what is wrong with this picture? From: "NewsScan" <newsscan@newsscan.com> NewsScan Daily, 15 May 2003 ("Above The Fold") *********************************************************** NewsScan Daily is underwritten by RLG, a world-class organization making significant and sustained contributions to the effective management and appropriate use of information technology. NSD is written by John Gehl and Suzanne Douglas, editors@NewsScan.com. *********************************************************** 'BUFFALO SPAMMER' COULD GET UP TO SEVEN YEARS Howard Carmack, the so-called "Buffalo Spammer," has become the first person in New York state to be charged under the state's identity theft laws. If convicted, he could be sentenced to 2-1/2 to 7 years in prison for identity theft, forgery, criminal possession of forgery devices (in the form of software used to create phony return addresses), and falsifying business records. According to the indictment, Carmack "stole the identities of innocent New Yorkers to spam millions of consumers throughout New York and the nation." He is charged with using 343 stolen identities to send his unsolicited bulk mailings through Earthlink accounts. An Earthlink executive said the main impact of the arrest would be to demonstrate to others the "very high cost of doing business" in spam. (New York Newsday 14 May 2003) http://www.nynewsday.com/business/ny-biz-spammer0514,0,2414486.story?coll=ny... this exemplifies the corporate and legislative attempt to confuse spam == uce with forgery. if they can make the latter the issue, this leaves the way completely clear for unsolicited commercial email from the corporate sector which now fills our post boxes with ground trees. randy
[offlist] on the positive side, it's clear from the spam summit a week ago that the FTC has done the math and understands what the score is, and is being as agressive as their budget and their mandate from congress allows. unfortunately, until proper legislation is passed, they are to some degree hamstrung by said mandate from congress. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
on the positive side, it's clear from the spam summit a week ago that the FTC has done the math and understands what the score is, and is being as agressive as their budget and their mandate from congress allows.
unfortunately, until proper legislation is passed, they are to some degree hamstrung by said mandate from congress.
ack randy
unfortunately, until proper legislation is passed, they are to some degree hamstrung by said mandate from congress.
The wait condition (FTC jurisdiction) is possibly eqivalent to the switch from an opt-out regime to an opt-in regime, which three years ago I though was likely in the first Gore/Lieberman term. At the time I worked for an ad network, so I paid more attention to technical and policy nuances in all of the three basic jurisdictions than I do now. My crystal ball had an off-by-at-least-one error. The serious bit of this is, expect _no_change_ at the Federal level until conditions change. Eric
On Thu, 15 May 2003 13:28:47 -0400 (EDT) Richard Welty <rwelty@averillpark.net> wrote:
[offlist]
well, that was supposed to be offlist. oops. sorry about that, richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
On Thu, 15 May 2003, Randy Bush wrote:
what is wrong with this picture?
From: "NewsScan" <newsscan@newsscan.com>
NewsScan Daily, 15 May 2003 ("Above The Fold") *********************************************************** NewsScan Daily is underwritten by RLG, a world-class organization making significant and sustained contributions to the effective management and appropriate use of information technology. NSD is written by John Gehl and Suzanne Douglas, editors@NewsScan.com. ***********************************************************
'BUFFALO SPAMMER' COULD GET UP TO SEVEN YEARS Howard Carmack, the so-called "Buffalo Spammer," has become the first person in New York state to be charged under the state's identity theft laws. If convicted, he could be sentenced to 2-1/2 to 7 years in prison for identity theft, forgery, criminal possession of forgery devices (in the form of software used to create phony return addresses), and falsifying business records. According to the indictment, Carmack "stole the identities of innocent New Yorkers to spam millions of consumers throughout New York and the nation." He is charged with using 343 stolen identities to send his unsolicited bulk mailings through Earthlink accounts. An Earthlink executive said the main impact of the arrest would be to demonstrate to others the "very high cost of doing business" in spam. (New York Newsday 14 May 2003) http://www.nynewsday.com/business/ny-biz-spammer0514,0,2414486.story?coll=ny...
this exemplifies the corporate and legislative attempt to confuse spam == uce with forgery. if they can make the latter the issue, this leaves the way completely clear for unsolicited commercial email from the corporate sector which now fills our post boxes with ground trees.
At least it is a step in the right direction. If this person is convicted it's one less spammer to worry about (even though that's like saying it's one less ant to worry about). I would really love to see some solid legislation on convicting spammers but the way congress is, it could take years :-( Maybe, JUST maybe this case will deter other spammers - but I doubt it! Chris -- zerbey@wibble.co.uk "Don't submit to stupid rules, http://www.wibble.co.uk Be yourself and not a fool, PGP: DSA/2B4C654E RSA/A90483ED Don't accept average habits, Amateur Radio Callsign: KG4TSM Open your heart and push the limits."
Maybe, JUST maybe this case will deter other spammers - but I doubt it!
at best it will deter other header forgers. while it is true that this is good, i predict that in 3-5 years, the level of spam will be the same, but it will all come from the corporates with un-forged headers. look in your post box. listen to the radio. watch television in the states. randy
--On Thursday, May 15, 2003 19:14 +0200 Randy Bush <randy@psg.com> wrote:
what is wrong with this picture?
apart from the fact you've confused nanog with spam-l?
this exemplifies the corporate and legislative attempt to confuse spam == uce with forgery. if they can make the latter the issue, this leaves the way completely clear for unsolicited commercial email from the corporate sector which now fills our post boxes with ground trees.
Carmack stole identities to sign up for Earthlink accounts. Don't confuse this with putting someone else's email address in his ratware. And the thing that protects us against unsolicited commercial email from the corporate sector is ISPs enforcing their AUPs. Spammers forge, steal, hijack to avoid AUP enforcement.
This issue is not just that the spammer in question forged headers, this person also used stolen credit card numbers to sign up for new accounts to thwart Earthlink's abuse department. I suspect this will be the core of the fraud case - any activity involving use of stolen card numbers over telecomunications networks is wire fraud. There may also have been fraudulent claims made in some of the UCE emails (yes, shocking! :) Kudos to Mary Youngblood at Eathlink for going after this guy... - Daniel Golding On Thu, 15 May 2003, John Payne wrote:
--On Thursday, May 15, 2003 19:14 +0200 Randy Bush <randy@psg.com> wrote:
what is wrong with this picture?
apart from the fact you've confused nanog with spam-l?
this exemplifies the corporate and legislative attempt to confuse spam == uce with forgery. if they can make the latter the issue, this leaves the way completely clear for unsolicited commercial email from the corporate sector which now fills our post boxes with ground trees.
Carmack stole identities to sign up for Earthlink accounts. Don't confuse this with putting someone else's email address in his ratware.
And the thing that protects us against unsolicited commercial email from the corporate sector is ISPs enforcing their AUPs. Spammers forge, steal, hijack to avoid AUP enforcement.
One bit of insight to take away from this is the fact that if he was forced to commit identity theft and fraud in order to continue his spamming, then obviously we're doing /something/ right... The flip side is the realization that professional spamming is lucrative enough that at least for one person, it was worth the risk of breaking the law in order to keep it up. -C On Thu, May 15, 2003 at 07:14:19PM +0200, Randy Bush wrote:
this exemplifies the corporate and legislative attempt to confuse spam == uce with forgery. if they can make the latter the issue, this leaves the way completely clear for unsolicited commercial email from the corporate sector which now fills our post boxes with ground trees.
randy
On Thu, 15 May 2003, Chris Woodfield wrote:
The flip side is the realization that professional spamming is lucrative enough that at least for one person, it was worth the risk of breaking the law in order to keep it up.
Don't know about that, he couldn't make the $20K bail... Charles
-C
On Thu, May 15, 2003 at 07:14:19PM +0200, Randy Bush wrote:
this exemplifies the corporate and legislative attempt to confuse spam == uce with forgery. if they can make the latter the issue, this leaves the way completely clear for unsolicited commercial email from the corporate sector which now fills our post boxes with ground trees.
randy
Well... I consider stupidity the only offense worth the death penalty. --vadim On Thu, 15 May 2003, Charles Sprickman wrote:
The flip side is the realization that professional spamming is lucrative enough that at least for one person, it was worth the risk of breaking the law in order to keep it up.
Don't know about that, he couldn't make the $20K bail...
On Thu, 15 May 2003, Randy Bush wrote: > what is wrong with this picture? > this exemplifies the corporate and legislative attempt to confuse > spam == uce with forgery. if they can make the latter the issue, > this leaves the way completely clear for unsolicited commercial > email from the corporate sector which now fills our post boxes with > ground trees. Well, the issues are perhaps a little more complex than you're portraying them. J.I. and I spent the better part of two years working on the California law, which has a similar provision.
From a customer's point of view, spam is anything they didn't want to receive.
From an ISP's point of view, spam is anything that was sent or received without having been paid for.
From a politician's point of view, spam is non-political UCE.
These are almost wholly incompatible views. One thing that everybody can get together on is that if someone sends spam (for _any_ of those values of "spam") using a forged source address, that's bad. Thus, it's easy to get a provision through which puts heavy penalties on source-address forgery, even if nobody can agree on what spam itself is. -Bill
On Thu, 15 May 2003, Bill Woodcock wrote: > Well, the issues are perhaps a little more complex than you're portraying > them. J.I. and I spent the better part of two years working on the ^^^ Sorry, J.D., as in Falk. It's very early here. -Bill
participants (12)
-
Bill Woodcock -
Charles Sprickman -
Chris Horry -
Chris Woodfield -
Daniel Golding -
Eric Brunner-Williams in Portland Maine -
John Payne -
Peter Galbavy -
Randy Bush -
Richard Welty -
steve uurtamo -
Vadim Antonov