First arrests under the CAN-SPAM Act occur here in the Detroit area.

Seems Michigan is a popular place for spammers as it’s not only home to one of the kings of spam, but is also where the first arrests under the CAN-SPAM Act has taken place.

Christopher Chung, 30, and Mark Sadek, 27 of West Bloomfield were arraigned in federal court in Detroit on Wednesday while two brothers, Daniel and James Lin, are still being hunted down by the Feds.

MIKE WENDLAND: 4 Oakland men cited in 1st U.S. spam case

The four are accused of secretly commandeering computers that forward e-mail for some of the nation’s biggest corporations—including Ford Motor Co.—to send millions of junk messages advertising herbal supplements, diet patches and sexual enhancement pills and products.

Other unwitting companies and agencies whose computers were used include Unisys Corp., Amoco Corp., the Administrative Office of the United States Courts and the U.S. Army Information Center, according to a complaint filed in U.S. District Court in Detroit on Wednesday.

The four are accused of forging return e-mail addresses on millions of unsolicited advertisements sent across the Internet, often through the use of what are known as open proxy servers, or systems that will relay e-mail from any point on the Internet, owned by unsuspecting businesses and government agencies.

The use of proxy servers has long been a trick used by spammers—who now account for about 60 percent of all e-mail—to obscure their identity.

“This has been a problem that’s plagued the Net for years, and the fact that corporations and government agencies still have open mail servers is scandalous,” said Tony Robinson, a security consultant for Pioneer Technology in Sterling Heights. “Somebody dropped the ball.”

In addition to facing a possible 5 year prison sentence for violating the CAN-SPAM Act these guys are also facing up to 20 years for mail fraud for selling fake weight-loss patches, among other questionable products, through their spam.

FTC investigators ordered the patch and had it analyzed. Dr. Michael Jensen, identified in the complaint as a Mayo Clinic nutritional expert, was asked to evaluate the claims and said the ingredients in the patch “would not achieve the weight loss as advertised.”

While it’s nice to actually see some of these assholes get their comeuppance, this is unlikely to result in much of an impact on the amount of spam or scams flying around on the Net. That’ll only start to happen when individuals and companies put more effort into securing their computers against being hijacked by the assholes in the first place.

4 thoughts on “First arrests under the CAN-SPAM Act occur here in the Detroit area.

  1. Good point. If we all start securing our machines, the spammers are going to have to resort to more illegal tactics to get their gains, and therefore are guilty of more crimes than simple spamming.

  2. I think we need to hold the credit card companies responsible for who they do business with (this, in addition to the other aforementioned measures).
    Visa, Mastercard, and Amex need to hold companies that use their services accountable for following reasonable good business standards.
    Cut off the ability for these sham businesses to get their money, they’ll lose their incentive to spam.

  3. To be fair, though, Les, it is extremely hard to secure ALL the machines when you have a very large installation.  I’m talking about installations so large that people in the company install computers that you have no idea exist; where it takes a special budget allocation just to spend the manpower and time to discover and inventory all your Internet connections (not even what servers are directly using those connections).  It’s a constant, losing battle for sysadmins and security admins to keep up with what their own colleagues are doing to the network, much less keep security patches up to date on servers that have to be up 24/7. 

    The largest number of victims you’re going to see here are very small businesses that don’t have the technical know-how to secure their servers, and the very large ones that literally have too many of them to keep up with.  We have to fight spam on a lot of different fronts, and while I agree that legal measures aren’t going to solve the whole problem, I’m very glad to see that they’ve become part of the arsenal.

  4. I realize this, but the truth is that a lot of companies (and individuals) could be doing a much better job at it than they are. I’m certainly in agreement that legal measures are a good thing (and one of the few half-way decent bits of legislation the Bush administration has come up with), but it won’t ever have as much of an impact on this issue as simply keeping your systems updated and secured as possible.

    Legal action is a slow process, this bust took upwards of 4 months for the team to put together, and there’s no guarantee the prosecution will be successful.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.