dcsimg
RealTime IT News

Suit Filed Against Spam Ring

The Massachusetts Attorney General's office announced it filed suit and an injunction to stop an alleged spam ring with operations around the globe, officials announced at a press conference Wednesday.

Officials say seven individuals violated the CAN-SPAM Act and the Massachusetts Consumer Protection Act when they sent hundreds of millions of spam messages promoting counterfeit Windows software and prescription drugs, as well as messages peddling pornography and mortgage advertisements.

Named in the lawsuit obtained by internetnews.com is Leo Kuvayev, Vladislav Khokholkov (which may be an alias for Kuvayev), Anna Orlova, Pavel Tkachuk, Michelle Marco, Dennis Nartikoev and Pavel Yashin; lawyers maintain the seven conducted their illegal activities in Massachusetts through two companies, 2K Services and Ecash Pay, which was also named in the complaint.

According to officials, the spam ring operated out of the Boston area and Russia, using domain names registered around the world. The suit lists dozens of Web sites managed by the seven named individuals through Web hosting companies Direct NIC, Rackspace, Namebay, Melbourne IT and Ghandi. Also mentioned were offshore Web hosts in China, Korea and Brazil.

Tom Reilly, Massachusetts attorney general, said the whereabouts of Kuvayev, who he considers the ringleader of the operation, are unknown, but they wanted to get the injunction and complaint filed and approved to shut down the operation immediately to protect Internet users. A judge granted the attorney's office emergency shut down order Wednesday afternoon.

"This is clearly the largest [operation] we have seen, that my staff has seen," Reilly said. "What alarmed us is when we saw the access to drugs, where people were unwittingly and naively were buying these believing they were real. When we saw that, we moved quickly to shut it down."

Because the investigation is international in scope, the effect of the injunction outside the U.S., or even outside the state of Massachusetts, is largely unknown. Reilly said that he has received assurances that a court order to shut down the operations overseas would be honored.

Six months ago, the attorney general's office contacted Microsoft for information regarding the individuals named in the suit announced today. Separately, Microsoft investigators had been investigating the same individuals, using more than 130,000 "trap" accounts through its Hotmail Web e-mail service, according to Aaron Kornblum, a Microsoft Internet safety enforcement attorney.

A trap account is an e-mail address that never sends out mail, so by definition all e-mails it receives are unsolicited. Spammers commonly use a dictionary attack to harvest active e-mail accounts. If, for example, a message sent to "v@hotmail.com" is bounced back to the spammer, they know not to use that address again because its inactive, but if "vb@hotmail.com" doesn't bounce, spammers know it's a live account and can put it on a list of confirmed e-mail addresses..

In a three-week span last year, Microsoft officials had netted more than 45,000 messages from the individuals pointed out by the Massachusetts investigative team. They extrapolated that figure to reach the "hundreds of millions" worldwide figure described by officials.

"We need to cut spam off at its source, if we can stop spam there it will stop the con games and the scams that it is enabling," said Brad Smith, general counsel for Microsoft. "If we can stop spam at the source, we can stop people from being swindled, we'll stop children from being directed to pornographic material. That's why this case is so important."

To get to the source, Microsoft investigators followed the links in the spam messages and purchased the counterfeit drugs and software and the illegal pornography. The investigators actions were documented and forwarded to the attorney general's office.

Microsoft has helped state and federal government agencies in more than a dozen cases against spammers, Kornblum said, in addition to the 102 civil lawsuits the company itself has filed. It's important that both private and public organizations work together to put a stop to spamming activities.

"We've been working extensively with government because we believe government enforcement and criminal enforcement are critical in sending a message to spammers," he said.