O'Reilly logo

Spam Kings by Brian S McWilliams

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Spamford Meets Hacker-X

From skimming old Nanae messages, Susan Gunn learned that anti-spammers were flush with power when she found the newsgroup in early 1999. They had rallied to force Sanford Wallace, the Internet's biggest spammer, into retirement just the year before. Wallace, who was head of Philadelphia-based Cyber Promotions, had emerged as a spam king in 1995 and boasted that his firm generated twenty-five million junk emails per day on behalf of clients ranging from pornography sites to spam-software vendors. By some estimates CyberPromo.com was responsible for 80 percent of the spam on the Net.

Unlike most spammers who chose to remain in the shadows, Wallace, a large man in his early twenties, regularly tangled with junk email opponents in Nanae discussions. Wallace argued that he was an entrepreneur and that spamming was his First Amendment right. Although he disliked being called a spammer—he preferred to say that he was in the bulk email business—Wallace eventually embraced the nickname given him by anti-spammers: Spamford. But while they may have admired his chutzpah, Nanae regulars abhorred Wallace's business practices, which included falsifying the return address on his spam messages, so that he wouldn't have to deal with complaints or bounces—the error messages returned by mail systems when they received an undeliverable message.

Anti-spammers cheered in late 1996 and early 1997 when Wallace was hit by successive lawsuits from a dozen ISPs. The litigation sought to establish some legal guidelines in what had previously been uncharted waters. AOL argued that it was not obligated to deliver email solicitations to its members from spammers such as CyberPromo. EarthLink alleged that Wallace had violated state and federal business laws by incessantly spamming its subscribers. EarthLink's attorney, Pete Wellborn, a former college football star turned high-tech lawyer, said CyberPromo was guilty of electronically trespassing on EarthLink's mail servers with its spam.

When Wallace hired a team of lawyers and announced he would fight the lawsuits, an anonymous vigilante decided to take matters into his own hands. He hacked into the Cyber Promotions web site and rummaged through the server. The attacker, who came to be known simply as Hacker-X, gathered up a trove of information, including Wallace's customer list and the administrative password to the machine. Using a stolen account at a university, Hacker-X then posted the information in a March 19, 1997, message to alt.2600, a newsgroup frequented by fans of the hacking magazine 2600. In confessing to the break-in, Hacker-X wrote that he was tired of the flood of junk email from Cyber Promotions.

"Nobody else was fighting back ... So I decided to kick them and their clients in the balls," wrote the unidentified intruder. "This won't end. Ever. Myself and others will continue to expose spam operations weaknesses. To those who think that spam is a good idea: think again."

Using the opening created by Hacker-X, over the course of several days in late March, other unidentified hackers repeatedly replaced the regular home page of Cyberpromo.com with ones of their own design. One version of the defaced page featured an image of a can of Hormel SPAM, a hyperlink to a page containing a list of customer accounts, and the words "CYBERPROMO ... NOT JUST BULK EMAIL ... it's SPAM."[4]

Wallace was furious. He issued a press release that offered a $15,000 reward and announced that he had alerted the Federal Bureau of Investigation (FBI) about the intrusion. But Wallace's response only seemed to add fuel to the conflict. On April 6, Hacker-X struck again. He posted another message to alt.2600, taunting Wallace ("that low-life, degenerate, festering pile of goo") and offering up more purloined information, including technical datafiles required to provide Internet service to scores of other sites connected to Cyber Promotions.

A few weeks later, the battle escalated. Someone on Nanae suggested anti-spammers join in a "Cinco de Mayo Cyberpromo Mailbomb Day," during which participants would coordinate a variety of attacks on Wallace's web site and email server beginning May 5. Similar calls to electronic arms were published in other newsgroups, including misc.consumers, an online bulletin board for discussing product reviews and other information about consumer issues.

When the so-called cyber-doomsday arrived, Cyberpromo.com—to the surprise of no one—suddenly became unreachable by web surfers. Two days later, Wallace issued another press release, stating that his company's network was under attack by anti-spam hackers who had also targeted an Internet router operated by Apex Global Information Systems (AGIS), the Michigan ISP used by Cyber Promotions. The announcement said Cyber Promotions was in the process of tracking the criminals, whom Wallace vowed to report to federal authorities.

Wallace never found the hackers. But in apparent retaliation for the attacks, he registered a new web site, NetScum.net. It contained an online directory with the names, email addresses—and in some cases home street addresses and phone numbers—of hundreds of spam fighters and other Internet users who had complained about Usenet postings and junk email or were otherwise deemed too strident in their requirements that other Internet users practice good online manners, or "netiquette."

The NetScum directory was actually a reincarnation of a site created by unidentified Internet users in 1996 and briefly hosted on a succession of obscure web pages. Among the entries in the new edition was one on Afterburner, the respected Erols abuse-desk manager whose true name was revealed at the site as Michael A. Hanks. (In one of his first acts at the ISP, Afterburner had convinced Erols to cancel Wallace's accounts there to protect the company's reputation.) In an attempt to discredit Afterburner, NetScum's anonymous editors had dug up and reposted messages from 1996 by Afterburner's girlfriend to a Usenet newsgroup named alt.sex.bondage. The postings discussed her kinky sexual activities with what she referred to as her "master" Afterburner and invited readers to visit her web site dedicated to "BDSM," or bondage/domination/sadomasochism. Although Afterburner laughed off his NetScum entry, he became an infrequent contributor to Nanae after the incident.

The computerized attacks on Cyber Promotions and its ISP continued unabated throughout the summer of 1997, leading some Nanae regulars to grow alarmed at the new trend toward electronic violence by anti-spam vigilantes. Bill Mattocks, the recipient of a Golden Mallet Award, argued that the spam wars must be fought ethically, with tactics that kept anti-spammers on the moral high ground. On August 8, 1997, Mattocks, the operator of a computer-consulting firm in Wisconsin, posted a four-page note to Nanae with the subject line, "HACKERS, WISE UP!" In the message he noted that anti-spam crusaders had successfully built a nonviolent grassroots movement opposed to junk email.

"We're gaining converts who are not technically proficient with computers, but they are on the Internet, and they hate spam, too. They are our allies. We must reach out to them and teach them to teach others," wrote Mattocks. He argued that the spam war was as much a public relations fight as anything and chided Nanae readers who had used the information from Hacker-X to attack Wallace.

"Shame on you," he wrote. "You are going to bring discredit on the rest of the anti-spammers. STOP IT!"

Mattocks's advice went largely ignored. The very next day, an unidentified person hacked into NetScum.net and replaced its usual home page with lewd messages about Wallace and Phil Lawlor, the chief executive officer of AGIS, Wallace's ISP. The site went offline shortly thereafter, returned in its original form a few months later, and then went dark again for good in the middle of October 1997, when AGIS cut off service to Cyber Promotions, citing the constant attacks from anti-spammers. Six months later, after failing to line up a new ISP, and finding himself hamstrung by legal settlements with ISPs that forbade him from ever again spamming their members, Wallace announced his retirement.

In an April 1998 note on Nanae, Wallace apologized for his past actions and said that newsgroup participants, in particular Mattocks and a popular anti-spammer named Jim Nitchals, had earned his respect. "It is now clear to me that most of you *are really here* to stop spam - not just for the thrill ride...BOTTOM LINE: You folks are WINNING the war against spam."

With Wallace vanquished, anti-spammers turned their attention to smaller foes, whom they jokingly referred to as chickenboners. Unlike big operators such as Wallace who incorporated their businesses and maintained office space with hired employees and other trappings of legitimacy, chickenboners were imagined by spam fighters as living in mobile homes with a personal computer on the kitchen table, surrounded by beer cans and buckets of take-out fried chicken.

Veteran spam fighters tended to dismiss the skills of chickenboners, but Gunn was taking no chances when she finally decided to join the ranks of anti-spammers in early 1999. Her first move was to create a new screen name under her master AOL account, which was based on a permutation of her real name, to protect her true identity. "Shiksa" was her first choice. A few years back, the mother of a Jewish man Gunn had been dating called her that when the woman thought Gunn was out of earshot. It was a derogatory Yiddish term used to describe non-Jewish females, but Gunn liked the name. When she tried to sign up for Shiksa at AOL, however, it was already taken. So she added an extra letter, and "Shiksaa," her new anti-spam persona, was born.

[4] The first use of the term "spam" to refer to junk email and Usenet messages appeared in April 1993, after an incident involving a program called ARMM (Automated Retroactive Minimal Moderation). Created by Richard Depew, a system administrator in Ohio, ARMM accidentally posted 200 copies of the same message to the news.admin.policy newsgroup on March 31, 1993. In response, an Internet user in Australia compared the ARMM incident to a comedy routine from the British television series Monty Python's Flying Circus. First broadcast in 1970, the sketch features two customers at a café who discover that every item on the menu includes Hormel's SPAM canned meat. At one point, a group of Vikings enters and loudly sings a song about "spam, lovely spam, wonderful spam," drowning out the café customers' conversation.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required