[AfrICANN-discuss] on Spam, More cyber Attacks and VOIP regulation challenges in EU

BAUDOUIN SCHOMBE b.schombe at gmail.com
Fri Jun 15 10:27:55 SAST 2007


very good information, Anne Rachel, thank you.
I wil share it to all plate forme we have,thank you again.

Baudouin


2007/6/14, Anne-Rachel Inné <annerachel at gmail.com>:
>
> All articles from this source:
> http://www.ibls.com/internet_law_news_portal.aspx
>
> Spam King Robert Soloway Arrested for Sending Billions of Illegal Messages
> a Day
> IBLS Editorial Staff
> Wednesday, June 13, 2007
>
> On May 30, 2007 Robert Alan Soloway, voted one of the ten biggest spam
> artists in the world, was arrested in Seattle, a week after being
> indicted by a grand jury in Washington, and charged with fraud, money
> laundering, identity theft, and breaking Federal anti-spam
> legislation. Soloway has been a colossal Internet pest for years,
> sending giant amounts of spam, filling mailboxes and mail servers to
> overflowing with unsolicited and unwanted junk email. Criminally, he
> fraudulently marketed spam services as legitimate 'opt-in' services,
> fooling innocent users and then offering no customer support or
> refunds. Soloway used hijacked computers and open proxies,and
> therefore repeatedly violated the Computer Abuse and Fraud Act of 1984
> and the CAN-SPAM law of 2003.
>
> On May 30, 2007 Robert Alan Soloway, voted one of the ten biggest spam
> artists in the world, was arrested in Seattle, a week after being
> indicted by a grand jury in Washington, and charged with fraud, money
> laundering, identity theft, and breaking Federal anti-spam
> legislation. Soloway's arrest followed a large joint investigation by
> the Washington State Attorney General's Office, the Federal Bureau of
> Investigation (FBI), the Federal Trade Commission (FTC), the Internal
> Revenue Service Department of
>
> Criminal Investigations (IRS-CI), and the U.S. Postal Inspection
> Service (USPIS).
> Soloway has been a colossal Internet pest for years, sending giant
> amounts of spam, filling mailboxes and mail servers to overflowing
> with unsolicited and unwanted junk email. Criminally, he fraudulently
> marketed spam services as legitimate 'opt-in' services, fooling
> innocent users and then offering no customer support or refunds.
> Soloway used hijacked computers and open proxies,and therefore
> repeatedly violated the Computer Abuse and Fraud Act of 1984 and the
> CAN-SPAM law of 2003.
>
> Who is Robert Alan Soloway?
> Robert Alan Soloway, 27 of Seattle Washington, worked his way to
> becoming one of the most hated figures on the Internet. He alone may
> be responible for billlions of spam messages sent out every day, till
> his arrest. He is also founder of the so-called anti-spam "Strategic
> Partnership Against Microsoft Illegal Spam", or SPAMIS, but ironically
> may be the Internet's biggest spammer through his company, Newport
> Internet Marketing. He went after Microsoft when they began fighting
> his activities as a serial spammer.
>
> What is the Case Against Soloway?
> Soloway appeared before the U.S. District Court in Seattle, Washington
> unshaven, wearing loafers with no socks, to hear Assistant U.S.
> Attorney Kathryn Warma announce that if he's convicted of all charges,
> including fraud, money laundering and identity theft listed in the
> indictment, he could spend 65 years behind bars. "We know that Robert
> Soloway is one of the most prolific spammers in the world," claimed
> Warma before the case opened. "He has condemned them (his victims) to
> perpetual spam hell" unless they escape by canceling their domain
> names or changing their Internet protocol addresses.
>
> Robert Alan Soloway's arrest came a week after a federal grand jury
> returned "a 35-count indictment charging him with mail fraud, wire
> fraud, e-mail fraud, aggravated identity theft and money laundering.
> He's accused of using networks of compromised computers to send out
> millions upon millions of junk e-mails since 2003."
> Soloway employed networks of non-spec computers called "botnets" to
> shoot oceans of unsolicited bulk e-mails advertising his Internet
> marketing company for promotions. Those who clicked on a link in the
> e-mail were sent to his Web site, where he offered two types of
> services. In one, he claimed he would send as many as 20 million
> e-mail advertisements in two weeks for $495, according to the
> indictment.
>
> U.S. Attorney Jeff Sullivan claims this is the first case in the US
> where federal prosecutors used identity theft statutes to nail a
> spammer for stealing someone else's Internet domain name. This alone
> could net Soloway an extra two years on his sentence if convicted. A
> long prison stretch may be in the cards, depending what sentencing
> guideline is used.
>
> The grand jury indictment claims Soloway ran Newport Internet
> Marketing Corp., which sold a "broadcast e-mail" software product and
> "broadcast e-mail" services that is clearly outlawed by the federal
> CAN-SPAM Act, which went into effect Jan. 1, 2004, and makes illegal
> transmission of a large amount of commercial e-mail messages added to
> set criminal additions, like using relay computers to send the
> message, meant to hide the origin or using fictitious header
> information in the e-mail. Soloway did all these things.
>
> Soloway's name and company had been turned in to the Northwest
> Computer Crimes Taskforce, housed by the FBI and which includes an IRS
> Criminal Investigation Division and the U.S. Postal Inspection
> Service. This triggered an investigation after the Federal Trade
> Commission and the state Attorney General's Office received hundreds
> of complaints that Soloway regarding false and fraudulent claims
> regarding his products and services. The victims were denied refunds,
> and were upset about being blamed for sending illegal spam as a result
> of mistakenly hiring Soloway's company, said Assistant U.S. Attorney
> Warma.
>
> Soloway has already been sued successfully by Microsoft Corporation
> and Robert Braver, owner of an Oklahoma-based Internet company, for
> violations of the U.S. CAN-SPAM law and various state anti-spam laws,
> and they received millions of dollars in damages. Soloway never paid,
> claiming he lived off proceeds of a family trust and was therefore,
> legally, "judgement-proof." When sued by Braver in September 2005 in
> Oklahoma City, Soloway fired his lawyers and then skipped out on the
> case. U.S. District Judge Ralph G. Thompson then issued a permanent
> injunction, forbidding him to continue sending spam. Needless to say,
> Soloway ignored this and continued his reign as Spam King.
>
> How Did Soloway Work his Spam?
> Soloway's online empire was commandeered from his trendy, Seattle
> Harbor Steps apartment on the waterfront, according to investigators.
> One expert estimated that the man agents named the "Spam King" when
> they apprehended him sent billions, or perhaps even tens of billions,
> of e-mails a day. On just two servers groups, during a several month
> stretch, the Feds found in excess of 200 million spam messages that
> originated with Robert Soloway.
>
> To hide the origin and ownership of Web site, Feds claim Soloway
> constantly changed the address to different domains, even employing
> Chinese Internet Service providers last year. The spammed messages
> that he used to advertise his corporate Web sites contained false
> header information (email message lines and top of Internet page
> banners) and then were systematically forwarded using networks of
> slave computers called "botnets."
>
> Soloway's work in the virtual world caused real-life chaos, heartache,
> loss and rage to others. Since he could not use his own information,
> but needed to have someone's information attached to his sent
> messages, his spam had these phony headers with the real life e-mail
> addresses or domain names of innocent people or organizations, whom
> were then fingered for Soloway's spam and "blacklisted" from future
> contacts with the recipient. Said John Reid, a volunteer with The
> Spamhaus Project, an anti-spam group, "The amount of damage he does to
> the Internet -- the fraud thing to innocent people who think they're
> hiring some Internet person -- is awful." When computer-gullible
> business owners hired Soloway to help increase traffic to their Web
> sites, Soloway instead sent torrents of spam in their name.
>
> Who is Spamhaus, What is ROKSO?
> According to their site, Spamhaus is "WORKING TO PROTECT INTERNET
> NETWORKS WORLDWIDE -- Spamhaus tracks the Internet's Spammers, Spam
> Gangs and Spam Services, provides dependable realtime anti-spam
> protection for Internet networks, and works with Law Enforcement to
> identify and pursue spammers worldwide." Another site describes
> Spamhaus as "The Spamhaus Project is a completely volunteer effort
> founded by Steve Linford in 1998 that aims to track e-mail spammers
> and spam-related activity. It is named for the anti-spam jargon term
> coined by Linford, spamhaus, a pseudo-German expression for an ISP or
> other firm which spams or willingly provides service to spammers."
>
> Soloway originally premiered on the Spamhaus Block List (SBL) in 2001,
> and by 2003 had made it to Spamhaus's Register of Known Spam
> Operations (ROKSO), a compendium of the world's "worst of the worst"
> illegal spammers. Spamhaus spamtraps were still getting Soloway
> solicitations from those advertising his services right up until his
> arrest.
>
> In response to Soloway's arrest, the Spamhaus site wrote, "Spamhaus
> commends the Seattle FBI and U.S. Attorney for ensuring that the
> indictment contains both spam-related and non-spam-related counts, and
> on preparing an indictment which shows so clearly the profile of the
> typical spammer's activities, such as fraud, identity theft, and other
> online deception. Spamhaus recognises that a successful prosecution
> requires careful preparation which inevitably takes longer than the
> victims of the crime wish. Careful preparation is essential in cases
> involving CAN-SPAM violations, since the CAN-SPAM Act does not yet
> have extensive case-law to support it."
>
> ****************************************************************
> Another Cyber Attack Hits Europe
> Editor, Maricelle Ruiz, IBLS Director – Europe
> Wednesday, June 13, 2007
>
> When Estonia suffered a series of cyber attacks in recent months, US
> official John Negroponte told the Financial Times: "We need to prepare
> ourselves because this is likely only to become more of an issue in
> the future." Well, the future is here. And the wave of cyber attacks
> has moved from Eastern to Western Europe. It has recently been
> disclosed that around the time Estonia was under cyber attack, an
> important Spanish domain-registration company was also waging a battle
> against unknown cyber pirates. The Cyber Terrorism Division of the
> Spanish Police is investigating the incident. If identified, the
> hackers involved could be prosecuted for blackmailing a company to
> prevent the disclosure of confidential information.
>
> There seems to be a disagreement regarding the severity of the
> situation. While some reports claim that the private data of hundreds
> of thousands of Internet users is in the hands of criminals, the
> leading Spanish company in the domain registration and web hosting
> business, Arsys, has issued a statement denying this information.
> Executives concede the company has experienced what they describe as
> "a security incident, compromising some client data." However, they
> say, none of the data in question involves email, bank account or
> credit card passwords and therefore, they claim there's no risk of
> illegal access into bank or email accounts.
>
> According to Arsys, hackers reportedly stole FTP codes, enabling them
> to insert a link to an external server containing malicious code, in
> the web pages of some clients. As soon as the company detected the
> incident, executives say it eliminated the link from the web pages,
> notified affected clients and boosted security measures across the
> board. To comply with legal requirements, executives add the company
> has reported the incident to the Cyber Terrorism Division of the
> Spanish Police. They confirm the incident is under investigation and
> may end up in court.
>
> The attackers reportedly used servers located in the United States
> and Russia. According to the latest Symantec Internet Security Threat
> Report, the United States is the top country for malicious threat
> activity, accounting for 31% of the worldwide total, followed by China
> (10%), Germany (7%), France (4%), United Kingdom (4%), South Korea
> (4%), Canada (3%), Spain (3%), Taiwan (3%) and Italy (3%). Meanwhile,
> law enforcement authorities have detained a Russian teenager suspected
> of involvement in the Estonian cyber attacks. The youth reportedly
> called for massive cyber attacks against Estonian servers in Internet
> forums.
>
> ***********************************************************************
> CHALLENGES IN CLASSIFYING VOIP SERVICES IN THE EUROPEAN UNION
>        Email Article
>        The European Union regulatory framework for electronic
> communications aims to provide a coherent regulatory scheme for all
> transmission networks and services within the European Union. The EU
> regulatory framework defines the communication service categories that
> can be applied to VoIP (Voice over the Internet Protocol) services
> such as the Electronic Communications Service and the Publicly
> Available Telecommunications Service. VoIP services that fall under
> the scope of the EU regulatory framework are classified as VoIP
> services with no specific obligations.
>        In 2002, the European Union adopted a regulatory framework for
> electronic communications. The main objective of this regulatory
> framework was to provide a coherent regulatory scheme for all
> transmission networks and services. The main goal of the regulatory
> framework was to promote European market integration and
> telecommunication standardization, and to support consumer interests.
>
> Under the aforementioned regulatory framework, companies are permitted
> to provide new electronic communications services based on a general
> authorization by the EU and without an extra burden of administrative
> authorization by a National Regulatory Authority (NRA). The EU
> regulatory framework also defines the service categories that can be
> applied to VoIP services. Since VoIP technology is used to transmit a
> large variety of market offerings, which fall under multiple
> regulatory categories, the categorization of these offerings has
> proven to be a significant regulatory challenge.
>
> In June 2004, the EU launched a consultation on the treatment of VoIP
> services under the 2002 Regulatory Framework. The primary goal of this
> consultation was to clarify the application of the EU Directives to
> VoIP services. In February 2005, the European Commission opted to
> refrain from developing detailed guidelines for VoIP regulation, based
> on its express intention to promote the development of VoIP services.
>
> What communications services are defined by the regulatory framework
> related to the VoIP?
>        The regulatory framework includes descriptions of a variety of
> communications services with differing rights and obligations. The
> 2002 EU regulatory framework includes two services that are actually
> related to VoIP; these are Electronic Communication Services and
> Publicly Available Telecommunication Services. (a) Electronic
> Communications Services (ECS) are defined as services that are
> provided for remuneration, and which include the conveyance of signals
> over electronic communications networks; and (b) Publicly Available
> Telecommunications Services (PATS) are defined as services that are
> available to the public for originating and receiving national and
> international calls, and which provide access to emergency services.
>
>        Where in the EU regulatory framework do VoIP services fall?
>        VoIP services with no specific obligations are, in principle,
> within
> the scope of the Authorization Directive. Today, most enterprises are
> replacing their existing private branch exchanges (PBXs) with VoIP
> solutions that are covered by the Authorization Directive, which
> imposes no specific obligations or restrictions.
>
> VoIP services that involve the conveyance of signals through an
> electronic communications network fall under the regulatory framework
> of the EU when publicly offered. However, their regulatory treatment
> depends on the nature of the service offered.
>
> What are the different types of classifications of VoIP which fall
> outside the scope of the EU regulatory framework?
> Recent technology allows a user of VoIP enabled devices to place calls
> directly to another user using similar equipment or software over the
> public Internet. These services are known as self-provided services,
> and fall outside the scope of the EU regulatory framework, because
> there is no communication service provider in this model.
>
> _______________________________________________
> AfrICANN mailing list
> AfrICANN at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/africann
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20070615/abef2e56/attachment-0001.htm


More information about the AfrICANN mailing list