Feeds

Spam clients outed, credit card details published

You can be Heroes just for one Day

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Anti-spam activists have upped the ante in their fight against junk email by publishing the details - including credit card information - of people who've ordered spamming services online.

Activists published details from order forms left on a monumentally insecure spam services Web site (http://202.63.201.239), run by notorious American spammer Robert Soloway, on the newsgroup news.admin.net-abuse.email (NANAE). Names, addresses, phone numbers of seven "would-be spammers" were published on the newsgroup last week. Three of those who ordered a $129 spam run or bulk mailing lists from the site come from the UK, three from the US and one from Germany.

Follow the money

Australian anti-spammer Glenn Barry came across the information while tracking down the source of annoying spam junk email. This led him to the Pakistani Web site.

Barry explained to El Reg his rationale for posting credit card details of people who'd ordered spamming services.

"I found the 'orders' page links which listed the orders insecurely with the full identity and credit card details of the people signing up for spamming runs wide open. I thought I would get them before they could get me with a spam run," he said.

"The information was posted to NANAE to enlist support from other anti spammers to contact these idiot would be spammers and let them know their credit cards and identities had been exposed."

Barry said his actions were not an organised campaign but part of "volunteer efforts of many, many people around the world".

"It's more of a 'neighbourhood watch' than spam police", he added.

We're not spammers, say name and shammed companies

The outed UK clients of the spamming service are Clive Billing of Gloucestershire outfit diamondgeezer.com, Peter Tuffrey of Kent-based consultancy Blueprint Internet Services and Paul Smith of Bedfordshire-based consultancy Dam Design.

Both Dam Design and Blueprint Internet services admitted that company credit cards were used to buy spam services. However both Tuffrey and Smith told us that the purchases were made against company policy by staff who have since been disciplined. Billing was not available for comment.

We understand all those involved have cancelled their credit cards.

Tuffrey, a partner at Blueprint Internet Services, said it does not condone spamming and has a "very strict privacy policy". Services from the spamming site were "naively ordered" in contravention of company policy by a member of staff who has since been disciplined, he added.

It's a similar story over at Dam Design.

Smith, a director at Dam Design, said a member of his team purchased an email list on behalf of client from what they thought was a "legitimate source". [Actually the Pakistani site was promoted through - surprise, surprise - spam itself].

Dam Design is a media communications agency which operates an email marketing service but it has a "strict anti-spam" policy, Smith told us.

"With hindsight I should have vetted the purchase. We should never have bought the list. We're not in the habit of purchasing lists, it was a mistake."

"The person who did this has been reprimanded and has now left the company," he added.

More aggressive anti-spam tactics ahead

Steve Linford, of the Spamhaus Project, a well known anti-spam group not involved in the campaign, noted that UK business purchasing spam services would be guilty of a criminal act under tougher European regulation due to put into UK law by October.

Many spammers' Web sites are fundamentally insecure, so Linford isn't that surprised credit card details were left out into the open. Presented with the same information, Spamhaus would not publish credit card information. However Linford expressed no criticism of the anti-spam activists actions.

Posting information to out spammers "happens occasionally", Linford noted, though the addition of credit card details give the tactic added bite.

Since the information was published on the Net, activists lisuch Gareth Robert Halfacree have picked up the baton, taking Dam Design's Web master to task for his client's action in IM conversations that he published on the NANAE news group, for instance.

According to Glenn Barry, the anti-spammer who got the whole ball rolling, Halfacree is running a more organised "outing UK spammers" forum. ®

Related stories

The War against 'Viagra'
Dutch mass spammer loses grip
Amsterdam, home of the 419 lottery scam
Earthlink brings down the Buffalo Spammer
Buffalo Spammer arrested
AOL wins $7m in spam case

Fab O'Really T'shirt at Cash and Carrion
How to deal with Spammers - permanently

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.