More good stuff for the Who are the Biggest Spammers series:

Robert Alan Soloway is the founder of “Strategic Partnership Against Microsoft Illegal Spam,” or SPAMIS, but is said to be one of the Internet’s biggest spammers through his company, Newport Internet Marketing (NIM). He is also considered one of the top spammers on the planet (well, until he got arrested).

Soloway used computers infected with malicious code to send out millions of junk e-mails since 2003. The computers are called “zombies” because owners typically have no idea their machines have been infected.

He has been sued multiple times (more below). In the summer of 2005, a court ordered him to no longer break the law. That didn’t help as he continued.

Recently, he was arrested on May 30, 2007 after a grand jury indicted him on charges of identity theft, money laundering, and mail, wire, and e-mail fraud. He was nicknamed the “Spam King” by prosecutors. In March of 2008 he pled guilty to most of the charges against him.

The indictment (actually the third indictment, since each time Soloway asked for a postponement, the government got to refile with more charges) made three categories of charges.

Counts 1-10 were mail fraud, due to Robert Soloway delivering his spamware through the mail, notably including 30 million addresses purported to be opt-in. Counts 11-17 seven were wire fraud, sending spam making false claims about the product, support, guarantee, etc. Count 18 was CAN SPAM fraud, forged mail headers. Counts 19-25 were identity theft, sending spam forging other people’s return addresses. Counts 26-27 were for failure to file income taxes, and 28-40 were money laundering, using his ill gotten income to pay for further lawbreaking.

According to news reports he pled guilty to wire fraud, CAN SPAM fraud, and tax evasion, but not identity theft.

Previous legal problems include:

Microsoft filled a lawsuit in December 18, 2003, against NIM and 20 “John Doe” defendants for spam sent through MSN and Hotmail services. Microsoft won a $7.8 million civil judgment against him.

In early 2005, a King County (Washington) superior court judge ruled that Soloway was in default on the spam lawsuit originally filed by Microsoft (Microsoft never got paid, not that they need it).

Later in 2005, Robert Braver, an internet services provider based in Oklahoma, was awarded $10,075,000.00 in another spam-related case against Soloway. In this lawsuit, a permanent injunction was issued against Soloway, enjoining him from further spam activities.

Update: Robert Soloway Update: 4 Years in Prison

  1. My company, and subsequently, I personally, fell victim to Soloway’s fraudulant activities. It began as spam sent from my company’s email address which also offers internet marketing as a primary service, albeit legally, and then later through the use of malicious code injected through unassuming email opened on my company’s computers thereby turning them into zombie computers and chaining them into one of Soloway’s botnets (a network of zombie pc’s linked to one central processing center which controls the network activities remotely through the use of dos commands, for one, to the affected pc’s to send spam or infect other computers).

    Unlike the norm whereas most computer owners affected by this phenomenon are unaware of being a part of a botnet sending out illegal spam, I became very aware of it due to the many limitations my company faced as a result. It hindered my livelihood and all but shut down my business totally, leaving me to face enormous debt, crippling loss of income, many key employees, and personally caused me aggravated stress and related health and family issues which continue to plague me today.

    One of the more debilitating affects this experience which spanned over a three year period had overall was the damage to my company’s reputation and the damage to my credibility as a business owner and citizen in general.

    I had pinpointed Soloway directly from the very beginning of this ordeal through information received by Network Solutions when I inquired on the domain of the company being solicited in an email I received in which the sender was my very own company domain. Additionally, child pornography solicitations began coming in to addresses which had been solely set up as internal indicators on our company and client email databases and did not exist anywhere else but within those databases, nor ever been used other than to be checked via webmail. This then told me that my company’s databases as well as our clients sensitive data had been compromised. Not soon after, the 8 million plus email addresses we had housed and maintained had all fallen prey to an onslaught of spam both from Soloway’s NIM as well as the various unsavory businesses and clients he had rented, sold, or leased his illegally obtained databases or clients to whom he had rented out his botnet zombies or had sold email addresses to for illegal profit.

    Because of the number of emails coming out of my computers’ ports, our ISP would shut us down according to the legal limit set by the ISP on the number of outgoing emails in a 24 hour period.
    Quite often, by sometime not much past midnight which is when the 24 hour period would begin, we were already past our limit and unable to send out emails for another 24 hours which of course would then become weeks depending on how good business was for Soloway at the time. The revolving cast of clients also meant that the subject, payload in some cases, and ip addresses would change constantly making it next to impossible to build a pattern, but worse yet, harder to prove.

    Emotionally the ordeal took a strong toll on me for the simple fact that even though I had a name and all verifiable contact info and background on Soloway, including IP addresses, domain registrations linked to him, taped phone conversations between myself and Soloway where I begged him to stop only to be ridiculed and hung up on, and proof that my band accounts had been tampered and credit cards had been fraudulently charged the biggest problem I faced was the fact that NO ONE really believed me. I was looked upon as being overly paranoid, obsessed, unstable and someone that would be less than favorable to do business with. Members of my own family, security “experts” that I hired for top dollar, and even the city’s own crack High Tech Cyber Crime Unit passed me off as hysterical at best. It is very easy to appear crazy when trying to convince others that you are really not crazy. I found this out the hard way and many relationships and my own trust in existing relationships have been scarred beyond repair as a result.

    Why didn’t anyone believe me, even when I had notebooks documenting each event and actual ip addresses and info linking back to Soloway and my botnet claims, not to mention multitude of various other info that showed how, when, where, and who got in and why none of my efforts and security measures were successful in freeing my network from the botnet? For one simple fact – ignorance. Ignorance to the fact that zombie pc’s and botnets exist, ignorance to the fact that if someone wants to get into your system badly enough, they will be successful regardless of how tight you believe your security to be, ignorance in general to the world of cyber criminals and methods employed, and more importantly, ignorance to the reality that the internet is essentially like the Wild Wild West and a cyber-free-for-all without accountability.

    Lay folks turned off when they heard anything beyond simple everyday terms like email or website because it taxed their brains and reminded them of how little they knew; and the tech savvy denied the very existence, most times flat out refusing to even physically look at the evidence at all, spewing declarations of impossibility and chalking it up to my lack of knowledge of Windows or an overactive imagination, when like the laymen, they too would be reminded of how much they didn’t know themselves had they actually absorbed what was right in front of their faces. I’ve learned that the high tech community and those that pass themselves off as security or network authorities employ a universal approach to any situation they have never heard of or never experienced and that is that it can’t possibly exist or have any validity if they have no knowledge of it. Why is this? Well, simply due to pompousness that goes hand in hand with an inflated ego of one who has any kind of knowledge or skill set beyond the average person from which they most often develop a false sense of eliteness over others. The elitist mentality would never admit that something might possibly be out of their realm of understanding or knowledge base. Opening themselves up to the existence or possibility of anything otherwise would be an admission of just how little they or anyone really knows about cyberspace and the endless possibilities and capabilities that come with the digital age.

    What was most amazing was the number of techs that had never heard of a botnet and had couldn’t remember ever reading about such a thing. Well, one thing that I have gained through this experience is that I have learned more about computers and technology that I had ever wanted or bargained for through reading books, magazines, and immersing myself head first. Through my intensive reading, I know that one could not get through any tech magazine, even the most pedestrian of newsstand offerings, without seeing the term botnet referenced. So how is it that these experts had never heard of this malicious trend in cybercrime? You tell me and once you figure it out, you will understand why these criminals like Bob Soloway are able to continue to flourish and escape the law.

    Burying your head will not make them go away, it will only make them stronger enabling their legions to continue to grow. Learn the signs of botnet activity and check your own network for any of these symptoms; and then find the right person or company to help you through it. Know also that “Expert” is a term used all too loosely when it comes to the computing world and most times these “experts” have only one small and narrow area of specialty. If they have not had experience with botnets or are not in possession of extensive knowledge on how to deal with this situation, then they can not help you and are not worth your time or their fees. My solution in the end was to trash all of my pc’s, change my ISP, and switch entirely to Mac.


Comments are closed.