Spam Kings
Page 8
"Normally I am too busy to be bothered with the everyday activities of a small time huckster, but this one was beginning to piss me off," wrote the Man in the Wilderness, who said he worked as an Internet technology consultant. Now determined to take matters into his own hands, he managed to capture one of Garst's spams shortly after it went out. Then, after analyzing the message's header, he identified the network address of the PC used to send the spam.
"Her luck had just run out," he wrote.
At that point, the Man in the Wilderness somehow found a way to hack into Garst's PC over the Internet. His first act was to delete the copy of 1st Class Mail, a program for sending junk email, from her hard disk. Then he downloaded numerous datafiles from the PC "to determine who I was dealing with."
After studying the files, the Man in the Wilderness determined that Premier Services was apparently being hired by a variety of firms to market dodgy offerings via spam, including college diplomas, credit repair services, government grants, and pornography. According to the hacker, Garst ran the business out of her home in Clarksville, Tennessee, coordinating a handful of associates located around the U.S. Over the course of a couple of weeks, the hacker "spread like a silent wildfire through Rodona's computer network" and hacked his way one by one into the company's computers.
"What I wanted," he explained, "was unrestricted access to the data on their hard drives, and computer by computer I got it."
The Man in the Wilderness uploaded over six megabytes of the purloined files to his Behind Enemy Lines site, including over two megabytes of log files of online chats between Garst and her five spamming associates. At first, many of the more technical readers of Nanae were skeptical. Something about the hacker's account of events stuck in their craw. He provided no details about how he had managed to break into Garst's computer but instead glossed over it with what sounded to them like a Hollywood account of hacking: "I silently came across the Internet from thousands of miles away and hacked my way into the spammer's computer."[3]
But the copious details in the stolen files convinced many that Behind Enemy Lines was not fiction. Included was an incriminating exchange of emails in late 1999 between Garst and a Texas man named Mark E. Rice. The messages discussed a stock pump-and-dump deal under which Garst would be paid $1,500 per million junk emails to send spam touting the stocks of four microcap companies. Rice authored the spams, which typically included fraudulent press releases about the companies and their prospects. Soon after Garst sent off a load of spam, Rice would sell large blocks of the stocks, hoping to profit from the uptick generated by the messages.
"The thing I like about emailing at night is that the rush in the morning is very good for a stock...And if we can keep the momentum going through out the day, we win," wrote Rice in an October email to Garst The email exchanges also indicated that Garst wanted to reap more from the scam than Rice's regular payment checks, sent to her via Federal Express. At one point she asked his advice in setting up a brokerage account so that she too could trade shares of the manipulated stocks.
"Since I have an inside of sorts it seems it would be wise if I purchased some stock that we are promoting. Do you have any recommendations?" she inquired.
Rodona Garst puzzled many spam fighters because she didn't fit their trailer-trash image of spammers. Garst and her associates lived in middle-class neighborhoods in three-bedroom, two-bath colonials. Like other white-collar office workers, they chatted about work, relationships, chocolate, their hair, and family. Shattering that veneer of normalcy, however, were the women's conversations about ways to defeat ISP spam filters or about places to find pirated ("cracked") spamware programs. They also freely traded tips on stealing ("fishing") AOL accounts from gullible users and on fudging their income tax returns.
The Man in the Wilderness acknowledged that the information he found could be quite embarrassing if made public. He also noted that he'd done some soul searching before deciding whether to post the files. But ultimately, he concluded, Premier Services had abandoned its right to privacy by conducting its business so unethically.
"So, without further delay, let's get brutal!" he wrote.
The Man in the Wilderness proceeded to post revealing photographs of Garst apparently pilfered from her computer. One depicted her from behind in a bathroom, wearing nothing but a T-shirt. The hacker had captioned the photo, "The Number of Freckles on Rodona Garst's Ass."
The second shot showed Garst in her office, pulling her shirt up to her chin and baring her chest. "Rodona's Breast Size" was the hacker's title. Another set of photos, labeled "A Date with a Spam Queen," displayed Garst's business associate, 58-year-old Shary Valentine. The photos showed Valentine posing in corny studio settings wearing a variety of teddies and other revealing outfits. Also included at the site were two erotic short stories also reportedly gleaned from Premier Services's hard disks.
The appearance of Behind Enemy Lines touched off a new debate in Nanae about the ethics of hacking spammers.
"While that is exactly what we all dream about, the way these spammers' plugs were pulled is NOT, repeat, NOT the way NANAEites should conduct business," wrote one newsgroup participant. But some spam fighters, fearing that Behind Enemy Lines might be forced offline, quickly "mirrored" (copied and republished) the site on their own web sites.
One of the first to publish notice of his mirror on Nanae, a Briton named John Payne, soon received email from Garst requesting that he take down the mirror. Payne responded by contacting her over AOL Instant Messenger.
"You do know I didn't have anything to do with the content, right?" he asked Garst.[4]
But she still seemed under the impression that Payne was somehow connected to the Man in the Wilderness.
"I intend to follow through with this legally, so any information you have would show your cooperation," Garst told him.
Payne reiterated that he had no information and that his mirror was just that—a copy of the original site. "I note that you've not yet disputed the accusations," he added.
Garst took nearly a minute to reply.
"An investigator is currently on the case to discover as much information about this as he can," she said.
Her response puzzled Payne. "About you, or the hacker?"
"The hacker obviously," she replied. "Direct email is not illegal and most of what he claims my company has participated in is totally off base."
Payne tried to get her to talk about how she acquired her mailing lists and other aspects of her business, but Garst was evasive.
"Gotta run...so nice to chat," she typed and signed off.
While Rodona Garst may have been eager to discover the identity of the Man in the Wilderness, anti-spammers seemed reluctant to investigate too energetically.[5] They were focused instead on a large file lifted from Premier Services and available at the Behind Enemy Lines site. According to the Man in the Wilderness, the 1.5-megabyte file, antifile.zip, contained a compressed archive of addresses of anti-spammers that Garst's gang was afraid to spam. The company apparently used it to "wash" its mailing lists so that spam fighters wouldn't receive Premier's ads and complain. Nanae readers downloaded the file and pored over it, searching for their email addresses among the more than 200,000 listed in the file.
"Wow, this is the first time I've been officially 'honored' by a spammer. Somehow I feel...dirty," said a spam fighter named Cynthia upon learning that she made the list. "I'm so proud, one of my spam-fighting addresses made the list, but none of my spam traps," wrote another Nanae participant, who, like many anti-spammers, had signed up for email accounts specifically in the hope that they would provide fodder for abuse reports.
Others saw the list as a sure sign that junk emailers were fearful of anti-spammers. "Someone went to a lot of effort to put together that list. If fighting spam was as ineffective as people claim, no one would go to the effort," was the conclusion of one anti-spammer.
Although Shiksaa had only been in the spam wars for little over
a year, her AOL and Hotmail email addresses both made Garst's anti list. She realized that many of the addresses apparently had been compiled simply by harvesting Nanae addresses; even emails belonging to retired spammer Sanford Wallace and spamware vendor Andrew Brunner made the list. And a good portion of the roster seemed to have been compiled from previous compendiums of anti-spammer addresses and was thus out of date. Shiksaa's newest email, shiksaa@etherboy.com, which she had been using on Nanae since February, was not included. (She was given the account at Etherboy.com as a gift by its administrator, Dave Lugo, an admirer and longtime spam fighter.)
As a further sign that Shiksaa had become a veteran spam fighter, she was invited to join #Nanae and #Lart, two Internet Relay Chat (IRC) channels where anti-spammers could more privately trade quips and information. While Usenet had little of the immediacy of in-person conversation, IRC was often confusingly fast-paced, with comments from participants scrolling dizzyingly down Shiksaa's screen.
Sometimes, such as occasions facetiously known as Nanae Beer Nights, more than a dozen spam fighters, from all over the U.S. and Europe, would be in the chat room at the same time. It was on IRC that Piers Forrest, a 43-year-old computer technician from England, known on Nanae as Mad Pierre, began doting on Shiksaa. Usually all business on the Nanae newsgroup, Mad Pierre was a master of the humorously flirtatious IRC remark. In August, Shiksaa began using one of Mad Pierre's more memorable utterances in the signature line of her newsgroup postings: "I worship at the feet of Shiksaa...I'd worship higher up if the straps weren't so tight."
While Mad Pierre was not alone in his hyperbolic adoration—several of the male members of Nanae had jokingly been referring to her as the Spam Goddess—Shiksaa particularly enjoyed playing along with Mad Pierre. Once, after a spammer trolled Nanae, accusing antis of having no life, Mad Pierre sarcastically responded that the spammer was correct.
"Damn, you've got us bang to rights. We have no lives. None. At all."
To which Shiksaa responded, "Your life is the worship of moi."
But because of her investigative skills and dedication to anti-spamming, Shiksaa continued to be a magnet for harassment from bulk emailers, who sought her out on AOL Instant Messager (AIM) or anonymously posted insults about her on Nanae. While she could handle the occasional run-in with kooks, Shiksaa was livid over a stunt pulled by Brunner in the late summer. As part of her self-education in the ways of spamming, she had downloaded a demo copy of CyberCreek's Avalanche spamware program. Her plan was to install and test it out. But as she was skimming the ReadMe file that came with the software, Shiksaa froze.
Near the bottom of the document, which invited users to contact CyberCreek with questions or suggestions, was a section called the Net-Nazi Hall of Shame. Below a disclaimer that stated that he was not responsible for "actions/misdeeds committed unto the following persons or entities," Brunner had listed Shiksaa's first name and her phone number. Beside them, Brunner had added an appeal to all the hundreds of spambags who would install his program: "If you have her address please drop us a note, as she is going to be the first Net-Nazi to be held accountable in a California civil court for defamation."
The spam goddess was now a target.
* * *
[3] The attacker's statement that he had "escalated my remote access to that of a full privileged local user" made it appear that he had broken into a system running the Unix operating system. Yet according to the screen-grab photograph he provided, showing the programs running on Garst's computer, the hacker appeared to have compromised a laptop computer running Microsoft's Windows 98, which gives all users the same access rights. Plus, there was the anonymous June 5 Nanae posting that announced the Behind Enemy Lines site—a message from "John Doe" posted from an Internet Protocol address registered to Premier Services. These inconsistencies made some anti-spammers suspicious that perhaps the whole incident was actually the work of a disgruntled insider with local access to the computer, or even a hoax.
[4] Payne posted a log file of his conversation with Garst at his web site, cluelessfucks.com, in June 2000. The site is no longer available, but a copy can be accessed via the Archive.org service.
[5] A few months before Behind Enemy Lines was published on the Web, Shiksaa assisted a new Nanae participant using the name Spam Hater, who complained that Garst had forged his company's domain name in her spam runs. In his April 6 posting to the newsgroup, Spam Hater listed Garst's phone number, ICQ number, and other contact details. (The same day, Garst's associate Shary Valentine warned spamming colleague Shannon Redmond, "We got hacked yesterday by an AOL user. Also got posted on an anti-spammer site today with ALL of Rodona's info." A log of the two women's online chat was among those posted at Behind Enemy Lines.) In his Nanae message about Garst, Spam Hater had included a sample of one of her spams, with the domain name of his company—the Joe-job victim—redacted. But a search on the message's subject line—"Need money?"—turned up a nearly identical spam sample posted by Leah Roberts, a Nanae regular, to Usenet a few days prior to Spam Hater's complaint. Roberts's sample, however, included the intact "From" line, which showed the domain of an Internet provider in Michigan. It was possible that the ISP was the Man in the Wilderness's employer. But Shiksaa never brought up the matter on Nanae.
Bubba Catts and the Crank Callers
Brunner's legal threats didn't really worry Shiksaa. He had filed defamation lawsuits in small-claims court against three other anti-spammers, none of whom took the suits very seriously. But Shiksaa didn't relish the idea of spammers harassing her by telephone. Brunner had apparently captured her number when she called him on his cell phone the previous year. Now she had no choice but to contact Pacific Bell and get a new one. But as Shiksaa glanced again at Brunner's file, her face brightened, and she burst into laughter. That wasn't her phone number; Brunner had accidentally transposed two of the digits.
It was a classic Brunner gaffe. Just to be safe, Shiksaa went ahead and had the number changed anyway. But to show Brunner she wasn't worried about his threats, she published two new photos of him at her new web site, Chickenboner.com. (She had acquired the domain name the previous March when the original owner, an Internet businessman in New Brunswick, Canada, failed to renew the registration.)
Shiksaa got the photos from anti-spammers who had doctored a picture of Brunner that appeared in a Fortune magazine article about spam. In the first image, they grafted Brunner's head onto Rodona Garst's naked torso. The other depicted Brunner's head pasted onto the scantily clad body of a Louisiana-based spammer named Robert "Bubba" Catts. Shiksaa had stumbled upon the original Catts photo earlier that year in his AOL member directory listing. The stocky Catts smiled sheepishly, sporting only a pair of skimpy, flowered underpants. He had captioned the photo "This is a pic of me on a WILD NIGHT!!"
Like Brunner, Bubba Catts had become a favorite target for anti-spammer vengeance. He got his start in the spam business in 1997 at the age of forty, after purchasing some bulk email software and launching an ad campaign for a popular marketing scheme. The spams instructed recipients to send five dollars to each of four people listed in the email, including Catts, whose post office box in Shreveport was second on the list. Recipients were supposed to put their own name and address on the top of the list, bumping the fourth person off, and then send the list to as many people as they could. In his spam, Catts said the income he made from the program enabled him to quit his day job selling cars.
"I was not prepared for the results," wrote Catts. "Everyday for the last six weeks, my post office box has been overflowing with five-dollar bills. I am stunned by all the money that keeps rolling in!"
But soon Catts received something else in his mailbox: threatening notices from several states' attorneys general. Catts was forced to abandon the chain-letter scheme, but he was hooked on the spamming business. Soon he had installed four computers in his home office on Richmond Street, just a block off I-49 and the railroad tracks in the center of Shreveport, and was p
umping out spam for items ranging from software and cigars to condominiums and cruise trips.
One night in late 1999 Catts was watching TV in his living room. His 12-year-old daughter was asleep in the room he kept for her when she lived with him (Catts was divorced in 1991).
The phone rang. It was some guy who said his name was John. He said he was sick of receiving junk emails from Catts, and he was on his way over to Catts's house with a friend.
"Me and my buddy Junior here, he's an awful mean drunk ... he's been drinking all day."[6]
"And what are you trying to do now?" Catts asked.
"We're trying to get to your house. We're going to come down and whup your damned ass because you're sending all this shit email to us."
Catts rode bulls professionally for two years. He might have been short, but he grew up in the tough town of Cedar Grove in Caddo Parish and never lost a fight in his life. Still, he didn't want two drunken rednecks showing up at his doorstep.
"I aint sent nothin'," he said.
"Every God damned time I get on, I got fourteen fuckin' emails and I'm sick of this shit," John shouted into the phone.
"Well, I don't know who you're getting it from," said Catts, his tenor voice rising.
Then Junior's voice came over the line. It was louder and clearer than John's, as if he was on another phone. He didn't have John's southern accent either.
"Take a right. Take a right!" Junior stuttered into the phone.
Catts had an idea. "Does it say it's from Bubba Catts?" he asked John.
"No, it's got some bogus email address on it. Every time I try to reply to it..."
Bubba cut in. "Have you tried Jon Scott? He's the one does my bulk mailing for me."
John paused, as if taking in the information. "So, you don't do it yourself?"