[AfrICANN-discuss] on Spam, More cyber Attacks and VOIP regulation challenges in EU

Anne-Rachel Inné annerachel at gmail.com
Thu Jun 14 18:45:43 SAST 2007


All articles from this source: http://www.ibls.com/internet_law_news_portal.aspx

Spam King Robert Soloway Arrested for Sending Billions of Illegal Messages a Day
IBLS Editorial Staff
Wednesday, June 13, 2007

On May 30, 2007 Robert Alan Soloway, voted one of the ten biggest spam
artists in the world, was arrested in Seattle, a week after being
indicted by a grand jury in Washington, and charged with fraud, money
laundering, identity theft, and breaking Federal anti-spam
legislation. Soloway has been a colossal Internet pest for years,
sending giant amounts of spam, filling mailboxes and mail servers to
overflowing with unsolicited and unwanted junk email. Criminally, he
fraudulently marketed spam services as legitimate 'opt-in' services,
fooling innocent users and then offering no customer support or
refunds. Soloway used hijacked computers and open proxies,and
therefore repeatedly violated the Computer Abuse and Fraud Act of 1984
and the CAN-SPAM law of 2003.

On May 30, 2007 Robert Alan Soloway, voted one of the ten biggest spam
artists in the world, was arrested in Seattle, a week after being
indicted by a grand jury in Washington, and charged with fraud, money
laundering, identity theft, and breaking Federal anti-spam
legislation. Soloway's arrest followed a large joint investigation by
the Washington State Attorney General's Office, the Federal Bureau of
Investigation (FBI), the Federal Trade Commission (FTC), the Internal
Revenue Service Department of

Criminal Investigations (IRS-CI), and the U.S. Postal Inspection
Service (USPIS).
Soloway has been a colossal Internet pest for years, sending giant
amounts of spam, filling mailboxes and mail servers to overflowing
with unsolicited and unwanted junk email. Criminally, he fraudulently
marketed spam services as legitimate 'opt-in' services, fooling
innocent users and then offering no customer support or refunds.
Soloway used hijacked computers and open proxies,and therefore
repeatedly violated the Computer Abuse and Fraud Act of 1984 and the
CAN-SPAM law of 2003.

Who is Robert Alan Soloway?
Robert Alan Soloway, 27 of Seattle Washington, worked his way to
becoming one of the most hated figures on the Internet. He alone may
be responible for billlions of spam messages sent out every day, till
his arrest. He is also founder of the so-called anti-spam "Strategic
Partnership Against Microsoft Illegal Spam", or SPAMIS, but ironically
may be the Internet's biggest spammer through his company, Newport
Internet Marketing. He went after Microsoft when they began fighting
his activities as a serial spammer.

What is the Case Against Soloway?
Soloway appeared before the U.S. District Court in Seattle, Washington
unshaven, wearing loafers with no socks, to hear Assistant U.S.
Attorney Kathryn Warma announce that if he's convicted of all charges,
including fraud, money laundering and identity theft listed in the
indictment, he could spend 65 years behind bars. "We know that Robert
Soloway is one of the most prolific spammers in the world," claimed
Warma before the case opened. "He has condemned them (his victims) to
perpetual spam hell" unless they escape by canceling their domain
names or changing their Internet protocol addresses.

Robert Alan Soloway's arrest came a week after a federal grand jury
returned "a 35-count indictment charging him with mail fraud, wire
fraud, e-mail fraud, aggravated identity theft and money laundering.
He's accused of using networks of compromised computers to send out
millions upon millions of junk e-mails since 2003."
Soloway employed networks of non-spec computers called "botnets" to
shoot oceans of unsolicited bulk e-mails advertising his Internet
marketing company for promotions. Those who clicked on a link in the
e-mail were sent to his Web site, where he offered two types of
services. In one, he claimed he would send as many as 20 million
e-mail advertisements in two weeks for $495, according to the
indictment.

U.S. Attorney Jeff Sullivan claims this is the first case in the US
where federal prosecutors used identity theft statutes to nail a
spammer for stealing someone else's Internet domain name. This alone
could net Soloway an extra two years on his sentence if convicted. A
long prison stretch may be in the cards, depending what sentencing
guideline is used.

The grand jury indictment claims Soloway ran Newport Internet
Marketing Corp., which sold a "broadcast e-mail" software product and
"broadcast e-mail" services that is clearly outlawed by the federal
CAN-SPAM Act, which went into effect Jan. 1, 2004, and makes illegal
transmission of a large amount of commercial e-mail messages added to
set criminal additions, like using relay computers to send the
message, meant to hide the origin or using fictitious header
information in the e-mail. Soloway did all these things.

Soloway's name and company had been turned in to the Northwest
Computer Crimes Taskforce, housed by the FBI and which includes an IRS
Criminal Investigation Division and the U.S. Postal Inspection
Service. This triggered an investigation after the Federal Trade
Commission and the state Attorney General's Office received hundreds
of complaints that Soloway regarding false and fraudulent claims
regarding his products and services. The victims were denied refunds,
and were upset about being blamed for sending illegal spam as a result
of mistakenly hiring Soloway's company, said Assistant U.S. Attorney
Warma.

Soloway has already been sued successfully by Microsoft Corporation
and Robert Braver, owner of an Oklahoma-based Internet company, for
violations of the U.S. CAN-SPAM law and various state anti-spam laws,
and they received millions of dollars in damages. Soloway never paid,
claiming he lived off proceeds of a family trust and was therefore,
legally, "judgement-proof." When sued by Braver in September 2005 in
Oklahoma City, Soloway fired his lawyers and then skipped out on the
case. U.S. District Judge Ralph G. Thompson then issued a permanent
injunction, forbidding him to continue sending spam. Needless to say,
Soloway ignored this and continued his reign as Spam King.

How Did Soloway Work his Spam?
Soloway's online empire was commandeered from his trendy, Seattle
Harbor Steps apartment on the waterfront, according to investigators.
One expert estimated that the man agents named the "Spam King" when
they apprehended him sent billions, or perhaps even tens of billions,
of e-mails a day. On just two servers groups, during a several month
stretch, the Feds found in excess of 200 million spam messages that
originated with Robert Soloway.

To hide the origin and ownership of Web site, Feds claim Soloway
constantly changed the address to different domains, even employing
Chinese Internet Service providers last year. The spammed messages
that he used to advertise his corporate Web sites contained false
header information (email message lines and top of Internet page
banners) and then were systematically forwarded using networks of
slave computers called "botnets."

Soloway's work in the virtual world caused real-life chaos, heartache,
loss and rage to others. Since he could not use his own information,
but needed to have someone's information attached to his sent
messages, his spam had these phony headers with the real life e-mail
addresses or domain names of innocent people or organizations, whom
were then fingered for Soloway's spam and "blacklisted" from future
contacts with the recipient. Said John Reid, a volunteer with The
Spamhaus Project, an anti-spam group, "The amount of damage he does to
the Internet -- the fraud thing to innocent people who think they're
hiring some Internet person -- is awful." When computer-gullible
business owners hired Soloway to help increase traffic to their Web
sites, Soloway instead sent torrents of spam in their name.

Who is Spamhaus, What is ROKSO?
According to their site, Spamhaus is "WORKING TO PROTECT INTERNET
NETWORKS WORLDWIDE -- Spamhaus tracks the Internet's Spammers, Spam
Gangs and Spam Services, provides dependable realtime anti-spam
protection for Internet networks, and works with Law Enforcement to
identify and pursue spammers worldwide." Another site describes
Spamhaus as "The Spamhaus Project is a completely volunteer effort
founded by Steve Linford in 1998 that aims to track e-mail spammers
and spam-related activity. It is named for the anti-spam jargon term
coined by Linford, spamhaus, a pseudo-German expression for an ISP or
other firm which spams or willingly provides service to spammers."

Soloway originally premiered on the Spamhaus Block List (SBL) in 2001,
and by 2003 had made it to Spamhaus's Register of Known Spam
Operations (ROKSO), a compendium of the world's "worst of the worst"
illegal spammers. Spamhaus spamtraps were still getting Soloway
solicitations from those advertising his services right up until his
arrest.

In response to Soloway's arrest, the Spamhaus site wrote, "Spamhaus
commends the Seattle FBI and U.S. Attorney for ensuring that the
indictment contains both spam-related and non-spam-related counts, and
on preparing an indictment which shows so clearly the profile of the
typical spammer's activities, such as fraud, identity theft, and other
online deception. Spamhaus recognises that a successful prosecution
requires careful preparation which inevitably takes longer than the
victims of the crime wish. Careful preparation is essential in cases
involving CAN-SPAM violations, since the CAN-SPAM Act does not yet
have extensive case-law to support it."

****************************************************************
 Another Cyber Attack Hits Europe
Editor, Maricelle Ruiz, IBLS Director – Europe
Wednesday, June 13, 2007

When Estonia suffered a series of cyber attacks in recent months, US
official John Negroponte told the Financial Times: "We need to prepare
ourselves because this is likely only to become more of an issue in
the future." Well, the future is here. And the wave of cyber attacks
has moved from Eastern to Western Europe. It has recently been
disclosed that around the time Estonia was under cyber attack, an
important Spanish domain-registration company was also waging a battle
against unknown cyber pirates. The Cyber Terrorism Division of the
Spanish Police is investigating the incident. If identified, the
hackers involved could be prosecuted for blackmailing a company to
prevent the disclosure of confidential information.

 There seems to be a disagreement regarding the severity of the
situation. While some reports claim that the private data of hundreds
of thousands of Internet users is in the hands of criminals, the
leading Spanish company in the domain registration and web hosting
business, Arsys, has issued a statement denying this information.
Executives concede the company has experienced what they describe as
"a security incident, compromising some client data." However, they
say, none of the data in question involves email, bank account or
credit card passwords and therefore, they claim there's no risk of
illegal access into bank or email accounts.

 According to Arsys, hackers reportedly stole FTP codes, enabling them
to insert a link to an external server containing malicious code, in
the web pages of some clients. As soon as the company detected the
incident, executives say it eliminated the link from the web pages,
notified affected clients and boosted security measures across the
board. To comply with legal requirements, executives add the company
has reported the incident to the Cyber Terrorism Division of the
Spanish Police. They confirm the incident is under investigation and
may end up in court.

 The attackers reportedly used servers located in the United States
and Russia. According to the latest Symantec Internet Security Threat
Report, the United States is the top country for malicious threat
activity, accounting for 31% of the worldwide total, followed by China
(10%), Germany (7%), France (4%), United Kingdom (4%), South Korea
(4%), Canada (3%), Spain (3%), Taiwan (3%) and Italy (3%). Meanwhile,
law enforcement authorities have detained a Russian teenager suspected
of involvement in the Estonian cyber attacks. The youth reportedly
called for massive cyber attacks against Estonian servers in Internet
forums.

***********************************************************************
CHALLENGES IN CLASSIFYING VOIP SERVICES IN THE EUROPEAN UNION
 	Email Article
 	The European Union regulatory framework for electronic
communications aims to provide a coherent regulatory scheme for all
transmission networks and services within the European Union. The EU
regulatory framework defines the communication service categories that
can be applied to VoIP (Voice over the Internet Protocol) services
such as the Electronic Communications Service and the Publicly
Available Telecommunications Service. VoIP services that fall under
the scope of the EU regulatory framework are classified as VoIP
services with no specific obligations.
 	In 2002, the European Union adopted a regulatory framework for
electronic communications. The main objective of this regulatory
framework was to provide a coherent regulatory scheme for all
transmission networks and services. The main goal of the regulatory
framework was to promote European market integration and
telecommunication standardization, and to support consumer interests.

Under the aforementioned regulatory framework, companies are permitted
to provide new electronic communications services based on a general
authorization by the EU and without an extra burden of administrative
authorization by a National Regulatory Authority (NRA). The EU
regulatory framework also defines the service categories that can be
applied to VoIP services. Since VoIP technology is used to transmit a
large variety of market offerings, which fall under multiple
regulatory categories, the categorization of these offerings has
proven to be a significant regulatory challenge.

In June 2004, the EU launched a consultation on the treatment of VoIP
services under the 2002 Regulatory Framework. The primary goal of this
consultation was to clarify the application of the EU Directives to
VoIP services. In February 2005, the European Commission opted to
refrain from developing detailed guidelines for VoIP regulation, based
on its express intention to promote the development of VoIP services.

What communications services are defined by the regulatory framework
related to the VoIP?
 	The regulatory framework includes descriptions of a variety of
communications services with differing rights and obligations. The
2002 EU regulatory framework includes two services that are actually
related to VoIP; these are Electronic Communication Services and
Publicly Available Telecommunication Services. (a) Electronic
Communications Services (ECS) are defined as services that are
provided for remuneration, and which include the conveyance of signals
over electronic communications networks; and (b) Publicly Available
Telecommunications Services (PATS) are defined as services that are
available to the public for originating and receiving national and
international calls, and which provide access to emergency services.
 	
 	Where in the EU regulatory framework do VoIP services fall?
 	VoIP services with no specific obligations are, in principle, within
the scope of the Authorization Directive. Today, most enterprises are
replacing their existing private branch exchanges (PBXs) with VoIP
solutions that are covered by the Authorization Directive, which
imposes no specific obligations or restrictions.

VoIP services that involve the conveyance of signals through an
electronic communications network fall under the regulatory framework
of the EU when publicly offered. However, their regulatory treatment
depends on the nature of the service offered.

What are the different types of classifications of VoIP which fall
outside the scope of the EU regulatory framework?
Recent technology allows a user of VoIP enabled devices to place calls
directly to another user using similar equipment or software over the
public Internet. These services are known as self-provided services,
and fall outside the scope of the EU regulatory framework, because
there is no communication service provider in this model.



More information about the AfrICANN mailing list