For the Week of July 25, 2005
For the last week I've been the victim of a series of crimes.
I've been "Joe-Jobbed." A spammer has used my e-mail address, and the IP address of A-Clue.Com, as the "from" address in a series of spams advertising an illegal drug site.
The site in question sells (or claims to sell) prescription drugs like Cialis, Levitra and Viagra, commonly used to treat impotence, without a prescription.
The spammer points a variety of URLs to his site. He points a new one each day, from a cache that may have been obtained as early as 2002. Some of the URLs I've seen are chorally.com, degradedly.com, and ossifiles.com. All were obtained through a registrar called Yesnic.
When this started, I checked the registrations through Betterwhois and found they were the property of a phony name, at a non-existent address, a Belinda Farley" living in a state whose abbreviation is EH. (Don't bother looking - no such state.) More recent sites are registered to a Louis Phillippe, whose address is listed as 410 South Street, Columbia SC.
I get the bounces, which is how I learned all this. I know I'm not the originator of this garbage because I keep my anti-spyware and anti-viral tools updated, and I check my hard drive every day. Besides, my e-mail doesn't come from the URL of my Web site. When I'm at home (and I've been at home through all this) it goes through Mindspring, my broadband ISP.
Why is this spammer targeting me? I originally thought it might be because I've written often against spam, or because I've had this e-mail address nearly a decade and it gets around. But lately I've suspected a political motive. The spammer likes to add little quotes to the end of his missives, which he probably uses for his own tracking purposes. Many are of an extreme right-wing nature, like "The true character of liberty is independence, maintained by force."
I sent an example of each spam, in turn, to firstname.lastname@example.org, which has been like a black hole. Nothing is acknowledged, and you never know if anything was done unless they send out a press release with an arrest on it.
In this case more than the CAN-SPAM Act is being violated. Selling prescription drugs without a prescription is illegal, even dangerous. If they're not selling those drugs, of course, you've got a fraud case.
Then came Google Earth.
With the free Google Earth program, I figured, I could at least see if the address given by this spammer were a real place. I spent some time downloading, extracting, executing and...no luck.
Google Earth has two types of resolutions, depending on the inputs it's given.
There's a very fine resolution which lets you see the trees covering my house, the cars parked on the street, and the age of the picture. (It was taken in 2003, after the two new houses were built on Park Place and before the third one was built right opposite me.)
Then there's a less clear resolution. You can see neighborhoods, but you can't resolve homes. When using the software you can see clearly which resolution you're looking at, because the clearer areas are outlined in brown as you begin your zoom.
Long story short, 410 South Street in Columbia is just a mile or so outside the fine resolution area for that city. There are some houses on a street, a residential area near a small airport, but it's impossible to resolve any one house. I can't reach through the screen and punch this sucker in the snout.
My next step was Google Groups, to see if this spammer has been sighted before. Seaching the news.admin.net-abuse.sightings group there seems to be no mention of a Louis Philippe, when you do a search on the name. So I tried Columbia, SC, and learned Philippe has been in business at least since 2003 using the same name and address as I found in the Whois. He's got the same M.O, although back then he had a wider selection (anti-depressants were bigger then).
More important, we finally get away from Louis Philippe here and closer to the real culprit. The IP address for Chorally.Com, one of the Philippe "sites" which Joe Jobbed me, "is listed on the Register Of Known Spam Operations
(ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Michael Lindsay / iMedia Networks." Here's the Spamhaus page on this operation.
Lindsay, in turn, isn't based in Columbia at all, but is listed as being in San Jose. He's about 16 miles from my older sister, in a warehouse district just a few miles from the San Jose Airport.
Lindsay isn't hiding, Here's his entire Spamhaus file. Soon after launch Lindsay, who apparently lives in Campbell, Calif., was profiled by a local business magazine which thought he was an honest businessperson. It's a family operation. He apparently has a son named Jeff in the spam business. And he'll spam for anyone. He even runs supposedly "bullet proof" spam-hosting in China!. His "operation" has even been profiled there.
Here's the full Spamhaus ROKSO list and, as you can see, most of it consists of Americans.
What have we learned here? Spammers hide in plain sight. Their names are known, their activities are known. They could be brought to justice, if the American authorities were interested in doing that.
Fact is, they're not. In the area of spam, it's America that is the international outlaw. Which begs the question. Why should we trust America's control over the Internet and distrust that of the ITU?
I'm vulnerable. I'm going to continue being hammered by these Joe Jobs until Michael Lindsay decides to go after some other victim, or until my own ISP turns off my service. This amounts to online terrorism, either at random or as an attempt to intimidate.
You could be the next victim. How does that make you feel about your government?
I'm now helping to produce a special blog on Open Source for ZDNet.
I work as a freelance writer in Atlanta, and am on the development team for EgoScout, a new kind of mediator for mobile phone users.
My last non-fiction book, "The Blankenhorn Effect" won the Computer/Internet category in the 2003 Independent Publisher (IPPY) awards. Write me for a PDF copy of my latest novel, "Baptists are for Dunking."
On my Mooreslore blog I've written a new novel, "The Chinese Century." It's a story told in real-time, with real characters, but entirely fictional, dealing with the consequences of the falling dollar. I'm beginning a sequal, "American Diaspora," exploring the themes of the first book but with more fictional characters. It's a true alternate history, but set in the present day.
You are encouraged to forward this newsletter widely. And if you have trouble subscribing let me know. Remember: it's journalism that keeps the Clues coming...
Best of the Week
While Finland does have substantial unemployment, and the problems of an aging population threatening its ample social safety net, the 5.5 million people there are nearly as happy as those in the Monty Python song. (All together, Finnophiles!)
E-mail service here may experience some delays as I undergo a personal trial by spam.
The point is that Ververs, rightly or wrongly, is being given credit for some long-term success, and told to duplicate it on a larger stage, just as local anchors are often given the network gig and expected to produce big numbers.
It turns out, according to British police, that the four suicidie bombers here were British citizens, natives. Three from Leeds, one from Luton. True, their parents were Pakistani immigrants, but the people who carried this out were local.
A reporter can make a good living just covering Microsoft. This is not a good thing.
Joi's point is that the Internet split has already begun, and it is based on language. Chinese and Japanese people don't care for English. People want URLs in their own language. And these URLs are unreachable by those whose keyboards only write what the Japanese call "Romaji," Roman letters.
All these stories convey a common misconception. They assume this is a trend, and they assume that mainstream media will be able to dominate this new field. Both assumptions are wrong.
The American Diaspora
ZDNet Open Source
Clued-in is Paul Krugman although I insist I wrote it first.
Clueless are all those who refuse to learn from history and refuse to understand that it can happen anywhere.
A-Clue.Com is a free email publication, registered with the U.S. Copyright
Office as number TXu 888-819. We're on the Web at http://www.a-clue.com.