A Case of Network Identity Theft?
Digital real estate leased to one of the Internet's oldest landholders appears to have been quietly seized by e-mail marketers closely associated with an individual once tagged by anti-spam groups as one of the world's most notorious spammers.
What's remarkable about this case study is that it pits a vocal spammer against the American Registry for Internet Numbers, which has yet to take action. ARIN is one of five regional Internet registries worldwide that is responsible for allocating IP addresses (ARIN handles this process for the United States, Canada and 22 Caribbean countries).
The real estate in question is Internet address space long ago issued to San Francisco Bay Packet Radio, an organization that was involved way back in the 1970s in testing ARPANET, a predecessor to the global commercial Internet that we all use today. That organization was given the rights to do whatever it wanted with any numeric Internet addresses that begin with 134.17 (an allocation that is known in the industry as a "slash 16" or "/16," or enough Web space to accommodate up to 65,536 unique Internet addresses).
Back in the 1970s, blocks of IP addresses were given away like cotton candy to pretty much anyone who asked, and many entities that were awarded the stuff didn't use most of what they were given. The San Francisco Packet Radio group was no exception, which was probably why e-mail marketers figured that nobody would notice if they moved into that space and set up shop.
That entire swath of Internet space is now registered to an entity in Westminster, Colo., called SF Bay Packet Radio LLC, but except for a similar name, this company has no relation to San Francisco Bay Packet Radio.
The name on SF Bay Packet Radio LLC's business records lists a Trudy DeBell as the registered agent. DeBell also is the chief financial officer for a company called Media Breakaway, an online marketing company which lists as its president an attorney named Steven Richter. Richter says Media Breakaway has 70 employees and generates more than $100 million in annual revenue.
As it happens, Steven is father to one Scott Richter, an e-mail marketer who has been sued by a number of the Internet's biggest players -- including Microsoft, Myspace and former New York Attorney General Eliot Spitzer, for sending spam. In 2005, Scott Richter agreed to pay $7 million in damages to Microsoft. He is now CEO of Media Breakaway.
A trace through the global Internet routing tables conducted by Security Fix indicates that traffic destined for the Internet addresses previously owned by the original San Francisco Bay Packet Radio entity is now being routed through servers controlled by a San Diego based e-mail marketing company called JKS Media LLC.
Who owns JKS Media? When Security Fix tried connecting to the site over an FTP (file transfer protocol) connection, the greeting displayed by the site read "wholesalebandwidth.com," a company owned by Media Breakaway. Anti-spam activists have implicated wholesalebandwidth.com in multiple spam operations. Steve Richter confirmed that JKS Media also is owned by Media Breakaway.
So what about spam seen currently sent through networks now controlled by JKS Media? A review of records posted by both Spamhaus.org and e-mail provider Outblaze.com shows that a large number of Internet addresses on the company's Internet space have been blacklisted for sending junk e-mail.
A spokesperson for Spamhaus said that JKS Media/Media Breakaway had indeed hijacked the IP space from its previous owner, and that the IP space should be revoked under the rules set out by ARIN.
For his part, Steve Richter claims Media Breakaway obtained the IP space after purchasing SF Bay Packet Radio LLC (the company whose registered agent is Trudy DeBell, the current CFO of Media Breakaway). In an interview with Security Fix, Richter said the IP addresses are "legacy space," in that they were issued prior to ARIN's creation in 1997. As such, Richter maintains that ARIN has no control over the space.
"It's not controlled by ARIN, so there's no hijacking," Richter said. "It's not under ARIN's jurisdiction and we purchased a company that had that space. ARIN has nothing to say about it, it's not under their control. We haven't taken anything from anybody, haven't done anything that wasn't proper."
ARIN's General Counsel Stephen Ryan said ARIN was aware of the allegations and was investigating. "The matter has come to ARIN's attention, it is under review, and at this point I can't say more except that we're looking at it very diligently."
Ryan said depending on what its investigation unearths, ARIN has several options: It can demand more information from the registrant, revoke the IP space in question, and/or refer the matter to law enforcement if it is determined that the application filed false documentation about corporate records. If ARIN finds that Media Breakaway falsified documents to obtain the IP space, and the matter is referred to law enforcement, Media Breakaway could be charged with mail fraud or wire fraud if it falsely submitted those documents via the U.S. mail or over the Internet.
In January, ARIN revoked the IP space of a company in Houston that failed to pay annual maintenance fees for the space and refused to provide more information about a pending transfer of the IP space to a third party, which claimed it had purchased the company whose IP space it was requesting.
I suppose it is possible that groups like Outblaze and Spamhaus are simply mistaken in listing Internet addresses assigned to Media Breakaway as sending e-mail to people who did not agree to be spammed. But that activity becomes a lot harder to explain if it turns out that that company is sending commercial e-mails from Internet space that it obtained through trickery or sleight of hand.
This type of activity, sometimes called "network identity theft," is not unheard of. In February, Security Fix wrote about an Internet censorship order by the government of Pakistan led to the inadvertent hijacking of traffic destined for Youtube.com. A more blatant and purposeful incident occurred in 2003, when Los Angeles County found that a substantial portion of its Internet space had been fraudulently hijacked by a guy who operates a network largely populated by porn sites.
Much of the information in this post comes from research conducted and written about last week by Ronald Guilmette, a man who has unsuccessfully tried to sue the Richters on two occasions.
I spoke with Guilmette at length over the weekend about his findings, but he was not eager to be quoted in this story, citing previous run-ins with the Richters and the money it cost him. Looking at the legal acumen Richter the elder exhibited in deflecting the brunt of Myspace's spam suit against him speaks volumes about the reason for Guilmette's reluctance.
Interestingly, Scott Richter's attorneys pointed out to the judge in the case that MySpace's own terms of service stipulate that either party to a dispute over violations of the company's terms of service can demand to settle the dispute through arbitration. As a result, in August of last year the judge in the matter ordered both sides into arbitration, and dismissed the lawsuit.
I could not find current contact information for anyone who worked on the original San Francisco Bay Packet Radio project. If you or someone you know was affiliated with that effort, please drop me a line or leave a comment below.
Posted by: blob | April 30, 2008 1:39 AM | Report abuse
Posted by: joel jaeggli | April 30, 2008 3:57 AM | Report abuse
Posted by: Anonymous | April 30, 2008 6:35 AM | Report abuse
Posted by: Dave Clemans | April 30, 2008 4:04 PM | Report abuse
Posted by: Danny McPherson | April 30, 2008 7:55 PM | Report abuse
Posted by: Michael Peddemors | April 30, 2008 11:41 PM | Report abuse
Posted by: Hizself | May 1, 2008 5:50 AM | Report abuse
Posted by: SRS | May 2, 2008 10:54 PM | Report abuse
Posted by: Buddy Milo | May 3, 2008 8:37 AM | Report abuse
Posted by: Marshall Eubanks | May 4, 2008 10:53 AM | Report abuse
Posted by: Airline Ticket | May 5, 2008 6:28 AM | Report abuse
Posted by: dvd | May 8, 2008 3:00 PM | Report abuse
Posted by: bob Vaughan | May 13, 2008 3:49 PM | Report abuse
Posted by: no fax payday loan-david | August 18, 2008 6:44 AM | Report abuse
The comments to this entry are closed.