Feeds

Feds hamstring world's largest spam gang

FTC targets Texas-Kiwi connection

SANS - Survey on application security programs

US regulators have struck a body blow at two men accused of masterminding the world's largest spam enterprise by obtaining a court order that shuts down some half-dozen companies they operated and freezing assets earned in the operation.

Lance Atkinson, a New Zealand citizen living in Australia, and Jody Smith, a businessman from McKinney, Texas, stand accused of overseeing an operation that raked in millions of dollars sending billions of spam messages. According to a complaint filed by the Federal Trade Commission, the men recruited spammers from around the world to send unsolicited junk mail related to male-enhancement pills, prescription drugs, and other items.

Spam opponents cheered the FTC's action.

"They are probably the most prolific spammers at the moment," Richard Cox, CIO of Spamhaus.org said of Atkinson and Smith. "This is probably the first time that an action by law enforcement will affect the level of spam in people's inboxes."

Attempts to contact Atkinson and Smith for comment were not successful.

Using an affiliate program called "Affking," they were at one point believed to be responsible for one-third of the world's spam, according to the FTC. The men took great pains to distance themselves from the operation, creating a handful of shell companies located throughout the world to launder the large sums of money they brought in and to purchase domain names and credit card services.

According to the FTC's complaint, Atkinson has been involved in the spam trade for years and is the sole director and shareholder of Inet Ventures Pty Ltd of Australia. Even after the FTC obtained a $2.2m judgment against Atkinson in 2005, he continued to recruit spammers to promote his various websites, FTC attorneys said in court documents.

To bolster their claim, the attorneys included a December 2007 conversation between Atkinson and his brother Shane Atkinson shortly after he was contacted by the BBC and asked about Gencash, a spam operation allegedly maintained by the brothers.

"I had bbc world call my home," Shane wrote in an instant message to his brother. "i think you need to stop spamming asap."

Shortly afterward, Atkinson sent messages to an associate in which he discounted the likelihood he'd ever be fingered in the BBC probe.

"They sort of said that shane was the one responcible [sic] for spamming," Lance wrote. "All the penis sites. And the local cops are investigating."

"They'll never find you," the associate, who was named Roland Smits, opined. Atkinson replied: "Well they bought [sic] me up, but nothing linked to me, most i do is provide services for spammers."

With so many eyes on the Atkinson brothers and their sancash.com affiliate site, Lance quickly formed a new partnership with Smith. The two soon launched affking.com, which was in many ways identical to the Sancash website. Credit card sales that flowed through three merchant accounts Smith set up in Cyprus and the Republic of Georgia cleared as much as $500,000 a month, according to the FTC.

The money was funneled through a series of companies controlled by Smith. One of them was called TwoBucks Trading Limited and another was Tango Pay, which received $3.3m from the Cyprus bank accounts in just eight months. While many of the payments went directly to Atkinson or companies under Atkinson's control, Smith allegedly profited handsomely as well. Over the past year, he has withdrawn almost $200,000 out of automatic teller machines near his home that came from Click Fusion, another company involved in the operation.

Given cyber criminals' growing sense of impunity, it's easy to argue that actions like the one today don't amount to much. After all, if a previous FTC action and a resulting $2.2m judgment didn't reform Atkinson, what's to stop him now?

A couple of things. For one, the spam coming from this operation has been stopped in its tracks, according to Cox of Spamhaus. That could make a considerable difference in the lives of those who must shoulder the weight of the spam epidemic.

And for another thing, FTC enforcers this time have made a concerted effort with their counterparts in New Zealand and Australia to cut off the spammers' air supply by freezing the assets of the companies involved in the spamming enterprise.

And that has the potential to make things different, said Steve Wernikoff, a staff attorney with the FTC who helped bring the case.

"There's no doubt it's more difficult when people take efforts directly aimed at hiding and using resources in places out of the country," he said. "They think they can operate without being touched by law enforcement. But we're trying to change that." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.