Anti-Spammer Fined For DNS Lookup Of Spammer

from the ouch dept

Anti-spam activists often need to do quite a bit of hunting to track down the real identity of various spammers. Over the years, spammers have become increasingly adept at hiding from those trying to shine light on their activities. However, when one well-known anti-spammer used some standard whois and DNS lookup tools (the same kind many of us use every day) to find out the identity of a spammer, the spammer sued him... and won! The anti-spammer has to pay over $60,000 in fines, and possibly much more once lawyers' fees are added up. The judge ruled that some rather basic tools suddenly constituted "hacking" even though the details don't suggest any actual hacking. The anti-spammer simply used the tools available to get the information necessary. He didn't need to break through any security or do anything malicious to get the info. If you read the ruling, it sounds like a judge could define plenty of perfectly normal online activities as "hacking." Update: There's a good discussion in the comments, suggesting that there's a lot more going on here than is clear from the article itself. The judge's finding of facts suggest that the anti-spammer did some questionable things, including lying and ignoring an injunction -- which certainly hurt his case. However, others are suggesting that the judge's finding of facts are incorrect and there's much more to this story that will come out on appeal.

Filed Under: anti-spam, fines

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Liberty, 18 Jan 2008 @ 2:58pm

    Problems with the FOF

    At various other times Ritz, issued a variety of commands, including host-l, helo, and vrfy. The afore-mentioned commands are not commonly known to the average computer user.

    Here the judge seems to be condemning Ritz for being more knowledgeable than the "average computer user". Is ignorance good and knowledge evil in her court? By this standard, even using the "ping" command (which the "average computer" user probably doesn't know about) could be seen as evidence of evil. It seems like almost anything beyond using a web browser or e-mail could be a crime in her eyes.

    The court rejects the test for "authorization" articulated by the defendants expert, Lawrence Baldwin.

    OK, so the judge is rejecting expert testimony. I hope she's an expert herself on the subject herself then. But I doubt it.

    To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down. Any hacker could allege that any form of access was authorized because he was able to penetrate the system, regardless of whether the commands were utilized were well-formed.

    This is where the court really goes off the rails. The commands Ritz used were published standard Internet commands. They are not secret, unknown, or hidden. This is quite different from a cracker (although the court seems to condemn any hacker) using unknown, secret or faulty commands. The commands worked as they were supposed to and Ritz did not exploit any defects in the system. Finding that using standard commands not exploiting any defects is "unauthorized", as this judge did, really turns "the computer crime laws of this country upside down". In fact, this judge went on to characterize such usage as "penetration" as if he somehow bypassed some security measures and broke into the system. All he did was ask for the information and they gave it to him.

    Ritz frequently accomplished his access to Sierra's computers by concealing his identity via proxies and accessing the servers via a Unix operating system and using a shell account, among other methods.

    Now there's a real crime: He wasn't using Windows. Obviously then, Unix is evil. I wonder if she feels the same about Linux and Mac OS-X?

    In the late winter or spring of 2005, Ritz published the zone information he obtained from Sierra's server in the form of a file he published by making it accessible to the Internet and which he named "zilla_queries".

    Now the judge is saying that making something "accessible to the Internet" amounts to publishing it. In that case then, did Sierra not first "publish" their zone information by making it "accessible to the Internet"? In which case wasn't Ritz actually just republishing what had already been

    Ritz has engaged in a variety of activities without authorization on the internet.

    Here the judge seems to really be turning the law on it's head. I always thought that under our legal system (and the US constitution) individuals were free to do as they pleased as long as they weren't breaking any laws. Instead, this judge seems to be saying that we are only free to do what were have prior permission to do.

    I could go on and on but this is too long already. And I realize that the FOF finds that Ritz did other things, such as violating court orders, that I'm not addressing.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.