Spam Kings
Page 5
"Your mistake is that you assume anyone cares what you think," Shiksaa snapped back. "When you stop talking out of your derrière and want to help stamp out spam, come on back," she wrote.[3] The man responded by addressing her as "whorebot" and deriding her behavior as "typical of juniors enlisted into vigilante causes." The conversation (or thread in Usenet-speak) ended after several Nanae regulars rallied to Shiksaa's defense.
Though it didn't stanch the flow of junk email into her AOL account, Shiksaa found herself spending a couple of hours each day reading and commenting on Nanae. She enjoyed bantering with the newsgroup's regulars, who had a twisted and sometimes scathing sense of humor that she found exhilarating. At one point she even signed up for membership in the group's official anti-spam club, The Lumber Cartel. It was formed in 1997 as a humorous response to assertions by some bulk emailers that wood-products companies were funding anti-spammers in order to preserve paper-based direct-mail promotions.
The Cartel's web site featured images of clear-cut forests and logging trucks piled high with timber. At the site, prospective members could type their names into a form, click a button, and out would pop a certificate bearing the new member's name, membership number, and the following words:
The certificate bearer swears to uphold and defend the Constitution and principles of NANAE and to carry a Big Mallet. It is by accepting this certificate that the bearer swears in their belief of individual freedom from UCE (spam), to crater web sites, LART luzers, nuke accounts and otherwise "deal with" spammers. While doing so with morality, ethics, personal responsibility, and the NANAE way - that is to be left alone.
To further whip up the paranoia of spammers, Cartel members made a point of littering their Nanae postings with thinly veiled references to payoffs received from lumber companies, along with denials that the anti-spam group existed. Many signed their messages with the phrase "there is no Lumber Cartel" or simply used the acronym TINLC. In early June 1999, Shiksaa configured her newsgroup reader so that it automatically added a signature line to her Nanae postings: "I am not a member of a nonexistent group of anti-spammers but if I were, I would be honored to be #782." She abandoned the sig a few days later after deciding it looked tacky.
Despite her lack of experience and technical sophistication, Shiksaa proved to be a precocious spammer tracker. One early incident in particular earned the respect and admiration of veteran junk-email opponents. It occurred in early June of 1999, when she received email advertising PCs that could be purchased with monthly payments. ("YOU NEED A NEW COMPUTER!" shouted the spam's subject line.)
Studying the message's headers—the technical data that revealed the email's path across the Internet to AOL's mail server—Shiksaa determined that the sender had forged the return address so that the email appeared to originate from a site catering to kids. In the body of the message, there was a web site address for ordering the computer systems online. But to shield himself further, the spammer had obfuscated the URL; unlike normal web addresses that contain ordinary alphanumeric characters, it had been translated by the spammer instead into hexadecimal data easily decipherable only by a computer.
Shiksaa cut and pasted the encoded URL into a form at a special anti-spam web site she had read about on Nanae called SamSpade.org. It converted the obfuscated address back into regular characters, which enabled her to determine that the spammer's site was hosted on a computer operated by a small ISP in California.
On a whim, Shiksaa then tried a simple investigative technique she had read about on Nanae. In her web browser's address bar, she trimmed off some of the characters to the right of the final forward slash in the site's address and then hit the Enter key. Rather than displaying an ordinary web page designed by the site's operator, the new address provided a peek behind the curtain, revealing instead a list of files stored on the web server. When she clicked on one of the files, her browser displayed what appeared to be hundreds of orders.
Shiksaa gasped in disbelief. Besides street and email addresses, the file included customers' credit card numbers and telephone numbers, all totally unsecured and accessible to anyone who stumbled upon it with their web browsers. Whoever had created the site obviously placed a higher priority on concealing his own identity than on protecting his customers' personal information. (Most legitimate shopping sites never store credit card numbers on their web servers, and when they do, the numbers are locked away from prying eyes using encryption.)
Shiksaa quickly scanned some of the other exposed files on the server. There were several large ones containing email addresses, likely the spammer's mailing lists. One file contained a log that appeared to include the spammer's true AOL email address. She typed the address into Deja News, the newsgroup search engine, and found several spam complaints linking the address to an Oregon man named Glenn Conley. Besides sending spam touting cheap computers, Conley had apparently also been LARTed for numerous junk emails touting pornography and get-rich-quick schemes.
Shiksaa posted a message to Nanae announcing her discovery and asking for advice on what to do next. The experts told her to copy all of the files from the server and dispatch them immediately to AOL's legal department as well as to the ISP hosting the site. She obliged and promptly got an automated acknowledgement from AOL. But weeks went by, and the spammer's site, including the growing list of customer orders, was still online. When Shiksaa mentioned this to Nanae regulars, they told her to get used to it. Most abuse reports, they said, end up in what they called the bit bucket—the electronic garbage can.
But as it turned out, Shiksaa's notification to AOL may have done some good. Seven months later, in February 2000, AOL helped federal authorities indict Conley for using spam to commit securities fraud. From October 1999 through January 2000, Conley and a partner had used stolen credit card numbers to open accounts at twenty ISPs. Then they purchased thousands of shares of penny stocks in companies with little or no revenue. Next they proceeded to pump up the stocks' value by sending millions of spams to AOL users, touting the stocks' prospects. (Conley composed some of the messages to make them appear like communication between two friends, using subject lines such as "Hey Bob...This STOCK is gonna BLOW UP!") Gullible investors reacted to the messages by purchasing the stocks, which drove up the stocks' prices. That's when Conley and his partner dumped their shares, but not before making a cool million dollars. Conley was eventually sentenced to twenty-seven months in prison for his role in the scam.
With Shiksaa's rising profile in Nanae, and her daily slew of LARTs, it wasn't long before spammers took notice of the new "anti" in town. One morning in early July of 1999, Shiksaa was sitting at her computer when AOL's instant message service popped up a window from a stranger.[4]
"Hi, anti spammer, are you ready to die?" asked the person, who used the nickname Lime Pro.
Shiksaa froze when she read the words. At long last, she was virtually face to face with one of the low-life scum who had become her obsession for the past several months. Shiksaa couldn't recall where she had seen Lime Pro's nickname, but she guessed he was one of the dozens of people she had recently reported for spamming. After making sure that her computer was keeping a log file of the AOL chat session, she cautiously engaged Lime Pro in conversation.
"Are you ready to lose your account?" she replied.
He instantly began slinging insults at her ("How much of a dumb ass are you") and said he was in the process of hacking her IM account. Fighting against adrenalin, Shiksaa tried to remain calm. Could he really do that? She had heard reports of AOL hackers exploiting flaws in the service's software to take control of other users' accounts. And sure enough, when she tried to click the Messenger program's "Notify" button, which was designed to alert AOL about abusive users, nothing happened.
Shiksaa knew that she could just sign off the service and avoid the confrontation. But she couldn't resist asking Lime Pro a question first.
"Why do you spam?"
Now it was Lime Pro's turn to be dumbfoun
ded. He stumbled over his words a bit and then finally explained that he was earning $800 per week sending junk email, and that he owned a new Corvette and was co-owner of a restaurant in Pennsylvania. All of this, he added, despite the fact that he was only seventeen.
When Shiksaa typed "LOL" and told him she sincerely doubted it, Lime Pro went silent. Moments later, it was he who signed off the service.
Shiksaa waited for several minutes for Lime Pro to return. Unsuccessful, she emailed a copy of her log file to AOL's online abuse team. Then she posted a lighthearted description of the encounter on Nanae, with the subject line "[C&C] First death threat from spambag." One anti-spammer who read it said she shouldn't worry about the threats from Lime Pro, whom he said was probably "a zit-faced, scrawny 17-year old puke living in the back of mommy and daddy's trailer." But some folks in the newsgroup were troubled by Shiksaa's report. "Not taking a threat seriously can be deadly," warned one woman, who recommended that Shiksaa report the incident to her local police.
Shiksaa ignored the woman's advice. She considered Lime Pro mostly harmless, and besides, she had been very careful about not saying anything to anyone online that would reveal her true identity. Still, when she went to bed that night, she checked her dresser to make sure the .357 Magnum handgun she had owned since 1975 was still there.
About a week later, in hopes of getting out from beneath the avalanche of spam burying her AOL account each day, Shiksaa signed up for a new email address with Microsoft's free Hotmail service using her married name, Susan Wilson. Her plan was to use the address, carefully munged (camouflaged) of course, in her future Usenet postings. As she had done in the past, she would give out only her first name in any messages. In her newsreader's setup menu, she replaced her AOL address with her new Hotmail account. But when she tried out the new account for the first time by posting a message to the alt.test group, for some reason her newsreader automatically signed the message with her full name, which is what she had used to sign up for Hotmail. On the Internet, the alias Shiksaa and Susan Wilson were now indelibly linked. It was the type of careless mistake that Shiksaa's enemies would someday exploit.
* * *
[3] June 23, 1999, posting to the Nanae newsgroup.
[4] Shiksaa published the log file of this conversation July 11, 1999, on the Nanae newsgroup.
Shiksaa Plays Peacemaker
Eight copies of Hawke's Web Manual ad somehow landed in the America Online in-box of Karl Gray, an AOL user in London. Like most ISPs in the United Kingdom at the time, AOL's service was metered, which meant that Gray paid a per-minute charge while online. Downloading and dealing with spam therefore wasn't just a nuisance; it cost him money. While most AOL users might have deleted the Web Manual ads in disgust, Gray posted a copy of the spam to a newsgroup named alt.stop.spamming, along with the words, "Any one want to help me wage war?"
Morely Dotes, the online alias of a Nanae regular named Richard Tietjens, spotted Gray's posting during his regular morning sweep through anti-spam newsgroups. Dotes looked up the domain registration record for WebManual2000.com and posted the information as a reply to Gray's message. Dotes also noted in his message that the ad's headers indicated it had been transmitted from an InnovaNet user operating a spam program with "direct-to-MX" capabilities. Such technology routed the ads directly to recipients' email servers, leaving no trace at InnovaNet's mail server.
"It is obvious from the fact that Kincaid used direct-to-MX spamware that he knows what he is doing is wrong," wrote Dotes.
Had Shiksaa been a regular reader of alt.stop.spamming, those words might have inspired her to pounce on the case and run searches on Kincaid's phone number and email address. Eventually, she would have her first online encounter with Hawke. But on that day in September 1999, Shiksaa still stuck mostly to news.admin.net-abuse.email, and she was embroiled in an ugly conflict with Andrew Brunner, the 27-year-old developer of a new program for sending bulk email.
Brunner's Avalanche software was among scores listed at The Spamware Site, which was maintained by a frequent Nanae contributor from England who went by the alias Sapient Fridge. Since most ISPs refused to host sites selling bulk emailing software, business could become quite difficult for any companies named to the Spamware roster. Brunner, a slim, clean-cut, and ordinarily soft-spoken man, was livid when he learned in August 1999 that his Pennsylvania-based firm, CyberCreek, was listed. He complained to spam fighters that they were interfering with his legal right to communicate with prospective customers, and he hurled legal threats at Sapient Fridge, insisting that he remove CyberCreek or risk being sued for defamation.
But the antis held their ground. They acknowledged Brunner's claim that Avalanche could theoretically be used for distributing electronic newsletters and other non-spam purposes. They noted, however, that the program also included a number of features with no legitimate purpose, such as the ability to create fake headers aimed at covering the digital footprints of the software's users and a technical trick that enabled Avalanche to force its messages into email servers intentionally locked down against spam.
In a show of support, Shiksaa posted a mirror image of Sapient Fridge's Spamware list on her new personal home page. (The home page was a freebie that came with the new EarthLink ISP service she had signed up for a few weeks previously to test as a possible AOL replacement.) A couple of other antis, including Morely Dotes, followed with mirrors of their own. Meanwhile, Steve Linford, the operator of UXN, a London-based ISP, added CyberCreek to Spamhaus, his list of spam support services. Clearly, Brunner's lawsuit bluff had failed.
Then, in late August, an anonymous person sent an email to all of the companies on the spamware list. The message was a call to action for spammers to fight fire with fire by filing complaints with the ISPs hosting the sites operated by Sapient Fridge, Linford, Shiksaa, and others. The sender of the message, who called himself Jolly Roger, also encouraged spammers to launch attacks against the sites, with the aim of knocking them offline with a flood of malicious traffic.
"Remember, if you don't do this then you are giving up," he wrote. "Imagine how good it would feel to get some revenge. Won't it be ironic when we shut their asses down?"
Although the spamware vendors never rallied to Jolly Roger's call to cyber war, Shiksaa watched with dismay as Nanae boiled with new disdain for Brunner. To taunt him, anti-spammers began referring to Brunner as "Spamdrew" and to his company as "CyberCrook," and they mercilessly mocked him for his tendency toward misspellings such as "law suite." Yet earlier that summer, some of the same people were memorializing the one-year anniversary of the death of Jim Nitchals, whom they described as the Dr. Martin Luther King, Jr. of the anti-spam movement. Just before dying of a brain hemorrhage in June of 1998, Nitchals had helped lead peace talks aimed at persuading Sanford Wallace to give up his spamming ways. (Ultimately, however, it took lawsuits to get Wallace to stop.)
Feeling emboldened by her recent conversations with spammers such as Lime Pro, Shiksaa decided to approach Brunner privately as an emissary from Nanae. One morning a few days before Labor Day weekend, she looked up CyberCreek's phone number on its web site and called Brunner.
Brunner answered his cell phone on the first ring. He sounded surprised that she had called, and he remained suspicious, even after she earnestly announced her intention of ending the flame war. (In fact, Brunner's high-pitched, scratchy voice made it hard for Shiksaa not to picture the gawky kid Alfalfa from the Little Rascals TV show.) But after they chatted a bit, including about the need for both sides to respect the other, Brunner clearly was disarmed. He confessed that he preferred not to sell software to spammers but that he was only trying to earn a living. At one point, he suggested he could modify Avalanche to disable the spamware features such as cloaking.
"If I do it, can you talk to those guys and get them to take me off their lists?" he asked.
"I can't make any promises, Andy," she replied, "but I don't see why they wouldn't do it."
Sh
iksaa reported her conversation with Brunner on Nanae the following day, noting that she had made some progress in bringing him back from the dark side.
"I told him that he would be treated with respect if he would cut the shit and name calling," she wrote. "I would hope that everyone could get beyond the past and work for the common goal. Let's stop the flame war and work to stop the spam."
But rather than applauding Shiksaa's diplomatic efforts, many spam fighters criticized her for trying to strike a deal with Brunner.
"You seem terribly naïve. Con men do not reform and you are just making yourself the fall guy for another con," wrote one Nanae regular, who added, "You seem to have an affinity for believing stories made up to appease you."
Another chimed in: "It seems Susan is sort of new to this and is trying to reason with these individuals. It doesn't work."
Even Alan Murphy, a long-time spam fighter who had helped Shiksaa on a number of spam investigations, was skeptical of her attempts to get Brunner to revise Avalanche.
"I honestly don't understand what you think Andrew intended to do with it beside promote spam. It was designed to abuse," wrote Murphy.
Stung by the criticism and condescension, Shiksaa fired off a post to Nanae saying that she believed that treating Brunner with respect was the best tactic for bringing him around.