08
Feb 17

‘Top 10 Spammer’ Indicted for Wire Fraud

Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World’s Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.

According to an indictment returned in federal court in Chicago, Persaud used multiple Internet addresses and domains – a technique known as “snowshoe spamming” – to transmit spam emails over at least nine networks.

persaud-fb

The Justice Department says Persaud sent well over a million spam emails to recipients in the United States and abroad. Prosecutors charge that Persaud often used false names to register the domains, and he created fraudulent “From:” address fields to conceal that he was the true sender of the emails. The government also accuses Persaud of “illegally transferring and selling millions of email addresses for the purpose of transmitting spam.”

Persaud is currently listed as #8 on the World’s 10 Worst Spammers list maintained by Spamhaus, an anti-spam organization. In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. Persaud did not contest the charges and was ordered to pay more than a half-million dollars in restitution and damages.

In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers.

Persaud declined to comment for this story. But he maintains that his email marketing business is legitimate and complies with the CAN-SPAM Act, the main anti-spam law in the United States. The law prohibits the sending of spam that spoofs that sender’s address or does not give recipients an easy way to opt out of receiving future such emails from that sender.

Persaud told FBI agents who raided his home last year that he currently conducts internet marketing from his residence by sending a million emails in under 15 minutes from various domains and Internet addresses.

The indictment charges Persaud with ten counts of wire fraud and seeks the forfeiture of four computers. Each count of wire fraud is punishable by up to 20 years in prison. If convicted, the court must impose a reasonable sentence under federal statutes and sentencing guidelines.

Persaud was charged in Chicago because at least two of the servers he allegedly used to conduct snowshoe spamming operations were located there (named only as victims “B” and “F” in the government’s indictment). A copy of the indictment against Persaud is here (PDF).

For more on how spam allegedly sent by Persaud was traced back to his companies, see my story from November 2014, Still Spamming After All These Years. For a deeper understanding of why and how spam is the engine that drives virtually all other forms of cybercrime, check out my book — Spam Nation: The Inside Story of Organized Cybercrime.

Tags: , , , , , ,

23 comments

  1. IRS iTUNE cards (real)

    Lock his a$$ up, total scum-bag !

    • Is there an award for longest consistent posting streak on a security blog? Because you have my nomination!

  2. FYI: Typo “snowshow” spamming.

  3. The US has a poor record of punishing white collar crime. The fact that this guy has been spamming for 20 years is an example.

    For white collar crime – those who steal the most can afford the best lawyers. It’s an incentive to steal as much as possible.
    When white collar criminals get caught they give back a fraction of what they stole, or sometimes nothing at all. Either they spent all the money on cars & cocaine & hookers, or they have their money safeguarded by other people.

  4. Kudos on calling out another bad guy in advance of an indictment.

    Coincidentally, and probably wholly unrelated, has anybody noticed an increase in those Nigerian spam mails lately? My junk boxes seem to have much more than in the recent past.

    • I never deleted my old Yahoo account due to their policy on recycling user names. It gets by far the most spam. I noticed the spam slowed from a steady stream down to a virtual standstill about the time Avalanche was taken down (early December). Now it’s coming back a little, but mostly just pharmacy spam and a couple of hookup site ads. Next to no get rich quick emails.

  5. HA ! close 20 years of spam. Throw him in the slammer for the same amount of time and his daily meals should consist only of canned spam. If that does not convert the crook, nothing will.

  6. Is this a typo? “The Justice Department says Persaud sent well over a million spam emails to recipients in the United States and abroad”

    1mil every 15minutes for that many years!?!

    • Probably an up and down with higher peaks. But that’s not hard to do at all. With just 100 bots (and that’s a VERY tiny number of bots, more likely thousands to tens or hundreds of thousands) I only have to send out 10000 emails in 15 minutes.

      Sending out roughly 12 a second, I can get that number hit.
      Increase it to a thousand bots and my target number is closer to 2/sec.

      A million emails is absolutely nothing.

      • I can approach the same answer from a different direction:

        Consider that a spam email is fairly simple. Usually no inline graphics or other content; they’re usually less than 1KB in size. So, for simplicity’s sake, let’s use 1KB as the standard spam message size, including headers.

        Latency could slow this down…but when you really think about it spambots have been evolving for decades now, and current memory/processing power makes short work of the multithreading needed to keep a very large number of SMTP connections active at once. And that’s without even using a botnet. So the real choke point is bandwidth.

        That said…we get (1 million messages X 1KB per message)/(15 minutes X 60 seconds per minute), which equals 1,137,777 KB/sec. Notice the big “B” for Bytes…to get bandwidth in normal terms, multiply by 8 for bits. And you get just over 9 mbps. This is possible using a very inexpensive business-grade connection which can be had at almost any home; if you put a server in a hosting center, that level of bandwidth is trivial.

    • That’s actually very tiny. I’ve worked at a small organization with just 2000 employees, and we received millions of spam in a few months. Considering there’s many many organizations this size and much bigger, no that’s a small amount of spam.

  7. Brian is correct: the term is “snowshoe”; I’ve never heard of “snowshow” being used in the anti-spam forums where I hang out.

  8. It’s hard to believe that ISPs and server operators can’t stop this. I mean, your server sends out thousands of emails from a given user, and they can’t spot that?

    The other thing that I’m at a loss for is what’s in it for Persaud. I get lets say, 80 emails a day from various addresses, that I don’t have time to whois, zenmap, openvas, back-hack, etc. They are about everything from tactical flashlights to renting Learjets (obviously the sender doesn’t have a clue about the demographics). If the motive is profit, how does Persaud make money off of this spam flood? Because of the ones I’ve traced, there doesn’t appear to be anything common between them, they go to different servers in different countries…

    • Most of the spam we have been seeing falls into one of two categories: 1) Spam used to drive traffic to the owner’s web site, such as a pharmacy site. or 2) Spam to drive traffic to a legit site using affiliate links.

      In both cases the link in the spam generally goes to a site or service that forwards the user on to the target site. When we file spam reports we click on the link in the spam and include the target site in the report. We do this in case the first link changes or is taken down. that way we can make sure the actual target site also get’s the credit.

    • The ISPs could but there are plenty that don’t care as long as they get their payments.

      Here’s a link to Spamhaus’ top 10

  9. Do you have a copy of the indictment? It would be good to see.

  10. I love this “Persaud did not contest the charges and was ordered to pay more than a half-million dollars in restitution and damages.”

    Take 100% of the $’s he made, then on TOP of that fine him!

  11. For a long time I’ve held that if anything bad happens to a spammer, it’s not bad enough. Once, I heard about a high-volume spammer, a Russian I believe, who had been found beaten to death. I thought about that a little but decided it was still true. After all, I’m sure he could have been beaten to death more slowly.

  12. It’s not illegal to kill spammers.