Feeds

Three spammers face obscenity and CAN-SPAM charges

Graphic porn emails sent to tens of millions

SANS - Survey on application security programs

Three spammers were indicted in Phoenix last week for sending obscene spam in violation of US anti-spam regulations. The three were also charged with breaches of federal obscenity, money laundering and conspiracy laws.

According to the US Justice Department, Jennifer Clason, 32, Jeffrey Kilbride, 39 and James Schaffer, 39, have each been charged with one count of criminal conspiracy and two counts of fraud and related activity in connection with the sending of unsolicited email under the CAN-SPAM Act.

The CAN-SPAM Act, which came into force on 1st January 2004, established a framework of administrative, civil, and criminal tools to tackle unsolicited commercial email.

It provides for a national Do-Not-Spam list; requires that spam sent to consumers includes a means of opting-out of the mailing list used by the sender; bans the sending of fraudulent emails or unmarked sexually oriented emails, and provides for civil and criminal sanctions for those spammers who breach the rules.

The penalties may amount to fines of $6m and five years in prison in the most severe cases.

In this case, the Justice Department alleges that the spam was sent in ways that made it difficult for ISPs and recipients to identify or respond to the senders – either by sending the spam from Internet Protocol addresses registered in the Netherlands and domain names registered in Mauritius, falsifying the “From:” line in the emails, or installing the computers and equipment used in sending the emails in the Netherlands and remotely controlling them from the US.

In addition, according to the indictment, the spam sent by the defendants contained graphic pornographic images embedded in the emails, while some emails advertised porn sites to earn the defendants’ commission for directing internet traffic there.

The indictment therefore charges Kilbride and Schaffer with two counts of interstate transportation of obscene material using an interactive computer service and two counts of interstate transportation of obscene material for the purpose of sale or distribution.

The indictment also alleges that Kilbride and Schaffer created two overseas companies to hide their activities and used overseas bank accounts in Mauritius and the Isle of Man for the purpose of laundering and distributing the proceeds of the spamming operation.

Finally, Schaffer has been charged with one count of operating three pornographic internet websites without including statements describing the location of identification and other records for the performers portrayed in the websites, as is required by federal law.

According to the Justice Department, the defendants’ spamming operation resulted in more than 600,000 user complaints to America Online between 30th January and 9th June 2004. Estimates as to the actual number of users who received the unsolicited emails run in the tens of millions, it says.

The Department also reveals that the operation was listed as one of the 200 largest spaming operations in the world by Spamhaus, an international non-profit organisation which collects information and evidence on the worst spammers worldwide.

If convicted, Kilbride and Schaffer each face a maximum sentence of 20 years in prison on the money laundering charge, and five years in prison on the obscenity charges. All three defendants face a maximum sentence of five years in prison on each of the spamming and criminal conspiracy charges, while Schaffer also faces a maximum sentence of two years in prison on the improper pornographic record keeping charge.

A fourth defendant, Andrew Ellifson, 31, pleaded guilty in February to one count of spamming under the CAN-SPAM Act and one count of criminal conspiracy, marking the first federal conviction related to the transmission of obscene spam e-mails.

According to the indictment, Ellifson assisted in the creation, operation, and management of the computer network used to transmit the spam sent by the operation. He faces a maximum penalty of five years in prison for each of the spamming and criminal conspiracy offences.

“The internet is both a blessing and a curse,” said US Attorney Paul Charlton of the District of Arizona. “Unwanted email and pornography in our houses represents a kind of home invasion. Children are especially vulnerable to this kind of act and we will vigorously pursue those who put children at risk in this way.”

© Pinsent Masons 2000 - 2005

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.