The spam goddess was now a target.
[
3
]
The attacker's statement that he had "escalated my remote access to that of a full
privileged local user" made it appear that he had broken into a system running the Unix
operating system. Yet according to the screen-grab photograph he provided, showing the
programs running on Garst's computer, the hacker appeared to have compromised a laptop
computer running Microsoft's Windows 98, which gives all users the same access rights.
Plus, there was the anonymous June 5 Nanae posting that announced the Behind Enemy Lines
siteâa message from "John Doe" posted from an Internet Protocol address registered to
Premier Services. These inconsistencies made some anti-spammers suspicious that perhaps
the whole incident was actually the work of a disgruntled insider with local access to
the computer, or even a hoax.
[
4
]
Payne posted a log file of his conversation with Garst at his web site,
cluelessfucks.com, in June 2000. The site is no longer available, but a copy can be
accessed via the Archive.org service.
[
5
]
A few months before Behind Enemy Lines was published on the Web, Shiksaa assisted a
new Nanae participant using the name Spam Hater, who complained that Garst had forged
his company's domain name in her spam runs. In his April 6 posting to the newsgroup,
Spam Hater listed Garst's phone number, ICQ number, and other contact details. (The same
day, Garst's associate Shary Valentine warned spamming colleague Shannon Redmond, "We
got hacked yesterday by an AOL user. Also got posted on an anti-spammer site today with
ALL of Rodona's info." A log of the two women's online chat was among those posted at
Behind Enemy Lines.) In his Nanae message about Garst, Spam Hater had included a sample
of one of her spams, with the domain name of his companyâthe Joe-job victimâredacted.
But a search on the message's subject lineâ"Need money?"âturned up a nearly identical
spam sample posted by Leah Roberts, a Nanae regular, to Usenet a few days prior to Spam
Hater's complaint. Roberts's sample, however, included the intact "From" line, which
showed the domain of an Internet provider in Michigan. It was possible that the ISP was
the Man in the Wilderness's employer. But Shiksaa never brought up the matter on
Nanae.
Brunner's legal threats didn't really worry Shiksaa. He had filed defamation lawsuits in
small-claims court against three other anti-spammers, none of whom took the suits very
seriously. But Shiksaa didn't relish the idea of spammers harassing her by telephone.
Brunner had apparently captured her number when she called him on his cell phone the
previous year. Now she had no choice but to contact Pacific Bell and get a new one. But as
Shiksaa glanced again at Brunner's file, her face brightened, and she burst into laughter.
That wasn't her phone number; Brunner had accidentally transposed two of the digits.
It was a classic Brunner gaffe. Just to be safe, Shiksaa went ahead and had the number
changed anyway. But to show Brunner she wasn't worried about his threats, she published two
new photos of him at her new web site, Chickenboner.com
. (She had acquired the domain name the previous March when the original owner,
an Internet businessman in New Brunswick, Canada, failed to renew the registration.)
Shiksaa got the photos from anti-spammers who had doctored a picture of Brunner that
appeared in a
Fortune
magazine article about spam. In the first image,
they grafted Brunner's head onto Rodona Garst's naked torso. The other depicted Brunner's
head pasted onto the scantily clad body of a Louisiana-based spammer named Robert "Bubba"
Catts. Shiksaa had stumbled upon the original Catts photo earlier that year in his AOL
member directory listing. The stocky Catts smiled sheepishly, sporting only a pair of
skimpy, flowered underpants. He had captioned the photo "This is a pic of me on a WILD
NIGHT!!"
Like Brunner, Bubba Catts
had become a favorite target for anti-spammer vengeance. He got his start in
the spam business in 1997 at the age of forty, after purchasing some bulk email software and
launching an ad campaign for a popular marketing scheme. The spams instructed recipients to
send five dollars to each of four people listed in the email, including Catts, whose post
office box in Shreveport was second on the list. Recipients were supposed to put their own
name and address on the top of the list, bumping the fourth person off, and then send the
list to as many people as they could. In his spam, Catts said the income he made from the
program enabled him to quit his day job selling cars.
"I was not prepared for the results," wrote Catts. "Everyday for the last six weeks, my
post office box has been overflowing with five-dollar bills. I am stunned by all the money
that keeps rolling in!"
But soon Catts received something else in his mailbox: threatening notices from several
states' attorneys general. Catts was forced to abandon the chain-letter scheme, but he was
hooked on the spamming business. Soon he had installed four computers in his home office on
Richmond Street, just a block off I-49 and the railroad tracks in the center of Shreveport,
and was pumping out spam for items ranging from software and cigars to condominiums and
cruise trips.
One night in late 1999 Catts was watching TV in his living room. His 12-year-old
daughter was asleep in the room he kept for her when she lived with him (Catts was divorced
in 1991).
The phone rang. It was some guy who said his name was John. He said he was sick of
receiving junk emails from Catts, and he was on his way over to Catts's house with a
friend.
"Me and my buddy Junior here, he's an awful mean drunk ... he's been drinking all
day."
[
6
]
"And what are you trying to do now?" Catts asked.
"We're trying to get to your house. We're going to come down and whup your damned ass
because you're sending all this shit email to us."
Catts rode bulls professionally for two years. He might have been short, but he grew up
in the tough town of Cedar Grove in Caddo Parish and never lost a fight in his life. Still,
he didn't want two drunken rednecks showing up at his doorstep.
"I aint sent nothin'," he said.
"Every God damned time I get on, I got fourteen fuckin' emails and I'm sick of this
shit," John shouted into the phone.
"Well, I don't know who you're getting it from," said Catts, his tenor voice
rising.
Then Junior's voice came over the line. It was louder and clearer than John's, as if he
was on another phone. He didn't have John's southern accent either.
"Take a right. Take a right!" Junior stuttered into the phone.
Catts had an idea. "Does it say it's from Bubba Catts?" he asked John.
"No, it's got some bogus email address on it. Every time I try to reply to it..."
Bubba cut in. "Have you tried Jon Scott? He's the one does my bulk mailing for
me."
John paused, as if taking in the information. "So, you don't do it yourself?"
"No, I pay him to do it."
Junior interrupted again. "Take a left. Take a left on Maryland."
"Are we anywhere near your house?" John asked Catts.
Maryland Avenue was just two streets over from Richmond. "You don't want to come over
here, I'm telling you right now," warned Catts.
"Why not?"
"Because the sheriff lives next door. My little girl is here. And I will go next door
and get him," said Catts rapid fire.
"Oh, well, you might have to," said John, a note of bemusement in his voice. "Because
Junior here wants to whup somebody's damn ass."
"He don't want to come in this house, unless he wants to go to jail," said Catts.
"Junior, you don't care about going to jail, do you?" asked John. "He's been wanting to
whup somebody's damn ass, and you're the only one I could think of tonight."
"Oh yeah, go get 'em," said Junior.
"We'll be there in a minute," said John. "You better have more than him, because there's
at least two of us comin'."
"Well...well, that's fine," said Catts.
"O.K., here's Richmond!" shouted Junior. "Go! Go fast!"
Bubba hung up the phone, so he couldn't hear the chuckling on the other end of the line.
He had just been the victim of a spam fighter's version of the TV program
Candid
Camera
. A few weeks later, a recording of the conversation appeared on the
Internet, joining other crank calls made to junk emailers at a site called Spammers
Speak.
When anti-spammers heard the recording, they cackled with delight. Shiksaa especially
enjoyed Catts's attempt to redirect the good old boys' wrath at Jon Scott. She'd had several
encounters with Scott, who sold mailing lists containing millions of email addresses. One
morning the previous year he had sent her an ICQ message that stated, "Let's get naked."
Shiksaa forwarded the note to the Internet service provider that hosted Scott's web site,
and requested that the ISP advise Scott to stop harassing her. Then, in an open letter on
Nanae, she responded to his advances.
"You are on some serious psychiatric drugs if you would even think I would have any
interest in seeing you naked, much less being in the same room with you," Shiksaa
wrote.
Scott, a 40-year-old resident of Chico, California, seemed hurt by her response. He
posted this reply: "Many of the people in this newsgroup have anger control problems. They
have so little power and control in their own lives that they try controlling
others...Susan, you have my deepest love and sympathy. May God bring calmness to your angry
soul."
But Scott's attempt to take the moral high ground was short-lived. A few weeks later, he
sent out a batch of spam that included Shiksaa's username, along with that of anti-spammer
Frederick, in the headers. The messages advertised a home-based business opportunity.
Technically, it wasn't a Joe-job, since Scott had added after their usernames the network
[email protected]
, a service on which neither spam fighter had accounts. But
Frederick was unable to ignore the veiled attack. He fired off a note to the Federal Trade
Commission, requesting that it investigate what he considered Scott's attempt to defame him
and Shiksaa.
But Shiksaa had much bigger fish to fry.
[
6
]
This transcript of the conversation between Catts and the crank callers was created
from an audio recording of the conversation obtained from Chickenboner.com.
Steve Linford, the operator of the Spamhaus Project
, a blacklist of spamware vendors and the ISPs who host them, asked Shiksaa in
October 2000 to join an elite team of spam fighters in a new project he was launching. Her
mission would be to help compile detailed dossiers on the Internet's biggest junk emailers.
The research would be published at Spamhaus.org as part of a pioneering effort Linford had
dubbed the Register of Known Spamming Operations, or Rokso. His plan was to turn Rokso into
an Internet hall of shame that would put pressure on shadowy spam operations by exposing
them to the light of day.
More importantly, Rokso would provide Internet service providers with a much-needed
clearinghouse for screening new customers. The Rokso list
would include searchable records on each of the spammers, including
descriptions of their junk email operations and spam samples, as well as contact information
including aliases, business addresses, phone numbers, and email addresses. To be included on
the Rokso list, a spammer had to have been thrown off at least three Internet service
providers. To get off the list, a junk emailer simply needed to refrain from sending spam
for at least six months.
Rokso wasn't the first effort to focus public attention on the Internet's egregious bulk
emailers. In 1995, Alex Boldt, a mathematics graduate student at the University of
California in Santa Barbara, launched the Blacklist of Internet Advertisers
. Boldt compiled a small who's-who list of chronic Usenet and email spammers,
including their contact information. But Boldt stopped regularly updating his list around
1997, and nothing permanent had arisen in its placeâuntil Rokso.
While the Rokso list would eventually swell to over two hundred, the inaugural edition
included just twenty-five spammers. Among them was Jason Vale, who had stopped sending
Laetrile spams after the court order and instead had been blanketing the Internet with ads
for products such as Willow Flower, an herbal treatment for urination problems and other
symptoms of prostate disease. The first version of Rokso also had an entry for 29-year-old
Ronnie Scelson, a junior high school dropout who led a group of spammers based in the New
Orleans suburb of Slidell.
Linford coordinated the Rokso effort from his houseboat, moored off an island in
England's Thames River. Forty-two at the time, with a trimmed grey beard and a full head of
grey hair, Linford had a hip worldliness that differentiated him from the more nerdy spam
fighters. Born in England, Linford had been raised in Italy, where his father operated a
factory in Rome that produced industrial platinum. Linford studied photography in college,
but he dropped out to pursue a career as a rock musician. His singing and songwriting
attracted the attention of GM, an Italian record label, which signed him to a five-year
contract. The Italian composer Ennio Morricone even used him as a vocalist on the soundtrack
for the 1982 Roberto Faenza thriller
Copkiller
, featuring Harvey
Keitel. But a few years later Linford had a falling out with GM over the direction of his
music, and he decided to stop performing until the contract expired. In the meantime, he
worked as concert manager for much bigger artists, producing shows for the likes of Pink
Floyd and Michael Jackson when they toured in Italy. He became an early user of Apple
computers and was intrigued by how technology could revolutionize music production.
Linford decided in 1986 to move back to England, where he started a Macintosh
software-development firm with his brother Julian, a talented programmer. Together they
created UltraFind
, a personal search engine utility capable of locating information in any
Macintosh file. It sold briskly for nearly a decade, until Apple built a search tool called
Sherlock into its operating software. As a result, Julian decided to return to Italy and
take a job with the European Space Agency. Linford remained behind, morphing UltraDesign
into an Internet design and hosting business.
It wasn't long before lots of junk email, much of it originating from Sanford Wallace's
Cyber Promotions business, began arriving at Linford's various email accounts. He set up a
special filter in Eudora, his mail program, to automate the task of forwarding incoming junk
emails to the spammer's ISP, with a carbon copy to the Federal Trade Commission. Linford
felt at the time that irresponsible ISPs were as much to blame for the emerging junk email
problem as the spammers themselves. At one point, he added a signature line to the bottom of
his Usenet postings that stated, "Spam would not exist if not for the greed of a few
carriers. This site sends all spam back to spam carriers."
Although he stopped short of making it a personal crusade, Linford believed that if
others joined in this task, ISPs could no longer ignore the spammers using their networks.
In a 1998 posting to Nanae, he wrote, "Beneath Nanae is an iceberg so big it has the force
to terminate spam simply by stuffing a terabyte of complaints up every ISP that gives you
connectivity."
Linford was an early proponent of the idea of blacklisting Internet service providers
and domains used by spammers. Although he was no fan of America Online, in early 1997
Linford found himself defending AOL's PreferredMail service against criticism from an
anticensorhip activist. The AOL feature, a precursor to the service's current Mail Controls
system, enabled users to turn on a filter that blocked all emails from a list of domains
determined by AOL to be sources of spam.
"Although filtering them won't stop all spam, it will reduce it by ninety-five percent,"
Linford argued in a newsgroup for subscribers of Demon, a big ISP in the United Kingdom.
"More importantly," he said, "the ISPs that stand up to Cyberpromo and Cybergen now ensure
that the Net in a year's time is not just a load of spam with the occasional mail
item."
In 1998, Linford continued to be a gadfly to what he considered spam-friendly ISPs. But
his criticism of UUNET Technologies, one of the largest service providers on the Internet,
almost cost him dearly. At the time, spam fighters on Nanae were keeping a running tally of
the number of spam complaints unresolved by Virginia-based UUNET. As reports of abused
dial-up accounts and open relays approached one million in March 1998, Linford and others
grew frustrated with the firm's sluggish enforcement of its network abuse policies. To call
attention to the situation, Linford created a banner graphic atop Spam Combat
, a popular page at the UltraDesign site where he offered a variety of free,
anti-spam tools. The image consisted of the UUNET globe-and-lightning-bolt logo, with the
word SPAM inserted in the middle. Beneath the logo were the words, "We're behind 50% of the
spam in your mailbox." Clicking on the banner would take visitors to the UUNET home
page.
In the middle of March 1998, the fax machine in Linford's houseboat buzzed to life and
slowly spat out a two-page letter from Taylor Joynson Garrett, UUNET's London-based legal
counsel. According to the letter, UUNET was "extremely angry" at the blatant infringement of
its rights and reputation, which the company considered libelous. The ISP's lawyers ordered
Linford to immediately remove the banner or amend it so that it made no reference to UUNET.
They also demanded that he turn over the offending graphic to them within forty-eight hours.
If Linford failed to comply by the deadlines, UUNET would sue him in High Court.
Linford wasn't sure whether his little logo parody violated any laws, but he was quite
confident of the facts behind his claim. So he decided to meet UUNET halfway. He removed the
banner and replaced it with the words, "Yeah, ok, it's gone. But tell UUNET to stop spamming
and start enforcing an AUP [acceptable-use policy]."
Linford figured that would send UUNET's lawyers on their way, but six days later Garrett
faxed him another letter. Linford's site still infringed on UUNET's rights, said Garrett,
who gave Linford until noon the next day to remove any mention of UUNET, "whether expressly
or implied," from his site or risk further action from UUNET.
Linford thought the new demand was outrageous. He hadn't spoken of UUNET's threats on
Nanae until this point, but he decided it was time other anti-spammers knew about the
attempts to silence him. He posted a letter to the newsgroup with a link to a web page he
had created that included scans of the UUNET threat letters. Soon, mirrors of Linford's "Sue
You Net
" page sprang up at other sites, and spam fighters began discussing a protest
rally outside UUNET's headquarters. Linford was on the verge of making plane reservations to
Virginia when cooler heads prevailed at UUNET, and the company pulled back its lawyers. Even
better, UUNET shook up its network-abuse department, launched an initiative to close its
mail relays, and finally began acting on its spam-related trouble tickets.
The banner incident was a big victory for Linford. Even though UUNET hadn't a legal leg
to stand on, it did have significant legal funds, and Linford knew he might have gone
bankrupt trying to defend himself. As he saw it, UUNET had decided that suing people who
protested against its spam was a fast track to a public relations fiasco. Linford's
innocuous little graphic had forced the Internet's biggest ISP to change course.
Following up on his success against UUNET, Linford moved his spam-fighting resources
page to its own site, Spamhaus
.org. For the first couple of years, it remained a relatively obscure resource
known only to anti-spammers and their opponents. But soon it would become the tip of the
spear in the fight against spam.
Shiksaa was thrilled by Linford's October 2000 invitation to join Spamhaus. After nearly
eighteen months of haphazard spam fighting, much of it against chickenboners, she was eager
to focus her energies in a more structured way against the biggest sources of spam. Perhaps
it was just his British reserve, but Linford had always seemed to Shiksaa a voice of reason
among the frequently strident participants on Nanae. Since he didn't charge for access to
the Spamhaus information, Linford couldn't pay her or the handful of other volunteers for
their efforts. But he did provide Shiksaa with a new, spam-filtered email address that she
proudly used in her Nanae postings:
[email protected]
.