Transcript Document
Observations on the Jeremy Jaynes Criminal Spam Trial Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com Who Is Jeremy Jaynes? • • • • • ROKSO listed spammer Alias “Gaven Stubberfield” 29, resident of Raleigh, North Carolina Investor in local restaurant and health club More insights available at: http://newsobserver.com/news/story/1828341p8141513c.html • Tried with sister Jessica DeGroot and Richard Rutkowski The Spam Samples Spam Sample -Penny Stock Picker Spam Sample -Internet History Eraser Spam Sample Fed Ex Refund Processor Spam Timeline, Volumes & Fingerprints Spam Fingerprints from July 16 All IP Blocks Complaint Count 493,181 Unique IPs 1,862 By IP Block 64.247.166.* 64.247.167.* 69.42.227.* 216.245.239.* 94,287 93,316 46,215 86,007 319,825 248 248 250 218 964 From Domains Domain Registrant Address Telephone Contact Traceroute camperon.com realbiz.cc singlesource.cc valleyweb.bz Dante Consulting Dante Consulting Dante Consulting Manner Ops 6300 Creedmoor Rd., Raleigh, NC 27613 6300 Creedmoor Rd., Raleigh, NC 27613 6300 Creedmoor Rd., Raleigh, NC 27613 6458 Creedmoor Rd, Raleigh, NC 27613 919-785-4287 919-785-4287 919-785-4287 919-782-5472 157.130.48.98 157.130.48.98 157.130.48.98 n/a Janet Marsh Janet Marsh Janet Marsh Sam Ramsey Helo Domains bidonit.bz buttercookie.net nomorepride.com wiggyweb.com Not Registered Not Registered Not Registered Not Registered Connecting MTA IP Addresses IP Block Block Owner Address Telephone Contact Traceroute 216.245.239.*** Inet Consulting Davis Consulting Vinter Internet 8601 Ray Rd, Raleigh, NC 27613 3105 Holston Lane, Raleigh, NC 27610 6557 Glenwood Ave., Raleigh, NC 27613 919- 839-2702 John Jones 157.130.48.98 919-230-2661 Charles Davis 157.130.48.98 919-565-7438 Patesh Vinter 157.130.48.98 64.247.166.*** CJ Online 2054 Kildaire Farm Rd. Cary, NC 27511 919-777-1404 Circular Web Services 2448 Melvid Ct., Raleigh, NC 27610 919-347-1484 BufferD 4882 Poole Rd., Raliegh, NC 27610 919-347-1484 John Rodgers 157.130.48.98 Robert Franks 157.130.48.98 Robert Franks 157.130.48.98 64.247.167.*** CJ Online 2054 Kildaire Farm Rd. Cary, NC 27511 919-777-1404 Circular Web Services 2448 Melvid Ct., Raleigh, NC 27610 919-347-1484 BufferD 4882 Poole Rd., Raliegh, NC 27610 919-347-1484 John Rodgers 157.130.48.98 Robert Franks 157.130.48.98 Robert Franks 157.130.48.98 69.42.227.*** JKR Communications 2115 E. Millbrook Rd, Raleigh, NC 27604 919-856-8327 ATC Internet Solutions 5003 Falls of Neuse, Raleigh, NC 27609 919-875-3000 a1 Consulting 45 E Ridge Road, Raleigh, NC, 27606 919-868-5472 Don Drummon 4.24.239.122 Andy Holmes 4.24.239.122 William Jefferys 4.24.239.122 Virginia Criminal Spam Statute (Va. Code § 18.2-152.3:1) 1. Use of a computer or computer network 2. With intent to falsify or forge electronic mail transmission information or other routing information in any manner 3. in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers • • • • • Felony (Class 6) 10,000 attempted recipients over one day (24 hour period) 100,000…over 30 days 1 million…over one year Penalty (per offense) 1 year to 5 years in prison $2,500 fine Criminal Investigation Proceeds July through December 2003 Jaynes Arrested, House Searched & Evidence Seized December 11, 2003 Spam Office in Spare Bedroom Rack Mount in Spare Bedroom Evidence Seized • Computers, routers – Laptops, desktops, servers – Contents recovered • CDs & DVDs – email address lists – lists of user names & domain names – “anti-spammer” email address lists • Other Physical Evidence “Spam Interruptus” Text of Email Found on Seized Computer Email Text from Seized Computer Email Sample from Report Spam Notes Recovered from Trash Can Notes Admitted into Evidence Notes Admitted into Evidence Merchant Credit Card Account Sales per month Merchant Credit Card Account Sales per month x $40.00 per sale $440,000 per month Merchant Credit Card Account Refunds/charge backs Merchant Credit Card Account Refunds/charge backs x $40.00 per sale ($332,000) per month Merchant Credit Card Account Sales per month $440,000 sales - $332,000 returns $108,000 gross profit per month Falsification of Transmission Information ARIN Contract Proof of Payment for Domain Name Registration • • • • • Valid Visa credit card False names (“Janet Marsh”) Card successfully charged Charge was not disputed Signatory on card (Jessica Jaynes) Testimony of UPS Store Owner • Postal Form 1583 Required by Law • Not One Customer Named “John Rogers” • Nine Years of Records UPS Store Application Proof the Emails were “Unsolicited” • Recipient testimony – Burdensome and unwieldy – Indirect admission is difficult (hearsay) • Absence of evidence of request for solicitation in spammers’ possession (Absence of business record) • Expert testimony Expert Testimony: Drug Dealers and Spammers • Police officers routinely qualify as experts on drug possession charges • No “ultimate fact” (can’t say “in my opinion, defendant is a dealer”) • Quantity of drugs found on defendant is “not consistent with personal consumption” • Prosecutor argues evidence shows defendant “is a dealer” Dr. John Levine • Expert for the Commonwealth • Testified Defendants’ email patterns were “not consistent with solicited email practices” – Inconsistent from lines – Large number of IP addresses used – .bz domain names (Belize) • Untouchable on cross examination • See Dr. Levine’s article on CircleID.com (http://www.circleid.com/article/804_0_1_0_C/) Defendants’ Defenses • No factual defense • Constitutional Challenges – First Amendment – Commerce Clause • • • • • Personal Jurisdiction in Virginia Venue in Loudoun County Lack of proof that volumes exceeded 10,000/day Meaning of “Falsification” and “Unsolicited” July 1, 2003 as “flag day” Jury Verdict & Sentence • Deliberated day and a half • Jeremy Jaynes – Guilty of 3 felony spam counts – 3 years per count • Jessica Jaynes DeGroot – Guilty of 3 felony spam counts – $2,500 fine per count • Richard Rutkowski – Not guilty Lessons Learned • Juries understand the technology • Searches and seizures are important to preserving evidence • While difficult, “unsolicited” can be proved without testimony from recipients, via an expert • Offshore movement of bank accounts will complicate proof • The “Jessica Effect” -- spam accomplices are now more likely to “flip” • Despite public animosity against spam, jury system works well Questions? Observations on the Jeremy Jaynes Criminal Spam Trial Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com