Why spammers slip through jaws of legal beagles

With so much spam choking email channels on the Internet–some estimates peg spam volumes at as much as 95 percent of all email traffic–you’d think they’d be more lawsuits against the perpetrators of the junk. That’s not the case, however, and there are more than a few reasons why that’s so.

Terry Zink, at his Anti-malware blog, argues that the reason spammers aren’t prosecuted is they locate themselves in jurisdictions that tolerate the junksters for various motivations. “Some of the worst criminals in [the] spamming underworld are located in [E]astern Europe and Russia,” he writes. “Many of them are known to the authorities but they are not pursued by [those] authorities.”

A quick look at the latest Spamhaus list of the world’s Top 10 Worst Spammers shows that Zink’s analysis is right on the money. Seven of the top 10 junko artists are from Russia or one of its former republics.

Among the culprits fingered by Spamhaus were three from the Russian Federation–Leo Kuvayev, of Bad Cow, which deals in pirated software, knock-off pharmaceuticals, porn spam and payments collections, and botnet viruses; Peter Severa/Peter Levashov, a partner with a number of spam gangs; and Ruslan Ibragimov, of send-safe.com, creator of stealth spamware and operator of a spam distribution network from compromised computers and hijacked open proxies.

Spammers based in the Ukraine were Canadian Pharmacy, which operates a botnet spam distribution network and a number of spam websites; Alex Blood/Alexander Mosh/AlekseyB/Alex Polyakov, a massive botnet operator and purveyor of child porn, pharma and mortgage spam; and Yambo Financials, a distributor of child, animal and incest porn, as well as pirated software and pharma spam.

In the former soviet republic of Estonia, there’s Rove Digital, which runs a gamut of Black Hat activities–botnets, malware, pharming and denial of service attacks.

Other regions represented on the Spamhaus list were India (HerbalKing), Hong Kong (Vincent Chan/yoric.net) and Australia (Nikhil Kumar Pragji/Dark-Mailer).

Zink argues that spammers behind the old Iron Curtain can operate unimpeded because they take advantage of the legacy of corruption in their countries. While hoary cold warriors are inclined to heap the blame for corruption on communism, the practice, at least in Russia, can be traced back to the 10th century when a ruler’s subject were expected to keep his representatives fat and happy when they showed up in town to collect tribute from the locals. That payoff, called the korm, became institutionalized and public officials count on it as income, much as Wall Street investment bankers expect their bonuses, whether earned or not, every year.

In addition, Zink maintains that countries turning a blind eye to spammers see the junksters as a potential resource that could be tapped for cyber warfare exploits. “[W]hen the government decides that spammers might be useful for a geopolitical purpose, there is low chance indeed that western officials will ever get their day in court,” he observed.

That seems to me to be a bit of a stretch. Spammers have one motivation and it isn’t patriotism. What’s more, Russia already has its own corps of Web delinquents to do its dirty deeds on the Net. Called Nashi, the youth group, which operates with the imprimatur of the Russian government but is funded by businesses currying favor with the Kremlin, has claimed responsibility for cyber attacks on Estonia, been accused of mounting denial of service attacks against newspapers unfriendly to the current ruling regime and has spied on other youth groups considered “provocateurs” by Moscow bigwigs.

What Zink and others bemoaning the weak prosecution of spammers ignore is how laws like the CAN-SPAM Act can be used by opportunists to injure innocents, innocents like Azoogle.

Azoogle got trapped in a broad CAN-SPAM net tossed by a backwater ISP named Asis. Asis filed 20 lawsuits against alleged spammers. Not all the lawsuits were based on the strongest evidence of spamming, as a federal district court found last week.

“[I]t is apparent that Asis sued Azoogle based on little more than speculation that there might be a connection between those emails and Azoogle,” Magistrate Judge Joseph C. Spero of the US District Court of Northern California wrote in his opinion on the case.

“Asis then continued to litigate even as its discovery efforts turned up no evidence in support of its claims against Azoogle,” he continued. “Having initiated over 20 similar actions, and sued over 20 defendants in this action alone, an award of attorneys’ fees here is necessary to deter Asis and other plaintiffs hoping to profit under the CAN-SPAM Act from casting such a wide net.”

A judgment of $806,978.84 was awarded Azoogle by the court. While that’s a hefty sum for the parties involved, since Asis has already reaped a $2.6 million settlement from one of its CAN-SPAM lawsuits, it seems the rewards for outfits like Asis far exceed the risks in these kinds of cases, especially if a wide net is cast that traps lots of little fish with shallow pockets.