Feeds

Feds hamstring world's largest spam gang

FTC targets Texas-Kiwi connection

Internet Security Threat Report 2014

US regulators have struck a body blow at two men accused of masterminding the world's largest spam enterprise by obtaining a court order that shuts down some half-dozen companies they operated and freezing assets earned in the operation.

Lance Atkinson, a New Zealand citizen living in Australia, and Jody Smith, a businessman from McKinney, Texas, stand accused of overseeing an operation that raked in millions of dollars sending billions of spam messages. According to a complaint filed by the Federal Trade Commission, the men recruited spammers from around the world to send unsolicited junk mail related to male-enhancement pills, prescription drugs, and other items.

Spam opponents cheered the FTC's action.

"They are probably the most prolific spammers at the moment," Richard Cox, CIO of Spamhaus.org said of Atkinson and Smith. "This is probably the first time that an action by law enforcement will affect the level of spam in people's inboxes."

Attempts to contact Atkinson and Smith for comment were not successful.

Using an affiliate program called "Affking," they were at one point believed to be responsible for one-third of the world's spam, according to the FTC. The men took great pains to distance themselves from the operation, creating a handful of shell companies located throughout the world to launder the large sums of money they brought in and to purchase domain names and credit card services.

According to the FTC's complaint, Atkinson has been involved in the spam trade for years and is the sole director and shareholder of Inet Ventures Pty Ltd of Australia. Even after the FTC obtained a $2.2m judgment against Atkinson in 2005, he continued to recruit spammers to promote his various websites, FTC attorneys said in court documents.

To bolster their claim, the attorneys included a December 2007 conversation between Atkinson and his brother Shane Atkinson shortly after he was contacted by the BBC and asked about Gencash, a spam operation allegedly maintained by the brothers.

"I had bbc world call my home," Shane wrote in an instant message to his brother. "i think you need to stop spamming asap."

Shortly afterward, Atkinson sent messages to an associate in which he discounted the likelihood he'd ever be fingered in the BBC probe.

"They sort of said that shane was the one responcible [sic] for spamming," Lance wrote. "All the penis sites. And the local cops are investigating."

"They'll never find you," the associate, who was named Roland Smits, opined. Atkinson replied: "Well they bought [sic] me up, but nothing linked to me, most i do is provide services for spammers."

With so many eyes on the Atkinson brothers and their sancash.com affiliate site, Lance quickly formed a new partnership with Smith. The two soon launched affking.com, which was in many ways identical to the Sancash website. Credit card sales that flowed through three merchant accounts Smith set up in Cyprus and the Republic of Georgia cleared as much as $500,000 a month, according to the FTC.

The money was funneled through a series of companies controlled by Smith. One of them was called TwoBucks Trading Limited and another was Tango Pay, which received $3.3m from the Cyprus bank accounts in just eight months. While many of the payments went directly to Atkinson or companies under Atkinson's control, Smith allegedly profited handsomely as well. Over the past year, he has withdrawn almost $200,000 out of automatic teller machines near his home that came from Click Fusion, another company involved in the operation.

Given cyber criminals' growing sense of impunity, it's easy to argue that actions like the one today don't amount to much. After all, if a previous FTC action and a resulting $2.2m judgment didn't reform Atkinson, what's to stop him now?

A couple of things. For one, the spam coming from this operation has been stopped in its tracks, according to Cox of Spamhaus. That could make a considerable difference in the lives of those who must shoulder the weight of the spam epidemic.

And for another thing, FTC enforcers this time have made a concerted effort with their counterparts in New Zealand and Australia to cut off the spammers' air supply by freezing the assets of the companies involved in the spamming enterprise.

And that has the potential to make things different, said Steve Wernikoff, a staff attorney with the FTC who helped bring the case.

"There's no doubt it's more difficult when people take efforts directly aimed at hiding and using resources in places out of the country," he said. "They think they can operate without being touched by law enforcement. But we're trying to change that." ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.