[AfrICANN-discuss] on Spam,
More cyber Attacks and VOIP regulationchallenges in EU
Vika Mpisane
vika at zadna.org.za
Thu Jun 14 21:31:14 SAST 2007
Thanks, Anne-Rachel. Nice to see somebody is finally doing something about
spammers...
Regards,
Vika
-----Original Message-----
From: africann-bounces at afrinic.net [mailto:africann-bounces at afrinic.net] On
Behalf Of Anne-Rachel Inné
Sent: 14 June 2007 18:46
To: africann at afrinic.net
Subject: [AfrICANN-discuss] on Spam, More cyber Attacks and VOIP
regulationchallenges in EU
All articles from this source:
http://www.ibls.com/internet_law_news_portal.aspx
Spam King Robert Soloway Arrested for Sending Billions of Illegal Messages a
Day IBLS Editorial Staff Wednesday, June 13, 2007
On May 30, 2007 Robert Alan Soloway, voted one of the ten biggest spam
artists in the world, was arrested in Seattle, a week after being indicted
by a grand jury in Washington, and charged with fraud, money laundering,
identity theft, and breaking Federal anti-spam legislation. Soloway has been
a colossal Internet pest for years, sending giant amounts of spam, filling
mailboxes and mail servers to overflowing with unsolicited and unwanted junk
email. Criminally, he fraudulently marketed spam services as legitimate
'opt-in' services, fooling innocent users and then offering no customer
support or refunds. Soloway used hijacked computers and open proxies,and
therefore repeatedly violated the Computer Abuse and Fraud Act of 1984 and
the CAN-SPAM law of 2003.
On May 30, 2007 Robert Alan Soloway, voted one of the ten biggest spam
artists in the world, was arrested in Seattle, a week after being indicted
by a grand jury in Washington, and charged with fraud, money laundering,
identity theft, and breaking Federal anti-spam legislation. Soloway's arrest
followed a large joint investigation by the Washington State Attorney
General's Office, the Federal Bureau of Investigation (FBI), the Federal
Trade Commission (FTC), the Internal Revenue Service Department of
Criminal Investigations (IRS-CI), and the U.S. Postal Inspection Service
(USPIS).
Soloway has been a colossal Internet pest for years, sending giant amounts
of spam, filling mailboxes and mail servers to overflowing with unsolicited
and unwanted junk email. Criminally, he fraudulently marketed spam services
as legitimate 'opt-in' services, fooling innocent users and then offering no
customer support or refunds.
Soloway used hijacked computers and open proxies,and therefore repeatedly
violated the Computer Abuse and Fraud Act of 1984 and the CAN-SPAM law of
2003.
Who is Robert Alan Soloway?
Robert Alan Soloway, 27 of Seattle Washington, worked his way to becoming
one of the most hated figures on the Internet. He alone may be responible
for billlions of spam messages sent out every day, till his arrest. He is
also founder of the so-called anti-spam "Strategic Partnership Against
Microsoft Illegal Spam", or SPAMIS, but ironically may be the Internet's
biggest spammer through his company, Newport Internet Marketing. He went
after Microsoft when they began fighting his activities as a serial spammer.
What is the Case Against Soloway?
Soloway appeared before the U.S. District Court in Seattle, Washington
unshaven, wearing loafers with no socks, to hear Assistant U.S.
Attorney Kathryn Warma announce that if he's convicted of all charges,
including fraud, money laundering and identity theft listed in the
indictment, he could spend 65 years behind bars. "We know that Robert
Soloway is one of the most prolific spammers in the world," claimed Warma
before the case opened. "He has condemned them (his victims) to perpetual
spam hell" unless they escape by canceling their domain names or changing
their Internet protocol addresses.
Robert Alan Soloway's arrest came a week after a federal grand jury returned
"a 35-count indictment charging him with mail fraud, wire fraud, e-mail
fraud, aggravated identity theft and money laundering.
He's accused of using networks of compromised computers to send out millions
upon millions of junk e-mails since 2003."
Soloway employed networks of non-spec computers called "botnets" to shoot
oceans of unsolicited bulk e-mails advertising his Internet marketing
company for promotions. Those who clicked on a link in the e-mail were sent
to his Web site, where he offered two types of services. In one, he claimed
he would send as many as 20 million e-mail advertisements in two weeks for
$495, according to the indictment.
U.S. Attorney Jeff Sullivan claims this is the first case in the US where
federal prosecutors used identity theft statutes to nail a spammer for
stealing someone else's Internet domain name. This alone could net Soloway
an extra two years on his sentence if convicted. A long prison stretch may
be in the cards, depending what sentencing guideline is used.
The grand jury indictment claims Soloway ran Newport Internet Marketing
Corp., which sold a "broadcast e-mail" software product and "broadcast
e-mail" services that is clearly outlawed by the federal CAN-SPAM Act, which
went into effect Jan. 1, 2004, and makes illegal transmission of a large
amount of commercial e-mail messages added to set criminal additions, like
using relay computers to send the message, meant to hide the origin or using
fictitious header information in the e-mail. Soloway did all these things.
Soloway's name and company had been turned in to the Northwest Computer
Crimes Taskforce, housed by the FBI and which includes an IRS Criminal
Investigation Division and the U.S. Postal Inspection Service. This
triggered an investigation after the Federal Trade Commission and the state
Attorney General's Office received hundreds of complaints that Soloway
regarding false and fraudulent claims regarding his products and services.
The victims were denied refunds, and were upset about being blamed for
sending illegal spam as a result of mistakenly hiring Soloway's company,
said Assistant U.S. Attorney Warma.
Soloway has already been sued successfully by Microsoft Corporation and
Robert Braver, owner of an Oklahoma-based Internet company, for violations
of the U.S. CAN-SPAM law and various state anti-spam laws, and they received
millions of dollars in damages. Soloway never paid, claiming he lived off
proceeds of a family trust and was therefore, legally, "judgement-proof."
When sued by Braver in September 2005 in Oklahoma City, Soloway fired his
lawyers and then skipped out on the case. U.S. District Judge Ralph G.
Thompson then issued a permanent injunction, forbidding him to continue
sending spam. Needless to say, Soloway ignored this and continued his reign
as Spam King.
How Did Soloway Work his Spam?
Soloway's online empire was commandeered from his trendy, Seattle Harbor
Steps apartment on the waterfront, according to investigators.
One expert estimated that the man agents named the "Spam King" when they
apprehended him sent billions, or perhaps even tens of billions, of e-mails
a day. On just two servers groups, during a several month stretch, the Feds
found in excess of 200 million spam messages that originated with Robert
Soloway.
To hide the origin and ownership of Web site, Feds claim Soloway constantly
changed the address to different domains, even employing Chinese Internet
Service providers last year. The spammed messages that he used to advertise
his corporate Web sites contained false header information (email message
lines and top of Internet page
banners) and then were systematically forwarded using networks of slave
computers called "botnets."
Soloway's work in the virtual world caused real-life chaos, heartache, loss
and rage to others. Since he could not use his own information, but needed
to have someone's information attached to his sent messages, his spam had
these phony headers with the real life e-mail addresses or domain names of
innocent people or organizations, whom were then fingered for Soloway's spam
and "blacklisted" from future contacts with the recipient. Said John Reid, a
volunteer with The Spamhaus Project, an anti-spam group, "The amount of
damage he does to the Internet -- the fraud thing to innocent people who
think they're hiring some Internet person -- is awful." When
computer-gullible business owners hired Soloway to help increase traffic to
their Web sites, Soloway instead sent torrents of spam in their name.
Who is Spamhaus, What is ROKSO?
According to their site, Spamhaus is "WORKING TO PROTECT INTERNET NETWORKS
WORLDWIDE -- Spamhaus tracks the Internet's Spammers, Spam Gangs and Spam
Services, provides dependable realtime anti-spam protection for Internet
networks, and works with Law Enforcement to identify and pursue spammers
worldwide." Another site describes Spamhaus as "The Spamhaus Project is a
completely volunteer effort founded by Steve Linford in 1998 that aims to
track e-mail spammers and spam-related activity. It is named for the
anti-spam jargon term coined by Linford, spamhaus, a pseudo-German
expression for an ISP or other firm which spams or willingly provides
service to spammers."
Soloway originally premiered on the Spamhaus Block List (SBL) in 2001, and
by 2003 had made it to Spamhaus's Register of Known Spam Operations (ROKSO),
a compendium of the world's "worst of the worst"
illegal spammers. Spamhaus spamtraps were still getting Soloway
solicitations from those advertising his services right up until his arrest.
In response to Soloway's arrest, the Spamhaus site wrote, "Spamhaus commends
the Seattle FBI and U.S. Attorney for ensuring that the indictment contains
both spam-related and non-spam-related counts, and on preparing an
indictment which shows so clearly the profile of the typical spammer's
activities, such as fraud, identity theft, and other online deception.
Spamhaus recognises that a successful prosecution requires careful
preparation which inevitably takes longer than the victims of the crime
wish. Careful preparation is essential in cases involving CAN-SPAM
violations, since the CAN-SPAM Act does not yet have extensive case-law to
support it."
****************************************************************
Another Cyber Attack Hits Europe
Editor, Maricelle Ruiz, IBLS Director Europe Wednesday, June 13, 2007
When Estonia suffered a series of cyber attacks in recent months, US
official John Negroponte told the Financial Times: "We need to prepare
ourselves because this is likely only to become more of an issue in the
future." Well, the future is here. And the wave of cyber attacks has moved
from Eastern to Western Europe. It has recently been disclosed that around
the time Estonia was under cyber attack, an important Spanish
domain-registration company was also waging a battle against unknown cyber
pirates. The Cyber Terrorism Division of the Spanish Police is investigating
the incident. If identified, the hackers involved could be prosecuted for
blackmailing a company to prevent the disclosure of confidential
information.
There seems to be a disagreement regarding the severity of the situation.
While some reports claim that the private data of hundreds of thousands of
Internet users is in the hands of criminals, the leading Spanish company in
the domain registration and web hosting business, Arsys, has issued a
statement denying this information.
Executives concede the company has experienced what they describe as "a
security incident, compromising some client data." However, they say, none
of the data in question involves email, bank account or credit card
passwords and therefore, they claim there's no risk of illegal access into
bank or email accounts.
According to Arsys, hackers reportedly stole FTP codes, enabling them to
insert a link to an external server containing malicious code, in the web
pages of some clients. As soon as the company detected the incident,
executives say it eliminated the link from the web pages, notified affected
clients and boosted security measures across the board. To comply with legal
requirements, executives add the company has reported the incident to the
Cyber Terrorism Division of the Spanish Police. They confirm the incident is
under investigation and may end up in court.
The attackers reportedly used servers located in the United States and
Russia. According to the latest Symantec Internet Security Threat Report,
the United States is the top country for malicious threat activity,
accounting for 31% of the worldwide total, followed by China (10%), Germany
(7%), France (4%), United Kingdom (4%), South Korea (4%), Canada (3%), Spain
(3%), Taiwan (3%) and Italy (3%). Meanwhile, law enforcement authorities
have detained a Russian teenager suspected of involvement in the Estonian
cyber attacks. The youth reportedly called for massive cyber attacks against
Estonian servers in Internet forums.
***********************************************************************
CHALLENGES IN CLASSIFYING VOIP SERVICES IN THE EUROPEAN UNION
Email Article
The European Union regulatory framework for electronic
communications aims to provide a coherent regulatory scheme for all
transmission networks and services within the European Union. The EU
regulatory framework defines the communication service categories that can
be applied to VoIP (Voice over the Internet Protocol) services such as the
Electronic Communications Service and the Publicly Available
Telecommunications Service. VoIP services that fall under the scope of the
EU regulatory framework are classified as VoIP services with no specific
obligations.
In 2002, the European Union adopted a regulatory framework for
electronic communications. The main objective of this regulatory framework
was to provide a coherent regulatory scheme for all transmission networks
and services. The main goal of the regulatory framework was to promote
European market integration and telecommunication standardization, and to
support consumer interests.
Under the aforementioned regulatory framework, companies are permitted to
provide new electronic communications services based on a general
authorization by the EU and without an extra burden of administrative
authorization by a National Regulatory Authority (NRA). The EU regulatory
framework also defines the service categories that can be applied to VoIP
services. Since VoIP technology is used to transmit a large variety of
market offerings, which fall under multiple regulatory categories, the
categorization of these offerings has proven to be a significant regulatory
challenge.
In June 2004, the EU launched a consultation on the treatment of VoIP
services under the 2002 Regulatory Framework. The primary goal of this
consultation was to clarify the application of the EU Directives to VoIP
services. In February 2005, the European Commission opted to refrain from
developing detailed guidelines for VoIP regulation, based on its express
intention to promote the development of VoIP services.
What communications services are defined by the regulatory framework related
to the VoIP?
The regulatory framework includes descriptions of a variety of
communications services with differing rights and obligations. The
2002 EU regulatory framework includes two services that are actually related
to VoIP; these are Electronic Communication Services and Publicly Available
Telecommunication Services. (a) Electronic Communications Services (ECS) are
defined as services that are provided for remuneration, and which include
the conveyance of signals over electronic communications networks; and (b)
Publicly Available Telecommunications Services (PATS) are defined as
services that are available to the public for originating and receiving
national and international calls, and which provide access to emergency
services.
Where in the EU regulatory framework do VoIP services fall?
VoIP services with no specific obligations are, in principle, within
the scope of the Authorization Directive. Today, most enterprises are
replacing their existing private branch exchanges (PBXs) with VoIP solutions
that are covered by the Authorization Directive, which imposes no specific
obligations or restrictions.
VoIP services that involve the conveyance of signals through an electronic
communications network fall under the regulatory framework of the EU when
publicly offered. However, their regulatory treatment depends on the nature
of the service offered.
What are the different types of classifications of VoIP which fall outside
the scope of the EU regulatory framework?
Recent technology allows a user of VoIP enabled devices to place calls
directly to another user using similar equipment or software over the public
Internet. These services are known as self-provided services, and fall
outside the scope of the EU regulatory framework, because there is no
communication service provider in this model.
_______________________________________________
AfrICANN mailing list
AfrICANN at afrinic.net
https://lists.afrinic.net/mailman/listinfo.cgi/africann
More information about the AfrICANN
mailing list