Upload
stephanie-lindsey
View
212
Download
0
Tags:
Embed Size (px)
Citation preview
Observations on the Jeremy Jaynes Criminal Spam Trial
Jon Praed Internet Law Group
jon.praed(at)i-lawgroup.com
Who Is Jeremy Jaynes?
• ROKSO listed spammer• Alias “Gaven Stubberfield”• 29, resident of Raleigh, North Carolina• Investor in local restaurant and health club• More insights available at:
http://newsobserver.com/news/story/1828341p-8141513c.html
• Tried with sister Jessica DeGroot and Richard Rutkowski
The Spam Samples
Spam Sample -- Penny Stock
Picker
Spam Sample -- Internet History
Eraser
Spam Sample -Fed Ex Refund
Processor
Spam Timeline, Volumes & Fingerprints
Spam Fingerprints from July 16
Complaint Count Unique IPsAll IP Blocks 493,181 1,862
64.247.166.* 94,287 24864.247.167.* 93,316 24869.42.227.* 46,215 250216.245.239.* 86,007 218
319,825 964
By IP Block
Domain Registrant Address Telephone Contact Traceroutecamperon.com Dante Consulting 6300 Creedmoor Rd., Raleigh, NC 27613 919-785-4287 Janet Marsh 157.130.48.98realbiz.cc Dante Consulting 6300 Creedmoor Rd., Raleigh, NC 27613 919-785-4287 Janet Marsh 157.130.48.98singlesource.cc Dante Consulting 6300 Creedmoor Rd., Raleigh, NC 27613 919-785-4287 Janet Marsh 157.130.48.98valleyweb.bz Manner Ops 6458 Creedmoor Rd, Raleigh, NC 27613 919-782-5472 Sam Ramsey n/a
From Domains
bidonit.bz Not Registeredbuttercookie.net Not Registerednomorepride.com Not Registeredwiggyweb.com Not Registered
Helo Domains
IP Block Block Owner Address Telephone Contact Traceroute216.245.239.*** Inet Consulting 8601 Ray Rd, Raleigh, NC 27613 919- 839-2702 John Jones 157.130.48.98
Davis Consulting 3105 Holston Lane, Raleigh, NC 27610 919-230-2661 Charles Davis 157.130.48.98Vinter Internet 6557 Glenwood Ave., Raleigh, NC 27613 919-565-7438 Patesh Vinter 157.130.48.98
64.247.166.*** CJ Online 2054 Kildaire Farm Rd. Cary, NC 27511 919-777-1404 John Rodgers 157.130.48.98Circular Web Services 2448 Melvid Ct., Raleigh, NC 27610 919-347-1484 Robert Franks 157.130.48.98BufferD 4882 Poole Rd., Raliegh, NC 27610 919-347-1484 Robert Franks 157.130.48.98
64.247.167.*** CJ Online 2054 Kildaire Farm Rd. Cary, NC 27511 919-777-1404 John Rodgers 157.130.48.98Circular Web Services 2448 Melvid Ct., Raleigh, NC 27610 919-347-1484 Robert Franks 157.130.48.98BufferD 4882 Poole Rd., Raliegh, NC 27610 919-347-1484 Robert Franks 157.130.48.98
69.42.227.*** JKR Communications 2115 E. Millbrook Rd, Raleigh, NC 27604 919-856-8327 Don Drummon 4.24.239.122ATC Internet Solutions 5003 Falls of Neuse, Raleigh, NC 27609 919-875-3000 Andy Holmes 4.24.239.122a1 Consulting 45 E Ridge Road, Raleigh, NC, 27606 919-868-5472 William Jefferys 4.24.239.122
Connecting MTA IP Addresses
Virginia Criminal Spam Statute (Va. Code § 18.2-152.3:1)
1. Use of a computer or computer network
2. With intent to falsify or forge electronic mail transmission information or other routing information in any manner
3. in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers
Felony (Class 6)
• 10,000 attempted recipients over one day (24 hour period)
• 100,000…over 30 days
• 1 million…over one year
Penalty (per offense)
• 1 year to 5 years in prison
• $2,500 fine
Criminal Investigation Proceeds
July through December 2003
Jaynes Arrested, House Searched & Evidence SeizedDecember 11, 2003
Spam Office in Spare Bedroom
Rack Mount in Spare Bedroom
Evidence Seized
• Computers, routers– Laptops, desktops, servers– Contents recovered
• CDs & DVDs– email address lists – lists of user names & domain names– “anti-spammer” email address lists
• Other Physical Evidence
“Spam Interruptus”
Text of Email Found on Seized Computer
Email Text from Seized Computer
Email Sample from Report Spam
Notes Recovered from Trash Can
Notes Admitted into Evidence
Notes Admitted into Evidence
Merchant Credit Card Account
Sales per month
Merchant Credit Card Account
x $40.00 per sale
$440,000 per month
Sales per month
Merchant Credit Card Account
Refunds/charge backs
Merchant Credit Card Account
Refunds/charge backs
x $40.00 per sale
($332,000) per month
Merchant Credit Card Account
Sales per month
$440,000 sales
- $332,000 returns
$108,000 gross profit per month
Falsification of Transmission Information
ARIN Contract
Proof of Payment for Domain Name Registration
• Valid Visa credit card
• False names (“Janet Marsh”)
• Card successfully charged
• Charge was not disputed
• Signatory on card (Jessica Jaynes)
Testimony of UPS Store Owner
• Postal Form 1583 Required by Law• Not One Customer Named “John Rogers” • Nine Years of Records
UPS Store Application
Proof the Emails were “Unsolicited”
• Recipient testimony– Burdensome and unwieldy– Indirect admission is difficult (hearsay)
• Absence of evidence of request for solicitation in spammers’ possession (Absence of business record)
• Expert testimony
Expert Testimony:Drug Dealers and Spammers
• Police officers routinely qualify as experts on drug possession charges
• No “ultimate fact” (can’t say “in my opinion, defendant is a dealer”)
• Quantity of drugs found on defendant is “not consistent with personal consumption”
• Prosecutor argues evidence shows defendant “is a dealer”
Dr. John Levine
• Expert for the Commonwealth• Testified Defendants’ email patterns were
“not consistent with solicited email practices”– Inconsistent from lines
– Large number of IP addresses used
– .bz domain names (Belize)
• Untouchable on cross examination• See Dr. Levine’s article on CircleID.com
(http://www.circleid.com/article/804_0_1_0_C/)
Defendants’ Defenses• No factual defense• Constitutional Challenges
– First Amendment– Commerce Clause
• Personal Jurisdiction in Virginia• Venue in Loudoun County• Lack of proof that volumes exceeded 10,000/day• Meaning of “Falsification” and “Unsolicited”• July 1, 2003 as “flag day”
Jury Verdict & Sentence
• Deliberated day and a half• Jeremy Jaynes
– Guilty of 3 felony spam counts– 3 years per count
• Jessica Jaynes DeGroot– Guilty of 3 felony spam counts– $2,500 fine per count
• Richard Rutkowski– Not guilty
Lessons Learned• Juries understand the technology• Searches and seizures are important to preserving
evidence• While difficult, “unsolicited” can be proved without
testimony from recipients, via an expert• Offshore movement of bank accounts will complicate
proof• The “Jessica Effect” -- spam accomplices are now more
likely to “flip”• Despite public animosity against spam, jury system
works well
Questions?
Observations on the Jeremy Jaynes Criminal Spam Trial
Jon Praed Internet Law Group
jon.praed(at)i-lawgroup.com