The criminal charges are the first to be filed under the govvernment's new anti-spam law.
Officials from the Federal Trade Commission and the U.S. Attorney's Office of the Eastern District of Michigan on Thursday announced the first criminal prosecutions under the Can-Spam Act of 2003, charging four people in the U.S. District Court in Illinois with sending E-mail pitches for weight-loss products that don't work. America Online, EarthLink, Microsoft, and Yahoo filed civil actions under the law last month.
"Spammers have taken advantage of Internet technologies to conceal their identities and their whereabouts," said Howard Beales, director of the FTC's Bureau of Consumer Protection. "They've resorted to including the E-mail addresses of innocent third parties in the reply-to addresses of their unwanted messages, or simply forging E-mail headers."
Calling the coordinated civil and criminal actions a "spam dunk," Beales said the FTC's complaint alleges that the defendants--Christopher Chung, Daniel Lin, James Lin, and Mark Sadek--violated the Can-Spam Act by sending commercial E-mail addresses with false header information, without a clear and conspicuous opt-out notice, and without a valid postal address. The commission also alleges that the defendants violated the act by making false or unsubstantiated claims about the diet patches they were pitching.
Separately, the FTC filed suit against an Australian and a New Zealander for sending spam advertising diet patches and human growth hormone products that claimed to reverse the signs of aging.
Laura Parsky, deputy assistant attorney general in the criminal division at the Department of Justice, said Chung and Sadek had been arrested Wednesday in Detroit for Can-Spam Act violations and mail fraud. They face up to five years in prison for illegal spamming and up to 20 years for mail fraud.
The other two defendants, Daniel Lin and James Lin, are expected to turn themselves in shortly.
The alleged spammers should at least be able to afford expert legal counsel--according to U.S. Attorney Jeffrey Collins, the defendants grossed an average of $100,000 per month from August to January.
The case highlights a practice of spammers that law enforcement officials say is increasingly problematic, using legitimate E-mail addresses that belong to innocent parties as a reply-to address. Also known as a joe-job or spoofing, it's a tactic employed by spammers to inflict the burden of bounce-back messages--generated when spam is sent to a non-working address--on someone other than their mail provider. The result for the recipient is effectively a denial-of-service attack.
One spoofing victim who spoke at the news conference said that in early February, his company was receiving more than 1 million erroneously bounced messages per day, which effectively shut his business down for several weeks.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.