When spam eludes software, bring in the detectives
Sterling McBride spends a lot of time waiting for spammers to make a mistake. They usually do.
When he hunted down
escaped prisoners for the
Once he finds an electronic key to the spammer's identity--a real name, address or phone number--McBride uses all the tools of a regular detective: trailing suspects, subpoenaing their bank records and looking for disgruntled former associates to become informers. But first he must lift the cloak of anonymity provided by the Internet.
"The guys who do this are pretty tenacious," McBride said. "There are networks that are very well organized. But we have really started to figure out how they operate."
Spammers have been sending more junk e-mail than ever, despite a new that took effect Jan. 1. So far, few have been brought into court because it is and link them to electronic offers of pills and pornography.
So the vanguard of the fight against spam has turned from software engineers who try to identify and block spam from e-mail in-boxes to investigators in private industry, like McBride, and an increasing number of prosecutors and law enforcement agents who are learning how to combine traditional detective work with cybersleuthing.
The Federal Bureau of Investigation is increasing its effort to investigate spammers, largely in response to the new law. In an unusual arrangement, the Direct Marketing Association has paid $500,000 to hire 15 investigators who work alongside agents from the FBI and other government agencies in a program known as .
Using information provided by Internet providers along with their own decoy computers and e-mail accounts, these investigators have built a database of more than 100 spammers. Increasingly they are actually purchasing pills and responding to offers of get-rich-quick schemes to track down the spammers.
start to work backwards from the e-mail and find that to be a very frustrating
route," said Daniel Larkin, chief of the FBI's
The project has built cases against 50 spammers, which it has started to refer to federal and state prosecutors. It hopes to orchestrate a coordinated sweep of spam prosecutions and civil cases later this year to highlight the seriousness of its antispam efforts, Larkin said.
Even before the new
law took effect, there was an increase in both civil and criminal actions
against spammers. Last week, Howard Carmack, who sent
825 million junk e-mail messages from his home in
The big Internet service providers, especially America Online, a unit of Time Warner, and EarthLink, have been steadily suing spammers for the last few years, using trespass and computer crime laws.
A slow start for
Microsoft is a relative latecomer to the tactic. Until recently, it hoped to rely mainly on software to identify and discard spam. But once it decided to take spammers to court, it moved after them with a vengeance, building what is probably the biggest operation in the world devoted to .
Microsoft's 2-year-old "digital integrity" unit--which also fights online fraud, identity theft and spyware--employs more than 100 people around the world and has an annual budget of more than $10 million. Many investigators, including McBride, were former law enforcement officers and prosecutors hired originally to track down software counterfeiters who have shifted their attention to spam.
Standing in a small conference room on Microsoft's vast campus earlier this spring, McBride, 38, explained how the techniques he learned in tracking down prison escapees have come in handy finding spammers. He unfurled a giant piece of paper covered with hundreds of tiny symbols--faces, trucks, computer screens, telephones--connected by a spider's web of multicolored lines.
The diagram was made with a software program used by police to keep track of organized crime investigations. The networks of people and companies that send junk e-mail solicitations are just as complicated, McBride said.
He pointed to a small icon of an envelope, representing junk e-mail promoting a Web site called Camania.com that lets users view people performing sexual acts in front of their Webcams. A line leads from the envelope icon to an icon for the Web site, which was registered in a fake name.
"They did a good job of hiding themselves," McBride said. "Everything was registered to post office boxes and there were phones that forwarded to other phones with voice mail."
But one icon on the
diagram shows where the spammers slipped up. It is a real postal box that was
associated with the Camania site. It turned out to be
at a Mail Boxes Etc. in
Microsoft then hired outside investigators to stake out and follow whoever picked up the mail. It turned out to be Jason Cazes, who McBride said sells "MaxxLength" penis enlargement pills.
Eventually, McBride was able to collect sufficient evidence for Microsoft to file civil lawsuits last December against Cazes and two other people, accusing them of sending spam on behalf of Camania and MaxxLength.
A lawyer for Cazes, Mark Douglas Kimball, said Cazes was involved in running adult Web sites and a nutritional supplement business, but did not send any spam. Kimball said he was not aware that Microsoft had his client's mailbox watched, but said such a tactic was unnecessary because the ownership of the businesses was available in public records.
One of the most powerful tactics in criminal investigations--and one that Microsoft used in this case--was an informant familiar with the spam operation.
"Spammers are more than willing to rat each other out," McBride said.
In the last 15
months, Microsoft has filed 53 civil cases against spammers. Ten have resulted
in court orders banning the defendant from further spamming, either because of
a settlement or because the defendant did not show up in court. One case was
dismissed. The rest are working their way through the
If the amount of spam is any measure, the spammers have not been scared off.
But Timothy Cranton, the lawyer who runs the Microsoft digital integrity unit, argues that the private and government legal actions will ultimately make a difference.
"A lot of spammers think what they are doing is perfectly fine," Cranton said. Enforcing the federal law, he said, will show them "that what they are doing is not fine."
For years, an energetic community of amateur spam detectives has been trying to get Internet providers to kick spammers off their networks. Increasingly, those volunteers are trading tips with law enforcement agencies and Internet providers.
"We do a fair bit of work with Microsoft," said Steve Linford, the founder of Spamhaus, a prominent volunteer spam-investigating organization. "They are getting serious about fighting spam and putting their money where their mouth is."
By filing lawsuits known as "John Doe" suits, in which the identity of the defendant is not known, Internet providers are able to subpoena records from banks and others to determine the identity of spammers.
"The most useful
information is who pays for various aspects of the spam operation," said
David Bateman, a lawyer at Preston Gates & Ellis in
Microsoft identified a series of advertisements for pornography and herbal
supplements that were sent as e-mail messages to Hotmail accounts, directing
recipients to Web sites on computers operated by a company called Isolate
Networks, which was run by Dan Ivans in
Microsoft filed a suit in June 2003 naming 20 "John Doe" spammers, which allowed it to obtain subpoenas for information about Ivans' business clients. Microsoft lawyers were also able to question Ivans, who is not a defendant in the suit, under oath.
With that information, Microsoft was able to amend the suit earlier this month to name seven people and two companies it said actually sent the spam.
"The real key is trying to figure out how to connect the virtual world" with "someone you can hold responsible for this," McBride said. Once you have the link, he said, "you can use all the tools of a normal investigation."
Entire contents, Copyright © 2004 The New York Times. All rights reserved.