Time-Travel Spammer Strikes Back

jbone at place.org jbone at place.org
Sun Nov 2 17:20:55 PST 2003


I believe some commentary on this guy circulated around here a while 
back...  here's the coda, from Wired:

	http://www.wired.com/news/print/0,1294,61026,00.html

Time-Travel Spammer Strikes Back
By Brian McWilliams

Story location: 
http://www.wired.com/news/technology/0,1282,61026,00.html

02:00 AM Nov. 01, 2003 PT

Three websites that spotlighted a Massachusetts spammer's bizarre quest 
for time-travel technology have been hit with an avalanche of what 
appear to be retaliatory messages.

In what spam fighters term a "Joe-job" attack, late last month someone 
forged the sites' domains as the return addresses on a recent flurry of 
junk e-mails advertising antispam software. As a result, the innocent 
sites have been inundated with hundreds of thousands of error messages 
and complaints about the spam.

Among the targets of the Joe-job attack were Interesting-People.org, 
the home of a mailing list moderated by Carnegie Mellon University 
computer science professor David Farber. Starting Oct. 20, the site was 
slammed with hundreds of thousands of "bounce" messages from all over 
the Internet.

According to Farber's Internet service provider, eList eXpress, the 
onslaught of automated messages was generated when a spammer sent junk 
e-mails bearing Farber's return address to nondeliverable addresses.

Similarly, after someone sent the same spams forging Inertramblings.com 
as the return address, webmaster Sean Sosik-Hamor received over 350,000 
bounce messages. The operator of Lindqvist.com, Niklas Lindqvist, who 
was the third victim, reported receiving 30,000 such bounces in six 
hours.

While spammers commonly forge bogus "from" lines in their ads to avoid 
detection, the choice of the victim sites appears to be malicious. All 
three recently published hyperlinks to an August report by Wired News 
that revealed Robert "Robby" Todino of Woburn as the source of millions 
of bulk e-mails since 2001 seeking far-fetched devices such as a 
dimensional warp generator.

The spam that generated all the recent trouble appears to be connected 
to Todino. The messages, which bore subject lines such as "Stop Spam in 
Its Tracks" or "Say Goodbye to Junk Email," advertised a website, 
Quickeasysolution.com, as the source of an antispam software program.

According to domain-registration records (registration required), John 
Miller of 4 Oak Street in Woburn, Massachusetts, registered 
Quickeasysolution.com on Oct. 12. Messages left on the voicemail of the 
mobile-phone number listed in the record were not returned.

Domain registrations for several sites previously operated by Todino 
listed the same fictitious street address. In an August telephone 
interview, Todino, 22, said he was planning to market an antispam 
product by e-mail. Messages left this week on a voicemail for a 
previously working phone number for Todino went unanswered.

Experts warn that the Quickeasysolution.com site is a scam. A form for 
ordering the software is designed to collect visitors' credit cards and 
other personal details without delivering the advertised software, 
according to Daniël W. Crompton, an Amsterdam-based programmer who 
examined the site. Crompton's analysis was confirmed by Dan Clements, 
operator of the Card Cops service, which helps consumers track and 
uncover credit-card fraud.

In August 2001 the Massachusetts attorney general ordered Todino to 
stop sending fraudulent spams advertising "free government grants" and 
"detective software." State officials had no immediate comment on the 
latest spamming incident.

Steve Linford, head of the Spamhaus antispam site, said junk e-mailers 
commonly target Joe-job attacks at people who complain about spam.

"They'll intentionally place their enemies' addresses in the 'from' 
line. It's 100 percent malicious," said Linford.

Farber said the Joe job on his Interesting-People.org domain had the 
effect of a denial-of-service attack. Since law enforcement has proven 
ineffective in combating such attacks, Farber said e-mail systems must 
be hardened against fraudulent use.

"At some point in the game, we need to have things like authenticated 
headers. We have to stop this trivial ability to forge headers," said 
Farber.

Indeed, because of the difficulties with tracking e-mails and website 
owners, it's possible that Todino is himself the victim of an elaborate 
Joe job. But Inert Rambling's Sosik-Hamor says Todino's unwillingness 
to comment on the incident suggests he is responsible, and that 
disturbs Sosik-Hamor.

In a message on his site, Sosik-Hamor said he had previously been a fan 
of the strange messages about time travel. "I've thought that the 
author was pretty cool. A few fries short of a Happy Meal, but cool.... 
Now I feel almost betrayed by Robert," he wrote.

Todino's father, Robert Todino Sr., previously told Wired News that his 
son has psychological problems and earnestly believes in the 
possibility of time travel.

Todino's strange time-travel spams have intrigued Internet users for 
years. GrooveLily, a New York jazz-rock trio, recently released an 
album with a tune dedicated to the author of the messages. 


More information about the FoRK mailing list