Spam Kings (14 page)

In the spam wars, the best defense is often a good offense. That's why Davis Hawke began
spiking his spams with intimidating legalese in September 2000. At the bottom of the ads he
placed a notice informing recipients that QuikSilver's spam was sent "in compliance with
federal guidelines governing the transmission of unsolicited commercial email."

Hawke also added a link to a page at SpamLaws.com containing the text of the Unsolicited
Electronic Mail Act of 1999
, also known as H.R. 3113. He closed the spams with his favorite excerpt from
the Act: "Unsolicited commercial electronic mail can be an important mechanism through which
businesses advertise and attract customers in the online environment."

Never mind that H.R. 3113 had died in the U.S. Senate in July of 2000. And Congress had
so far failed to approve any other federal laws regulating junk email. Hawke's disclaimer
did the trick: it kept would-be anti-spammers at bay. (Hawke wasn't the only junk emailer
using the technique. In fact, at one point in 2001, the operator of SpamLaws.com, law
professor David E. Sorkin, put up a notice explaining that he was not responsible for
disclaimers included in spam emails that linked to his site.)

Before it languished in the Senate, H.R. 3113 had received support from two powerful
opposing groups: the Direct Marketing Association (DMA) and a grassroots organization known
as the Coalition Against Unsolicited Commercial Email. CAUCE was led by a number of
respected anti-spam veterans and boasted over 20,000 members in 2000. Thanks to efforts by
CAUCE on behalf of the bill's author, Heather Wilson, and cosponsors Gary Miller and Gene
Green, H.R. 3113 breezed through the House by a vote of 427-1 on July 18.

But Senators were partial to S.R. 2542, a companion bill from their Senate colleagues,
and they never took a vote on Wilson's legislation. But they also failed to summon much
enthusiasm for S.R. 2542. Entitled the Controlling the Assault of Non-Solicited Pornography
and Marketing Act of 2000 (CAN-SPAM), the Senate bill never made it out of the Senate's
commerce committee. As a result, the 106
^th
session of Congress
concluded without a federal junk-email law.

Hawke continued citing H.R. 3113 in his disclaimer well into 2001. By then, Wilson had
introduced a new version of her spam bill. Like its predecessor, H.R. 718
proposed that junk emailers be required to conspicuously label their messages
as spam. The new bill similarly called for spammers to include their correct street and
email addresses in their ads and prohibited them from falsifying the routing information in
their messages' headers. H.R. 718 also made it a crime for spammers to continue sending ads
to anyone who asked to be removed from their mailing lists.

But this time, Wilson's Unsolicited Electronic Mail Act faced a new hurdle getting
through the House Energy and Commerce Committee. Lobbyists from the DMA
as well as the banking industry cajoled committee members to remove a provision
of H.R. 718 that would have enabled businesses, schools, or Internet service providers to
post a "Spam Free Zone" sign on their mail servers. Under the original language, marketers
who disregarded the notice and spammed anyway would be subject to stiff fines. But that
language was gone from the version of the bill approved by the committee in March 2001.
What's more, the updated version required that all mail server operators install
spam-filtering software or else lose their right to sue violators of the law.

Many junk email fighters who had supported Wilson's original bill suddenly withdrew
their backing. CAUCE condemned the revised legislation as a "costly, messy pro-spam bill,"
and predicted it would result in more spam rather than less. In a statement, CAUCE said it
"remains hopeful that the unfortunate changes to the bill can yet be corrected, and we
remain very appreciative of Rep. Heather Wilson's efforts on behalf of consumers."
^[
6
]

Despite CAUCE's objections, the revised legislation, which now had over one hundred
cosponsors, moved forward and was scheduled for debate on the House floor in the second week
of September. Wilson's goal of getting a federal spam law on the books, albeit a flawed one
by some standards, once again seemed within reach.

Then a group of hijackers rammed two passenger jetliners into New York's World Trade
Center. Terrorists commandeered a third jet and struck the Pentagon in Washington, D.C.,
while another plane was crashed in a Pennsylvania field.

In an instant, controlling the junk email problem became a trivial pursuit, even for
many anti-spammers. On September 11, operators of several spam block lists announced they
were temporarily suspending operations in order to allow email to flow unimpeded during
rescue efforts. Among them was Spamhaus operator Steve Linford, who decided that the
Spamhaus Block List, which he had launched just weeks before, would go on a hiatus until
further notice.

"From what we understand there are no telephone communications in or out of Manhattan
but Internet communications are still working ... Therefore this is not an appropriate
moment for any blacklist which may be blocking IPs of hosts in Manhattan to be operating,"
said Linford in a notice on Nanae.

But for some spammers and fraud artists, the 9/11 attacks on America presented a golden
opportunity. In some cases, spammers sent phony condolences that were just tasteless ways to
drive traffic to their shopping sites. In others, spammers looked to capitalize on the fear
of additional terrorist attacks. Email ads for survival kits and anthrax treatments were all
the rage in the weeks following September 11.

"The U.S. is under serious threats of Biological, Chemical and Nuclear attacks!" shouted
one spam for fifty-dollar gas masks. "Don't wait until it is too late! Protect yourself and
your family today!" advised the ad. A few months before, the company hawking the gas masks
had been advertising credit card merchant accounts.

But more sinister ads appeared as well. On September 12, an email message bearing the
subject line "Help for the Red Cross and the victims of our Nation's tragedy" began arriving
in email in-boxes. The spam was sent through a computer in Belgium and solicited donations
to the "Express Relief Fund" and the "Victims Survivor Fund." Recipients were directed to
hand over their credit card numbers at a makeshift site. A week before, the same site had
been selling what it called "Viagra for Women." Around mid-September, the site disappeared
completely.

In some cases, the motives of opportunistic spammers were harder to judge. Using the
Postmaster General system, a Denver, Colorado, company called SaveRealBig.com
deluged the Internet with messages on the evening of September 11. The spams
were identified as coming from the company's 29-year-old CEO, Scott Richter. They had the
subject line "Help us support our nation" and invited recipients to purchase large nylon
U.S. flags for twenty dollars at the SaveRealBig.com site. The messages said "all available
proceeds" would be donated to "emergency and relief efforts."

Anti-spammers were immediately suspicious. Spamhaus's Steve Linford posted a copy of
SaveRealBig.com's spam on Nanae and suggested it was a scam designed to put money in
Richter's pockets. In recent weeks, Richter's company had been using Postmaster General to
send ads for products ranging from diet pills to Ginsu knives to pagers. The company was
also sending out spams for an adult entertainment site Richter owned called
Ejackolate.com
. Suddenly those offerings were no longer listed on the
SaveRealBig.com
home page. In their place appeared information on ordering U.S. flags.

To fend off skeptics, Richter updated the page a few days later with a photo of himself
making a donation at the Denver chapter of the American Red Cross
. A note from Richter claimed that he had given $20,000 dollars to the relief
agency. On a message board he had set up to take comments about the fund-raising effort,
Richter posted this introduction:

Spews didn't wait around for proof that Richter was squeaky clean. Later that month, a
large block of Internet addresses, including those used by SaveRealBig.com and several other
Richter sites, showed up on the Spews blacklist. In response, Richter's ISP eventually cut
off service to the sites, forcing him to line up new hosting.

After the hassles and the suspicion, Richter vowed he'd never again do online charity
fundraising. But even if he didn't reap any big profits from selling over 10,000 flags, he
did acquire a fresh list of "opt-in" email addresses. (The privacy policy at SaveRealBig.com
made it clear that the company reserved the right to use information collected from
customers "for the purpose of targeted marketing opportunities.")

Richter was on his way to building what would soon become a list of over forty-five
million addresses, enabling him to send out tens of millions of spams every day. But by
2003, Richter's spamming would earn him a top-three spot on Spamhaus's Rokso and a lawsuit
from Microsoft and the State of New York.

But in the wake of 9/11, it was a flurry of messages from Ohio-based spammer Tom Cowles
that caused the biggest uproar from anti-spammers. On September 12, hundreds of thousands of
the bizarre emails started hitting in-boxes. All bore Internet addresses registered to
Cowles's Leverage Communications and carried the provocative subject line, "How you can help
WTC victims. (BTW: Anti-spammers Support Bin Laden!)"

The top third of the message listed the addresses of web sites operated by the Red Cross
and the Federal Bureau of Investigation. In the bottom third was a collection of already
well-publicized phone numbers set up for relatives of potential victims by airlines and
other entities involved in the attacks. Sandwiched between the two sections was a
single-spaced, 250-word rant against spam opponents.

"Anti-spammers are terrorists at heart and attack websites and email accounts of
companies wishing to bring their products and services to the general public via email, an
environmentally sound, REMARKABLE medium!" cried out Cowles's message. It also accused
anti-spammers of launching denial-of-service attacks against his site, an act which he said
was akin to terrorist violence.

"American marketers are under Attack! For apparently using environmentally sound bulk
email to deliver products, services and public service messages," said the message. It added
that recipients should do their part "to help Freedom and the American way" by requesting to
be removed from a marketer's list. "Not," said the message, "by harassing his vendors,
dial-up providers or website companies." The section concluded by warning recipients that
"when you make yourself known to be an anti-bulkemailer, you align yourself with Hackers,
Terrorists and Un-American groups."

Upon seeing the bizarre spams, Steve Linford said it was time to consider placing
Cowles's ISP, SprintLink, on the new Spamhaus Block List. Linford also added an entry about
the incident to Cowles's listing on Rokso. "All we can assume is that someone at Empire
Towers is in need of some immediate psychiatric attention; this is truly sick," concluded
the entry.

For Karen Hoffmann, the Toledo anti-spammer who had been on a mission to track Cowles's
every move, the strange 9/11 messages from Empire Towers were her first sighting of Cowles
in months. Hoffmann posted a copy of his spam at the web page she had dedicated to Cowles,
and, in a message on Nanae, she said she was shocked that he would stoop so low as to use
the attacks on America as an occasion to criticize anti-spammers.

Then Hoffmann tried making a direct appeal to Cowles: "Tom, if you're reading this,
please contact me via email."

Hawke belatedly kept his promise to Bournival. In September 2001, an email message
arrived from "Johnny Durango" (an alias Hawke was using at the time). Hawke invited him to
meet him that Friday night at the Internet Chess Club, a chess site located at
ChessClub.com.

ICC was one of the top online chess organizations and had attracted thousands of members
since the early 90s. ICC programmers developed software that enabled chess players to
compete against other members all over the world. Besides a graphical user interface that
allowed players to move chess pieces on their computer screens with a click of a mouse, the
program also had a chat feature so members could converse while they watched or played
online matches.

Bournival had relied on ICC chat for giving chess lessons, and he felt right at home
when Hawke suggested they use the technology to discuss spamming. On the system, Bournival's
"handle," or nickname, was FrappeBoy, a name he had chosen because the ice-cream drink was
one of his favorites. (On that Friday evening, Hawke used the handle SchoolShooter, in
reference to the Columbine high school massacre. He enjoyed choosing online nicknames that
threw his opponents off balance.)

After Bournival located Hawke, he sent the system a command instructing it to create a
scratch game. Then he sent a message to Hawke to let him know the number of the game board
he had created.

Once they both had the board up on their screens, Hawke and Bournival didn't actually
play chess. Using the system's "kibitz" command, Hawke told Bournival that he had decided to
let him take over his pheromone business in exchange for a 50 percent cut of his sales. To
get him started, Hawke said he would send Bournival his ad and a list of 50,000 email
addresses he had harvested from eBay. He instructed Bournival to get a copy of Group
Mail
, a free mailing program from a company called Aureate Media
. Hawke said he would wait while Bournival downloaded the program so Hawke could
show him how to configure the software's various settings.

As Bournival was navigating to the Aureate web site, the program's console indicated
that someone else had joined them. (ICC games were generally open to other members, who
could watch the game and trade comments using the kibitz command.) It was Mauricio Ruiz who
had wandered in.

"Yo, Johnny. Is this where I learn Spamming 101
?" Ruiz asked.
^[
7
]

"Pull up a chair, grasshopper. I was just telling Brad how to get started," said
Hawke.

A rapid typist, Hawke said they should begin by signing up for Internet access accounts
with several low-cost ISPs. A company called StarNet was his personal favorite. Hawke told
them to configure Group Mail to send their messages through one of the ISPs' mail servers.
That took care of the sending side of the business. To take customer orders, Hawke
instructed them to register a couple of web sites with a low-cost hosting service such as
ValueWeb. Hawke said he would email them the HTML web page code he used. The code included a
link to a form Hawke had created for gathering order data and processing credit card
transactions.

"At the end of each month, I'll add up your orders and cash you out," said Hawke. He
told each of them to email him a street address to which he should send checks with their
earnings.

At that point, Ruiz had grown bored with the tutoring session and suddenly headed out
after saying a quick goodbye. Hawke was eager to finish up as well.

"One last thing," Hawke said to Bournival. "You're going to need product."

Hawke said he'd make the trek to New Hampshire in the next week or two and bring
Bournival a couple of cases of pheromone concentrate. After Bournival sold those, he could
restock directly from the supplier in Wichita, Hawke said. Then he told Bournival he'd be in
touch soon and signed off.

Nearly a month went by, and "Johnny" still hadn't delivered the pheromone. Bournival had
stopped going to classes at Manchester West High
and tried to occupy himself with assembling the other aspects of his new spam
business. He bought a book about web site design and created a couple pages for taking
pheromone orders based on Hawke's design. As Hawke suggested, he did some small trial runs
with Group Mail, sending spams to test addresses he had created, known in spammer parlance
as seed accounts. When he ran out of things to do, Bournival registered the address
NHChess.org
and started building a site for the New Hampshire Chess Association, the chess
club he had joined soon after discovering the game in 1999.

When Hawke finally showed up at Bournival's apartment, located on a treeless section of
Montgomery Street on the western side of Manchester, he and Bournival lugged two large
cardboard boxes of pheromone bottles from the trunk of his car up the flight of stairs to
the second-floor apartment.

Inside, Hawke looked around the cramped home. Bournival's computer was on a desk in the
room he shared with his stepbrother. The dogs were yapping and franticly darting around the
apartment.

"When business takes off, you're going to want your own office," Hawke said. In the
meantime, he suggested the two of them should get a post office box in the QuikSilver
company name. That way, Bournival could keep his home address a secret from customers. Using
Hawke's car, they drove the mile and a half into downtown Manchester to get something to eat
and visit the Mail Boxes Etc. branch on Elm Street.

As they were filling out the paperwork for the post office box, the clerk at the Mail
Boxes Etc. store said she would need to see identification from each of them. Bournival
produced his driver's license, and Hawke slapped his down on the counter as well. As the
clerk recorded the information from the two cards, Bournival could make out the word
"Massachusetts" across the top of Hawke's license. "Johnny" had told him his grandparents
lived outside Boston and that he planned to spend the evening there on his return home to
Tennessee. But as Bournival focused more intently on the upside-down card, he was puzzled to
see the name Davis Hawke.

Bournival didn't ask "Johnny" about the name on the license, figuring it was just part
of his effort to protect QuikSilver Enterprises
from sabotage. (Bournival considered QuikSilver, with its connotation of
mercurial speed and trickery, the perfect name for an Internet marketing company.) But that
evening, after Hawke said goodbye and headed for Route Three to Boston, Bournival went
online and typed "Davis Hawke" into the Google search engine.

At the top of the search results were a handful of news articles about Hawke's neo-Nazi
days, along with several pages devoted to him at the web site of the Southern Poverty Law
Center
, which tracked hate groups. Bournival read each of the articles carefully as
the recognition sunk in. Hawke didn't use aliases such as "Johnny Durango" or "Walter Smith"
simply because anonymity made life as a spammer easier. Hawke did it because he was also
hiding from his past.