Friday, July 25, 2008

The "Other" Spam King goes to jail in Seattle

There are many Spam Kings. One killed his family and himself after escaping from custody. The other one is going to jail down the street from where I am writing my postings here in Seattle, Washington. of course, some of the REALLY bad spam and Phishing kings are still out there doing their thing and we need to stay very, very vigilant.

July 24, 2008
"Dubbed the "Spam King", Robert Alan Soloway was sentenced to three years and eleven months of imprisonment for his violation of US anti-spam legislation – the CAN SPAM Act – by a court in Seattle. The 28-year old pleaded guilty in March, avoiding a jury trial. While the prosecution demanded nine years, the maximum sentence could have been 26 years.

Soloway pleaded guilty to three of the 40 charges against him. The spammer was accused of violating CAN SPAM, as well as identity fraud, money laundering and tax evasion. Because he pleaded guilty to single cases of email fraud, mail fraud and tax evasion, the prosecution dropped the remaining charges. Judge Marsha Pechman took a long time before announcing her verdict: this is one of the first sentences to be passed after the anti-spam law came into effect in 2004.

Soloway was arrested in spring 2007. His company Newport Internet Marketing Corporation (NIM) is said to have been responsible for sending millions of emails since November 2003 containing unsolicited advertising, using systems like botnets. He is also said to have offered a program called "Dark Mailer" for mass mailings and similar services. He violated the CAN SPAM Act by manipulating the sender information in the email header to make the recipient of the email also appear as the sender.

The Seattle Post Intelligencer reports that the Solway appeared in court wearing a conservative suit and showing remorse. To the question of why he continued his activities, despite a cease-and-desist order by another judge, he replied "I was used to living a certain lifestyle" – "I tried to live beyond my means. It was a new law. I thought I would find a loophole." In 2005 Soloway is said to have accumulated a total of $120,000 through his spamming activities. The "Spam King" lived in a suitably expensive apartment in downtown Seattle. Solomon said his whole existence had been a 'facade' – "I was so scared of losing it."

Pechman ruled that the defendant was mentally immature. The judge said "Mr. Soloway went into his bedroom at age 11, turned on his computer, and that froze him in time in terms of social development,". Nevertheless, the jurist wanted to send a message. She said prosecuting spammers was "new territory" in jurisprudence. In the end, Pechman was not as lenient as the defence sought – Soloway's solicitor had asked for two years at a low security prison camp and a fine of less than $100,000. An AP news agency reports that last weekend spammer "Eddie" Davidson, who was sentenced to 21 months in April, simply walked out of such a camp.

However, the judge also refused to set the harsh example demanded by the prosecution and kept the sentence well below the demanded nine years. Pechman gave Soloway 60 days to report for imprisonment so that he can resolve problems with his medication. Soloway suffers from Tourette syndrome."
Remember, if you can conjure up a medical condition judges will be more lenient on you! If he had been in a jury trial you can bet your assets that citizens would have nailed him with the max since they have been the targets of his type of assault against the peace and e-mail tranquility!

This write up comes from the German publication heise online -

"Spam King" Kills Himself and Family

So lots of people still think that cyber crime is a minor issue done by hackers and kids who really are just fooling around. i hear that all the time especially from politicians who don't have the spine to step up to the plate and regulate the IT part of business. WELL, HERE IS A NICE STORY about a "nice guy" spammer and cyber crook.

Fugitive Spam King Dead in Apparent Murder-suicide
Robert McMillan, IDG News ServiceThursday, July 24, 2008

"Convicted penny-stock spammer Eddie Davidson has died of a self-inflicted gunshot wound, apparently after killing his wife and three year-old daughter in his home town of Bennet, Colorado, the U.S. Department of Justice said Thursday

Davidson had been a fugitive from the law since walking away from a federal minimum-security prison camp in Florence, Colorado on Sunday. He had been serving a 21 month sentence after pleading guilty to criminal spam charges late last year.

Another person, a teenaged girl according to local reports, was shot, but survived the incident. Authorities also found an infant, unharmed, at the scene of the shooting.

Davidson's wife had been in the car with him when he left the Florence prison, about 45 miles south of Colorado Springs, on Sunday. He had last been seen in Lakewood, Colorado where he got a change of clothes and cash, according to the Department of Justice.

Known as the Colorado "Spam King," Davidson earned millions of dollars between 2003 and 2006 by operating a spamming operation, called Power Promoters, out of his home. He would change the header information in his messages to make it appear as if they had come from legitimate companies such as AOL and then send them out to hundreds of thousands of addresses.

Davidson sent the messages on behalf of an unnamed Houston company, court filings state. He was asked to promote about 19 penny-stock companies, including one called Advanced Power Line Technologies in 2006 and 2007. He would earn fees based on the trading volume of the stocks he was promoting.

The business was lucrative: The Houston company paid Davidson about US$1.4 million for his services, court documents state.

Between 2003 and 2006, when his primary source of income was spam, bank account deposits into Davidson's account totalled about $3.5 million.

"What a nightmare, and such a coward," said U.S. Attorney Troy"

So, next time you get spam remember that there may be a really bad goy at the other end of that keyboard!

Wednesday, July 23, 2008



I have been saying for months that the FTC’s “Red Flag Rule” was never intended to be all encompassing. As many of you know there has been a difference of opinion on this subject with some individuals going as far as using the rule as a scare tactic in order to profit. In my opinion, there is enough to worry about as a business owner in regards to identity theft without having such profiteers lurking about. Finally, the FTC is weighing in on this subject. I have included a recent article that addresses this issue.


Now, I am speaking to the companies that are out there offering “compliance training” and charging thousands of dollars and to the insurance agents selling identity theft services and products: Be careful and do what is right for the client.

It is only a matter of time before every adult individual in the United States will be carrying an identity theft policy/service in their portfolio. Be patient and offer the best product - not the most convenient one. The sales will come.

Remember, insurance agents make their real money in residual income. If you are seen as a partner of your client instead of seeing your client as a profit center you will realize a long term residual income and more referrals then you alone can handle. NOW go out there and do what is right.


Lastly, keep in mind, “time will promote or expose”. This is very important to all of the companies coming to the market with a new identity theft product. Bring the public the best product you can and the market will reward you. If it is a product like LifeLock or ID Rehab (now Identity Watchdog) you will find out that time will expose their shortcomings. Keep in mind, indecent exposure is still illegal in most places around the world.

The consumer is not STUPID and good advertisement will not conceal the flaws of your product forever.

Labels: , , , , , , , , , ,

Tuesday, July 22, 2008

Credit Cards Skimmed at Gas Station.

Here is another way you are in danger of losing your credit identity (or at the very least your credit card).

  • "During the Fourth of July weekend 2008, debit card information stolen from electronic skimming machines was used to withdraw thousands of dollars from individuals' banks accounts. Deputies believe the machines were placed on gas pumps at a Puyallup ARCO gas station in August 2007. [Schmidt note: Notice that the information was stolen almost a year earlier but not used right away]
  • Detectives say they've identified more than 60 victims who were scammed at the gas station at 11608 Meridian E. and expect more reports to come forward.
  • Card numbers and PINs stolen at the station were used at ATMs throughout King County last month, Pierce County Sheriff's Office detective Ed Troyer said. Individual losses averaged about $1,200, but were as high as $4,000." Seattle PI newspaper web site.
First, let me just say that this is a sophisticated scam. where do you or I get a scanner that looks unobtrusive, that we can place on an ATM or a gas station pump?

Second, I have warned you that when data or credit card, or full ID information thefts or losses happen the organizations (US military, colleges, hospitals, insurance companies, etc.) always say "there is no evidence that this information has been used to commit any crimes"). I (we) have always said "You have no idea WHEN the criminals will use the information because the smart and patient ID thieves will wait until everyone has gone back into a sleepy stupor, the heat is off, the guard is down, and THEN they will use the information!"

So, here we have some concrete proof of what we teach and preach.

Friday, July 18, 2008

Politics, sex and identity theft.

Well, here is a good one! Politics, sex and identity theft. This was shared by one of our loyal blog followers. it comes from

MSN Tracking Image

On July. 17, 2008 they reported that a New Jersey woman is " ... suing the call girl linked to the downfall of New York Gov. Eliot Spitzer because she says Ashley Dupre used her lost driver's license to appear on a "Girls Gone Wild" video.

Dupre, of course was the call girl in the Emperor's Club VIP prostitution ring whose client list included Spitzer.

In a federal lawsuit filed in July 2008 by Amber Arpaio who says she is the owner of the lost driver's license.

Dupre has said she was only 17 when she signed a contract to appear in the "Girls Gone Wild" video.

The video displays a New Jersey driver's license in the name of Amber Arpaio and a birth date that would have made her appear to be in her 20s.

Arpaio, 26, cannot recall where she lost the license and doesn't know Dupre, although the women have similar faces, said Arpaio's lawyer, Joseph J. Fell.

"Somehow, Ashley Dupre got ahold of the license and had it for some period of time," Fell said Thursday.

Arpaio also sued "Girls Gone Wild" founder Joseph Francis.

You can find the whole story at

Labels: , , ,

Thursday, July 17, 2008

Is your Internet banking safe? Take a Guess!

Read this. then go to your bank and talk to an officer about what levelm of security they have and how it works.

In most banks Internet banking is an attractive way to get customers and it saves them a ton of money in paper, printing, postage, handling. BUT, many banks and other organizations have ridiculously weak security and authentication systems.

Notice in this article how the new Internet crooks are getting information about YOU from secondary organizations like county schools which have much weaker security than the banks themselves.

Are we screwed?

Yes, pretty much because the bad guys are investing more time, energy, and urgency into figuring out how to break in than we as a society are spending. Also, federal and state politicians are largely not well versed in IT. Sen McCain who may be President has said he promises to learn how to operate a computer and will try to get his own e-mailo although he says he sees no reason to do e-mailing! YIKES!

The article "Russian Cybercrooks Target High Bank Balances Online" by Byron Acohido appeared on Wednesday, 16 July 2008, USA Today.

The piece starts, "Call them the Coreflood Gang. A ring of cyber bank robbers from southern Russia has quietly perfected a way to get a beachhead inside company networks. Once inside, it infects every PC within reach with a custom-made data-stealing program called Coreflood. The goal: go rip off bank accounts online."

This is a very disturbing development since we have often actually referred to on-line banking when we want to reassure people about the safety of Internet activities.

The article continues "Over the past 16 months, the Coreflood Gang has infected swaths of PCs inside thousands of companies, hospitals, universities and government agencies ..."

"It's spying on you, capturing your log-ons, user names, passwords, bank balances, contents of your e-mail," SecureWorks researcher Joe Stewart says. "It can capture anything."

Coreflood is part of a class of malicious software, called banking trojans, designed primarily to help crooks break into bank accounts online. The number of banking trojans detected on the Internet this month topped 24,800, up from 3,342 at the start of 2006, security firm F-Secure says.

An infection usually starts when you visit a Web page implanted with a snippet of malicious coding. By simply navigating to the tainted page, your browser gets redirected, unseen, to a hub server that downloads the data-stealing program onto your hard drive.

Dozens of gangs specialize in banking trojans. They have it much easier than phishing scammers, who must lure victims into typing sensitive data on spoofed Web pages, says F-Secure researcher Patrik Runald.

"This is very organized crime," Runald says. "These gangs are hiring people and making tons of money."

The Coreflood Gang is among the most sophisticated. Stewart recently analyzed 500 gigabytes of stolen data stored on a rented hub server. He pinpointed 378,758 Coreflood infections inside thousands of organizations, small and large.

A workplace PC can get a new infection each time someone logs on. The most infections: a county school district with 31,425, a hotel chain with 14,093 and a health care company with 6,744. About 230 networks turned up with 50 or more Coreflood infections, while 35 networks each had 500 or more.

Gang members cull the stolen data for log-ons and account statements, especially bank accounts online with high balances. Next, they log into the accounts and make online cash transfers into "drop" accounts they control.

After having two hub servers shut down by the tech security community in May, the Coreflood Gang rented two new hubs and picked up where they left off. Today, they continue operations unimpeded, says Stewart.

Companies infiltrated by the Coreflood Gang need to rethink how they do network security. Employees surfing the Internet on work PCs ought to take pause. "If you don't understand the threats that are out there, then you probably should not be banking online," Stewart says.

So this is worth a very rapid and robust response. Unfortunately these institutions are in the throes of a gut wrenching financial crisis as you well know from watching or studying the news. They therefore don't have the cash to improve security. in fact, as they downsize and slash budgets your money will be less and less safe every month.

Is this a crisis?

You decide. is the security of people's bank accounts important or not?

Call your Congressman or woman today.

Labels: , , , ,

Saturday, July 12, 2008

DO NOT leave your laptops in your trucks or cars!

Laptop with soldiers' private data returned to Fort Lewis
11:51 AM PDT on Friday, July 11, 2008
FORT LEWIS, Wash. - The Army laptop stolen from a Fort Lewis employee has been returned to the base.

A spokesman does not think any of the private information contained on the laptop was accessed.

The computer and an external hard drive were stolen from the unlocked car of a civilian employee on July 4. It contained personal information on approximately 900 members of the military. (Note: What the Heck is the matter with you people. "Unlocked" car! Are you krazee! Also, when the government or Army uses "civilian employees" and "contractors" do you give them an information security briefing!)

Related Content
Thousands of soldiers at risk for ID theft
Tumwater Police arrested a 17-year-old boy who allegedly stole the equipment during a series of car prowls.

"This is very good news," said Ft. Lewis spokesman Joseph Piek.

Piek said the Criminal Investigation Command determined someone did attempt to gain access to the private information on the computer, but the computer's security measures denied access. The external hard drive had not been turned on.

Need we say more?!

Labels: , , , , , ,

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft -