Spam Kings
Page 16
"Anti-spammers are terrorists at heart and attack websites and email accounts of companies wishing to bring their products and services to the general public via email, an environmentally sound, REMARKABLE medium!" cried out Cowles's message. It also accused anti-spammers of launching denial-of-service attacks against his site, an act which he said was akin to terrorist violence.
"American marketers are under Attack! For apparently using environmentally sound bulk email to deliver products, services and public service messages," said the message. It added that recipients should do their part "to help Freedom and the American way" by requesting to be removed from a marketer's list. "Not," said the message, "by harassing his vendors, dial-up providers or website companies." The section concluded by warning recipients that "when you make yourself known to be an anti-bulkemailer, you align yourself with Hackers, Terrorists and Un-American groups."
Upon seeing the bizarre spams, Steve Linford said it was time to consider placing Cowles's ISP, SprintLink, on the new Spamhaus Block List. Linford also added an entry about the incident to Cowles's listing on Rokso. "All we can assume is that someone at Empire Towers is in need of some immediate psychiatric attention; this is truly sick," concluded the entry.
For Karen Hoffmann, the Toledo anti-spammer who had been on a mission to track Cowles's every move, the strange 9/11 messages from Empire Towers were her first sighting of Cowles in months. Hoffmann posted a copy of his spam at the web page she had dedicated to Cowles, and, in a message on Nanae, she said she was shocked that he would stoop so low as to use the attacks on America as an occasion to criticize anti-spammers.
Then Hoffmann tried making a direct appeal to Cowles: "Tom, if you're reading this, please contact me via email."
* * *
[6] Statement published at the CAUCE.org web site in March 2001.
Hawke Tutors Bournival
Hawke belatedly kept his promise to Bournival. In September 2001, an email message arrived from "Johnny Durango" (an alias Hawke was using at the time). Hawke invited him to meet him that Friday night at the Internet Chess Club, a chess site located at ChessClub.com.
ICC was one of the top online chess organizations and had attracted thousands of members since the early 90s. ICC programmers developed software that enabled chess players to compete against other members all over the world. Besides a graphical user interface that allowed players to move chess pieces on their computer screens with a click of a mouse, the program also had a chat feature so members could converse while they watched or played online matches.
Bournival had relied on ICC chat for giving chess lessons, and he felt right at home when Hawke suggested they use the technology to discuss spamming. On the system, Bournival's "handle," or nickname, was FrappeBoy, a name he had chosen because the ice-cream drink was one of his favorites. (On that Friday evening, Hawke used the handle SchoolShooter, in reference to the Columbine high school massacre. He enjoyed choosing online nicknames that threw his opponents off balance.)
After Bournival located Hawke, he sent the system a command instructing it to create a scratch game. Then he sent a message to Hawke to let him know the number of the game board he had created.
Once they both had the board up on their screens, Hawke and Bournival didn't actually play chess. Using the system's "kibitz" command, Hawke told Bournival that he had decided to let him take over his pheromone business in exchange for a 50 percent cut of his sales. To get him started, Hawke said he would send Bournival his ad and a list of 50,000 email addresses he had harvested from eBay. He instructed Bournival to get a copy of Group Mail, a free mailing program from a company called Aureate Media. Hawke said he would wait while Bournival downloaded the program so Hawke could show him how to configure the software's various settings.
As Bournival was navigating to the Aureate web site, the program's console indicated that someone else had joined them. (ICC games were generally open to other members, who could watch the game and trade comments using the kibitz command.) It was Mauricio Ruiz who had wandered in.
"Yo, Johnny. Is this where I learn Spamming 101?" Ruiz asked.[7]
"Pull up a chair, grasshopper. I was just telling Brad how to get started," said Hawke.
A rapid typist, Hawke said they should begin by signing up for Internet access accounts with several low-cost ISPs. A company called StarNet was his personal favorite. Hawke told them to configure Group Mail to send their messages through one of the ISPs' mail servers. That took care of the sending side of the business. To take customer orders, Hawke instructed them to register a couple of web sites with a low-cost hosting service such as ValueWeb. Hawke said he would email them the HTML web page code he used. The code included a link to a form Hawke had created for gathering order data and processing credit card transactions.
"At the end of each month, I'll add up your orders and cash you out," said Hawke. He told each of them to email him a street address to which he should send checks with their earnings.
At that point, Ruiz had grown bored with the tutoring session and suddenly headed out after saying a quick goodbye. Hawke was eager to finish up as well.
"One last thing," Hawke said to Bournival. "You're going to need product."
Hawke said he'd make the trek to New Hampshire in the next week or two and bring Bournival a couple of cases of pheromone concentrate. After Bournival sold those, he could restock directly from the supplier in Wichita, Hawke said. Then he told Bournival he'd be in touch soon and signed off.
Nearly a month went by, and "Johnny" still hadn't delivered the pheromone. Bournival had stopped going to classes at Manchester West High and tried to occupy himself with assembling the other aspects of his new spam business. He bought a book about web site design and created a couple pages for taking pheromone orders based on Hawke's design. As Hawke suggested, he did some small trial runs with Group Mail, sending spams to test addresses he had created, known in spammer parlance as seed accounts. When he ran out of things to do, Bournival registered the address NHChess.org and started building a site for the New Hampshire Chess Association, the chess club he had joined soon after discovering the game in 1999.
When Hawke finally showed up at Bournival's apartment, located on a treeless section of Montgomery Street on the western side of Manchester, he and Bournival lugged two large cardboard boxes of pheromone bottles from the trunk of his car up the flight of stairs to the second-floor apartment.
Inside, Hawke looked around the cramped home. Bournival's computer was on a desk in the room he shared with his stepbrother. The dogs were yapping and franticly darting around the apartment.
"When business takes off, you're going to want your own office," Hawke said. In the meantime, he suggested the two of them should get a post office box in the QuikSilver company name. That way, Bournival could keep his home address a secret from customers. Using Hawke's car, they drove the mile and a half into downtown Manchester to get something to eat and visit the Mail Boxes Etc. branch on Elm Street.
As they were filling out the paperwork for the post office box, the clerk at the Mail Boxes Etc. store said she would need to see identification from each of them. Bournival produced his driver's license, and Hawke slapped his down on the counter as well. As the clerk recorded the information from the two cards, Bournival could make out the word "Massachusetts" across the top of Hawke's license. "Johnny" had told him his grandparents lived outside Boston and that he planned to spend the evening there on his return home to Tennessee. But as Bournival focused more intently on the upside-down card, he was puzzled to see the name Davis Hawke.
Bournival didn't ask "Johnny" about the name on the license, figuring it was just part of his effort to protect QuikSilver Enterprises from sabotage. (Bournival considered QuikSilver, with its connotation of mercurial speed and trickery, the perfect name for an Internet marketing company.) But that evening, after Hawke said goodbye and headed for Route Three to Boston, Bournival went online and typed "Davis Hawke" into the Google search engine.
At the top of the search results were a handful of news articles about Hawke's neo-Nazi days, along with several pages devoted to him at the web site of the Southern Poverty Law Center, which tracked hate groups. Bournival read each of the articles carefully as the recognition sunk in. Hawke didn't use aliases such as "Johnny Durango" or "Walter Smith" simply because anonymity made life as a spammer easier. Hawke did it because he was also hiding from his past.
* * *
[7] Bournival recounted this conversation to me during a June 11, 2004, interview.
Chapter 7.
Shiksaa Meets Scott Richter
Shiksaa was a big believer in spammus interruptus. When new junk emailers appeared on her radar screen—by sending her spam or getting mentioned in anti-spam newsgroups—she made a point of paying them a preemptive online visit. If the spammer had an America Online account, she would add the screen name to her buddy list and wait to be notified that he or she was online. Then Shiksaa would gently let the newbie know that anti-spammers like her would be hounding them every step of the way. She wanted to divest them of any illusions that junk emailing was an easy way to make a buck. Better to nip a chickenboner in the bud than to try to reform a full-blown, Rokso-grade spam operation.
But it didn't work out quite that way with Scott Richter, president of Colorado-based SaveRealBig, Inc. In July 2001, months before Richter gained the attention of other anti-spammers for his post-9/11 U.S.A. flag ads, Shiksaa added his AOL screen name to her buddy list. When Richter signed on one Saturday evening, she was all over him.
"Hey Scott. I hear you're spamming. Why?"[1]
Richter responded that she must have confused him with Chris Smith, a Minnesota spammer who used the nickname Rizler. But Shiksaa refused to back down.
"Help me out here Scott. One of my friends said you spammed him. I was simply asking if that was true."
"Not that I know of," said Richter.
To help jog his memory, Shiksaa sent Richter the Internet address of several newsgroup postings where copies of his spams had appeared. The messages advertised pagers from a company controlled by Richter. At least one of the spam runs had apparently been relayed through a mail server in Russia.
A couple of minutes went by, and Richter still hadn't responded. Shiksaa assumed he was reading the newsgroup link she had sent. While she was waiting, the AOL "You've Got Mail" voice sounded, so she checked her in-box. Waiting for her there was a message from one of America Online's administrators; it was a notice that the company had just received a report that she was violating AOL's terms of service. The message cited an excerpt from her conversation with Richter.
Before Shiksaa had a chance to explain, AOL's Member Services department suspended her account for spamming.
Shiksaa managed to straighten out AOL over the phone and convinced the company to reinstate her account. But the incident taught her an important lesson about Richter: he knew how to work the system.
Shiksaa would later learn that Richter was the son of a certified public accountant and tax lawyer in San Diego, California. Richter saw less of his dad, Steven S. Richter, after age eleven, when his parents divorced and his dad moved out. But Richter had acquired his father's interest in making and holding onto money.
Unlike his father, Scott didn't go to college and get a business degree. Instead, he spent his time after high school running RAM Amusement Investments, Inc., a vending-machine business he incorporated in 1991 with his mother as corporate secretary. That business frequently took him into bars and restaurants, and he eventually opened his own chain of 50s-style restaurants around Denver known as Great Scott's Eatery, as well as a nightspot called the Colorado Sports Café.
Spending so much time around good food did a number on Richter's weight. At one point the six-foot-one Richter pushed the scales at nearly 300 pounds. So when the Internet beckoned Richter to try his hand at online entrepreneurship in late 2000, spamming diet pills seemed a natural choice. He even featured himself in a before-and-after photo at a web site for Inferno, the ephedra-based supplement he was selling.
Deep in debt at the time as the result of stock market losses, Richter initially could afford to hire only small-time spammers to deliver his Inferno ads, which listed the Colorado Sports Café's street address as SaveRealBig's corporate headquarters. But as the cash flow picked up, Richter turned to MindShare's Postmaster General system for most of his mailing.
Shiksaa had noticed complaints on Nanae about SaveRealBig spams emanating from MindShare's service. In late August, she posted a note on the newsgroup observing that Richter apparently was using "dirty" mailing lists—containing addresses of people who hadn't opted in to receive them—and that Postmaster General didn't seem to be aware of the problem.
In early November 2001, more glaring proof appeared that Richter's lists weren't of the highest quality. Using the Postmaster General system, SaveRealBig had emailed ads for six-dollar cell-phone booster antennas to an Internet discussion list dedicated to the Debian computer operating system. The ads carried the subject line "Vital Emergency Strategy" and played on fears that new terrorist attacks would bring the sorts of communications breakdowns that plagued World Trade Center rescue efforts: "Worried that you or your loved ones won't be able to summon help in a crisis? The Amazing ezBooster is the solution!"
By the end of the month, Richter's ads had caught the attention of America Online. The big online service warned MindShare that, due to member complaints, it intended to remove SaveRealBig from the "white list" of bulk emailers allowed to send messages to AOL members. In response, MindShare's abuse manager (and former MAPS employee) Kelly Molloy Thompson contacted Richter by email with an ultimatum: "You, as a list owner, will need to submit documentation that the AOL addresses on your list were in fact collected through an opt-in process."[2]
According to Thompson, Richter's documentation minimally needed to include the date and time the user opted in, as well as his or her Internet protocol address. Failure to produce such evidence within three days, she said, would result in SaveRealBig's messages "being silently discarded" by AOL's spam filters.
Richter was unable to produce the proof by AOL's deadline. Like many email marketers, he had built his mailing lists, which had grown to over ten million addresses at the time, largely through what are known as coregistration deals. Under such arrangements, operators of web services sell or trade their customer lists to other marketers. In some cases, customers haven't actually given permission for their information to be shared, yet unscrupulous marketers nonetheless pass off their lists as "opt in." In other instances, sites hungry for sales leads essentially trick visitors into granting permission through confusing fine print and numerous checkboxes. Then there are the lists sold as "co-reg" leads which actually contain a blend of data, some of it harvested from the Internet. Not surprisingly, spam complaints from coregistration lists can be common.
(Under pressure from ISPs such as AOL for complete documentation of coregistration data, some fraudulent bulk emailers turned to software programs that could dummy up "proof" that their addresses were not harvested from the Internet or otherwise obtained without the permission of customers.)
Cut off from mailing to AOL through Postmaster General, Richter began focusing his ads on general Internet addresses. But even then, his mailing lists continued to get him—and MindShare—into trouble. In early December, spam from Richter arrived in the email in-box of anti-spammer Morely Dotes. The message was sent through the PostMaster General service and carried the subject line, "Why should men have all the fun?" It promoted a product called Vigel, which it claimed was "a topical gel that increases feminine sexual pleasure and excitement." According to the SaveRealBig web page advertised in the spam, Vigel contained menthol and the amino acid L-arganine and was "guaranteed to improve your sex-life or your money back!"
Morely Dotes forwarded a copy of the spam to MindShare's Internet service provider with a recommendation that it block all traffic fro
m the company, which he called "a spam-for-hire outfit, with no legitimate users."
At the time, Richter publicly relished the bad-boy image he was gaining among anti-spammers. When several of Richter's SaveRealBig sites were kicked off San Francisco ISP Hurricane Electric in December 2001, Richter posted a note to Nanae that celebrated the action.
"The more attention we get the more money we make. We are going to be big. REALBIG, the name we use says it all ... we are legit and getting stronger by the day. The more people talk about us the more companies find us. COMPLAINERS=$$$$$$," wrote Richter.
A few days later, as spam fighters were discussing Richter's listing on the Spews.org blacklist, he jumped into the fray: "I love the public's eye and the attention. Keep chatting; I LOVE EVERY MINUTE OF IT. MAKE ME FAMOUS."
But contrary to his public posturing, Richter was privately seething over the attention his spams had generated. In early January 2002, he phoned management at Peer 1 Network, an ISP based in British Columbia. Rob Mitzel, the ISP's abuse coordinator, had posted what Richter considered defamatory comments on Nanae about SaveRealBig. When Richter threatened to sue the company, Mitzel published a public apology on Nanae.
"On behalf of Peer 1 Network and myself, I would like to apologize to Scott Richter, Richter Enterprises, and his various SaveRealBig.com domains, for any slight I may have caused him," began Mitzel's mea culpa. (He concluded with a postscript that stated, "I am not doing this on my own volition. This is being required of me by my company.")
The incident followed a similar lawsuit threat from Richter against Communitech, a Missouri ISP that found itself on the Spews blacklist in September 2001 for hosting Richter's sites. In December 2001, Richter targeted Communitech employee Randy Rostie after he announced the ISP had kicked Richter off its service.