Facebook May Prove That Spam King Is Not Invincible

If you’ve been on the Internet at any point in the last decade, you’ve likely seen the work of one Sanford Wallace. Also known as the Spam King or Spamford Wallace, this prolific and notorious spammer finally met his match on July 6, 2011, when the Justice Department indicted Wallace, under seal, on eleven counts connected to spamming on Facebook.

In 2009, Facebook filed a civil suit against Wallace for the same activities covered in the indictment. In a default judgment, the court awarded Facebook $711 million, the highest monetary judgment against a spammer.  The judgment also permanently enjoined Wallace from accessing the Facebook web site.

Following the indictment, Wallace was arrested on August 4, 2011. After arraignment, he was released on a $100,000 unsecured bond after pleading not guilty. His next court appearance is scheduled for August 22, 2011.

The Indictment

The indictment included seven counts of different statues under fraud and related activities in connection with electronic mail, three counts of intentional damage to a protected computer, and two counts of criminal contempt. If convicted on all counts, Wallace could face 46 years in prison, $2.25 million in fines, and forfeiture of monies and property.

The indictment alleges, over a five month period in 2008 and 2009, Wallace compromised approximately 500,000 Facebook accounts using phishing attacks to send over 27 million spam wall posts.

Wallace began his scheme by testing measures to avoid Facebook spam filters through two accounts. Once he felt he was able to circumvent the spam filters, he began implementing the spamming scheme. By deceiving the end user, he collected their e-mail address, full name, and password for Facebook login through phishing websites.

Once this information was submitted by the user, they were redirected to affiliate sites where Wallace earned substantial commissions. The indictment does not specify which affiliate networks or advertisers were involved. Wallace then used automated scripts to access friend lists of the compromised accounts and post his spam messages on their walls.

Wallace used multiple tactics in an attempt to evade detection of the spam attacks. Through two separate domain registrar companies, he registered approximately 2500 domains using fictitious names. These domains were then used in his spam messages. Additionally, he used over 300 different IP addresses through proxies to post the spam messages on Facebook.

The two criminal contempt charges stem from the default judgment in the Facebook civil suit since Wallace was permanently enjoined from accessing Facebook. The first count comes from Wallace accessing his Facebook account during a flight on Virgin Airlines. The second count comes from Wallace accessing a fake Facebook account on three separate occasions.

Chronicles of a Spam King’s Legal Woes

Wallace’s consistent disregard of legal proceedings brought against him over the years is probably a large contributing factor to his notoriety. He has a long history of court rulings against him for spamming.

1996-1997

During the late 90s, numerous ISPs filed civil lawsuits against Sanford Wallace and his company, Cyber Promotions, for sending copious amounts of spam emails through their systems. These included Concentric Network , CompuServe, Prodigy Services, BigFoot Partners, AOL, and Earthlink. Wallace also filed some of his own lawsuits against ISPs under different claims that he had a right to use their platforms to send spam email. The most notable case was against AOL where Wallace claimed sending bulk commercial email fell under his First Amendment rights.

Numerous cases went against Wallace. He settled many of the cases against him with injunctions barring him from major ISPs. The Earthlink case also yielded the first significant monetary judgment against Wallace for $1 million, and the case is attributed to the demise of Cyber Promotions.

1998

Wallace publicly announced he was retiring from the spamming business. Many questioned the truth of Wallace’s claim and history seems to have proven their suspicions correct.

1999

Wallace filed a civil suit against anti-spam advocate Mark Welch after Welch complained to Wallace’s ISP of receiving spam from Wallace’s company SmartBot.net. Wallace claimed he was retired from spamming and had his service wrongfully disconnected because of Welch’s complaint. Wallace dropped the lawsuit a month later. Wallace’s company SmartBot was later named in a complaint brought by the FTC against Wallace.

2004

The FTC filed a suit against Wallace and two of his corporations for installing bogus anti-spyware software and adware for others on consumers’ computers without their consent.

2006

The FTC received a default judgment in the case filed in 2004 against Wallace. Wallace was enjoined from exploiting security holes on computers and installing software without the end user’s consent. He was also fined $4.1 million.

The FTC also filed a suit against Walter Rines and his company Odysseus Marketing for installing spyware on consumer’s computers without their consent. In November 2006, the FTC entered into a stipulated order for a permanent injunction against Rines, and any party working with Rines, from installing software on consumer computers without their consent. Wallace had a business partnership with Rines and was bound by this FTC order.

2008

MySpace receives a default judgment against Wallace and Rines for phishing and spamming MySpace accounts. MySpace was awarded $160 million against Wallace and $223 million against Rines for CANSPAM violations. MySpace was also awarded an additional $1.5 million for violations of anti-phishing laws. Both Wallace and Rines were both permanently enjoined from using the MySpace site.

The FTC then filed a motion to hold Wallace and Rines in contempt of the permanent injunction of 2006 because of their activities on MySpace.

2009

Facebook filed a civil suit against Sanford Wallace, Adam Arzoomanian, and Scott Shaw for posting spam wall posts through compromised Facebook accounts. The court issued a default judgment against Wallace, fining him $711 million and permanently enjoining him against using Facebook. At the time, this was the highest civil penalty awarded in a spam case.

The court issued a contempt order against Wallace and Rines connected to the FTC motion of 2008. A fine of $555,850.04 was levied. As a result, Wallace filed for personal Chapter 7 bankruptcy. The case was dismissed when Wallace failed to file all necessary documents.

2011

Wallace is indicted and arrested on criminal charges related to his spamming activities on Facebook.

Will the Spam King Fall From His Lofty Throne?

Over the last decade, Wallace basically ignored the numerous lawsuits brought against him, including the accrued $1 billion plus in damages. Law enforcement and the courts have a better grasp of certain online practices today than they did in the late 90s when Wallace’s spamming career and legal woes began.

It’s also difficult to ignore a federal arrest warrant.  While the potential monetary damages associated with the criminal charges may pale in comparison with those already held against Wallace, the potential jail time is a completely different matter. Even a “King” isn’t invincible, particularly a self-proclaimed King.

About Kellie Stevens

You can follow Kellie on Twitter: @KellieAFP.

Website: http://www.affiliatefairplay.com