Spam Kings (4 page)

Though she was a quick study, Shiksaa's first attempts at anti-spamming were fraught
with rookie mistakes. On one occasion she angrily LARTed (filed an abuse report about) a
company that had sent her spam and was later forced sheepishly to confess to Nanae that she
had voluntarily signed up to receive mailings from the firm. Another time a Nanae veteran
chewed her out for posting a 700-line message containing the entire contents of a FAQ on
spam, rather than just providing a hyperlink to the document. Her tendency to become
verbally combative when insulted or threatened also put her at odds with some newsgroup
participants. When one of Nanae's resident
trolls
—a term used to describe newsgroup users who posted messages aimed
at annoying other participants—argued once that anti-spammers were akin to the Ku Klux Klan,
Shiksaa launched into a vehement counter-attack.

"Your mistake is that you assume anyone cares what you think," Shiksaa snapped back.
"When you stop talking out of your derrière and want to help stamp out spam, come on back,"
she wrote.
^[
3
]
The man responded by addressing her as "whorebot" and deriding her behavior as
"typical of juniors enlisted into vigilante causes." The conversation (or
thread
in Usenet-speak) ended after several Nanae regulars rallied to
Shiksaa's defense.

Though it didn't stanch the flow of junk email into her AOL account, Shiksaa found
herself spending a couple of hours each day reading and commenting on Nanae. She enjoyed
bantering with the newsgroup's regulars, who had a twisted and sometimes scathing sense of
humor that she found exhilarating. At one point she even signed up for membership in the
group's official anti-spam club, The Lumber Cartel
. It was formed in 1997 as a humorous response to assertions by some bulk
emailers that wood-products companies were funding anti-spammers in order to preserve
paper-based direct-mail promotions.

The Cartel's web site featured images of clear-cut forests and logging trucks piled high
with timber. At the site, prospective members could type their names into a form, click a
button, and out would pop a certificate bearing the new member's name, membership number,
and the following words:

To further whip up the paranoia of spammers, Cartel members made a point of littering
their Nanae postings with thinly veiled references to payoffs received from lumber
companies, along with denials that the anti-spam group existed. Many signed their messages
with the phrase "there is no Lumber Cartel" or simply used the acronym TINLC
. In early June 1999, Shiksaa configured her newsgroup reader so that it
automatically added a signature line to her Nanae postings: "I am not a member of a
nonexistent group of anti-spammers but if I were, I would be honored to be #782." She
abandoned the sig a few days later after deciding it looked tacky.

Despite her lack of experience and technical sophistication, Shiksaa proved to be a
precocious spammer tracker. One early incident in particular earned the respect and
admiration of veteran junk-email opponents. It occurred in early June of 1999, when she
received email advertising PCs that could be purchased with monthly payments. ("YOU NEED A
NEW COMPUTER!" shouted the spam's subject line.)

Studying the message's headers—the technical data that revealed the email's path across
the Internet to AOL's mail server—Shiksaa determined that the sender had forged the return
address so that the email appeared to originate from a site catering to kids. In the body of
the message, there was a web site address for ordering the computer systems online. But to
shield himself further, the spammer had obfuscated the URL; unlike normal web addresses that
contain ordinary alphanumeric characters, it had been translated by the spammer instead into
hexadecimal data easily decipherable only by a computer.

Shiksaa cut and pasted the encoded URL into a form at a special anti-spam web site she
had read about on Nanae called SamSpade.org
. It converted the obfuscated address back into regular characters, which
enabled her to determine that the spammer's site was hosted on a computer operated by a
small ISP in California.

On a whim, Shiksaa then tried a simple investigative technique she had read about on
Nanae. In her web browser's address bar, she trimmed off some of the characters to the right
of the final forward slash in the site's address and then hit the Enter key. Rather than
displaying an ordinary web page designed by the site's operator, the new address provided a
peek behind the curtain, revealing instead a list of files stored on the web server. When
she clicked on one of the files, her browser displayed what appeared to be hundreds of
orders.

Shiksaa gasped in disbelief. Besides street and email addresses, the file included
customers' credit card numbers and telephone numbers, all totally unsecured and accessible
to anyone who stumbled upon it with their web browsers. Whoever had created the site
obviously placed a higher priority on concealing his own identity than on protecting his
customers' personal information. (Most legitimate shopping sites never store credit card
numbers on their web servers, and when they do, the numbers are locked away from prying eyes
using encryption.)

Shiksaa quickly scanned some of the other exposed files on the server. There were
several large ones containing email addresses, likely the spammer's mailing lists. One file
contained a log that appeared to include the spammer's true AOL email address. She typed the
address into Deja News, the newsgroup search engine, and found several spam complaints
linking the address to an Oregon man named Glenn Conley. Besides sending spam touting cheap
computers, Conley had apparently also been LARTed for numerous junk emails touting
pornography and get-rich-quick schemes.

Shiksaa posted a message to Nanae announcing her discovery and asking for advice on what
to do next. The experts told her to copy all of the files from the server and dispatch them
immediately to AOL's legal department as well as to the ISP hosting the site. She obliged
and promptly got an automated acknowledgement from AOL. But weeks went by, and the spammer's
site, including the growing list of customer orders, was still online. When Shiksaa
mentioned this to Nanae regulars, they told her to get used to it. Most abuse reports, they
said, end up in what they called the bit bucket—the electronic garbage can.

But as it turned out, Shiksaa's notification to AOL may have done some good. Seven
months later, in February 2000, AOL helped federal authorities indict Conley for using spam
to commit securities fraud. From October 1999 through January 2000, Conley and a partner had
used stolen credit card numbers to open accounts at twenty ISPs. Then they purchased
thousands of shares of penny stocks in companies with little or no revenue. Next they
proceeded to pump up the stocks' value by sending millions of spams to AOL users, touting
the stocks' prospects. (Conley composed some of the messages to make them appear like
communication between two friends, using subject lines such as "Hey Bob...This STOCK is
gonna BLOW UP!") Gullible investors reacted to the messages by purchasing the stocks, which
drove up the stocks' prices. That's when Conley and his partner dumped their shares, but not
before making a cool million dollars. Conley was eventually sentenced to twenty-seven months
in prison for his role in the scam.

With Shiksaa's rising profile in Nanae, and her daily slew of LARTs, it wasn't long
before spammers took notice of the new "anti" in town. One morning in early July of 1999,
Shiksaa was sitting at her computer when AOL's instant message service popped up a window
from a stranger.
^[
4
]

"Hi, anti spammer, are you ready to die?" asked the person, who used the nickname Lime
Pro
.

Shiksaa froze when she read the words. At long last, she was virtually face to face with
one of the low-life scum who had become her obsession for the past several months. Shiksaa
couldn't recall where she had seen Lime Pro's nickname, but she guessed he was one of the
dozens of people she had recently reported for spamming. After making sure that her computer
was keeping a log file of the AOL chat session, she cautiously engaged Lime Pro in
conversation.

"Are you ready to lose your account?" she replied.

He instantly began slinging insults at her ("How much of a dumb ass are you") and said
he was in the process of hacking her IM account. Fighting against adrenalin, Shiksaa tried
to remain calm.
Could he really do that?
She had heard reports of AOL
hackers exploiting flaws in the service's software to take control of other users' accounts.
And sure enough, when she tried to click the Messenger program's "Notify" button, which was
designed to alert AOL about abusive users, nothing happened.

Shiksaa knew that she could just sign off the service and avoid the confrontation. But
she couldn't resist asking Lime Pro a question first.

"Why do you spam?"

Now it was Lime Pro's turn to be dumbfounded. He stumbled over his words a bit and then
finally explained that he was earning $800 per week sending junk email, and that he owned a
new Corvette and was co-owner of a restaurant in Pennsylvania. All of this, he added,
despite the fact that he was only seventeen.

When Shiksaa typed "LOL" and told him she sincerely doubted it, Lime Pro went silent.
Moments later, it was he who signed off the service.

Shiksaa waited for several minutes for Lime Pro to return. Unsuccessful, she emailed a
copy of her log file to AOL's online abuse team. Then she posted a lighthearted description
of the encounter on Nanae, with the subject line "[C&C] First death threat from
spambag." One anti-spammer who read it said she shouldn't worry about the threats from Lime
Pro, whom he said was probably "a zit-faced, scrawny 17-year old puke living in the back of
mommy and daddy's trailer." But some folks in the newsgroup were troubled by Shiksaa's
report. "Not taking a threat seriously can be deadly," warned one woman, who recommended
that Shiksaa report the incident to her local police.

Shiksaa ignored the woman's advice. She considered Lime Pro mostly harmless, and
besides, she had been very careful about not saying anything to anyone online that would
reveal her true identity. Still, when she went to bed that night, she checked her dresser to
make sure the .357 Magnum handgun she had owned since 1975 was still there.

About a week later, in hopes of getting out from beneath the avalanche of spam burying
her AOL account each day, Shiksaa signed up for a new email address with Microsoft's free
Hotmail service using her married name, Susan Wilson. Her plan was to use the address,
carefully munged (camouflaged) of course, in her future Usenet postings. As she had done in
the past, she would give out only her first name in any messages. In her newsreader's setup
menu, she replaced her AOL address with her new Hotmail account. But when she tried out the
new account for the first time by posting a message to the alt.test group, for some reason
her newsreader automatically signed the message with her full name, which is what she had
used to sign up for Hotmail. On the Internet, the alias Shiksaa and Susan Wilson were now
indelibly linked. It was the type of careless mistake that Shiksaa's enemies would someday
exploit.

Eight copies of Hawke's Web Manual ad somehow landed in the America Online in-box of
Karl Gray, an AOL user in London. Like most ISPs in the United Kingdom at the time, AOL's
service was metered, which meant that Gray paid a per-minute charge while online.
Downloading and dealing with spam therefore wasn't just a nuisance; it cost him money. While
most AOL users might have deleted the Web Manual ads in disgust, Gray posted a copy of the
spam to a newsgroup named alt.stop.spamming, along with the words, "Any one want to help me
wage war?"

Morely Dotes, the online alias of a Nanae regular named Richard Tietjens, spotted Gray's
posting during his regular morning sweep through anti-spam newsgroups. Dotes looked up the
domain registration record for WebManual2000.com
and posted the information as a reply to Gray's message. Dotes also noted in
his message that the ad's headers indicated it had been transmitted from an InnovaNet user
operating a spam program with "direct-to-MX" capabilities. Such technology routed the ads
directly to recipients' email servers, leaving no trace at InnovaNet's mail server.

"It is obvious from the fact that Kincaid used direct-to-MX spamware that he knows what
he is doing is wrong," wrote Dotes.

Had Shiksaa been a regular reader of alt.stop.spamming, those words might have inspired
her to pounce on the case and run searches on Kincaid's phone number and email address.
Eventually, she would have her first online encounter with Hawke. But on that day in
September 1999, Shiksaa still stuck mostly to news.admin.net-abuse.email, and she was
embroiled in an ugly conflict with Andrew Brunner, the 27-year-old developer of a new
program for sending bulk email.

Brunner's Avalanche software was among scores listed at The Spamware Site, which was
maintained by a frequent Nanae contributor from England who went by the alias Sapient
Fridge. Since most ISPs refused to host sites selling bulk emailing software, business could
become quite difficult for any companies named to the Spamware roster. Brunner, a slim,
clean-cut, and ordinarily soft-spoken man, was livid when he learned in August 1999 that his
Pennsylvania-based firm, CyberCreek
, was listed. He complained to spam fighters that they were interfering with his
legal right to communicate with prospective customers, and he hurled legal threats at
Sapient Fridge, insisting that he remove CyberCreek or risk being sued for
defamation.

But the antis held their ground. They acknowledged Brunner's claim that Avalanche could
theoretically be used for distributing electronic newsletters and other non-spam purposes.
They noted, however, that the program also included a number of features with no legitimate
purpose, such as the ability to create fake headers aimed at covering the digital footprints
of the software's users and a technical trick that enabled Avalanche to force its messages
into email servers intentionally locked down against spam.

In a show of support, Shiksaa posted a mirror image of Sapient Fridge's Spamware list on
her new personal home page. (The home page was a freebie that came with the new
EarthLink
ISP service she had signed up for a few weeks previously to test as a possible
AOL replacement.) A couple of other antis, including Morely Dotes, followed with mirrors of
their own. Meanwhile, Steve Linford, the operator of UXN, a London-based ISP, added
CyberCreek to Spamhaus
, his list of spam support services. Clearly, Brunner's lawsuit bluff had
failed.

Then, in late August, an anonymous person sent an email to all of the companies on the
spamware list. The message was a call to action for spammers to fight fire with fire by
filing complaints with the ISPs hosting the sites operated by Sapient Fridge, Linford,
Shiksaa, and others. The sender of the message, who called himself Jolly Roger
, also encouraged spammers to launch attacks against the sites, with the aim of
knocking them offline with a flood of malicious traffic.

"Remember, if you don't do this then you are giving up," he wrote. "Imagine how good it
would feel to get some revenge. Won't it be ironic when we shut their asses down?"

Although the spamware vendors never rallied to Jolly Roger's call to cyber war, Shiksaa
watched with dismay as Nanae
boiled with new disdain for Brunner. To taunt him, anti-spammers began
referring to Brunner as "Spamdrew" and to his company as "CyberCrook," and they mercilessly
mocked him for his tendency toward misspellings such as "law suite." Yet earlier that
summer, some of the same people were memorializing the one-year anniversary of the death of
Jim Nitchals, whom they described as the Dr. Martin Luther King, Jr. of the anti-spam
movement. Just before dying of a brain hemorrhage in June of 1998, Nitchals had helped lead
peace talks aimed at persuading Sanford Wallace to give up his spamming ways. (Ultimately,
however, it took lawsuits to get Wallace to stop.)

Feeling emboldened by her recent conversations with spammers such as Lime Pro, Shiksaa
decided to approach Brunner privately as an emissary from Nanae. One morning a few days
before Labor Day weekend, she looked up CyberCreek's phone number on its web site and called
Brunner.

Brunner answered his cell phone on the first ring. He sounded surprised that she had
called, and he remained suspicious, even after she earnestly announced her intention of
ending the flame war. (In fact, Brunner's high-pitched, scratchy voice made it hard for
Shiksaa not to picture the gawky kid Alfalfa from the
Little Rascals
TV
show.) But after they chatted a bit, including about the need for both sides to respect the
other, Brunner clearly was disarmed. He confessed that he preferred not to sell software to
spammers but that he was only trying to earn a living. At one point, he suggested he could
modify Avalanche to disable the spamware features such as cloaking.

"If I do it, can you talk to those guys and get them to take me off their lists?" he
asked.

"I can't make any promises, Andy," she replied, "but I don't see why they wouldn't do
it."

Shiksaa reported her conversation with Brunner on Nanae the following day, noting that
she had made some progress in bringing him back from the dark side.

"I told him that he would be treated with respect if he would cut the shit and name
calling," she wrote. "I would hope that everyone could get beyond the past and work for the
common goal. Let's stop the flame war and work to stop the spam."

But rather than applauding Shiksaa's diplomatic efforts, many spam fighters criticized
her for trying to strike a deal with Brunner.

"You seem terribly naïve. Con men do not reform and you are just making yourself the
fall guy for another con," wrote one Nanae regular, who added, "You seem to have an affinity
for believing stories made up to appease you."

Another chimed in: "It seems Susan is sort of new to this and is trying to reason with
these individuals. It doesn't work."

Even Alan Murphy, a long-time spam fighter who had helped Shiksaa on a number of spam
investigations, was skeptical of her attempts to get Brunner to revise Avalanche.

"I honestly don't understand what you think Andrew intended to do with it beside promote
spam. It was designed to abuse," wrote Murphy.

Stung by the criticism and condescension, Shiksaa fired off a post to Nanae saying that
she believed that treating Brunner with respect was the best tactic for bringing him
around.

"Shoot me for trying," she wrote.

Fearing Shiksaa was dangerously close to resigning from the corps of spam fighters,
Murphy posted a public plea asking the group to back off in its criticism: "I'm very
impressed by Susan's ability to get people on the phone ... She doesn't deserve the heat she
got, and I know that she felt it."

Shiksaa had little time to brood over the debate surrounding her peacekeeping mission.
Two days later the operators of the Realtime Blackhole List (RBL)
added CyberCreek to their powerful and controversial spam blacklist. Run by
Mail Abuse Prevention System (MAPS), a nonprofit consortium founded in 1997, the RBL
included the network addresses of major spam operations as well as companies that provided
them services. By configuring their mail servers—and in extreme cases, their network
routers—to reject any traffic to or from addresses on the RBL, ISPs effectively were able to
isolate spammers from communicating with parts of the Internet.

When he found out his company had been placed on the RBL, Brunner snapped. Jettisoning
the conciliatory tone he had taken with Shiksaa, Brunner went into full verbal-combat mode.
He configured his newsreader to add a new signature line at the bottom of all of his Usenet
postings, "DEATH TO ALL NET-NAZIS!!!" His new sig also included the name, address, and home
phone number of MAPS cofounder Paul Vixie, a California-based consultant and network
engineer, as well as contact details for a handful of other leading anti-spammers. On
September 9, 1999, Brunner posted a message to Nanae, calling Vixie a "fascist piece of
anti-American, anti-business dirt" and warning that "When I am done with you, you won't be
able to wipe the dingle berries off Bill Gates' ass."

Brunner's display of vitriol wasn't aimed at Shiksaa, but it bothered her deeply. There
she was, putting Andy forward to her Nanae brethren as a businessman who could be reasoned
with. Instead, he revealed himself to be a cretin, justifying the warnings of those who had
called her naïve. It cultivated in Shiksaa a strong desire to retaliate.

After contemplating some options, she launched Microsoft FrontPage Express, the HTML
editor that came with her computer. In a couple of hours, she had whipped together a web
page entitled "The Brunners of Chickenbone Creek
."

Using some photos she found online, Shiksaa assembled a simple collage on a bright red
background. Beneath the photo of a Winnebago trailer she placed the caption "Home," while
she captioned a photo of an AirStream trailer with the words "Summer home." Below an image
of a young girl holding a bucket of fried chicken, Shiksaa added "The Future Mrs. Spamdrew
Brunner." She also found a photo of a can of Hormel SPAM in which the product's name had
been changed to SCAM. She gave it a caption that read "Staple of the Brunner
household...err...trailerhold."

To complete the page, Shiksaa added background music in the form of a midi file, which
played a computer-generated version of the dueling banjos piece from the movie
Deliverance
whenever someone viewed the page. Then she uploaded the
files to her Earthlink personal site and published a link to the page on Nanae.

The spam fighters were delighted with Shiksaa's little creation. Several quickly posted
glowing reviews. "A classic...truly inspired...You have earned a special place (TINSP) in
the hall of NANAE-ites with that little gem," wrote one.

After checking out Shiksaa's Brunner parody page, a Nanae participant named Rick
navigated to her new personal home page, where she had published a small photo of
herself.

"Would it be ok if I had a mild crush on you?" he wrote.

Before Shiksaa could respond, a user from England named Ian chimed in, "Get off. She's
mine!"

Brunner, on the other hand, was not amused in the slightest. He posted an ominous, if
grammatically puzzling, public challenge to Shiksaa.

"Why don't you make it easy on me and give me your real address. When I find you I won't
let go until you are either penniless. At the very least you won't be able to have a charge
card. Enjoy the rest of your pathetic life," wrote Brunner.

Shiksaa knew it was just another one of Brunner's bluffs. He was a beaten, ineffectual
man. Unless he drastically changed his business practices, CyberCreek.com would remain
hopelessly black-holed from the rest of the Internet. At that point, there was really no
reason to kick Brunner while he was down. But Shiksaa simply couldn't resist.

"I meant to tell you," she wrote in reply to Brunner's threatening note on Nanae. "You
have a little whiny voice and you sound like you can't be older than 20. Has your voice
finished changing yet? Get rid of that annoying adolescent acne?" Shiksaa signed the note,
"Smooch, smooch, precious."

Rereading her message when it appeared on Nanae, Shiksaa realized it sounded catty and
mean-spirited. But it wasn't really meant just for Brunner. She also intended it as a
deterrent to spammers everywhere.
Don't mess with The Lady of
LART
.