This is on the front page of today's Wall Street Journal.  It shows how
sneaky and bad these spamers really are and how one single person can be
such a nuisance with a single PC.

Kelly


The Wall Street Journal

May 7, 2003


    Elusive Spammer Sends EarthLink on Long Chase

Web Service Uses Lawyers, Private Eyes To Track Buffalo Sender of Junk
E-Mails

    By JULIA ANGWIN

Staff Reporter of THE WALL STREET JOURNAL

    ATLANTA -- For more than a year, Mary Youngblood has been chasing
the "Buffalo Spammer."

    The 34-year-old Ms. Youngblood, who sports a picture of Darth Vader
on her company ID badge, works at the headquarters of EarthLink Inc., a
big Internet-access provider. She leads a team of more than a dozen
investigators whose job it is to find spammers, hackers and other "bad
guys" who haunt the company's network.

    Sitting in her windowless office last March, she was reviewing spam
-- unsolicited junk e-mails -- that customers had complained about. She
noticed that a few key phrases were popping up among the get-rich-quick
pitches: "The Cadillac," a promise of making "$150,000" by "Day 15," and
phone numbers with 716 area codes. Investigating further, she saw the
e-mails were all originating from an EarthLink account connecting from
Buffalo, N.Y. With a single click of a button, she disabled the account.

    The next day, however, someone was sending the same e-mail pitches
under another name. Usually, Ms. Youngblood says, a spammer will give up
and move to another Internet provider after having his account shut down
several times. But the Buffalo spammer was more defiant than most. Each
time Ms. Youngblood shut down his account, he showed up a few days -- or
a few hours -- later, sending the same spam from a new account using a
new name and stolen billing information.

    It turned out that the Buffalo spammer would be one of the most
egregious spammers to ever cross the wires at EarthLink, the
third-largest Internet-access provider in the U.S. The ensuing manhunt
in cyberspace shows the difficulties in trying to stop, or even slow
down, the huge flood of unsolicited e-mails in the nation's in-boxes.
During the year Ms. Youngblood and her team spent trying to track him,
the Buffalo spammer sent about 825 million spam e-mails, used 343 stolen
identities to sign up for e-mail accounts, taunted his investigators on
the phone and evaded subpoena servers for three months, according to
EarthLink.

    Spam is the top complaint of most Internet users. EarthLink
estimates that more than 40% of the e-mail that comes into its system is
spam, up six-fold in the past 18 months. AOL Time Warner Inc.'s America
Online, the nation's largest Internet provider, says spam accounts for
70% to 80% of the incoming mail to its network, a four-fold increase in
the past four months. Both companies say they try to block much of the
spam before it hits users' in-boxes. [Image of Mary Youngblood]

    Experts believe most spam is sent by a hard-core group, who send
millions of messages each day. But catching spammers isn't easy. Because
e-mail wasn't designed to be traced, most systems allow users to
disguise almost every line of an e-mail, including the "from" line and
the "reply to" line -- a practice known as "spoofing." Spam sent from
overseas computers is almost impossible to trace.

    "About 95% of the battle is finding the person and figuring out who
he is," says EarthLink's outside attorney, Paul "Pete" F. Wellborn III.

    Even when spammers do get caught, they rarely go to jail. Sending
unsolicited commercial e-mail is usually illegal in most states, but
enforcement generally isn't a high priority. "It's very tough to justify
spending so much time and money on cases where we aren't getting any
penalties or any money back to consumers," Stephen Kline, an assistant
attorney general in New York, said at an antispam conference last week.

    That leaves enforcers such as Ms. Youngblood with two tools:
shutting down accounts and filing civil lawsuits against spammers.
EarthLink says it has four lawsuits pending against more than 80
spammers and has won injunctions against about a dozen more. America
Online and Microsoft Corp., the two biggest Internet providers, have
each recently filed five lawsuits against alleged spammers.

    The lawsuits rarely collect payments because most spammers don't
have much money. Last year, EarthLink won one of the industry's biggest
settlements -- a $25 million judgment against a Tennessee spammer, but
it hasn't yet collected a cent. The Federal Trade Commission has brought
48 actions against spammers who make false claims about products or
identities, but it hasn't recovered much money either. "Many times,
there is no money left," says Brian Huseman, staff attorney at the FTC.

    The pursuit of the Buffalo spammer became Ms. Youngblood's top
priority early last year. She spent about 10 hours a week on the case,
and her employees spent another 10 to 20 hours a week, in total, hunting
to see where he was hiding on the network. They tracked the spammer's
trail by following telltale passwords, phone numbers and pitches --
including get-rich-schemes, an herbal sexual stimulant and an offer to
sell bulk e-mail lists to other spammers.

    One Saturday night in April 2002, Ms. Youngblood was relaxing on her
living-room couch, watching TV and cruising through EarthLink's internal
Web sites on her laptop. She noticed that someone from Buffalo was on
the company's list of accounts that were suspicious because they were
sending an unusually high volume of e-mails. She saw the person was
using one of the Buffalo spammers usual passwords.

    "At that point, I didn't need to see a spam to know it was him," she
says. She immediately changed the password on the account so that he
wouldn't be able to connect to the Internet. Then she sent her
technicians a note, telling them to terminate the account for violating
EarthLink's terms of use, which prohibit sending spam.

    The next day, though, he appeared to be back in business, sending
out the same pitches, with Buffalo contact information, but from a
different account.

    Ms. Youngblood told EarthLink's telephone-sales representatives to
alert her whenever they signed up new customers from Buffalo who used
one of the spammer's favorite passwords: "Buffalo," "football,"
"baseball" and, not too creatively, "123456." The sales reps were asked
to use caller ID to capture the phone number the person was calling
from.

    But the number that popped up turned out to be at a Buffalo public
library. Ms. Youngblood blocked any new accounts coming from that
number, but then the spammer just started signing up for accounts
online.

    Ms. Youngblood also tried to prevent him from dialing into the
EarthLink network from his home computer. But not all of the phone lines
in that area had been upgraded enough to allow caller ID to work -- so
she couldn't always track him down that way.

    Sometimes Ms. Youngblood was able to shut him down before he could
send a single spam -- when she spotted a new account from Buffalo that
used his preferred passwords. Other times, he would send millions of
e-mails before she could catch him. Like most spammers, the Buffalo
spammer appeared to be using special software that sends e-mails in
batches small enough to fall under thresholds set by EarthLink and other
Internet providers. (EarthLink doesn't disclose what that threshold is.)
Many of these software packages can also generate random subject lines
and "from" and "reply to" addresses so that each e-mail appears
different at first glance.

    By May of last year, Ms. Youngblood was frustrated that her repeated
attempts to shut him down weren't scaring the spammer away. He was still
at the top of the weekly "bad guy" list that she sends to her staff. "We
felt like he was setting up his computer to run 24 hours a day," she
says.

    So she decided to recommend that EarthLink sue him. It wasn't an
easy decision, because EarthLink rarely recovers its costs when it sues
a spammer. The company would rather chase spammers off its network by
constantly yanking their connections. "We can't sue everybody on our
radar," Ms. Youngblood says. "But after a couple months it was obvious
he wasn't going away." Ms. Youngblood's next call was to the man she
calls "my bulldog" -- Mr. Wellborn, EarthLink's outside attorney.
[Wellborn]

    Mr. Wellborn, 39, a beefy, blond former Georgia Tech football
player, makes a living chasing spammers for EarthLink and others. He is
so virulently antispam that he is personally suing one person who agreed
to an injunction not to send spam, and then sent him one anyway. At a
recent antispam conference Mr. Wellborn drew applause when he suggested
the best way to deter a spammer would be to "draw him and quarter him
and put his head on a pike."

    The best way to catch a spammer, he says, is by following the money
trail. "No matter how much false information there is in the spam
e-mail, there has to be one true bit of information for the spammer to
separate you from your money," Mr. Wellborn says. That contact might be
a post-office box, or an 800 number, he says.

    To catch the Buffalo spammer, Mr. Wellborn filed a lawsuit in U.S.
District Court in the Northern District of Georgia in June against
defendants only identified as "John Does." It alleged the spammers had
stolen credit cards, illegally spammed, trespassed on EarthLink's
computer equipment and damaged its reputation, among other things.

    The suit allowed Mr. Wellborn to ask the phone company and Mail
Boxes Etc. for the names of the owners of the phone numbers and
post-office boxes listed as contact information in the Buffalo spammer's
e-mails. The responses produced a seemingly random set of a half-dozen
people, including some Buffalo residents and a man in Florida.

    By October, the Buffalo spammer's activity increased. He was even
sending spam advertising his own services as a spammer-for-hire,
promising customers could make money "HAND OVER FIST" with "DIRECT
E-MAIL." Ms. Youngblood was getting overwhelmed by the flood of spam
that seemed to be coming from this one person -- now topping one million
e-mails a day. Mr. Wellborn decided to try calling the spammer, thinking
that direct contact from a lawyer would scare him off.

    Mr. Wellborn called all the numbers listed in the spams until he
reached a live person. "The person who answered identified himself as
Joseph Carmack, admitted to the spamming and said we'd never be able to
catch him because 'nothing is in my name,' " says Mr. Wellborn,
recalling the taunting. So Mr. Wellborn started trying to track down
Joseph Carmack, a 58-year-old retired mail carrier in Buffalo, thinking
he had the spammer.

    At the same time, in the fall of 2002, EarthLink filed an amended
complaint adding the names of individuals who owned phone numbers or
post-office boxes affiliated with the spam. Among those was Angelo
Tirico, a Florida man who was selling "Mother Nature's Wonder Pill," an
herbal stimulant, over the Internet.

    Mr. Tirico told EarthLink investigators that he found a man named
Howard Carmack on a Web site promoting spamming services in May 2002,
according to a lawsuit filed by EarthLink. He said Mr. Carmack
advertised himself as a "mailer with extra bandwidth looking for a
project to mail."

    After a series of e-mails and phone calls, Mr. Tirico said, he
agreed to pay Mr. Carmack $10 for every sale of the herbal stimulant he
generated. Mr. Tirico said Mr. Carmack bragged that he had sent out
"over 10 million" spams on his behalf. All those spams generated a mere
36 sales, and he paid Mr. Carmack $360 for his efforts. But the huge
volumes of spam were generating tons of complaints, Mr. Tirico says, so
he asked Mr. Carmack to stop spamming.

    "That's when I first realized it was Howard," says Mr. Wellborn.
"The pieces finally fell together."

    He got confirmation in January of this year, when he finally reached
Joseph Carmack, the retired mail carrier. Joseph Carmack told
investigators that he had nothing to do with any spam, but, in a
statement, said that his nephew, who also lived in Buffalo, "is
self-employed and does something with computers." The nephew's name:
Howard Carmack.

    Even while lawyers were trying to serve papers on him, Mr. Cormack
continued to spam, EarthLink contends in its suit. In January, he
allegedly sent out spams for a cable-descrambler device and an Internet
spy program that promised to let users remotely monitor other people's
computers. On Feb. 25 alone, Ms. Youngblood says she caught him trying
to log onto the EarthLink network six times using six different
accounts. She shut him down each time: "I felt like I could smell the
frustration," she says.

    Three days later, private investigators -- waiting in a van with
special glass windows that allow passengers to remain unseen -- handed
him the lawsuit documents while he was walking back into his house from
his car. The spam stopped that day.

    As a spammer, Mr. Carmack, who is 36, covered his tracks well,
EarthLink contends in the suit. None of the phone numbers listed in the
spams he is alleged to have sent are listed in his name. One was in his
mother's name. Another in the name of his mentally handicapped brother
who lived in a nearby assisted-living home.

    His post-office box was listed in the name of a cousin who lives
around the corner. Other phone numbers were listed in the name of a
North Dakota man who had never been to Buffalo and in the name of a
former upstairs tenant who had since moved away.

    In addition, each of the 343 EarthLink accounts created by Mr.
Carmack used false identities and stolen credit-card or bank-account
information, the company's lawsuit contends.

    Wednesday, EarthLink will ask a judge in U.S. District Court in the
Northern District of Georgia to grant it a permanent injunction against
Howard Carmack. EarthLink is seeking more than $16 million in damages
for legal fees, the cost of processing the e-mail and the harm to its
reputation.

    In a brief telephone conversation, Mr. Carmack said he didn't have
an attorney and that he would consider whether to give an interview for
this article. He didn't return subsequent phone calls.

    Mr. Carmack is a body-builder and was a high-school football star,
according to his uncle, Joseph. Relatives and neighbors say Mr. Carmack
lives with his mother in a run-down neighborhood of Buffalo, near the
state-university campus, in a modest brick house with sky-blue linoleum
siding. When a reporter recently rang the bell, a woman inside wouldn't
open the door.

    His grandmother, Juanita Carmack, 77, lives across the street. A
diabetic who says she is too disabled to leave the house on her own,
Mrs. Carmack said her grandson brings her breakfast from McDonald's when
she asks. "He would do anything for me," she says.

    Mrs. Carmack said she doesn't know what her grandson does for work.
She didn't know anything about a lawsuit, she said, but it sounded "real
sad." She added, "Maybe if they got jobs for the fellows, they wouldn't
have to do this."

    Write to Julia Angwin at
[log in to unmask]

    Updated May 7, 2003


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html