Spam Kings
Page 27
Less than a year later, in August 2001, officials from the Massachusetts attorney general's office were knocking on Todino's door. In the state's first legal action against a spammer, Todino and his company RT Marketing were accused of sending misleading and deceptive ads. Regulators pointed out that Todino's "grant program" was just a list of grant organizations, and the "detective" software was just a list of informational web sites found on the Internet. The state fined Todino $5,000 and convinced him to sign an "assurance of discontinuance" deal, under which he agreed to stop sending fraudulent bulk emails.
But Todino hardly seemed intimidated by the Massachusetts order. Within weeks, he was spamming again under a new company name, PK Marketing, and using more sophisticated techniques to conceal his identity.
Shortly thereafter, Todino's first wave of time-travel spam hit the Internet. It was as if his run-in with the government had somehow triggered the strange quest. Over time, his messages became increasingly specific about the technology he needed to rewind his life. In February 2002, he sent a flurry of anonymous messages appealing to anyone who was a "time traveler or alien disguised as human." The spams stated that his life had been "severely tampered with" and he needed "temporal reversion" to correct it.
"If you can help me, I will pay for your teleport or trip down here, along with hotel stay, food and all expenses. I will pay top dollar for the equipment. Proof must be provided," stated the messages.
Todino accumulated plenty of evidence that the equipment he needed was out there somewhere. Someone sent him a twenty-five-page manual entitled "Dimensional Warp Generator User's Manual," which was apparently created by cutting and pasting material from computer-hardware documentation. Someone else provided a couple automotive wiring diagrams that had been doctored so that they appeared to be time-travel equipment schematics. Others emailed Todino photos of souped up digital watches, apparently meant to look like portable time machines.
Not everyone wanted to help Todino acquire the technology he desired. In August 2002, he got an email, sent from a Hotmail account, with the subject line "Time Travel." It notified Todino that the author was responsible for monitoring "electronic communications." The email warned him to "stop all forms of communication on this topic" and said Todino would be arrested by an agent and returned after receiving a "cranosistanic reversal." Todino was informed to delete the email after reading it, or else be in violation of "Dimensional Displacement Diversion Act of section 44563b-232 Article 40498.442."
To Todino, the emails, phone calls, and documents were further proof that members of a conspiracy, which he referred to as the Renns, were trying to follow his every move and control his life, including his use of the Internet. The information made him more determined than ever to raise the money he'd need to finance his trip back in time.
PK Marketing's commercial spamming reached a peak in late spring of 2003, when Todino broadcast millions of messages advertising "free cash grants" at his site GrantGiveAwayProgram.com. It was around this time that Todino met Davis Hawke (whom he knew as Dave Bridger) at the BulkersClub.com forum.
At the time, Hawke was looking to make some extra money subletting some of the web hosting he had paid for in South America. In a note at the spammer site, "Dave Bridger" advertised "extremely solid" web hosting and boasted that he'd experienced "about 24 hours of downtime in the last three weeks, and we've been up for about five months with no problems." Bridger said he used "DNS floating and IP rotation via proxies" to completely hide the origin of a server, "so it NEVER gets blacklisted or shut down." The price for Bridger's hosting service was $150 for a trial week and $250 per week after that.
After Todino sent him $150 by PayPal, Bridger set up PK Marketing with access to one of Amazing Internet's domains, Pharycon.com. Todino then modified his ads for "free government grants" to list the domain. Later, Hawke also gave him access to Zakarish.com, a site that Hawke also rented out to some spammers who were selling access to pornographic web cams.
As part of his new effort to hide his identity, Todino often listed other people's email addresses in the "From" line of his spams. In the middle of May 2003, he sent out millions of ads with a forged return address belonging to a web site with information about Cairo, Egypt. When Philippe Simard, one of the operators of the site, egy.com, began receiving bounce notices and complaints, he fought back by convincing PK Marketing's credit card processor to shut down its account.
Simard also put up a page at the site explaining that egy.com was not responsible for the spams. The page included a copy of the domain registration for pharycon.com, leading many people to assume that Hawke and Bournival were responsible for the forged messages. Unfortunately for Dr. Fatburn, it was one of the registrations in which Hawke had also put Alan Moore's name, so some of the heat was directed his way as well.
All the commotion over the Joe-job made it impossible for Todino to hide his secret any longer. In August 2003, inquisitive Internet users and reporters fingered the longtime spammer as the source of the time-travel emails.[14] In response, Spamhaus added Todino to the Rokso list, and his record on Spews was updated with the new information.
Several weeks later, an avalanche of what appeared to be retaliatory messages began hitting three anti-spam web sites that had spotlighted Todino as the author of the time-travel spams. Someone had forged the sites' domains as the return addresses on a recent flurry of junk emails advertising anti-spam software. As a result, the innocent sites were inundated with hundreds of thousands of error messages and complaints about the spam.
The messages, which bore subject lines such as "Stop Spam in Its Tracks" and "Say Goodbye to Junk Email," advertised Quickeasysolution.com as the source of an anti-spam software program.
Among the targets of the Joe-job attack was Interesting-People.org, the home of a mailing list moderated by Carnegie Mellon University computer science professor David Farber. The site was slammed with hundreds of thousands of bounce messages from all over the Internet. Similarly, Inertramblings.com, a blog run by Sean Sosik-Hamor, received over 350,000 of the error messages. The operator of Lindqvist.com, Niklas Lindqvist, who was the third victim, reported receiving 30,000 such messages in six hours.
All three sites had published articles about the time-travel spammer's unmasking. But it wasn't certain that Todino was responsible for the Joe-job. The domain advertised in the spams, QuickEasySolution.com, listed a fictitious Woburn, Massachusetts, street address—the same address Todino had given in previous domain registrations. However, it was possible that Todino himself was the victim of an elaborate Joe-job.
But at least one of the attack victims was confident Todino was to blame. In a message on his site, Sosik-Hamor said he had previously been a fan of the strange messages about time travel. "I've thought that the author was pretty cool. A few fries short of a Happy Meal, but cool...Now I feel almost betrayed by Robert," he wrote.
The next day, Todino broke his silence. He changed the home page of QuickEasySolution.com, replacing the ad for "Email Filter" with a new page. On it, Todino denied being responsible for the Joe-job and apologized to the victims. "There are those wishing to do me greater harm then you can possibly comprehend," he said.
Todino eventually took down the page and went back to hawking anti-spam software and government grants. But he stopped sending time-travel spams.
* * *
[13] Adapted from articles by the author that originally appeared at Wired.com in August and November 2003.
[14] Shortly after my August article, "Turn Back The Spam of Time," appeared at Wired.com, I received an angry email from Todino. "I have had multiple threats against my life, including temporal incarceration. You cannot even begin to comprehend what danger you have put me in and what certain agencies and groups who do have the technology are capable of doing!" he wrote. His email went on to cite the various laws that these unnamed authorities would consider him to have broken, including the "Dimensional Displacement Diversion Act of section 445
63b-232 Article 40498.442" and the "Chronographic Travel code, section 54.1, page 364." Todino concluded his message with a threat: "So help me God if my chance of life or life is harmed because of you I have already arranged to have you killed and am currently being guarded fully! It will not matter you see because if I die you die! That is a promise!"
Karen Hoffmann, Sock Puppet
Around Labor Day 2003, Shiksaa's outrage at The Gang That Couldn't Shoot Straight (Marin, Richter, Waggoner, and company) finally began to fade. She would never forgive them for publishing her and her dad's personal information on the Internet. But it appeared that the spammers' litigation against her and the rest of the Nanae Nine had imploded.
On September 3, the mysterious EMarketersAmerica.org (EMA) voluntarily withdrew its lawsuit after realizing it was about to backfire horribly. The EMA had hoped to sue anti-spammers into unmasking the operators of Spews. But it became clear that the lawsuit would expose EMA members' own operations to the same risk. Pete Wellborn, the attorney representing the defendants, had been crowing that he would use the legal discovery process to thoroughly dissect the companies responsible for the litigation.
The day after Wellborn filed a withering 110-page motion to dismiss, EMA attorney Mark Felstein waved his white flag. It was the second humiliation for Felstein in recent months. In June, the New York Bar Association had denied the Florida lawyer's petition for admittance, citing Felstein's history of substance abuse and criminal record. "We are not satisfied that petitioner presently possesses the character and general fitness requisite for an attorney and counselor-at-law," wrote the state's Supreme Court panel.[15]
But Wellborn and his clients weren't going to be content with a Pyrrhic victory. They wanted to send a clear message to spammers who launch legal attacks: don't start what you can't finish. Wellborn tried to persuade the court to refuse Felstein's withdrawal and instead decide the suit on its merits. Wellborn argued that federal law prohibited a plaintiff from unilaterally withdrawing a lawsuit once the defendant has answered the charges.
Meanwhile, Steve Linford announced on Nanae that the defendants wanted Felstein to pay their legal fees. "We're going after Felstein personally for every penny. He's whining he's broke, but that's not going to wash. He can sell his house," wrote Linford, who then posted a copy of the 1998 sales record for Felstein's condominium, which anti-spammers had apparently located in an online database.
Shiksaa's relatively ebullient mood darkened a few weeks later. The October 2003 issue of Conde Nast's magazine for men, Details, published its annual list of the ten most influential and powerful men under thirty-eight. To the dismay of anti-spammers, OptInRealBig.com CEO Scott Richter was number nine on the list, which also included rapper Eminem and actor Ben Affleck.
"Ninth largest spamming scumbag, maybe," wrote Shiksaa in a Nanae discussion of the Details list. When someone observed that Richter seemed to be adept at generating publicity, she dismissed the idea. "Most psychopaths are good at self-promotion. If you don't believe that, just Google the name of a certain Florida lawyer," she said. Taking some of the sting away for Shiksaa and the others was a quote about Richter from Linford that made it into the Details article: "The only power he has is the power to annoy 100 million people."
Then more bad news for the Nanae Nine arrived. In October, Florida district court judge Donald Middlebrooks granted Felstein's motion to dismiss.[16] The EMA case was closed.
Stuck with thousands of dollars in legal bills and still smarting from Richter's adulation in the mainstream media, Shiksaa and her codefendants got an even more stunning piece of news in late November.
According to a new entry in the Spamhaus Rokso record for Scott Richter, three "former spamfighters" had been discovered on Richter's payroll: former MAPS employees Kelly Molloy (Thompson) and Pete Popovich, as well as Ohio anti-spammer Karen Hoffmann. The Rokso entry, ROK2888, stated that the three were employed by Richter to handle network abuse complaints and to perform "listwashing"—the task of removing angry spam recipients from OptInRealBig.com's mailing lists.
The Rokso entry said Molloy and Popovich had been hired by Richter in January 2003 as part of his "continuing efforts to appear legitimate," which represented "a depressing reversal of ethics" according to the anti-spammers.
"Although their employment by Richter was initially presented as salutory [sic], in that their work would eventually clean up Richter's operation, it has long since become clear that they are complicit in his activities," stated ROK2888. The entry added that Karen Hoffman, "turned away in her pursuit of spammer Thomas Cowles," had also joined Richter's company in an "abuse position." A footnote on the page stated, "in Richter's lexicon, 'abuse personnel' denotes not persons who counteract abuse but those who facilitate it."
Although the author of the Rokso entry was never revealed, news of its publication was first announced on Nanae by Adam Brower, who had recently been added to the Spamhaus team. The announcement set off a flurry of discussion, generating over 400 responses. Some people accused the former anti-spammers of being traitors. One person said Richter's abuse personnel were just as culpable as getaway drivers in a bank robbery. But others rose to defend Molloy and Popovich, and supported their efforts to clean up Richter's operation from the inside. They said the Rokso record was unfairly vindictive and undermined the register's credibility.
A few hours later, ROK2888 was pulled from the Spamhaus site. In a note on Nanae, Linford explained that the record would be placed back online after Molloy and Popovich were removed. Karen Hoffmann, on the other hand, would remain. "The info on our internal list," explained Linford, "says Karen Hoffman is fully and knowingly involved in Richter's spam operations."
The Spamhaus team learned that Hoffmann had been consulting to Richter since at least early 2003 and had apparently taken great pains to conceal the fact. When spam recipients emailed OptInRealBig.com to complain, she used a number of pseudonyms in her replies, including the name "Karen Hughes." Hoffmann had also used the name Hughes, which wasn't her maiden name, to register for the annual meeting of a technical association called the American Registry for Internet Numbers (ARIN). Hoffmann traveled to the Chicago meeting in October with Richter's computer whiz kid and head of information technology, Dustin Parker, and had listed WholesaleBandwith, Inc. as her company's name. (Richter had recently acquired WholesaleBandwith from a Rokso spammer in Texas named Paul Boes. The company had been booted off over a half-dozen Internet service providers since 2002.)
When the information about her work for Richter finally became public, Hoffmann didn't deny it. She waded into the turbulent discussion on Nanae with a note stating that she wouldn't discuss the details of her employment. (Richter made it a point to get all employees to sign a nondisclosure agreement upon their hiring.) But she defended Richter's practices, noting that several large Internet service providers had "white-listed" him and were allowing his messages to reach their subscribers.
"I've always believed we need a middle ground. There's got to be a compromise. Give them a set of rules to play by. Make sure they play by the rules. Don't want their email at all? Feel free to block them. They're not going away," she wrote.
Hoffmann pointed out that some anti-spammers had known of her affiliation with Richter long ago. Indeed, she had hinted at her new employment in a May 2003 statement at her personal web site, ToledoCyberCafe.com. In the update to her chronicle of tracking Empire Towers spammer Tom Cowles, Hoffmann revealed she had started to take a broader view about the best way to fight spam.
"I'm working behind the scenes with marketers to help them improve their practices. I'm working with consumers and corporations on utilizing technology to stop the spam from hitting their inboxes...I feel it is in everyone's best interests to work with marketers, consumers, ISPs, and lawmakers alike to keep email a valuable communication tool," she wrote.
But Shiksaa could barely contain her disgust at learning of Hoffmann's association with Richter. When an anonymous person (who
later turned out to be a Richter employee) posted a note to Nanae defending Hoffmann and pointing out her work to stop Tom Cowles, Shiksaa dismissed her former friend's contributions to spam fighting.
"Following Cowles around with a camera and publishing other people's research on her web page didn't stop Cowles, nor did it stop any spam. The only thing she is doing to stop spam is removing spam victims who complain from Richter's spam lists...and the whole while passing herself off in this newsgroup as a person who didn't like spam," wrote Shiksaa.
It was Hoffmann's duplicity that bothered Shiksaa the most. Molloy and Popovich didn't announce their Richter affiliation with a bullhorn either. But at least they didn't try to hide it or resort to using aliases in their work for the spammer. (Molloy and Popovich would resign their posts with Richter soon after the Rosko incident.) Nanae regulars never take kindly to "sock puppets"—pseudonymous participants who jump into the newsgroup to defend spammers. But Shiksaa was especially astonished to learn that several Nanae postings by a person calling herself Natasha Dorenkov were actually the work of Hoffmann.
Identifying herself as an abuse coordinator for the MyEmailWizard bulk emailing service, Dorenkov had posted a note to Nanae that April. She requested that Spews reconsider her company's place on the blacklist. When an anti-spammer asked whether her firm had any affiliation with Scott Richter, Dorenkov replied, "Without checking first with our legal department, I think I can safely say that Mr. Richter is an ex-list owner on our system." Then, after being asked whether that was her real name, she responded, "Dorenkov is my married name, although I am no longer married. My given name is Nataliya Byakov. I've always gone by Natasha."
It was all fabrication. In fact, Natasha Dorenkov was an alias Hoffmann had been using to shield herself while handling abuse complaints for Richter's various properties (MyEmailWizard being one of them). Hoffmann wasn't proud of her dissembling on Nanae. But she was quite satisfied with her achievements in Natasha's name. To spam victims who emailed Richter's companies asking to get off mailing lists, Natasha was something of a heroine. Many average Internet users had been conditioned not to trust opt-out instructions or communications with "abuse" personnel at spam firms. But dealing with Natasha was different. Hoffmann, as Natasha, was always quick to deal with spam complaints and treated spam victims with sympathy.