The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Monday, September 17, 2007

"Spam: The Documentary" to air on Court TV tommorrow night

Last October, the CBC aired "Spam: The Documentary", a pretty good documentary on the spam problem. They actually answered some of the spams they received and followed up to see what they got and who was sending it.

I've just learned that this will be airing on Court TV in the U.S. on Tuesday (tommorrow) night at 11 pm, and repeating at 3 am Weds. morning.

I managed to see it when it aired originally, and it's pretty good. Starring some of our favorite spam-fighters: John Levine, Neil Schwartzman, and representatives from Spamhaus; along with some guy named Terry Jones.

Friday, September 14, 2007

Government response to Soloway's motion to review detention order

Latest in the Soloway case. Soloway is currently sitting in the slammer without bail, the court having ruled him to be a flight risk. Soloway has filed a motion to have this issue reconsidered, based on the usual yadda yadda (he's got ties to the area, he's broke, he's got nowhere to go.)

The government's response can now be found at SpamSuite. Quoting from the SpamSuite summary: Soloway appears to have skipped town ahead of being prosecuted for spamming not once, but twice. If he skipped to Sweden, they wouldn't extradite him back to stand trial or serve his sentence. Not only does he not have close ties to Seattle, but he appears to have liquidated all of his assets after skipping from Oregon just ahead of being prosecuted there for spamming.

Soloway's argument includes such things as he doesn't even own his own house or car. The government responds that he rents an expensive penthouse apartment and leased three luxury cars. This isn't the mark of poverty, but rather that of someone who wants to be able to take off at a moment's notice without leaving any assets behind. Likewise, while Soloway argues that his dual citizenship doesn't mean anything because he hardly knows anybody there, the government points out that he took the steps to obtain Sweedish citizenship recently, shortly after he fled California to Oregon to avoid prosecution there.

Anyway, the government response is well worth a quick read and it's a little fascinating to see how serious the charges were against him in California and Oregon, and how much effort he's put into avoiding the legal system.

Labels: ,

Ameritrade leaks user information yet again, blames hacker X

OK, you know things are getting bad when Ameritrade leaks its customer information yet again, and I don't even bother to report it because it's not news anymore.

Well, recent updates to the story have prompted me to correct that omission. Yes, it happened again. Roughly a month ago, correspondents began to receive pump-n-dump spam to tagged email addresses which they had given only to Ameritrade.

I've reported on this issue before, once in July 2006, and again in April 2007. This now marks the third major confirmed leak of customer information from Ameritrade. In addition, the Inquirer reported the loss of 200,000 Ameritrade client files in February 2005. One correspondent informs me that this has happened to him on four or five previous occasions.

There is no indication that the selling of customer information to spammers is official Ameritrade policy. Previously, speculation had centered on theft by rogue email service providers contracted by Ameritrade, or on the possibility of theft by an Ameritrade insider.

Normally, Ameritrade responds to these incidents with their standard bug letter, apologising for the leak and assuring the customer that it was a terrible aberration, etc, etc, etc.

This time, however, they've just issued a press release blaming the problem on Hacker X. Or more precisely, on "unauthorized code" in their systems. Was this the work of Hacker X targeting and penetrating their system, or just some random fool at Ameritrade clicking on the wrong thing with the wrong browser and installing spyware by accident? At any rate, information on 6.3 million customers was stolen.

Of course, Ameritrade assures the public that no ids, passwords, social security numbers or other sensitive information were lost. In other words, they're only admitting to what they were actually busted for.

We, of course, are asked to believe that having successfully breached Ameritrade's security, the crackers took only email addresses, leaving the rest behind:

While more sensitive information like account numbers, date of birth and Social Security Numbers is stored in this database, there is no evidence that it was taken.
John Levine informs me that he's also had three email addresses leaked from TD Waterhouse. One dates back before the merger with Ameritrade, one from shortly after the merger, and the third about a month ago. Quoting: "This gives me no confidence that the leak they found is the only one."

More coverage on this issue can be found at Agave Mountain, Computerworld, Dark Reading, Intellectual Intercourse, SC Magazine, and many others. Dark Reading points out that Ameritrade is not forthcoming on the details of the spyware used, preferring to wait until the investigation is complete. SC Magazine (quoting Phil Neray, vice president of marketing at Guardium) speculates that it was an inside job, arguing that only an insider with administrative access could have installed the spyware.

Perhaps my favorite quote is from Intellectual Intercourse, which writes
Hacker X is a busy, busy hacker. But we expect from someone who has been around for ten years now. Earlier this year, e360 Insight, LLC (a/k/a,, a/k/a, asserted that Hacker X had visited them. That’s two in less than 6 months, and we’re not done with the year yet.
Stock spamming is big business these days. The site openly advertises their pump-n-dump services and boasts that they have copies of email lists from Market Watch, E-Trade, and Scottrade (but not Ameritrade). I have even received pump-n-dump brochures via snail-mail on more than on occasion.

Given the scope of the problem and the amount of money involved, I can easily believe that Ameritrade has someone on the inside willing to sell email addresses to the highest bidder.


Thursday, September 13, 2007

Pump-n-dump spammers plead guilty in $20M scam

Via ComputerWorld: four stock-fraud spammers pled guilty to stock fraud last July and August, the Department of Justice has just announced.

Michael Saquella, a.k.a. Michael Paloma, Lawrence Kaplan, Henry Zemla, and Justin Medlin had convinced owners of fifteen small businesses to turn over large chunks of their stocks in turn for promises to take the companies public. They then engaged in standard pump-n-dump spam to boost the values of the stocks. All are now facing 5-10 years in the slammer. Three other defendants have already pled guilty and are facing 1-5 years.

Of interest is the fact that the owners of the spammed companies were themselves involved in the scam, although it is likely they didn't realize that something illegal was afoot. Last November, I wrote about a Guardian article which revealed that the spammed companies were often a knowing part of the scan, contrary to previous beliefs that they were innocent victims of the spammers' random choice of which stock to pump.

Today's story is further evidence that the opposite is true, and that pump-n-dump spammers often work with the companies they're spamming for. This, in turn, suggests that the SEC is on the right track with their policy of suspending such stocks.


Friday, September 07, 2007

Small-time phisher arrested; targeted Notre Dame credit union

Francisc A. Wonerth was arrested in Fullerton, CA when police discovered he was driving a stolen car. In the car, they found a number of magnetic cards that had been re-coded to acts as Notre Dame Federal Credit Union (NDFCU) bank cards. This led to the discovery that Wonerth had been phishing for account information from NDFCU customers. NDFCU president Leo Ditchcreek said that some 60 accounts had been compromised.

Police are still investigating. Remaining questions include the issue of how Wonerth acquired his email list in the first place.

Full story in the ND Observer: NDFCU's scammer identified.


Thursday, September 06, 2007

E360Insight drops case against Feguson et al

On netnews, Mark Feguson announced that E360 had dropped their lawsuit against him and his fellow defendants.

SpamSuite concurs, and reports seeing this entry in the clerk's docket:
Activity Date: 8/30/2007   Participant: E360 INSIGHT

Labels: , ,

Kapersky Lab wins against Zango

Information Week and Ars Technica report that spyware purveyor Zango had attempted to sue anti-spyware company Kaspersky Lab in order to force Kaspersky to stop listing Zango as spyware. The judge in the case has thrown the case out on the grounds that the Communications Decency Act grants immunity to Kaspersky.

The key provision in the CDA is §230 which grants immunity for "any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, ... or otherwise objectionable"

More analysis can be found on Assistant Professor of Tech Law Eric Goldman's blog.

I last wrote about this issue in June, when Zango attempted to sue PC Tools for the same reasons.

Labels: ,

Today's humor: Zombie computers at Pfizer are sending Viagra spam

Today's moment of Zen: WiReD magazine reports that zombie computers within Pfizer's own network have been 0wned by spam viruses and are being used to spam for Viagra, along with the usual fake Rolexes and penny stocks.

WiReD article: Zombie Pfizer Computers Spew Viagra Spam.

Monday, September 03, 2007

Loss and victory for Spamhaus in court

SpamhausAs reported at SpamSuite, the 7th Circuit has ruled on Spamhaus' appeal. In a nutshell, the default judgement against Spamhaus has been upheld, but the damage award and the injunction are overturned.

What this means is that because Spamhaus didn't bother to defend themselves (previously arguing that Illinois courts didn't have jurisdiction over them), they've lost the case by default. This can no longer be argued in court, nor can jurisdiction. This was to be expected; it would have taken extraordinary circumstances for the court to reverse the default judgement.

However, the judge has ruled that the $11M+ judgement against them was excessive, and so everybody goes back to court to argue damages. It's impossible at this time to predict what the damages will finally be.

In addition, the injunction against listing E360 as a spammer has been lifted. As long as Spamhaus can show new evidence of spamming (which is trivial to do), we can expect the E360 SBL entry to return.

Update: John Levine has a better and more detailed analysis.

Labels: , , ,