EarthLink sues spam, identity-theft rings

The ISP is suing to recover an estimated $5 million

EarthLink Inc. has filed suit against two spam e-mail rings with operations in the U.S. and Canada.

The Atlanta Internet service provider said on Aug. 26 that it's suing to recover an estimated $5 million in lost employee productivity and Internet bandwidth that it claims was spent managing more than 250 million e-mail messages sent from e-mail addresses on its network, according to Pete Wellborn, outside legal counsel for EarthLink.

The suit targets two separate spam operations. The first, based in Birmingham, Ala., is believed to be behind a variety of spam campaigns, including pitches for "herbal Viagra," pornography and online dating services. The ring used about a dozen Birmingham-area phone numbers to connect to more than 100 dial-up EarthLink accounts, which were paid for with phony customer names and addresses and used to send the spam, Wellborn said.

A second ring, in Vancouver, British Columbia, used about six different phone numbers to connect to EarthLink accounts as part of a massive "phisher" scheme to trick unsuspecting Internet users into passing on sensitive information such as account passwords and credit card numbers, Wellborn said. Phisher schemes use Web pages designed to look like legitimate Web sites such as Amazon.com or PayPal.com in complicated ruses to capture account information from customers.

Among other things, the Vancouver spammers used stolen EarthLink accounts to send e-mail messages to America Online members, posing as AOL and seeking account information such as user names, passwords and credit card information, according to EarthLink spokeswoman Carla Shaw.

The suits are important not just because of the problem of spam, but also because both spam rings have links to the larger problem of identity theft, according to Shaw. "These are criminals who have been trying to steal user information," she said.

In addition, the Alabama spam ring appeared to use sophisticated technology to conduct business, Wellborn said.

The spammers have a software-based automatic log-in system that immediately attempts to reconnect the spammers to EarthLink's network once an active connection fails. They are also allegedly using dynamically hosted Web sites that appear on the Internet only as long as the spammers are logged in, then disappear once they have logged off.

The transitory nature of the operation makes it especially hard to attach names to EarthLink's case, Wellborn said.

The suit is just the latest in a wave of legal actions brought by prominent Internet service providers and online vendors against spammers and unscrupulous online marketers. Amazon.com Inc. said Monday that it was filing suit against 11 online marketers, claiming they misappropriated its name in e-mail solicitations (see story). And in May, EarthLink won a $16 million judgment against a New York man who allegedly sent more than 825 million spam messages through the service provider's network.

Where that case involved one man who was responsible for a large volume of spam messages, the latest cases involve technologically sophisticated gangs of spammers, Wellborn said.

By filing suit against the as-yet-unnamed spammers, EarthLink hopes to use subpoenas of Internet service providers, mailbox rental companies and domain registrars to track down their identities, Shaw said.

5 power user tips for Microsoft OneNote
  
Shop Tech Products at Amazon