Feeds

Feds hamstring world's largest spam gang

FTC targets Texas-Kiwi connection

Seven Steps to Software Security

US regulators have struck a body blow at two men accused of masterminding the world's largest spam enterprise by obtaining a court order that shuts down some half-dozen companies they operated and freezing assets earned in the operation.

Lance Atkinson, a New Zealand citizen living in Australia, and Jody Smith, a businessman from McKinney, Texas, stand accused of overseeing an operation that raked in millions of dollars sending billions of spam messages. According to a complaint filed by the Federal Trade Commission, the men recruited spammers from around the world to send unsolicited junk mail related to male-enhancement pills, prescription drugs, and other items.

Spam opponents cheered the FTC's action.

"They are probably the most prolific spammers at the moment," Richard Cox, CIO of Spamhaus.org said of Atkinson and Smith. "This is probably the first time that an action by law enforcement will affect the level of spam in people's inboxes."

Attempts to contact Atkinson and Smith for comment were not successful.

Using an affiliate program called "Affking," they were at one point believed to be responsible for one-third of the world's spam, according to the FTC. The men took great pains to distance themselves from the operation, creating a handful of shell companies located throughout the world to launder the large sums of money they brought in and to purchase domain names and credit card services.

According to the FTC's complaint, Atkinson has been involved in the spam trade for years and is the sole director and shareholder of Inet Ventures Pty Ltd of Australia. Even after the FTC obtained a $2.2m judgment against Atkinson in 2005, he continued to recruit spammers to promote his various websites, FTC attorneys said in court documents.

To bolster their claim, the attorneys included a December 2007 conversation between Atkinson and his brother Shane Atkinson shortly after he was contacted by the BBC and asked about Gencash, a spam operation allegedly maintained by the brothers.

"I had bbc world call my home," Shane wrote in an instant message to his brother. "i think you need to stop spamming asap."

Shortly afterward, Atkinson sent messages to an associate in which he discounted the likelihood he'd ever be fingered in the BBC probe.

"They sort of said that shane was the one responcible [sic] for spamming," Lance wrote. "All the penis sites. And the local cops are investigating."

"They'll never find you," the associate, who was named Roland Smits, opined. Atkinson replied: "Well they bought [sic] me up, but nothing linked to me, most i do is provide services for spammers."

With so many eyes on the Atkinson brothers and their sancash.com affiliate site, Lance quickly formed a new partnership with Smith. The two soon launched affking.com, which was in many ways identical to the Sancash website. Credit card sales that flowed through three merchant accounts Smith set up in Cyprus and the Republic of Georgia cleared as much as $500,000 a month, according to the FTC.

The money was funneled through a series of companies controlled by Smith. One of them was called TwoBucks Trading Limited and another was Tango Pay, which received $3.3m from the Cyprus bank accounts in just eight months. While many of the payments went directly to Atkinson or companies under Atkinson's control, Smith allegedly profited handsomely as well. Over the past year, he has withdrawn almost $200,000 out of automatic teller machines near his home that came from Click Fusion, another company involved in the operation.

Given cyber criminals' growing sense of impunity, it's easy to argue that actions like the one today don't amount to much. After all, if a previous FTC action and a resulting $2.2m judgment didn't reform Atkinson, what's to stop him now?

A couple of things. For one, the spam coming from this operation has been stopped in its tracks, according to Cox of Spamhaus. That could make a considerable difference in the lives of those who must shoulder the weight of the spam epidemic.

And for another thing, FTC enforcers this time have made a concerted effort with their counterparts in New Zealand and Australia to cut off the spammers' air supply by freezing the assets of the companies involved in the spamming enterprise.

And that has the potential to make things different, said Steve Wernikoff, a staff attorney with the FTC who helped bring the case.

"There's no doubt it's more difficult when people take efforts directly aimed at hiding and using resources in places out of the country," he said. "They think they can operate without being touched by law enforcement. But we're trying to change that." ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.