Forgot your password?
typodupeerror
The Courts Government Security News

First Arrest Made in U.S. For Spimming 242

Posted by Zonk
from the it's-like-spam-but-edible dept.
prostoalex writes "U.S. federal authorities have conducted the first arrest for spimming. Eighteen-year-old Anthony Greco was arrested for sending spam to instant messenger users of MySpace.com." From the article: "Greco had allegedly threatened to share his methods for spamming members of the group if MySpace.com didn't sign an exclusive marketing deal that would have legitimized the messages he was sending via the service."
This discussion has been archived. No new comments can be posted.

First Arrest Made in U.S. For Spimming

Comments Filter:
  • Hmmmm. (Score:4, Funny)

    by coulbc (149394) on Tuesday February 22, 2005 @03:27PM (#11747460)
    MySpace.com, soon to be MySpim.com?
  • by booyah (28487) on Tuesday February 22, 2005 @03:29PM (#11747476)
    Sexybaby2592871 wasnt really the chick on that website she sent me to?

    You mean i gave my email address, password and credit card to some stranger? What type of place is this Intra-web and what type of a mess have I gotten myself into.
  • by Junior J. Junior III (192702) on Tuesday February 22, 2005 @03:29PM (#11747480) Homepage
    "Greco had allegedly threatened to share his methods for spamming members of the group if MySpace.com didn't sign an exclusive marketing deal that would have legitimized the messages he was sending via the service."

    So, the spimmer isn't really under arrest for spimming, but for extortion. Right?
    • correct.... (Score:2, Interesting)

      by JeanBaptiste (537955)
      I'd go one further though and call it blackmail. Which is one particular type of extortion, but I think its applicable in this case.

      From lawguru.com:
      ---
      EXTORTION n. obtaining money or property by threat to a victim's property or loved ones, intimidation, or false claim of a right (such as pretending to be an IRS agent). It is a felony in all states, except that a direct threat to harm the victim is usually treated as the crime of robbery. Blackmail is a form of extortion in which the threat is to expose e
      • by soft_guy (534437) on Tuesday February 22, 2005 @04:25PM (#11748263)
        Slashdot is so great. Its the only place I can think of where I can honestly get annoyed by repeated quibbling about the technical differences between extortion and blackmail.

      • Erm, by the definitions you quote, it is not blackmail. But it certainly is extortion. He wasn't threatening to reveal anything embarassing, disgraceful, or personal details about the owner of MySpace.com. 'Damaging facts' is referring to the perception of a person, not instructions to others on how to utilize an exploit. But the dissemination of an exploit that would let others also spim the service with impunity, would be the threat to harm a victim, vis a vis the signal-to-noise ratio of their service. T
    • You know that, and I know that. But this is Slashdot, everything must be made out to be technology blazing some new legal ground...

      ...or a repeat.

  • by thewiz (24994) * on Tuesday February 22, 2005 @03:29PM (#11747491)
    Yeah, that's the ticket! Blackmail a company into making what I'm doing legit! Since I know they won't do the legal way I'll force them into it using blackmail!

    What logic! What stupidity! What a maroon!
    • by Jeff DeMaagd (2015) on Tuesday February 22, 2005 @03:48PM (#11747761) Homepage Journal
      What logic! What stupidity! What a maroon!

      Yeah, you'd have to be stupid to be a maroon. Either that or mix red and purple and splash it on him.
      • Refrence (Score:5, Interesting)

        by TiggertheMad (556308) on Tuesday February 22, 2005 @05:06PM (#11748829) Homepage Journal
        Yeah, you'd have to be stupid to be a maroon. Either that or mix red and purple and splash it on him.

        Your quip was quite funny, but I think it might have been a cultural refrence, and not a typo. In old Warner-brothers cartoons, Bugs Bunny would say things like, 'What a iggit, what a maroon!' to insult people. I think the joke was that he didn't say 'idiot' and 'moron', but 'iggit' and 'maroon', words that only an iggit maroon would mispronounce. Either that, or I'm an iggit maroon who is missing the real joke. I'd lay odds at fifty-fifty either way.

        (Dry, boring joke analysis over, you can wake up now.)
    • "Yeah, that's the ticket! Blackmail a company into making what I'm doing legit! Since I know they won't do the legal way I'll force them into it using blackmail!"

      It happens more than you might think. A few years back, a grad student in Colorado found a hole in Audible's web site and told Audible that he wouldn't release the vulnurability if they agreed to give him A Volvo T5, some cash, two Diamond Rios and a lifetime subscription to Audible [findarticles.com].

      If I'd been the FBI agent assigned to that one, when it cam

  • by American AC in Paris (230456) * on Tuesday February 22, 2005 @03:30PM (#11747498) Homepage
    ...do we really need to go mashing old new words into new new words for every little 'Net-related derivation out there?

    It's stupidiotic, and it's getting irritannoying.

  • Spimming (Score:3, Funny)

    by Hognoxious (631665) on Tuesday February 22, 2005 @03:30PM (#11747499) Homepage Journal
    It soonds luke some thong fram ogent Crabtree out of Allo allo [tripod.com].
    • Wow. Look, I know English isn't everybody's first language, but do you type with your feet? After "soonds luke some thong", "spim" starts to sound like Shakespeare.
  • Nail him on spamming and extortion. This guy doesn't really sound like an above-the-board, honest businessman
  • by ackthpt (218170) * on Tuesday February 22, 2005 @03:30PM (#11747509) Homepage Journal
    He was arrested for extortion.
    • From TFA: Assistant U.S. Attorney Brian Hoffstadt confirmed the arrest was the first criminal case brought against an individual sending spam over IM.

      That doesn't mention extortion. Also, according to the LA Times [latimes.com]: Greco agreed to fly to Los Angeles to sign a contract and was arrested when he arrived Wednesday. He was charged with violating a federal anti-spam law, harming MySpace computers and attempting extortion.
      • Assistant U.S. Attorney Brian Hoffstadt confirmed the arrest was the first criminal case brought against an individual sending spam over IM.

        First of all, this is a paraphrase of the attorney's words, not a direct quote, so there is the possibility of a misinterpretation on the part of the reporter. Also, if you read close, this quote doesn't say that the criminal charges are for spam over IM, it just says that the charges are against an individial who was sending spam over IM. There's a difference.

    • Uh?
      Assistant U.S. Attorney Brian Hoffstadt confirmed the arrest was the first criminal case brought against an individual sending spam over IM.
  • The real question (Score:4, Interesting)

    by SlayerofGods (682938) on Tuesday February 22, 2005 @03:30PM (#11747512)
    Is would anything have been done if he hadn't attempted to blackmail the company. I personally doubt it.
  • If you'd read through the first few sentences you'd have realized that he was _trying_ to create a new buzzword.

    jeez, let the man work. . .
  • too funny (Score:3, Funny)

    by w1r3sp33d (593084) on Tuesday February 22, 2005 @03:31PM (#11747516)
    Yes sir, we would love to sign the contract. Please give us your birth name and the address of where you would like us to send the agents, oh did I say agents, I meant contract....
  • Personally, I'm more concerned with incidents like this that may not be appearing in news articles. I guess this could be "where there's smoke, there's fire"-style panic.

    Is anyone familliar with similar incidents?
  • by winkydink (650484) * <sv.dude@gmail.com> on Tuesday February 22, 2005 @03:32PM (#11747527) Homepage Journal
    I'm betting the CAN-SPAM violation was thrown in for good measure. From another article on this: Anthony Greco, 18, of Cheektowaga, N.Y., was charged with violating the CAN-SPAM Act, threatening to cause damage to computers with the intent to extort and causing damage to a protected computer. If convicted of all three offenses, Greco faces a maximum possible penalty of 18 years in federal prison.
    • by jfengel (409917)
      Famously, Al Capone was nailed not for his violent crimes but for tax evasion. I wonder if this is similar: charge him with CAN-SPAM just to make sure you've got something to nail him on, and to increase the penalty even if you could nail him.

      It also gives them an opportunity to test the law, to see if it's worth going after other spammers. If the courts decide to throw out the CAN-SPAM charge on the basis that the law is badly written, they've still got other crimes they can hit him on, so their time is
  • by kevinx (790831) on Tuesday February 22, 2005 @03:32PM (#11747531)
    sample spam message:

    To learn the secrets of how to spam like I am spamming you right now.
    Please send $25 to AnthonyGreco@myspace.com

    PS, if you do not send $25 dollars within the next 3 days I will be forced to spam flood you. Have a nice day.
  • Luckily.... (Score:4, Informative)

    by GillBates0 (664202) on Tuesday February 22, 2005 @03:34PM (#11747551) Homepage Journal
    most IM clients let you restrict incoming IMs only to those originating from people in your Friends list. And most people (in my experience) aren't interested in receiving IMs from anybody outside the list (atleast those of us who use IM mainly as an alternative to phone calls to friends/relatives).

    IMHO until somebody figures out a way to spoof IM headers to make them look as if they're coming from somebody else, spimming is going to be far less of an annoyance than email spam.

    • Re:Luckily.... (Score:3, Insightful)

      by liquidpele (663430)
      Most IM clients go through a central server to hide IP addresses, so it doesn't matter. This is why ICQ was bad, people could find your IP address and attack you. AIM, Yahoo, and MSN use central servers to the best of my knowledge, so faking IM headers from anyone but the central server (which I really hope they didn't make the protocal that easy to bypass) wouldn't matter much.
    • That's unlikely, as most IM systems are centralized (with admittedly trivial authentication, but it's still far harder than, say, SMTP, which lets any system talk to any other with zero authentication until SPF-type accountability schemes take off).

      Although, you just gave me a horrible idea: A trojan that uses a stored password and buddy list to spim people under your name. Something like that could destroy instant messaging.
  • by Palshife (60519) on Tuesday February 22, 2005 @03:34PM (#11747559) Homepage
    Wait, simulating MIPS assembly code [wisc.edu] is ILLEGAL?
  • by rokzy (687636) on Tuesday February 22, 2005 @03:36PM (#11747589)
    ...and get's the shit kicked out of him regularly.

    there is no excuse for this at all.

    this is intentionally degrading other people's lives for you own greed. it is the (or my) definition of evil.
  • Subject says it all.
    • Re:WTF is Spimming? (Score:2, Informative)

      by Anonymous Coward
      What is Spim? [linuxelectrons.com]

      Some 42% of America's 134 million online adults use instant messaging and almost a third of those instant message users have gotten "spim" - or unsolicited commercial instant messages. That translates into nearly 17 million adults who have gotten the instant-message version of spam.
  • by freitasm (444970) on Tuesday February 22, 2005 @03:36PM (#11747595)
    This sounds more like an arrest for extortion, not spimming...
  • IANAL, but it appears that the fellow is being busted for extortion. There are merchants who would love to have the technology.

    I don't remember the last time that someone took efforts to restrain themselves from hawking their wares, even in the comfort of my own home. If you don't believe me, check the 'Do Not Call' [donotcall.gov] list.

    There are no heroes here, just the lesser of two evils.
  • Work For Spam (Score:3, Interesting)

    by Rollsbot (859293) on Tuesday February 22, 2005 @03:37PM (#11747604) Homepage
    It's great that they finally nabbed a bad guy for spim (?). But why can't they do anything for all the spam in my inbox.

    I haven't even gotten any SpIm but I can't see how it's anywhere near as bad as spam.

    1) I don't store my IM's forever (I don't store them at all)
    2) I don't accept IM's from strangers
    3) IM's are synchronous. So, I won't turn on my computer to find 100 spims waiting for me.
  • Greco believed he was flying to Los Angeles to cement that agreement with MySpace President Tom Anderson.

    There's just something hilarious about that. Would have loved to see his face when he figured out what they tricked him into. Dumbass...

    A little social engineering right back atcha', baby!

  • Best part: (Score:5, Funny)

    by Saint Aardvark (159009) * on Tuesday February 22, 2005 @03:40PM (#11747650) Homepage Journal
    He was arrested upon arrival at Los Angeles International Airport last Wednesday....Greco had allegedly threatened to share his methods for spamming members of the group if MySpace.com didn't sign an exclusive marketing deal that would have legitimized the messages he was sending via the service. Greco believed he was flying to Los Angeles to cement that agreement with MySpace President Tom Anderson.

    h5<>0r says: U R t0taLLY P0Wn3D unL355 u b0W t0 mY L33+ XK1LL5!
    tanderson says: Okay. But you have to show up to sign an agreement.
    tanderson says: LOL
    h5<>0r says: 5W33+!1!!1 j00 r0X0R!
    h5<>0r says: w51+! y u l5ff1Ng @ me?
    tanderson says: What?
    tanderson says: Sorry, just remembering a Seinfeld episode I saw last night
    h5<>0r says: 0
    h5<>0r says: y3h t5t s00p n5Z1's funny
    h5<>0r says: 50, 1 sh0 uP on m0nd5y, OKBYU?
    tanderson says: Yeah, that's great
    tanderson says: You want a limo?
    h5<>0r says: 0 b0y r1LLY!!?!11?/
    h5<>0r says: U b3+!
    tanderson says: Sucker
    h5<>0r says: wa+?????????
    tanderson says: Sorry
    tanderson says: My granddaughter's here
    tanderson says: I was just offering her some candy
    h5<>0r says: 0h y5h candy's good
    h5<>0r says: w1ll 1 G3t b3nif3+ts/!??!

  • by teneighty (671401) on Tuesday February 22, 2005 @03:42PM (#11747672)

    If "spimming" is IM-speak for spamming, then I guess chatting via IM is called "chitting"?

  • Greco had allegedly threatened to share his methods for spamming members of the group if MySpace.com didn't sign an exclusive marketing deal that would have legitimized the messages he was sending via the service.

    As much as I hate abuses by cops, feds, my government, and republicans...assholes like this guy really do deserve to be hung from their heels.
  • What with all the other "legalized" forms of extortion currently going on, I guess deep down I can't really blame him.

    I mean, I'm not saying I approve at all, and she should definitely be arrested, but I just kinda think sometimes that it needs to be open season on corporations.

  • Was this guy dropped as a baby? I mean, how stupid do you have to be to blackmail a company, then agree to meet with "company execs" and NOT suspect that you're about to get arrested.

    Did he honestly think he could get away with this? Uhmm, never mind. TFA explains that he did.
  • What a jerk, what a fucking bottem feeder. I wish I could have seen the look on his face when the cops walked in. Probably didn't even realize he was breaking the law untill they cuffed him.

    Hope he spends a long time in the can.
  • by thundergeek (808819) on Tuesday February 22, 2005 @04:47PM (#11748565) Journal
    Spim is sent to that crappy service that was put into windows 98, but not enabled by default. Was put into 2k, ME, and XP, and enabled by default.

    It allows network messages to be sent via the Messenger Service.

    I used to work at an ISP in my area, we got calls all the time with those "Your computer will reboot" pop ups. We walked the user through disabling the Messenger Service (Control Panel/Administrative Tools/Services), then spent 5 minutes explaining that Messenger Service and MSN Messenger are two diferent programs. Finally, we wraped up the conversation by telling them to buy a firewall, or switch to our dsl service, and get a free router.

    I now use Messenger Service at work to tell end users that I need to install patches, and to please call me when they are at their computer. The service doesn't allow two way conversations (unless you know the command line).

    You can download programs that use this service, and even if the person DOES NOT have MSN Messenger, they will still get a pop up. Granted, they have to be exposed, or the firewall/router breached.

    So, when you read the rest of these replies, remember that MSN and Messenger are two diferent things. You can't "Block" Messenger adds, or "Only allow friends" messages. mater of fact, there is NO gui for Messenger.

    I think that if the company looks deaper, they will find that this guy wasn't using their IM service, but in fact was using a hole in the FW, and a service that is still active.

    No, I don't think this company has seen the last of this exploit!

    Later
    • it's been disabled by default in the XP SP2 installations i've done. this page [blackviper.com] backs this up. just fyi. (so if people update to SP2, or buy a new installation of windows, it won't work, unless of course that service is needed for some program they use and they or the network admin turns it on).

  • He should have used xspim [wisc.edu].

  • Found in the US teenager's pocket was a to-do list:
    1. Crack and Exploit Spim Hole
    2. Blackmail CEO
    3. ???
    4. Profit
    Hey, Peter. Watch out for yer cornhole, man.
  • "Spimmers? Sure, I like spimmers. I prefer mine boiled."

I've got a bad feeling about this.

Working...