Damaged Justice frogfarm at
Mon Aug 18 17:45:39 PDT 1997

      [2]index [3]home [4]News [5]audio [6]search [7]help [8]techcity
                   Spam attacks send angry firms to court
                       Stewart Deck and Matt Hamblen
        Internet spam is no longer a joke to angry businesses. They
    increasingly are fighting back with civil and criminal lawsuits and
    offering rewards for information leading to arrests. In some cases,
                 users are even trying chargeback tactics.
    Driving the get-tough attitude is mounting frustration over crippled
      and lost business because of overloaded electronic-mail servers,
   trademark infringement and the nefarious combination of return address
       impersonation known as spoofing and blasts of spamming E-mail
        advertisements. Faced in some instances with death threats,
    exasperated and angry World Wide Web site administrators are trying
    anything and everything including offering bounties for the names of
           spammers and risking online vendettas in the process.
                               IMAGE AT STAKE
       Particularly vulnerable to spamming which some observers call
    ``Internet terrorism'' is a company's image, which businesses spend
            untold dollars building, maintaining and protecting.
    One high-profile example is Samsung America, Inc.'s nightmare, which
   began July 19 when a fake advertisement blasted across the Internet to
   millions of electronic mailboxes. The angry replies caught Samsung by
               surprise it hadn't sent out the advertisement.
        Other messages bearing Samsung's return address have swamped
     unsuspecting mailboxes since then, including a missive purportedly
        from a Samsung attorney claiming ``fraudulent and actionable
   transgressions'' on the recipient's part. Two of Samsung's Web-hosted
    clients La Costa Resorts and Big Dog Sportswear also had suggestive
       and misleading advertising messages sent out with their names
       attached. They, in turn, have been inundated with complaints.
    Samsung has been so hard hit getting 6,000 to 10,000 E-mail messages
     per day and hundreds of telephone calls worldwide that the FBI is
   looking into the matter. Samsung has spent millions of dollars on its
          brand image and desperately wants the spamming to stop.
   ``We assume whoever is doing this buys lists of E-mail addresses from
   someone,'' said Sang Cho, Samsung's in-house counsel, in an interview
   with Computerworld. But the company doesn't know why or who holds the
       grudge. It intends to file civil and criminal charges when the
                          perpetrator is unmasked.
      Fake ads are the latest twist in spoofing and spamming. The Dr.
   Seussian terms describe an underhanded sneak attack that tries to get
        ads in front of as many unsuspecting eyeballs as possible by
      impersonating a responsible sender. For example, Strong Capital
     Management, Inc., a financial services company in Menomonee Falls,
   Wis., is suing a spammer for allegedly stealing its address, thinking
    that recipients would be more likely to open mail from a prestigious
       firm than an ordinary Internet marketer. Such mail is hated by
          recipients and is a bane of Internet service providers.
                               FIGHTING BACK
   But now the impersonated legions are beginning to fight back. Although
   there are no results in any of these cases yet, here is a sampling of
            businesses going on the offensive with their beefs:
   Two operators at SFF Net, a commercial online service used by science
    fiction and fantasy writers, have filed suit in Kings County, N.Y.,
     against Carlos Lattin for sending out spamming E-mails with their
   forged return addresses. Their lawsuit claims trademark infringement,
    unfair competition, defamation and false designation of origin. The
      plaintiffs used New York laws to make the alleged impersonator's
              Internet service provider divulge Lattins name.
    A novice junk mailer was sued in May by an online floral information
    service run by Tracy LaQuey Parker, an Internet author and education
    market development manager at Cisco Systems, Inc. Parker opened the
    site's electronic mailbox one morning in March and saw what Samsung,
   La Costa and SFF Net have experienced: an avalanche of returned E-mail
    and angry letters. ``I was shocked by the onslaught,'' Parker said.
    Jon Tara, operator of San Diego's Live.Net site, has experienced the
      same problem, but he hasn't been able to track down the spoofing
      impersonator. He is offering a $100 reward for positive personal
   identification of the spoofer. A message on the site from Tara to the
    spamming perpetrator says, ``I am going to hound you to the ends of
    the earth once I find out who you are. You will regret having used a
    Live.Net return address. If you are lucky, I will never find out who
    you are. If you are unlucky, I will. It will be the worst luck that
     you've ever had.'' Tara has fought with a service provider who has
     stopped shutting down spammers and wont provide Tara with identity
    information, claiming privacy requirements. The provider has called
                      Taras bounty offer vigilantism.
     In February, Matthew Seidl, a Colorado University computer science
     student, filed a lawsuit against Greentree Mortgage and an unnamed
    bulk E-mailer for allegedly sending out a batch of spam with Seidl's
   ``nobody at'' address in the From and Return-Path headers.
    Seidl said in an Internet posting that he decided to take ``whatever
   legal actions we have to take to restore our good name and recover the
   damages we suffered. We are doing our part to put an end to this type
                              of net abuse.''
                              UNLIMITED ACCESS
    Such attacks are difficult to deal with, said Nina Burns, an analyst
   at Creative Networks, Inc. in Palo Alto, Calif. ``Wackos have so much
    access to information that it becomes scary for an individual,'' she
     said. ``But until authentication and digital signature technology
         become more widespread, I'm not sure what the answer is.''
    ``We need some sort of digital Caller ID,'' said Jonathan Wheat, an
   analyst at the National Computer Security Association in Carlisle, Pa.
          Until then, Wheat said, this may be the price we pay for
                   ever-increasing Internet connectivity.
                            See related stories:
     * [9]Service providers won't release names
     * [10]Internet providers fight back against spammers
   [11]index [12]home [13]News [14]audio [15]search [16]help [17]techcity
   Copyright © 1997 @Computerworld. All rights reserved. Reproduction in
     whole or in part in any form or medium without express [19]written
       permission of @Computerworld is prohibited. Computerworld and
         @Computerworld and the respective logos are trademarks of
                            Computerworld, Inc.



More information about the cypherpunks-legacy mailing list