Spam Kings (6 page)

In the spring of 2000, Davis Hawke decided it was time to get out of South Carolina. In
March, he and Patricia moved to Leicester, North Carolina. They were still living in a
mobile home, but now they had the Smoky Mountains right outside their door.

The charm of Chesnee had long since worn off, but there was another factor motivating
Hawke's move. An Internet user in California—no one Hawke had ever heard of—had sent him a
certified letter saying he was suing Hawke for spamming. The first thing Hawke did after
they settled into the trailer on Serenity Lane in Leicester was to visit an attorney in
Asheville. Hawke figured the lawsuit was a joke, but he wanted a professional opinion. The
lawyer told him he could probably ignore the legal threat, but he advised Hawke to
incorporate his Internet marketing company. That way Hawke could shield himself from
personal liability should someone lob a more serious lawsuit his way.

On that day, March 14, 2000, QuikSilver Enterprises
, Inc. became a North Carolina corporation. The next day, Hawke was blasting out
his first barrage of spams bearing his new company name. But to keep nosy people off his
back, Hawke continued to use his post office box in South Carolina as Quiksilver's mailing
address. He'd make the hour-long drive from Leicester to Spartanburg a couple times each
week just to gather up any checks or other mail that might have arrived.

Hawke had given up on trying to conceal the origin of his spams by routing them through
open mail relays. Instead, he signed up for several accounts using bogus names at ISPs such
as Blue Ridge Internet in Hendersonville, Internet of Asheville, or even BellSouth's
Internet service. He paid his twenty dollars, sent a couple spam runs, and almost invariably
the ISP would cut off service once it got complaints about his junk email. Hawke just
chalked up the disposable dial-up accounts as a cost of doing business.

Hawke's desire for a fresh start was also prompted by a series of other business
problems the previous winter. In December, bidders on his eBay auctions started leaving
negative comments in the feedback section of the auction site. They complained that Venture
Alpha, as he had called his online auction business, was slow to mail out products and that
emails to it sometimes bounced as undeliverable. Other winning bidders said the stuff he
shipped out didn't match the photos they had seen in his auction listings.

The negative feedback was frustrating to Hawke, who had been careful to keep the wheels
of e-commerce well greased by soliciting positive comments from bidders. Whenever he shipped
out a knife, belt buckle, or any other item to one of his eBay customers, he sent a note
requesting that the bidder leave positive feedback for him in the auction site's forum. In
turn, he agreed to recommend the buyer. That way, whenever a potential bidder looked at
Venture Alpha's member profile at the site, they'd see all the positive comments and feel
reassured about doing business with him.

But as Hawke's sales volume grew, the complaints also started to pile up. In late
December, a former customer posted a warning to buyers on the rec.knife Usenet newsgroup.
"Stay away from these people they are nothing but thieves," wrote the man. "I won one of
their auctions for a set of kamas ... I received the item seven weeks later! They auction
things they don't have in stock and wait until they get your money in hand to order it! The
quality of the item was terrible too."

The same day, eBay unceremoniously suspended Hawke's account. But he was not about to
abandon the business he had come to know so well. So Hawke decided to move up the food chain
and start marketing himself as an eBay auction expert. He pulled together some ideas he had
seen on the Internet along with some of his own tips into a ten-page document he titled the
"The EBay Home Study Course
." Available only in electronic format, it walked beginners though how to choose
a market niche and how to write a sales pitch. It also included details on the use of photos
to spice up auction listings and advice on setting up a complementary web site. The manual
even had a section on why getting positive comments from bidders is important.

"You need to have an outstanding feedback rating brimming with positive comments to
really make huge profits on eBay," Hawke wrote. But he also advised auctioneers on how to
deal with what he called "rogue customers" who simply can't be satisfied. "We all know that
the customer is NOT always right...If they persist in causing problems, just ignore
them."

The eBay manual sold fairly well. But a new Hawke venture, which he called the Banned
CD
, became his cash cow after moving to North Carolina. According to the spams he
composed, the CD-ROM contained software programs and "contraband" information that would
"teach you things that Uncle Sam, your creditors, your boss, and others just don't want you
to know."

Hawke loaded the CDs with an assortment of documents he had picked up on the Internet,
such as instructions on how to build a cable-TV descrambler and a directory of suppliers of
explosives, silencers, and other weaponry. He also threw in a list of twenty-five million
email addresses, along with a copy of a spamming program. The CD also contained a number of
freeware utilities such as computer screensavers and clip art collections.

For twenty dollars, Hawke considered the Banned CD a bargain, and many customers seemed
to agree. But the Banned CD spams also generated more complaints than any of Hawke's
previous offerings.

In June 2000, a flood of Banned CD ads found their way into the email in-box of Reid
Walker, who operated a taxi business out of his home in Crestview, Florida.

Walker had recently bought a $250 box called a WebTV
that turned his television into a big computer monitor. He could sit on the
couch with the unit's wireless keyboard, dial up the Internet through the box's internal
modem, and look at eBay auctions or check his email between phone calls dispatching rides or
handling other business details.

Walker's WebTV email account had a limited storage quota, and the unit had no CD-ROM
drive, so he had absolutely no interest in the barrage of Banned CD ads. More than thirty
arrived over the course of a week or two.

After Walker got the first couple of messages, he did the first thing most consumers do:
complain to their ISP. WebTV admitted that its spam filter wasn't 100 percent effective and
conceded that individual users couldn't customize it to block selected spams. There wasn't
much WebTV could do. So Walker followed the instructions at the bottom of the Banned CD
ad.

"This is a 100-percent opt-in list...we immediately honor all requests to be removed,"
promised the ad. So Walker replied, asking to be taken off the list. But his message was
returned as undeliverable. The next day, more copies of the spam arrived, this time with a
new return address, and a slightly reworked message:

"And you just had your last chance to stop emailing me," Walker wrote back, fuming. But
once again, his message bounced back undelivered.
^[
2
]

Growing more annoyed by the minute, Walked decided to visit 4publish.com, the web site
advertised in the Banned CD spams. He was hoping to locate a phone number or other contact
information.

"Remove my email from your distribution list," he wrote in a customer comment input form
on 4publish.com.

But a few days later, in a third salvo, more ads for the Banned CD arrived in Walker's
in-box. Now furious, Walker wrote in the input form at the site, "YOU CAN ALSO BE JAILED FOR
SPAMMING! WHICH I AM DOING EVERYTHING I CAN TO GET YOU TRACKED DOWN. QUIT SENDING ME THIS
SHIT...IS THAT PLAIN ENOUGH FOR YOU?"

To further drive home his point, Walker sent the message over and over again. He ended
up sending over one hundred copies of the message by repeatedly cutting and pasting the text
into the form and hitting the submit button.

Without identifying himself, Hawke replied less than an hour later.

"Since you see fit to mail bomb me and harass me like this, I am never, ever, ever going
to remove you from this list," wrote Hawke using the email account
[email protected].
"In fact, I am going to distribute your
email address and phone number to as many telemarketing companies and spamming companies
that I know, who will in turn sell that info to hundreds, perhaps thousands, of other direct
sales businesses like mine. Have fun!"

And then, a few minutes later, Hawke sent another message: "And no, asshole, I can't be
jailed for spamming. Read the federal laws. It is a civil offense whereby you can sue me for
$500 per message. I make $25,000 each weekend doing this. It will cost you more than $500
just to hire a good civil attorney. Go for it pal. I can afford it!"

Walker's comment about sending Hawke to jail had been a bluff. To his knowledge, there
was no federal law prohibiting junk email. But he was astounded by the spammer's defiance
and wondered whether there was a way to combat him. He decided to post a message on Usenet,
where he had gotten good advice in the past about fishing and vacation questions.

"Can anyone help?" he asked on June 26, 2000, in a newsgroup called alt.spam.

An anti-spammer named Peter promptly came to Walker's aid. He looked up the domain
registration record for resalehighway.com. Peter told Walker that the site was registered to
a Winston Cross in Spartanburg, South Carolina, who listed an email address of
[email protected]
.

On Peter's suggestion, Walker emailed a complaint to Charter Communications, the cable
company that provided Cross's Internet account, as well as to Blueberry Hill Communications,
the California ISP listed in the domain record as the host for resalehighway.com. On both
complaints, Walker sent a carbon copy to Cross's charter.net address.

Peter warned Walker not to expect a quick response and said that ISPs sometimes need to
be reminded before they take action. But just the next day, Walker received a terse email
from Cross, a.k.a. Hawke. "You're on the remove list, punk. You won't receive any more ads,"
wrote the reluctantly repentant spammer. Walker was jubilant.

Hawke expected the incident would result in resalehighway.com being shut down. But the
site remained online and stayed nearly bulletproof to anti-spammer complaints for nearly a
year. It even escaped a nomination to the Mail Abuse Prevention System blacklist. That June,
another Internet user who had received Hawke's Banned CD ads posted a complaint to Nanae. He
said that MAPS's operators had declined his nomination on the grounds that selling spamware
was not sufficient reason to blockade the site. In reply, anti-spammer Alan Murphy agreed
the site's IP address should be blacklisted, but he advised the user that there wasn't much
more he could do. "Move on to the next target," wrote Murphy.

After reading the complaints about MAPS's inaction regarding resalehighway.com, Shiksaa
did some brief poking around at Hawke's site. She might have put more time into
investigating the site and its operator, but the following day a much bigger object appeared
on the Nanae radar.

The newsgroup was abuzz with word that someone had apparently hacked into the computers
of a Tennessee spam operation known as Premier Services, downloaded over one hundred
megabytes of data, and posted some of the juicier tidbits at a site he entitled Behind Enemy
Lines.

"If you are an anti-spammer looking for an inside peek at the world of spamming, you
have just found Fort Knox!" wrote the hacker, who identified himself only as "The Man in the
Wilderness
."

The hacker's site included scores of pages of chat logs and emails between Premier
Services's employees and customers. The messages detailed a variety of shady practices,
including pump-and-dump stock scams and AOL password-stealing schemes. The hacker's site,
originally hosted at an ad-supported service called FreeWebSites.com, also included an
assortment of partially nude photos of some of the company's principals.

Prior to that day in June 2000, Premier Services and its owner, 35-year-old Rodona
Garst, were unknown to most anti-spammers. But they would soon become the most notorious
instance of retaliatory hacking since Hacker-X targeted Sanford Wallace.

According to the Man in the Wilderness's account of events, he had been the victim of a
type of online fraud referred to by anti-spammers as a Joe-job
. In early 2000, Garst had forged his domain name in the return address of one
of Premier Services's spam runs. As a result of the Joe-job, the hacker's mail server was
besieged by thousands of error messages generated by undeliverable addresses on Garst's
mailing list. The hacker also received complaints from inexperienced anti-spammers who
thought he was responsible for Premier's spam. The Man in the Wilderness said he contacted
the ISP Garst had used to send the messages, and the provider responded by canceling
Premier's account.

"For the spammer responsible, this was warning shot number one," wrote the Man in the
Wilderness in Behind Enemy Lines.

But Garst subsequently sent two more spam runs through different accounts, both of which
again used the hacker's domain in their return address.

"Normally I am too busy to be bothered with the everyday activities of a small time
huckster, but this one was beginning to piss me off," wrote the Man in the Wilderness, who
said he worked as an Internet technology consultant. Now determined to take matters into his
own hands, he managed to capture one of Garst's spams shortly after it went out. Then, after
analyzing the message's header, he identified the network address of the PC used to send the
spam.

"Her luck had just run out," he wrote.

At that point, the Man in the Wilderness somehow found a way to hack into Garst's PC
over the Internet. His first act was to delete the copy of 1
^st
Class Mail, a program for sending junk email, from her hard disk. Then he downloaded
numerous datafiles from the PC "to determine who I was dealing with."

After studying the files, the Man in the Wilderness determined that Premier Services was
apparently being hired by a variety of firms to market dodgy offerings via spam, including
college diplomas, credit repair services, government grants, and pornography. According to
the hacker, Garst ran the business out of her home in Clarksville, Tennessee, coordinating a
handful of associates located around the U.S. Over the course of a couple of weeks, the
hacker "spread like a silent wildfire through Rodona's computer network" and hacked his way
one by one into the company's computers.

"What I wanted," he explained, "was unrestricted access to the data on their hard
drives, and computer by computer I got it."

The Man in the Wilderness uploaded over six megabytes of the purloined files to his
Behind Enemy Lines site, including over two megabytes of log files of online chats between
Garst and her five spamming associates. At first, many of the more technical readers of
Nanae were skeptical. Something about the hacker's account of events stuck in their craw. He
provided no details about how he had managed to break into Garst's computer but instead
glossed over it with what sounded to them like a Hollywood account of hacking: "I silently
came across the Internet from thousands of miles away and hacked my way into the spammer's
computer."
^[
3
]

But the copious details in the stolen files convinced many that Behind Enemy Lines was
not fiction. Included was an incriminating exchange of emails in late 1999 between Garst and
a Texas man named Mark E. Rice. The messages discussed a stock pump-and-dump deal under
which Garst would be paid $1,500 per million junk emails to send spam touting the stocks of
four microcap companies. Rice authored the spams, which typically included fraudulent press
releases about the companies and their prospects. Soon after Garst sent off a load of spam,
Rice would sell large blocks of the stocks, hoping to profit from the uptick generated by
the messages.

"The thing I like about emailing at night is that the rush in the morning is very good
for a stock...And if we can keep the momentum going through out the day, we win," wrote Rice
in an October email to Garst The email exchanges also indicated that Garst wanted to reap
more from the scam than Rice's regular payment checks, sent to her via Federal Express. At
one point she asked his advice in setting up a brokerage account so that she too could trade
shares of the manipulated stocks.

"Since I have an inside of sorts it seems it would be wise if I purchased some stock
that we are promoting. Do you have any recommendations?" she inquired.

Rodona Garst puzzled many spam fighters because she didn't fit their trailer-trash image
of spammers. Garst and her associates lived in middle-class neighborhoods in three-bedroom,
two-bath colonials. Like other white-collar office workers, they chatted about work,
relationships, chocolate, their hair, and family. Shattering that veneer of normalcy,
however, were the women's conversations about ways to defeat ISP spam filters or about
places to find pirated ("cracked") spamware programs. They also freely traded tips on
stealing ("fishing") AOL accounts from gullible users and on fudging their income tax
returns.

The Man in the Wilderness acknowledged that the information he found could be quite
embarrassing if made public. He also noted that he'd done some soul searching before
deciding whether to post the files. But ultimately, he concluded, Premier Services had
abandoned its right to privacy by conducting its business so unethically.

"So, without further delay, let's get brutal!" he wrote.

The Man in the Wilderness proceeded to post revealing photographs of Garst apparently
pilfered from her computer. One depicted her from behind in a bathroom, wearing nothing but
a T-shirt. The hacker had captioned the photo, "The Number of Freckles on Rodona Garst's
Ass."

The second shot showed Garst in her office, pulling her shirt up to her chin and baring
her chest. "Rodona's Breast Size" was the hacker's title. Another set of photos, labeled "A
Date with a Spam Queen," displayed Garst's business associate, 58-year-old Shary Valentine.
The photos showed Valentine posing in corny studio settings wearing a variety of teddies and
other revealing outfits. Also included at the site were two erotic short stories also
reportedly gleaned from Premier Services's hard disks.

The appearance of Behind Enemy Lines touched off a new debate in Nanae about the ethics
of hacking spammers.

"While that is exactly what we all dream about, the way these spammers' plugs were
pulled is NOT, repeat, NOT the way NANAEites should conduct business," wrote one newsgroup
participant. But some spam fighters, fearing that Behind Enemy Lines might be forced
offline, quickly "mirrored" (copied and republished) the site on their own web sites.

One of the first to publish notice of his mirror on Nanae, a Briton named John Payne,
soon received email from Garst requesting that he take down the mirror. Payne responded by
contacting her over AOL Instant Messenger.

"You do know I didn't have anything to do with the content, right?" he asked
Garst.
^[
4
]

But she still seemed under the impression that Payne was somehow connected to the Man in
the Wilderness.

"I intend to follow through with this legally, so any information you have would show
your cooperation," Garst told him.

Payne reiterated that he had no information and that his mirror was just that—a copy of
the original site. "I note that you've not yet disputed the accusations," he added.

Garst took nearly a minute to reply.

"An investigator is currently on the case to discover as much information about this as
he can," she said.

Her response puzzled Payne. "About you, or the hacker?"

"The hacker obviously," she replied. "Direct email is not illegal and most of what he
claims my company has participated in is totally off base."

Payne tried to get her to talk about how she acquired her mailing lists and other
aspects of her business, but Garst was evasive.

"Gotta run...so nice to chat," she typed and signed off.

While Rodona Garst may have been eager to discover the identity of the Man in the
Wilderness, anti-spammers seemed reluctant to investigate too energetically.
^[
5
]
They were focused instead on a large file lifted from Premier Services and
available at the Behind Enemy Lines site. According to the Man in the Wilderness, the
1.5-megabyte file,
antifile.zip
, contained a compressed archive of
addresses of anti-spammers that Garst's gang was afraid to spam. The company apparently used
it to "wash" its mailing lists so that spam fighters wouldn't receive Premier's ads and
complain. Nanae readers downloaded the file and pored over it, searching for their email
addresses among the more than 200,000 listed in the file.

"Wow, this is the first time I've been officially 'honored' by a spammer. Somehow I
feel...dirty," said a spam fighter named Cynthia upon learning that she made the list. "I'm
so proud, one of my spam-fighting addresses made the list, but none of my spam traps," wrote
another Nanae participant, who, like many anti-spammers, had signed up for email accounts
specifically in the hope that they would provide fodder for abuse reports.

Others saw the list as a sure sign that junk emailers were fearful of anti-spammers.
"Someone went to a lot of effort to put together that list. If fighting spam was as
ineffective as people claim, no one would go to the effort," was the conclusion of one
anti-spammer.

Although Shiksaa had only been in the spam wars for little over a year, her AOL and
Hotmail email addresses both made Garst's anti list. She realized that many of the addresses
apparently had been compiled simply by harvesting Nanae addresses; even emails belonging to
retired spammer Sanford Wallace and spamware vendor Andrew Brunner made the list. And a good
portion of the roster seemed to have been compiled from previous compendiums of anti-spammer
addresses and was thus out of date. Shiksaa's newest email,
[email protected]
, which she had been using on Nanae since February, was
not included. (She was given the account at Etherboy.com as a gift by its administrator,
Dave Lugo, an admirer and longtime spam fighter.)

As a further sign that Shiksaa had become a veteran spam fighter
, she was invited to join #Nanae and #Lart, two Internet Relay Chat (IRC)
channels where anti-spammers could more privately trade quips and information. While Usenet
had little of the immediacy of in-person conversation, IRC was often confusingly fast-paced,
with comments from participants scrolling dizzyingly down Shiksaa's screen.

Sometimes, such as occasions facetiously known as Nanae Beer Nights, more than a dozen
spam fighters, from all over the U.S. and Europe, would be in the chat room at the same
time. It was on IRC that Piers Forrest, a 43-year-old computer technician from England,
known on Nanae as Mad Pierre
, began doting on Shiksaa. Usually all business on the Nanae newsgroup, Mad
Pierre was a master of the humorously flirtatious IRC remark. In August, Shiksaa began using
one of Mad Pierre's more memorable utterances in the signature line of her newsgroup
postings: "I worship at the feet of Shiksaa...I'd worship higher up if the straps weren't so
tight."

While Mad Pierre was not alone in his hyperbolic adoration—several of the male members
of Nanae had jokingly been referring to her as the Spam Goddess
—Shiksaa particularly enjoyed playing along with Mad Pierre. Once, after a
spammer trolled Nanae, accusing antis of having no life, Mad Pierre sarcastically responded
that the spammer was correct.

"Damn, you've got us bang to rights. We have no lives. None. At all."

To which Shiksaa responded, "Your life is the worship of
moi
."

But because of her investigative skills and dedication to anti-spamming, Shiksaa
continued to be a magnet for harassment from bulk emailers, who sought her out on AOL
Instant Messager (AIM) or anonymously posted insults about her on Nanae. While she could
handle the occasional run-in with kooks, Shiksaa was livid over a stunt pulled by Brunner in
the late summer. As part of her self-education in the ways of spamming, she had downloaded a
demo copy of CyberCreek's Avalanche spamware program. Her plan was to install and test it
out. But as she was skimming the ReadMe file that came with the software, Shiksaa
froze.

Near the bottom of the document, which invited users to contact CyberCreek with
questions or suggestions, was a section called the Net-Nazi Hall of Shame. Below a
disclaimer that stated that he was not responsible for "actions/misdeeds committed unto the
following persons or entities," Brunner had listed Shiksaa's first name and her phone
number. Beside them, Brunner had added an appeal to all the hundreds of spambags who would
install his program: "If you have her address please drop us a note, as she is going to be
the first Net-Nazi to be held accountable in a California civil court for
defamation."