimate use of e-mail
marketing.

"We felt that the key to the new law was enforcement," said H. Robert
Wientzen, who recently stepped down as the president of the marketing
association and is still involved in the antispam campaign. "We want
spammers to realize that spam is not a free game for them and that
they face real penalties if they continue."

The operation has built a database of known spammers, drawing from law
enforcement agencies and from private companies that are investigating
and bringing civil suits against some of the biggest users of junk
e-mail messages. It has also deployed online decoys to catch spammers
and has bought products advertised in spam messages so that the
financial records could be traced to the source of the message.

As the cases have been developed, the Pittsburgh group has used its
information to persuade prosecutors to devote resources to bringing
cases against junk e-mail companies and other abusers of the Internet.

Law enforcement agencies have only recently taken an interest in
fighting the spam problem. It is a series of small crimes, often
without clear victims, that is hard to investigate.

But prosecutors and investigators are starting to become more
aggressive as the volume of spam continues to increase and as the
messages that spammers send are being used more often to commit other
crimes, including identity theft and credit card fraud.

And the authorities have become increasingly concerned about the
spammers' use of computer viruses to hijack millions of desktop
computers so they can relay messages and hide their true identities.

The Justice Department announcement expected on Thursday is meant to
highlight several different government actions related to computer
crime. The department has conducted a handful of similar operations in
the past, calling them cyber sweeps, but the crackdown to be disclosed
this week is thought to be the biggest by far.

A Justice Department spokesman declined to comment.

In May, Jana D. Monroe, assistant director of the F.B.I.'s cyber
division, told a Senate committee that the agency was developing cases
on more than 50 of the most active spammers.

Prosecutors had hoped to announce some prominent convictions earlier
this summer. But the cases have proven to be more complex than
expected, in part because of new evidence turned up at each step.

"These cases never end," said Steve Linford, the director of the
Spamhaus Project, a clearinghouse of information on spammers based in
London that works with law enforcement agencies.

"When they seize a whole bunch of computers from one gang," Mr.  
Linford said, "they normally see a lot of information that leads to
another gang."

Indeed, federal and state prosecutors have arrested some people whose
names they will not reveal at the news conference this week because
the suspects are leading them to others involved in spam and other
crimes, officials said.

In April, the Justice Department brought what it said was the first
criminal prosecution under the antispam law against three people in
suburban Detroit. Last month, however, the case was quietly dismissed
at the government's request.

The prosecutor in the case, Terrence Berg, said that such dismissals
were normal procedure, and that the charges could be brought again
after more evidence was developed.

Spam has proven to be a plague of the modern world that has defied
nearly every effort to mitigate its effects. Major companies and
Internet providers have spent millions of dollars on software meant to
identify and discard unwanted messages, but the spammers have found
myriad techniques to get around the barriers.

Efforts to develop technical standards that would help separate "good"  
e-mail messages from "bad" have been delayed by bickering among the
big e-mail providers.

It is unclear whether the heightened spate of criminal prosecutions
will make much difference in the in-boxes of the half-billion e-mail
users around the world.

"There is such a large number of spammers,'' said Enrique Salem, a
senior vice president of Symantec, "that no matter how many you
arrest, more people will send spam.''

But Mr. Linford of Spamhaus said he thought that the current wave of
prosecutions had the potential to at least temporarily diminish the
flood of spam.

"Spammers believe that they will never be caught,'' Mr. Linford said.  
"If they get 10, 20, 30 well-known spammers, the rest of the spam
community will start to notice. Any spammers who can be made to give
up because they think the F.B.I. is getting too close is very good for
us.''

Still, Mr. Linford added that spam activity had been increasing
overseas and that spammers in other countries, especially Russia, were
expected to move quickly to fill any gaps left if spammers in the
United States are shut down or scared off.

"Next year and the year after,'' he said, "we are going to see Russia
as the main spam problem.''



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Wed Aug 25 2004 - 04:16:07 PDT