When Software Fails to Stop Spam, It's Time to Bring In the Detectives
Annie Marie Musselman for The New York Times
Timothy Cranton, rear, and Sterling McBride of Microsoft's antispam unit.
By SAUL HANSELL
EDMOND, Wash. - Sterling McBride spends a lot of time waiting for spammers to make a mistake. They usually do.
he hunted down escaped prisoners for the United States Marshals
Service, Mr. McBride learned the value of lying low until fugitives
trip up, leaving small clues on their whereabouts. Now, as an
investigator for Microsoft,
Mr. McBride watches carefully for tidbits of data that link some of the
two billion pieces of junk e-mail that Microsoft's Hotmail service
receives each day with the people who send them.
Once he finds
an electronic key to the spammer's identity - a real name, address or
phone number - Mr. McBride uses all the tools of a regular detective:
trailing suspects, subpoenaing their bank records and looking for
disgruntled former associates to become informers. But first he must
lift the cloak of anonymity provided by the Internet.
who do this are pretty tenacious," Mr. McBride said. "There are
networks that are very well organized. But we have really started to
figure out how they operate."
Spammers have been sending more
junk e-mail than ever, despite a new federal antispam law that took
effect Jan. 1. So far, few have been brought into court because it is
hard to find them and link them to electronic offers of pills and
So the vanguard of the fight against spam has
turned from software engineers who try to identify and block spam from
e-mail in-boxes to investigators in private industry, like Mr. McBride,
and an increasing number of prosecutors and law enforcement agents who
are learning how to combine traditional detective work with
The Federal Bureau of Investigation is
increasing its effort to investigate spammers, largely in response to
the new law. In an unusual arrangement, the Direct Marketing
Association has paid $500,000 to hire 15 investigators who work
alongside agents from the F.B.I. and other government agencies in a
program known as Project Slam-Spam.
Using information provided by
Internet providers along with their own decoy computers and e-mail
accounts, these investigators have built a database of more than 100
spammers. Increasingly they are actually purchasing pills and
responding to offers of get-rich-quick schemes to track down the
"Initially you start to work backwards from the e-mail
and find that to be a very frustrating route," said Daniel Larkin,
chief of the F.B.I.'s Internet Crime Complaint Center, the unit that is
coordinating Project Slam Spam. "That doesn't lead to a live body. We
have collectively realized you have to go the other way and follow the
The project has built cases against 50 spammers,
which it has started to refer to federal and state prosecutors. It
hopes to orchestrate a coordinated sweep of spam prosecutions and civil
cases later this year to highlight the seriousness of its antispam
efforts, Mr. Larkin said.
Even before the new law took effect,
there was an increase in both civil and criminal actions against
spammers. Last week, Howard Carmack, who sent 825 million junk e-mail
messages from his home in Buffalo, was sentenced to at least three and
a half years in prison, in a case brought in 2003 by New York State for
violations of identity theft and business records laws.
The big Internet service providers, especially America Online, a unit of Time Warner, and EarthLink, have been steadily suing spammers for the last few years, using trespass and computer crime laws.
is a relative latecomer to the tactic. Until recently, it hoped to rely
mainly on software to identify and discard spam. But once it decided to
take spammers to court, it moved after them with a vengeance, building
what is probably the biggest operation in the world devoted to
investigating and suing spammers.
"digital integrity" unit - which also fights online fraud, identity
theft and spyware - employs more than 100 people around the world and
has an annual budget of more than $10 million. Many investigators,
including Mr. McBride, were former law enforcement officers and
prosecutors hired originally to track down software counterfeiters who
have shifted their attention to spam.
Standing in a small
conference room on Microsoft's vast campus earlier this spring, Mr.
McBride, 38, explained how the techniques he learned in tracking down
prison escapees have come in handy finding spammers. He unfurled a
giant piece of paper covered with hundreds of tiny symbols - faces,
trucks, computer screens, telephones - connected by a spider's web of
The diagram was made with a software
program used by police to keep track of organized crime investigations.
The networks of people and companies that send junk e-mail
solicitations are just as complicated, Mr. McBride said.
pointed to a small icon of an envelope, representing junk e-mail
promoting a Web site called Camania.com that lets users view people
performing sexual acts in front of their Webcams. A line leads from the
envelope icon to an icon for the Web site, which was registered in a
"They did a good job of hiding themselves," Mr.
McBride said. "Everything was registered to post office boxes and there
were phones that forwarded to other phones with voice mail."
one icon on the diagram shows where the spammers slipped up. It is a
real postal box that was associated with the Camania site. It turned
out to be at a Mail Boxes Etc. in Kirkland, Wash., only a few minutes
from Microsoft's headquarters.
Microsoft then hired outside
investigators to stake out and follow whoever picked up the mail. It
turned out to be Jason Cazes, who Mr. McBride said sells "MaxxLength"
penis enlargement pills.
Eventually, Mr. McBride was able to
collect sufficient evidence for Microsoft to file civil lawsuits last
December against Mr. Cazes and two other people, accusing them of
sending spam on behalf of Camania and MaxxLength.
A lawyer for
Mr. Cazes, Mark Douglas Kimball, said Mr. Cazes was involved in running
adult Web sites and a nutritional supplement business, but did not send
Mr. Kimball said he was not aware that Microsoft had
his client's mailbox watched, but said such a tactic was unnecessary
because the ownership of the businesses was available in public
One of the most powerful tactics in criminal
investigations - and one that Microsoft used in this case - was an
informant familiar with the spam operation.
"Spammers are more than willing to rat each other out," Mr. McBride said.
In the last 15 months, Microsoft has filed 53 civil cases against
spammers. Ten have resulted in court orders banning the defendant from
further spamming, either because of a settlement or because the
defendant did not show up in court. One case was dismissed. The rest
are working their way through the Washington State courts.
If the amount of spam is any measure, the spammers have not been scared off.
Timothy Cranton, the lawyer who runs the Microsoft digital integrity
unit, argues that the private and government legal actions will
ultimately make a difference.
"A lot of spammers think what
they are doing is perfectly fine," Mr. Cranton said. Enforcing the
federal law, he said, will show them "that what they are doing is not
For years, an energetic community of amateur spam
detectives has been trying to get Internet providers to kick spammers
off their networks. Increasingly, those volunteers are trading tips
with law enforcement agencies and Internet providers.
"We do a
fair bit of work with Microsoft," said Steve Linford, the founder of
Spamhaus, a prominent volunteer spam-investigating organization. "They
are getting serious about fighting spam and putting their money where
their mouth is."
By filing lawsuits known as "John Doe" suits, in
which the identity of the defendant is not known, Internet providers
are able to subpoena records from banks and others to determine the
identity of spammers.
"The most useful information is who pays
for various aspects of the spam operation," said David Bateman, a
lawyer at Preston Gates & Ellis in Seattle who represents Microsoft
in spam cases. "To spam, you need four or five things - a hosting
service, a domain name, mailing software, mailing lists and so on. Each
one you have to purchase from someone."
For example, Microsoft
identified a series of advertisements for pornography and herbal
supplements that were sent as e-mail messages to Hotmail accounts,
directing recipients to Web sites on computers operated by a company
called Isolate Networks, which was run by Dan Ivans in Chardon, Ohio.
Mr. Ivans, 21, advertised what in the industry is called a bulletproof
hosting service, a business that operates Web sites that are advertised
Microsoft filed a suit in June 2003 naming 20 "John
Doe" spammers, which allowed it to obtain subpoenas for information
about Mr. Ivans's business clients. Microsoft lawyers were also able to
question Mr. Ivans, who is not a defendant in the suit, under oath.
that information, Microsoft was able to amend the suit earlier this
month to name seven people and two companies it said actually sent the
"The real key is trying to figure out how to connect the
virtual world" with "someone you can hold responsible for this," Mr.
McBride said. Once you have the link, he said, "you can use all the
tools of a normal investigation."
Special Offer: Home Delivery of The Times from $2.90/week.