Soloway comes clean — "Pure greed" made him do it

From MSNBC: ‘Pure greed’ led spammer to bombard inboxes.

One last interview before Soloway goes to prison. He comes clean about his motivation (greed), how many emails he wound up sending (over 10 Trillion), how he felt about flooding the inboxes of all those people (just hit delete), and how much he made ($20,000 a day).

No pity on my part for most of the people who lost money to Soloway — they were spammers too, and if I was in charge, I'd be thinking about bringing charges against them as well.

In contrast to this article, see an interview from last month in the Seattle PI: 'Spam King' once felt 'invincible'.

Another spammer in the slammer

As if there's a strange conservation law in effect to counteract Eddie Davidson's escape, Robert Soloway has been given four years in prison for mail fraud, electronic mail fraud, and failing to file a tax return.

While it's less than the prosecution was asking for, it's more than just a slap on the wrist, and with a little luck he won't return to spamming when he's out.

He will also have to pay $700,004 in restitution, which very likely is a slap on the wrist. First, he almost surely has the bulk of his ill-gotten gains safely hidden away and so $700k is a fraction of what he actually made, and secondly, I would bet that the $700k never actually gets paid.

Soloway will be allowed to roam free for sixty days before serving his sentence. The government considers him a significant flight risk, so it will be interesting to see if he actually reports to prison when expected.

Coverage: KOMO tv: 'Spam King' gets 4 years in prison. SpamSuite: Sentencing Hearing.

Word from the Soloway sentencing hearing

Robert Soloway's sentencing hearing has begun, with the hearing already gone to two days and a third day scheduled for next week. It's unusual for a sentencing hearing to go on for more than a single day, and they're still not finished.

The government's sentencing recommendations and Soloway's response can be found at Spamsuite.

In a nutshell, the government lays out what Soloway did (spamming, header forgery, fraud, tax evasion, etc.) They have so many victims it would take weeks for them to all testify. That Soloway has never paid a penny in the judgements against him won by Microsoft and Robert Braver. That Soloway bragged that the law couldn't touch him and none of the plaintiffs would ever see a cent.

The government asks for nine years in prison, three years probation, complete forfeiture of everything Soloway ever made from spamming, 624 hours of community service, and that Soloway be barred from the internet until his sentence is complete.

Soloway's response — or more precisely, his laywer's response — is a more interesting read. Paraphrased, it says:

• They admit that Soloway was a spammer, but say in essence "hey, it's just a little spam".
• They say he only spammed for charity, and if some non-charities took him up on his offer, well, that's not his fault.
• He never spammed for himself, so he obviously didn't make any money from spamming.
• The commercial email kit which he sold received more thanks than complaints.
• Those people who said they didn't get the refunds he promised were just a misunderstanding, and it wasn't all that many anyway.
• He meant to file his taxes, and was filling out the forms when he was arrested.
• Spamming wasn't even against the law until 2004 so who cares that he was spamming since 1999.
• Soloway wasn't really forging the email because the only forgery was putting the recipients own name in the "From" line, and once you opened the email you could see who it was really from.
• All those customers who ultimately got blacklisted by their own ISPs brought it on themselves; they should have read the instructions more carefully.
• It's not Soloway's fault that some ISPs have anti-spam policies.
• Dark Mailer isn't spam software; don't believe what Wikipedia says about it.
• Don't call them "zombies", call them "proxies".
• You can't prove those servers really sent 120 million emails.
• Soloway doesn't have any hidden assets.
• Soloway was framed by other spammers using his business name.
• Only a few of the complaints mentioned actual monetary loss and most of them don't provide any proof.
• Soloway denies that he deliberately increased the amount of spam sent to people who asked to be removed.
• Spam filters are cheap.
• Soloway didn't harvest any email addresses [he bought them fair and square?].
• Don't listen to Robert Braver, he's sued more than 240 people for spamming.
• Ignore Braver's and Microsoft's lawsuits; they were default judgements.
• Soloway never claimed the email list was opt-in.
• At least he didn't send any porn.
• It's not fraud because there was only a 1% complaint rate.
• All those people who received the spam should be forced to prove their losses.
• Soloway only made $400,000 in those four years of spamming he's charged with, so the total losses can't possibly be more than $400,000.
• Putting someone's name in the "From" field isn't identity theft [I'm inclined to agree with this one - ef]
• This is Soloway's first brush with the criminal justice system [ignoring all his brushes with the civil system, and the times he fled jurisdiction on both California and Oregon], so the court should go easy on him.
• It's not his fault, he has Tourette Syndrome. He won't be able to get his meds in jail.
  
• He offered to cooperate with law enforcement after he was arrested.
• He's certainly learned his lesson now, yessiree. You can be sure he won't do it again.
  
• Most of the people responsible for the Enron scandal got shorter sentences than the government is asking for here; it's not fair. Other spammers got shorter sentences.
  
• And hey, it was just a little spam.

Well, that pretty much sums up the defense's case.

Various spam-fighters have been asked to testify at the sentencing hearing, but they're being sequestered before speaking so they don't have much to report outside of their own testimony. Apparently Soloway's mommy is there, scowling at everybody.

Other press on the story:

• CIO.com: Soloway Case Reveals Big Business Behind Spam — discusses spam botmaster Adam Sweaney's testimony of how he sold botnet access to Soloway, how the cost of getting into the spam business has shut out all but the big-time spammers, how much spam costs the ISP industry, and how one Soloway customer lost his internet access after using Soloway's software and the losses he suffered as a result.
• KOMO Victims testify at Spam King's sentencing — discusses the challenges the judge will have assessing damages. (Why does the press call every spammer a "Spam King")? Includes link to video with footage of Soloway and interviews with various figures in the story.
• Computer World: Judge delays 'spam king' sentencing. The third day of testimony in the sentencing hearing has been scheduled for 22 July.
• Seattle PI: 'Spam King' defied Feds, now faces up to 20 years.
  

Soloway pleads guilty

Spammer Robert Soloway, who was arrested in May of last year has pled guilty in U.S. District Court in Seattle. He's pled guilty to fraud, CAN-SPAM violations, and failure to file an income tax return. The feds dropped the charge of aggravated identity theft in a plea bargain. He faces up to 26 years total on the three charges. He will also have to forfeit roughly $10,000 in property and sit through a polygraph test on the issue of his other assets.

Coverage:

• Seattle PI: Spam king pleads guilty
  
• Seattle Times: Man dubbed "spam king" pleads guilty to three charges
• Digital Trends: Seattle-based spam king Robert Soloway pleaded guilty to three counts in U.S. District Court, including email fraud.
  

Indictment against Soloway online

And speaking of Soloway, SpamSuite now has the Feds' Superceding Indictment against Soloway on line for your reading pleasure.

In a nutshell, the government alleges that Soloway operated Newport Internet Marketing (NIM) starting in 1998. He currently runs it from Seattle. His business model was to use fake company names and various domain names to spam out ads for his spamming services and software. He fraudulently claimed that the spam would be sent to people who had opted in and that the spam would be geographically and interest targeted. He also offered a 100% refund if not satisfied. The spamming software often did not work at all, but Soloway would refuse to provide asistance or refunds. Soloway would threaten customers' credit ratings if they persisted in demanding refunds.

The government also alleges that registered domain names through chinese ISPs which would not reveal him as the owner.

The government also covers the usual CAN-SPAM violations such as spamming, false headers, identity theft and so forth.

Jason Downey sentenced to one year for botnet

I previously mentioned Downey in June when he was arrested as part of Operation Bot Herder, where he was charged alongside of Robert Soloway.

Downey has been sentenced to 1 year in prison, 3 years probation, and just over $21,000 in restitution. He will require prior permission to access a computer during his probation.

The government's case against Downey stated that he'd controlled a botnet of over 6000 infected computers which he used to launch ddos attacks against other networks he wanted to knock off line.

Government response to Soloway's motion to review detention order

Latest in the Soloway case. Soloway is currently sitting in the slammer without bail, the court having ruled him to be a flight risk. Soloway has filed a motion to have this issue reconsidered, based on the usual yadda yadda (he's got ties to the area, he's broke, he's got nowhere to go.)

The government's response can now be found at SpamSuite. Quoting from the SpamSuite summary: Soloway appears to have skipped town ahead of being prosecuted for spamming not once, but twice. If he skipped to Sweden, they wouldn't extradite him back to stand trial or serve his sentence. Not only does he not have close ties to Seattle, but he appears to have liquidated all of his assets after skipping from Oregon just ahead of being prosecuted there for spamming.

Soloway's argument includes such things as he doesn't even own his own house or car. The government responds that he rents an expensive penthouse apartment and leased three luxury cars. This isn't the mark of poverty, but rather that of someone who wants to be able to take off at a moment's notice without leaving any assets behind. Likewise, while Soloway argues that his dual citizenship doesn't mean anything because he hardly knows anybody there, the government points out that he took the steps to obtain Sweedish citizenship recently, shortly after he fled California to Oregon to avoid prosecution there.

Anyway, the government response is well worth a quick read and it's a little fascinating to see how serious the charges were against him in California and Oregon, and how much effort he's put into avoiding the legal system.

More legal documents in the Soloway case

See Spamsuite for the various documents. In short, search warrants are being issued on various properties associated with Robert Soloway in pursuit of the cash he withdrew from various bank accounts.

Among the places searched were a public storage unit in Washington, property in Minnesota,

Items to be seized include big piles of cash, business records, any correspondance about his businesses, phone books and telephone records, computers and disks, two rolex watches

Interestingly enough, the search also turned up 76 men's coats, jackets and shirts, 27 pairs of shoes, 24 pairs of sunglasses and other retail items.

Why Soloway was denied bail

More on this issue in today's Globe and Mail.

It's actually quite unusual for bail to be denied to non-violent offenders, and there has been much speculation as to what was behind the judge's reasoning.

In this case, there were a number of factors mentioned by the judge. The primary one being that Soloway has family in Sweden and minimal ties to the Seattle area. The judge noted that it's as easy to spam from Sweden as from the U.S.

In addition, the judge noted that Soloway was known for ignoring court orders as shown by his failure to pay the judgements against him obtained by Microsoft and an Oklahoma ISP, combined with the fact that he continued spamming afterwards.

In an old post to a spammer's bulletin board, someone claiming to be Soloway bragged that he was never going to pay any judgement against him. This may have come back to haunt him.

More information can be found in Seattle PI article Spam suspect denied bail.

FBI makes arrests in botnet case

SC Magazine reports that the FBI has arrested or charged three men in connection with a botnet believed to comprise more than a million zombie computers.

Named are: James C. Brewer of Arlington, Texas, Jason Michael Downey of Covington, Ky, and — wait for it — Robert Alan Soloway, the spammer who was already arrested a few weeks ago on various charges running from fraud to money laundering.

The botnet in question was used for both spamming and executing DDoS attacks. It's not yet clear if this is the botnet involved in the recent attack against various anti-spam services.

No bail for Soloway

Spammer Robert Soloway, arrested last month on multiple counts of fraud, money-laundering and identity theft, had his detention hearing this morning. The court has ordered Soloway back into custody. Trial is set for 08/06/2007.

Bottom line: it's back to the slammer for this spammer.

The news on Soloway...

Is that there is no news. Soloway's detention hearing, originally slated for Monday, and then postponed until today, has been pushed back another week. Soloway remains in custoday until then.

The detention hearing is now scheduled for 13 June, at 9:00 am.

More Soloway legal documents

Spamsuite now has copies of the search warrant and two affidavits which were filed to support the warrant (FBI, IRS). The affidavits are the most interesting to read. They detail Soloway's history of spamming, fraud, credit card theft, and money laundering.

Other tidbits: Soloway started Newport Internet Marketing when he was 16. NIM was operating illegaly in Washington, being a California corporation which did not file the proper papers to operate in WA. NIM's incorporation has been suspended in California, although Soloway kept operating as if it was still a legal corporation.

Soloway made $1.6M in the last four years.

I for one, would be very interested to see the names of his spamming customers revealed during the trial.

National Spam News

I haven't done a news roundup in quite a while, and I have a lot of catching up to do. Are you sitting comfortably? Good, let us begin.

Good article in Slashdot today, bemoaning the fact that the latest Ameritrade leak has gotten no attention from the mainstream press. California law requires them to notify their California customers of a potential security breach. Have they done so? Were customer account ids and passwords also leaked? Ameritrade isn't saying. So far, all they've said is that they take these things seriously. The article suggests some security techniques that Ameritrade should implement to track the source of the leak.

There have been a lot of "greeting card" spams lately. I'll bet you've gotten some yourself. Remember: if the subject line doesn't identify who the card is from, then it's spam. Anyway, Trend Micro reports that these spams are also carrying malware as part of the payload.

Robert Soloway isn't the only one with legal problems this week. TG Daily and other sources report that Microsoft has filed suit against three John Does for sending pump-n-dump spam through their Hotmail service.

The BBC reports that internet service provider Tiscali is now caught up in a serious battle with their spammers. Spam coming from Tiscali has become serious enough that many other ISPs are refusing email from Tiscali, which is seriously impacting their customers. Tiscali has long been plagued with 419 scammers, which they managed to bring under control about 6-8 months ago. It now seems that another house-cleaning has begun.

There is some speculation that Tiscali's problems might be caused by spambots inside their network. See my recent article on this subject.

Ben Edelman reports that spyware is still stealing referal fees. As usual, his claims come with a detailed and in-depth analysis.

The Seattle Times reports that Nigerian 419 scammers are now inviting suckers to get puppies out of the country instead of money. Some people have paid more than $1500 to adopt a valuable dog from Nigeria.

KOMO TV coverage of Soloway

KOMO has coverage of Soloway's court hearing. Much information about his finances (he's been denied a court-appointed lawyer). He may be facing decades in the slammer, along with seizure of assets.

Update on Soloway

Details can be found at Spamsuite. In a nutshell:

He's being held without bail until the detention hearing on Monday. The prosecutor wants him held until the trial. He's plead not guilty.

Trial will be 8/6/07.

Robert Soloway arrested

This morning, at 7:30 Pacific time, Robert Soloway was arrested on charges related to spamming. He is currently in custody of the U.S. Marshal's office awaiting his initial court appearance today at the U.S. District Court in Seattle at 2:30.

According to the Seattle PI, Soloway's case centers on his Newport Internet Marketing company, which advertised spamming software and services. He is facing thirteen counts of money laundering, ten counts of mail fraud, five counts of wire fraud, five counts of aggravated identity theft, and two counts of email fraud.

Not too surprisingly, the software that Soloway sold didn't actually work. This is probably the source of at least some of the fraud charges. It would be interesting to see if any of Soloway's would-be spammer customers are named in the case.

This is by no means Soloway's first time in court — see Spam Kings for more. In the past, Soloway has bragged about being judgement-proof. Let's see if he's jail-proof.

Spamsuite.org has copies of the warrant and indictment on-line. Enjoy.