Spam and "following the money"

Wed Jun 18 03:02:46 UTC 2003

Joe,

While I agree with all of your points individually, I would say that
only one of them doesn't work for 'following the money'.  This one being
the pump-and-dump.  Everything else involves a sale of some sort -

Secondly, I had stated that a two-pronged approach needs to be followed.
Not only following the money, but technical tracking as well - the
problem here being that some of the spammers seem to not stay in one
place long enough to be tracked.

Regards,
Lars

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Joe St Sauver
Sent: Wednesday, June 18, 2003 6:58 AM
To: nanog at merit.edu
Subject: Spam and "following the money"

Hi,

Whenever the topic of spam comes up, the suggest always arises that
people "follow the money" to track the spammers. Sometimes, it is true,
that will be useful, but it takes a rather naive approach to the
spammer's business model.

In many cases, spammers don't actually need to *deliver a product or
service* 
to the person they are spamvertising to make money from sending spam. 

Some spammers make their money via banner advertising revenues: if they
can get you to visit one of their pages (even an "unsubscribe" page),
they can get "hits" for some advertising program and make money from
you. 

Or consider pump-and-dump stock tout spam... no direct product or
service needs to be delivered to a spammee for the spammer to make
money, assuming 
he can use spam to run the stock price up and the SEC doesn't jump on
traders 
with unusual purchase and sale patterns. 

In some cases, the spammer's scheme is outright fraud: one of the
reasons 
that penis enlargement spam (or spam for Viagra or other
"embarassing"-to- purchase products) is so common is that spammers are
counting on people 
being too embarassed to admit that they (a) fell for a scam, and (b)
that they were dumb enough to send cash to some PO Box in Romania, and
(c) that 
they needed the particular product that was being spamvertised in the 
first place.

Likewise spam for pay-per-view cable descramblers/theft of service
devices and other illegal/semi-illegal products: if your pay-per-view
theft of service 
cable descrambler provider fails to deliver a functioning
theft-of-service 
device for your use, who are you going to complain to, the police? 

It is also worth noting that in many cases people are providing their
name, 
credit credit number, and expiration date to some random server hosted 
somewhere in China, hmm, whaddya think, any possibility of fraud taking 
place? I could make fifty bucks selling some fake human growth hormone,
or thousands charging stuff on a steady stream of live credit card
numbers. If I had to point at the most common way to make money from
spam these days, 
I'd bet on credit card fishing...

But even routine credit card fraud pails in comparison to the costs 
associated with trying to regain your financial identity after it has
been 
completely co-opted following provision of complete financial details to

some "mortgage referral specialist..."

And then there are the pr0n "dialer" dudes, who offer "free" access to 
their pr0n site, you "just" need to use their special software (which
calls a 900 number somewhere in the Caribean for $15.00/minute, and/or
sends more spam for them). 

Lastly, there are plenty of spam service providers who make money from
selling email addresses, selling spam software, selling spam hosting
services, you name it... in fact, some of the largest American carriers
are *perfectly* willing to provide connectivity for spamvertised web
sites so long as the 
spam doesn't actually get sent from that connectivity (and with hundreds
of 
thousands of open proxies out there, well, there's no need for a spammer
to 
be that gauche!)

If you want to stop spam, take the time to see where spamvertised web
sites are being hosted, and who's providing transit for those hosts.
I've been doing 
this for a while now, and I can *definitely* see some pretty obvious
patterns.

I guess those transpacific OC3s and OC12s for "strategic" customers 
are just too lucrative to risk jeopardizing with trifles like enforcing 
terms of service...

Regards,

Joe