Presentation is loading. Please wait.

Presentation is loading. Please wait.

To Catch (and Prosecute) a Spammer: A Case Study of United States v. Alan Ralsky, et al. Terrence Berg United States Attorney Eastern District of Michigan.

Published byGeorgia Lily Murphy Modified over 9 years ago

Similar presentations

Presentation on theme: "To Catch (and Prosecute) a Spammer: A Case Study of United States v. Alan Ralsky, et al. Terrence Berg United States Attorney Eastern District of Michigan."— Presentation transcript:

1 To Catch (and Prosecute) a Spammer: A Case Study of United States v. Alan Ralsky, et al. Terrence Berg United States Attorney Eastern District of Michigan

2 The “Godfather of Spam”? From USA TODAY 6/25/2003 article, by Jon Swartz: “Given all the crap that's going on with spam, it's probably not wise to have a high profile,” says Alan Ralsky, 58, who calls himself “the Godfather of spam.” The gruff West Bloomfield, Mich., resident says he sends 30 million e-mails abroad each day peddling jewelry and vacation giveaways.

3 “I’ll never quit” November 22, 2002 Detroit Free Press article by Mike Wendland: “I've gone overseas,” [Ralsky] said. “I now send most of my mail from other countries. And that's a shame. I pay a fortune to providers to do this, and I'd much rather have it go to American companies. But I have to stay in business, and if I have to go out of the country, then so be it.” “I'll never quit,” said the 57-year-old master of spam. “I like what I do. This is the greatest business in the world.” CAN-SPAM Act effective January 1, 2004, 18 U.S.C. § 1037.

4 What was made illegal by CAN-SPAM? (1) intentionally falsifying header information; (2) registering domains using false info; (3) unauthorized use of proxies to deceive: or (4) accessing another’s computer without authorization... And intentionally initiating “multiple commercial email messages” “multiple” = > 100 in 24 hours; > 1,000 in 30 days; or > 10,000 in 1 year.

5 Penalties under CAN-SPAM 5-year felony if ▫Committed in furtherance of a felony ▫Defendant has § 1030 or state spam prior 3-year felony if ▫Use of another’s computer to spam ▫False registration involving > 20 emails or online user account registrations or 10 or > domain registrations ▫Volume email = > 2500 in 24 hours; > 25,000 in 30 days; > 250,000 in 1 year ▫Offense caused $5000 or > in loss in 1 year 1-year misdemeanor otherwise.

6 Who’d have thought? MS referral v. ultimate charges: leads, trap accts, tunneling, link charts v. Chinese penny stock pump and dump/ outsourced spamming/ botnet. Couldn’t commit crime without Internet and computers but couldn’t prove crime with Internet and computers either. Complexity of scheme v. simple tools to solve it

7 Milestones on Road to Prosecution Daniel Lin, first CAN-SPAM defendant (4/04), turned out to have worked for Ralsky. MS referral (9/04) FBI and USPIS ▫Alan Ralsky, Scott Bradley, Judy Devenow ▫Brazil ▫Link chart from heqq September 2004 – May 2005 ▫Reviewing materials ▫GJ investigation MS referral II (5/05): focus on potentially false domain registrations.

8 Milestones Many sources of info: ▫Public source (SPAMHAUS) ▫Domain registration info ▫Trap account emails ▫Bank records ▫Internet connectivity records ▫SW on e-mail accounts Showed: ▫Bradley is paying to have over 1000 domain names registered, some domains registered with false name/address, high volumes spam from these domains ▫Devenow co. registered a /21 block of IP numbers ▫Connectivity for block paid for by Bradley ▫Computers are in L.A. and Fresno at “GDC Layer One ”

9 Take-down Five simultaneous SWs on September 1, 2005 ▫Residences of Ralsky, Bradley,(W. Bloomfield) Devenow (E. Lansing) ▫GDC Layer One in L.A. and Fresno – roll-over SW  Colo and sys admin for mailing operation: John Bown and William Neil 64 computers from LA 15 computers from MI residences 11 computers from Fresno Boxes of paper records, free HDs, CDs, floppys

10 Now comes the hard part Need to review and understand 90+ computers as well as records, etc. Other records from GJ subpoenas too. Importance of old-fashioned detective work, evidence ▫Handwritten notes in Scott Bradley’s house are tally sheets of stock ticker symbols, and amounts, seem to divide in “shares”. ▫Need for witnesses/insiders to tell what was going on

11 Emails and Chat The stored emails and chat on SB and AR computers told the story ▫Paying for proxies ▫Paying for spammers  2 spammers and 1 colo guy cooperate, testify - crucial  Records show in-house spamming too ▫“Frankie” = Frank Tribble ▫“Hui” = John Hui ▫Outlines of pump and dump scheme start to take shape

12 Need for Real People as Witnesses to Spamming Operation Identified 2 low-level spammers and 1 colo guy Approach and interview Contract spammers admit ▫Ralsky and Bradley were aware of proxies being used ▫Identified certain stocks as ones they spammed ▫Authenticated chats and e-mails Colo guy admits ▫Use of software to spam – phony header info ▫Aware of connection to China

13 The Role of Spamming Software “Dark Mailer” ; “Nexus” Defs use several kinds Updates for Nexus reference “Proxy Scanner” – intended to find and connect to proxies Owner and Developer of Nexus admits his role in creating software for purpose of spamming Lightspeed Marketing and Dave Patton

14 Overview of Evidence of Stock Manipulation Scheme E-mails, chats, and other communications among co-conspirators Sample e-mails from Bradley’s seed account Internal financial records Analysis of wire transfers, timed with spam campaigns and internal e-mails Analysis of trading activity and market prices Testimony of co-conspirators/insiders

15 15 What we see from evidence seized Appears to be a pump-and-dump. ▫Approximately 50 Ticker Symbols ▫Chinese corporations ▫Shell companies ▫At least three brokerage firms ▫Need to consult with SEC Many domestic and international mailers being hired to mail via proxies and botnets, or whatever means available. Hard to trace/track/identify.

16 Post-SW, the operation continues We learn they are attempting to set up a bot-net to spam We pursue several investigative avenues that are unsuccessful Examples of evidence

17 Steps in the Pump and Dump Scam Shares of Chinese penny stock companies are issued to “straw” purchasers in China ▫Trading accounts opened at same broker over short period of time in names of numerous foreign S/H ▫Immediate deposit of large (200K plus) shares into newly opened accounts Spammers are provided with “news” – ad copy ▫Spam mail blasted out touting stock ▫Sales in tens of thousands of shares/day 17

18 Return path: <phony name@phonydomain.comname@phonydomain.com X-Original To: <phone name@phoney domain Delivered To: <phony name@phony domain Received from: PR Newswire: Major Financial News Released Today: CWTD continues to climb after launching new product/acquisition/announcing major contract. CWTD has more than doubled over the last 8 weeks. We strongly urge you to watch this stock first thing on Monday morning. Current Price: $0.75 7-day projection: $5.50 E.g., INTERNET IPO! Day 1. Hui/Tribble deposit large blocks of “CWTD” shares into “straw man” brokerage accounts of dozens of phony accountholders Day 2. Ralsky/Bradley & mailers send spam touting CWTD Proxies and Bots Overview of Stock Spam Pump and Dump Scheme False headers/ IPs thru proxies/botnets False touts and no disclaimers Spam recipients buy CWTD stock, “pumping” up price Day 3. Day 4. Hui/Tribble sell/”dump” shares of CWTD at inflated prices, price falls Stock proceeds wired from U.S. brokerage to Hong Kong bank back to Superior Distributing to be dispersed to Ralsky, Hui, Tribble Phony Brokerage Accountholders

19 Activity Behind the Scenes Numerous wire transactions and communications between members of the conspiracy. Reimbursement is based upon daily average stock price Negotiation for deals w/new companies 19

20 20 Scope of Scheme Potentially three brokerage firms being used. >$20 Million to China from ONE firm. email4u (Ralsky) says: 20% to us 20% to u 20% to frank and 40% to the client is that right Evidence from searches has split being at least 50/50 and as much as 60/40. 50 Ticker Symbols >20 accounts at one brokerage firm.

21 Following the money John Hui – Hong Kong CEO of CWTD, has connection with Chinese companies issuing penny stocks Frank Tribble – prior SEC investigation for spamming stock, seems to be directing the trades in these shares Money from the sale of shares in these stocks is being sent to Scott Bradley’s bank account Tribble is in LA County Jail on manslaughter case

22 Indictment Near, but Need Witnesses on Pump and Dump Feds come calling in LA County Jail 12/07 No progress at first On advice of counsel, Tribble cooperates Opens up the stock pump and dump ▫Chinese straw owners ▫Use of shell companies ▫Goal of manipulating the market ▫Who’s who re: John Hui, Chinese companies, etc. Now we have witnesses for spamming and for pump and dump

23 IT HAPPENS! GJ returns Indictment under seal on 12-14-07 John Hui arrested @ 1/08/08 entering US at JFK Airport, indictment unsealed.

24 Unusual Challenges Volume of discovery ▫3 separate 1 TB portable drives used to store discovery ▫Took longer than normal to produce to defs Explaining the case to defendants and defense counsel ▫41 Counts/ 11 Defendants ▫The role of plea negotiations ▫Value of expertise – CCIPS, SEC, MS, others

25 Dam begins to break, becomes torrent Judy Devenow cooperates and pleads guilty, October 18, 2008 John Hui cooperates and pleads guilty, December 16, 2008 “Reverse proffers” begin – Ralsky et al. throw in the towel June 22, 2009: Ralsky, Bradley, Bown, Neil and Fite plead guilty Patton pleads guilty July 7 Bragg is fugitive, apprehended and pleads guilty Aug 20

26 Exposure DefendantPlea Agreement RalskyUp to 43 months if cooperates BradleyUp to 39 months if cooperates DevenowUp to 21 months if cooperates BownUp to 46 months if cooperates NeilUp to 37 months if cooperates BraggUp to 30 months if cooperates FiteUp to 24 months if cooperates HuiUp to 39 months if cooperates TribbleUp to 54 months if cooperates PattonUp to 16 months if cooperates

27 Sentencing Dates Set November 23 and 24(Happy Thanksgiving!) Court has discretion to fashion appropriate sentences regardless of plea agreements. Court will weigh relative culpability of defendants; factors relating to the history and nature of each defendant and role. Investigation not yet closed...

28 Lessons Get their computers Good luck dealing with so many computers Records (emails, chat, etc.) likely to be incriminating, but Get witnesses who can “tell the story” of what they were doing Bring in as much expertise as possible

29 Thanks Questions? Terrence Berg U.S. Attorney E.D. Michigan

Download ppt "To Catch (and Prosecute) a Spammer: A Case Study of United States v. Alan Ralsky, et al. Terrence Berg United States Attorney Eastern District of Michigan."

Similar presentations

REFINING YOUR DISCOVERY TACTICS: A PLAINTIFF PERSPECTIVE Amanda A. Farahany Barrett & Farahany, LLP 1401 Peachtree Street, Suite 101 Atlanta, GA 30309.

REFINING YOUR DISCOVERY TACTICS: A PLAINTIFF PERSPECTIVE Amanda A. Farahany Barrett & Farahany, LLP 1401 Peachtree Street, Suite 101 Atlanta, GA
How Lawsuits Against Spammers Can Aid Spam-Filtering Technology: A Spam Litigators View From the Front Lines Jon Praed Internet Law Group

How Lawsuits Against Spammers Can Aid Spam-Filtering Technology: A Spam Litigators View From the Front Lines Jon Praed Internet Law Group
Observations on the Jeremy Jaynes Criminal Spam Trial Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com.

Observations on the Jeremy Jaynes Criminal Spam Trial Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com.
CHAPTER 25 Checking Accounts. CHAPTER 25 Checking Accounts.

CHAPTER 25 Checking Accounts. CHAPTER 25 Checking Accounts.
2012 ICN Cartel Workshop Panama City, Panama, Thursday, October 4 th, 2012 Lisa M. Phelan Chief of the National Criminal Enforcement Section (NCES) United.

2012 ICN Cartel Workshop Panama City, Panama, Thursday, October 4 th, 2012 Lisa M. Phelan Chief of the National Criminal Enforcement Section (NCES) United.
FURTHER CONSIDERATIONS (By Frank Wood and Alan Sangster, 2005)

FURTHER CONSIDERATIONS (By Frank Wood and Alan Sangster, 2005)
Residential Mortgage Fraud Enforcement: Trends and Identifying Schemes Gary Crabtree, SRA Affiliated Appraisers Bakersfield, CA.

Residential Mortgage Fraud Enforcement: Trends and Identifying Schemes Gary Crabtree, SRA Affiliated Appraisers Bakersfield, CA.
Prescription for Criminal Justice Forensics. The government has all but declared a national state of emergency regarding computer-related crimes and has.

Prescription for Criminal Justice Forensics. The government has all but declared a national state of emergency regarding computer-related crimes and has.
2014 User Group Meeting – Maumee Bay Lodge and Convention Center Presented by: John Underwood Brian Gribble.

2014 User Group Meeting – Maumee Bay Lodge and Convention Center Presented by: John Underwood Brian Gribble.
NJ DUI Law Firm Presentation New Jersey DWI, Motor Vehicle & Criminal Attorney Law Office of Bartholomew Baffuto www.MvDwi.com www.mvdwi.com Bartholomew.

NJ DUI Law Firm Presentation New Jersey DWI, Motor Vehicle & Criminal Attorney Law Office of Bartholomew Baffuto Bartholomew.
11-1. 11-2 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Chapter 11 Reporting and Interpreting Stockholders’

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Chapter 11 Reporting and Interpreting Stockholders’
Dividends, Dividend Policy and Stock Splits. 7-2 1. Understand the formal process for paying dividends and differentiate between the most common types.

Dividends, Dividend Policy and Stock Splits Understand the formal process for paying dividends and differentiate between the most common types.
Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Reporting and Interpreting Owners’ Equity Chapter 11.

Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Reporting and Interpreting Owners’ Equity Chapter 11.
© Copyright IBSP – IBSP Hong Kong Ltd 2010 www.ibsp.net Internet Business Service Provider.

© Copyright IBSP – IBSP Hong Kong Ltd Internet Business Service Provider.
What will happen if you get arrested!. Oh man Mr. Mason I just got arrested! What is going to happen to me now?

What will happen if you get arrested!. Oh man Mr. Mason I just got arrested! What is going to happen to me now?
John W. McReynolds Assistant Chief, New York Field Office Antitrust Division, U.S. Department of Justice Judicial Training Program Moscow, Russia July.

John W. McReynolds Assistant Chief, New York Field Office Antitrust Division, U.S. Department of Justice Judicial Training Program Moscow, Russia July.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Time Share Fraud Investigations

Time Share Fraud Investigations
1 ACME Co. How to use this template  Description –This template allows you to explain the rules/details of your plan, as well as introduce Solium as your.

1 ACME Co. How to use this template  Description –This template allows you to explain the rules/details of your plan, as well as introduce Solium as your.
FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT Legal Follow-Up Chapter 18.

FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT Legal Follow-Up Chapter 18.

Similar presentations

Ads by Google