The arrest of a Seattle man said to be one of the most prolific spammers in Internet history is sending shockwaves across the e-mail world, but the arrest likely will do little to stem the flood of unwanted messages deluging in-boxes around the globe.
Strong law enforcement action across multiple jurisdictions has long been viewed as a key part of a larger strategy for squelching spam. The legal action has a place alongside improved filtering technology and consumer education efforts aimed at helping make spam less lucrative in the first place.
Still, even the litany of charges against Robert Alan Soloway, which include identity theft, mail fraud, wire fraud and money laundering, probably isn’t enough to give other spammers — and would-be spammers — reason to stop plying their unsavory trade.
Catching the Bad Guys
There hasn’t been a significant drop in the number of spam messages traveling on the Internet since Soloway’s arrest, according to security firm IronPort.
The massive investment of law enforcement resources that went into building the case — the FBI, Internal Revenue Service and Federal Trade Commission all took part, along with state-level agencies — is a necessary part of a larger strategy to stem spam, even if there’s no immediate payoff, said Exploit Prevention Labs Chief Technology Officer Roger Thompson.
“It will make a difference — even a drop in the bucket is a difference,” he told the E-Commerce Times. “Any time you take out one of these spammers, particularly an American, a whole lot of other guys go ‘Oh crap, I don’t want to have that happen to me.’ It’s not a forever kind of thing, but it will matter to American spammers.”
Nevertheless, the indictment and arrest made for good headlines and possibly even feathers in the caps of law enforcement groups, but probably wouldn’t have a lasting impact on how much unwanted e-mail consumers and businesses have to deal with every day.
“They have done a great job of stopping someone who is the cause of spam that was sent two, three or four years ago,” Adam O’Donnell, director of emerging technologies at filtering firm Cloudmark, told the E-Commerce Times. “Spammers today are doing things which are far more egregious than sending spam — they’re manipulating stock markets and compromising people’s bank accounts.”
Law enforcement will always have its limitations in dealing with spam because most of today’s largest spammers are located outside the U.S. — from former Eastern Bloc countries such as the Ukraine and from the Far East, O’Donnell said. The cases are inherently difficult and time-consuming to build because even within the U.S., the activities cross jurisdictional boundaries — with e-mail messages leading to mail fraud, for instance.
Law enforcement had a head start in making a case against Soloway, who was successfully sued by Microsoft, which won a $7 million judgment against him, and has long been known as one of the most prolific spammers in the business.
“The nature of the Internet is such that it is easy to not only hide one’s tracks in these activities, but also to set up operations that spam from other countries and continents,” Andres Kohn, vice president of product development at Proofpoint, a messaging security vendor, told the E-Commerce Times. “It takes a massive amount of effort to not only follow every step of the process, but to interact with the legal entities in all countries of the trail to obtain the required subpoenas.”
Too Good to Be True
Any vacuum created by Soloway’s arrest will quickly be filled by new spammers. “It’s like any kind of organized crime racket — if you take out one person, there’s going to be others who step up,” explained O’Donnell. “The problem is that spam is still profitable.”
Thompson acknowledges that the same chilling effect on domestic spammers won’t be felt overseas. “Those guys won’t give a rat’s tail about it,” he said. Still, it’s worth it to enforce spamming laws, O’Donnell added. “It’s not just annoying e-mail. A lot of really malicious things are coming out of spam. It’s very important to reduce the overall noise level, so we can have a chance to focus on what is the really malicious stuff out there.”
Virtually everyone involved in online security agrees on one thing: Spam will not go away unless consumers change their behavior patterns. As long as users can be duped into buying fake Viagra, turning over account information to a spoofed Web site or investing in a supposed “hot stock” from an anonymous e-mail — which in turn is part of a larger scam to manipulate stock prices — spammers will have reason to stay in business and risk legal entanglement.
“It goes back to the simple fact that if something seems too good to be true, it probably is,” O’Donnell concluded. “There are better filtering technologies every day, but there won’t be any technological magic bullet. People need to take responsibilities for their own computers to ensure they don’t become part of a spam ring without knowing it. And providers need to have the latest filtering technology in place to keep as much spam as possible from getting through to consumers.”