Ralsky Indictment Won't Reduce Spam
Many security experts say the overall impact to the amount of spam on the Web will likely be negligible, if anything at all after Thursday's federal grand jury indictment of "spam king" Alan Ralsky. Federal charges were brought against the Michigan man and nine others for running an international spamming and stock fraud scheme following a three-year investigation.
"From my perspective, every time there's one of these high profile indictments, spam never decreases," said Paul Ferguson, advanced threats researcher and security intelligence for Trend Micro. "It's not even a blip on the radar screen."
Others however, believe that spam will generally taper slightly in the wake of a highly publicized case.
"At any one time, 50 percent of spam is created by a handful of individuals," said Richard Stiennon, chief marketing officer for Fortinet, adding that, "It actually slows down," after a highly publicized case.
The U.S. Justice Department announced last week that the federal grand jury in Detroit indicted Ralsky, 62, of West Bloomfield, Mich. for violating the U.S. "CAN SPAM" Act and other federal fraud and money laundering legislation.
"It's a little bit like getting Al Capone on tax fraud charges," said Stiennon. "The FBI has been after Ralsky for years and years. Now we're getting him on a pretty serious charge."
Ferguson said that despite complex laws regulating spam and phishing scams, statistics have consistently shown that spam has risen exponentially since the "CAN SPAM" Act was initiated in 2004. And other experts don't anticipate that this growing trend will plateau any time soon.
"Criminals are young," said Stiennon. "They have short memories. They might back off, but they'll just find better ways to hide their activities and protect themselves."
Ralsky and nine others were charged Thursday with 41 counts of fraud and money laundering while running an illegal, international spamming operation that sold phony, "pump and dump" stocks. So far, three of the accused individuals have been arrested, including Ralsky's son-in-law Scott Bradley,46, Judy Devenow, 55, and How Wai John Hui, 49, a dual national of Canada and Hong Kong. The seven other defendants, hailing from Hong Kong, Russia, Canada, California and Arizona, are still at large.
U.S. Attorney Stephen Murphy said in a written statement that the charges "seek to knock out one of the largest illegal spamming and fraud operations in the country, an international scheme to make money by manipulating stock prices through illegal spam and e-mail promotions."
Ralsky's attorney Philip Kushner said his client maintains his innocence and was "not expecting the indictment." Kushner said that Ralsky was out of the country temporarily but planned on returning to the U.S. within a few days.
All 41 counts cover federal regulations governed by "Fraud in Connection with Electronic Mail," also known as the "CAN SPAM" Act, as well as computer, mail and wire fraud and money laundering. The indictment also included criminal asset forfeiture counts and charges one defendant with making false statements to law enforcement. The charges arose after an extensive three-year investigation by the Federal Bureau of Investigation, along with the U.S. Postal Inspection Service and the Internal Revenue Service.
The elaborate scheme entailed widespread spam blasts that enticed users to buy thinly traded Chinese penny stocks. The transaction subsequently drove up the stock prices and the cyber criminals reaped profits by selling the stock at artificially inflated prices.
The defendants used various malware and phishing tool kits in order to maximize the amount of spam that circumvented spam-blocking devices and tricked recipients into opening, and acting upon, the advertisements contained in the message, according to the indictment.
Members of the spam ring executed attacks by utilizing a complex botnet, which sent malicious code that instructed the infected computers to generate more spam. The e-mail's content included "headers" in the messages using bot computers and falsely registered domain names, in addition to misrepresenting the advertising content of the messages.
The indictment stated that defendants earned significant profits after users responded to the e-mail and purchased the phony and illegal products. Investigators estimate that the scam generated approximately $3 million for Ralsky and his team during the summer of 2005 alone.
With anticipated spikes in malware in 2008, experts believe that there will likely be more cases that prosecute high profile cyber crime. But whether the cases will result in less spam remains to be seen.
"The truth of the matter is, it takes months or sometimes years for law enforcement to go and present that to a states attorney general," said Ferguson. "It's very difficult to take the technological advances and marry them with the judicial ones.