SpamHaus wins its case against spammer e360 Insight
Sep. 5, 2011
SpamHaus says it has finally won in a long-running U.S. court case against it by e360 Insight, an email spammer it blacklisted for spamming over five years ago.
In 2006, e360 Insight took a lawsuit against SpamHaus in the United States over the blacklisting of its operations. SpamHaus, which is based in the United Kingdom, argued on the advice of e360's lawyers that it was outside the jurisdiction of U.S. courts.
Judge Charles Kocoras allowed the case against SpamHaus to proceed despite this and awarded a default judgment in favor of e360 Insight for a whopping $11.7 million at the time.
The default judgment was used by e360 Insight in a failed attempt to pressure ICANN into removing SpamHaus' domain records. Judge Kocoras ruled the sanction was too broad and rejected the bid.
The original judgment was then appealed and sent back to another district court for a second hearing, where much reduced damages of $27,000 were awarded on Sep. 1st, two years after e360 Insight filed for bankruptcy, citing the legal cots of fighting the case as one of the reasons for the failure of the business.
The defunct firm was characterized by SpamHaus as a Chicago-based one-man bulk email marketing firm. e360 Insight, which was owned by David Linhardt, allegedly spam vertized bargaindepot.net via junk mail messages that violated the U.S. CAN SPAM Act.
SpamHaus' lawyers appealed for a second time to argue that the damages awarded against the anti-spam organization were still too high. The U.S. Court of Appeals ruled in favor of SpamHaus on Friday, reducing damages to the token value of $3 and ordering e360 Insight to pay SpamHaus' defense costs.
The ruling criticises e360 Insight's conduct throughout the case, particularly for its failure to come up with any evidence for the supposedly astronomical financial losses SpamHaus's actions had caused it to suffer and for repeatedly failing to file legal papers on time.
By failing to comply with its basic discovery obligations, a party can acquire defeat from the jaws of certain victory. All that e360 needed to do was to provide a reasonable estimate of the harm it suffered from SpamHaus's conduct.
Instead, e360 engaged in a pattern of multiple delays that ultimately cost it the testimony of all but one witness with any personal knowledge of its damages. That lone witness lost all credibility when he painted a wildly unrealistic picture of e360's losses.
Having failed at its opportunity to present its case, e360 must content itself with nominal damages on each of its claims, and nothing more. "We VACATE the judgment of the district court and REMAND this matter with instructions to enter judgment for the plaintiffs in the amount of three dollars," said the court decision.
Goldman concludes that the SpamHaus case illustrates that courts are ultimately likely to favour filtering services and ISPs rather than bulk-mailing firms in cases involving spam blacklisting.
"Overall, SpamHaus ended up traveling the long road and ultimately defeating e360, but it's nice to see it prevail. As the Holomaxx vs Yahoo and Microsoft cases indicate, lawsuits brought by emailers against ISPs or filtering services face a long and uphill road, which should lead to a dead end," he writes.
This is of course a strong victory for all IPSs and hosting companies, and a losing day for spammers.
In other internet security news
It looks like Google has been victimized on its own domain. A company based in the Netherlands appears to have issued a digital certificate for Google.com to someone other than Google itself who may be using it to try to re-direct Internet traffic of users based in Iran (of all places).
On Sunday, someone reported on a Google support site that when attempting to log in to Gmail the browser issued a warning for the digital certificate used as proof that the site is legitimate, according to a thread on a Google support forum site.
"Today, when I tried to login to my Gmail account I saw a certificate warning in Chrome," someone using the screen name "alibo" wrote. "I think my ISP or my government did this attack because I live in Iran and you may hear something about the story of a Comodo hacker!"
Alibo then posted a screenshot and the text of the SSL certificate. The screenshot page was not accessible, however.
In this particular case, the browser of the person reporting the issue warned that there was a problem with the digital certificate. But it's unclear what triggered the warning in the first place while other browsers may not trigger anything.
In such an event, a user could end up on a site that purports to be google.com but isn't. The digital certificate definitely is fraudulent. This posting details how to verify that a certificate is real and notes that it was issued in mid-July.
The SSL certificate was issued by DigiNotar, based in the Netherlands. Representatives from the company did not immediately respond to an email seeking comment yesterday, and an automated message said the offices were closed for the evening and offered no voice-mail option.
A phone call and email to Vasco Data Security, parent company of DigiNotar, were not immediately returned either.
The situation is similar to one that happened last March in which spoofed certificates were found involving Google, Yahoo, Microsoft, and other major sites and they were traced back to Iran. In that incident, the fraudulent digital certificates were acquired through reseller partners of certificate authority Comodo.
These attacks further illustrate a fundamental weakness with the current website authentication system in which third parties issue certificates that prove that a site is legitimate when making an "https://" connection. And yes, the 'padlock' is closed, signaling a secure internet connection.
The list of rogue certificate issuers has increased significantly over the past few years to approximately 650 organizations, which may not always follow the strictest security procedures. Furthermore, each one has a copy of the Webmaster's keys.
There is no automated process to revoke fraudulent certificates either, nor is there a public list of certificates that companies like Comodo have issued, or even which of its resellers or partners have been given a duplicate set of the master keys.
Worse, there are no mechanisms to prevent fraudulent certificates for Yahoo Mail or Gmail from being issued by compromised companies, or repressive regimes bent on surveillance.
Today's flawed system gives browser makers a large amount of responsibility towards end users. Any list of so-called 'certificate authorities' they include will be trusted by billions of Web browsers around the world, unless users take the time to change the settings.
In other internet security news
A suspect has been charged by police investigating various Internet attacks allegedly carried out by hacking collective Anonymous against companies and organizations deemed to have acted against the whistleblower website Wikileaks.
Scotland Yard has named 22-year-old student Peter Gibson of Castleton Road, Hartlepool, Cleveland as one of the suspects alleged to have orchestrated DDoS (distributed denial of service) attacks on PayPal, Amazon, Mastercard and Bank of America in December of last year.
Gibson has been charged with conspiracy to do an unauthorised act in relation to a computer, with intent to impair the operation of a computer system or prevent or hinder access to a program or data held in a computer or to impair the operation of any such program or the reliability of such data, said Scotland Yard.
Those are actions that are contrary to Section 1(1) of the Criminal Law Act of 1977, it added.
The Computer Misuse Act, which carries maximum jail sentences of ten years, was not cited by the police.
Gibson is expected to appear at the City of Westminster Magistrates' Court on September 7, 2011.
Detectives at the specialist computer-crime unit quizzed Gibson in April this year. He was one of six people arrested in connection to a U.K. police probe into "Operation Avenge Assange". The five other UK-based men – aged, 15, 16, 19, 20 and 26 were also arrested, following coordinated police raids in the West Midlands, Northants, Herts, Surrey and London, under the Computer Misuse Act in January 2011.
It is alleged that the suspects set off Distributed Denial of Service attacks using a modified piece of open source software known as the Low Orbit Ion Cannon.
The software was used to send a constant stream of data to targeted websites in an effort to greatly slow down or to completely shut down the affected sites.
In July of this year, federal law-enforcement personnel in the U.S. also arrested 16 people accused of carrying out computer crimes that damaged or breached protected systems. Fourteen of these suspects, from ten states across the U.S., were alleged to have been involved in "Operation Avenge Assange".
Anonymous's assault against PayPal, MasterCard, Visa, Amazon, and others was mounted after those companies cut off services to WikiLeaks, following publication by the whistle-blower site of classified U.S. diplomatic memos.
In other internet security news
A police investigator working on Scotland Yard's inquiry into alleged phone-hacking at the now-defunct Sunday tabloid the News of the World was arrested by senior officers from the anti-corruption unit of London's Metropolitan police late last week.
The police said that on Thursday, August 18 they arrested a serving MPS officer from Operation Weeting on suspicion of misconduct in a public office relating to unauthorized disclosure of information as a result of a proactive operation.
They didn't release the name of the officer, who was described as a 51-year-old male detective constable, and Scotland Yard only confirmed he had been arrested after releasing the man on bail until September 29, pending further investigation.
As is customary in such incidents, the officer was suspended from his job the next day. "I made it very clear when I took on this investigation the need for operational and information security. It is hugely disappointing that this may not have been adhered to," said Deputy Assistant Commissioner Sue Akers, who is in charge of Operation Weeting.
"The MPS takes the unauthorized disclosure of information extremely seriously and has acted rapidly in making this arrest," she added.
Meanwhile, a thirty-five-year-old man was also released the next day, after being in police custody on suspicion of conspiring to unlawfully intercept voicemails.
He was bailed to return at a yet-to-be-determined date in October. Reports suggest that former NotW features writer Dan Evans was the man arrested then bailed by police on Friday.
James Desborough, who joined the Sunday tabloid as a reporter in 2005 before being promoted to Hollywood editor in 2009, was also arrested last Thursday as part of the Operation Weeting probe.
In other internet security news
On August 15, and after reporting on Anonymous' hacking of BART's Web site and after the leak of user information from mybart.org, some in the Internet security community started receiving messages on Twitter and elsewhere from sources purporting to be tied to Anonymous.
They were all critical of the leak of personal info from mybart.org, pointing to dissent on Twitter and Anonymous IRC channels. "Just wanted you to know not all of Anon approves!" read one of the messages. Then today, it seems to have all become too much for one former Anonymous hacker.
Until now, he's gone by the handle "SparkyBlaze" and now he officially resigned as a Manchester, U.K., resident named Matthew who has had enough of what he calls a lot of nonsense from a group that claims to do good and no evil.
He goes on to say that "higher-up" Anons have thrown other members of the collective "to the lions," claiming that Anonymous' campaigns and leadership have been ineffective and prey on "kids" to do their dirty work and risk arrest.
Some inside the internet security community contacted SparkyBlaze and asked if the BART operation was the last straw for him. He says "That was one factor, mainly it was because I was just fed up with anon putting people's data on-line and then claiming to be the big heroes."
SparkyBlaze adds that he did find it hypocritical that Anonymous claimed to be fighting for BART users by putting their data online.
With regard to his own involvement with Anonymous, SparkyBlaze says he supported a number of operations, "and some un-ethical ones that I am not proud of but, I never exposed people's data-- and of that, I can be proud of. I want to be clear on that."
He says he was proud to be involved in attacks on sites run by Iran's government, but not so proud to have been involved in the Sony attacks a few months ago.
"If I get arrested with this I will have to deal with it. I don't care about what anon do now and I just want to say that not all anon's are bad-- just a few. Some do want change. They are just going about it in the wrong way," said SparkyBlaze.
SparkyBlaze's defection from Anonymous has made at least minor waves within the organization. A post by Commander X, purported to have led a number of recent hacks, including last week's BART operation, suggests SparkyBlaze should be considered persona non grata:
SparkyBlaze says that that posting was in response to his calling Commander X an "idiot for exposing people's data and supporting it" coupled with his Pastebin.
You can link to the Internet Security web site as much as you like.