|
 |
||||||
|
Convicted fraudster Alan Ralsky has been spamming for many years (since 1997). He has grown from a small time operator, under the "Additional Benefits" moniker, to one of the bigger spam houses on the Internet with a gang of fellow morally challenged types working with him to pump out every type of sleazy deal and scam offer into millions of internet users' mailboxes. Ralsky does both mailings and hosting for people who want to spam. In the past, he used dial-up accounts that he would buy under aliases or lease from large modem dial-up providers like UUNet/MCI, Genuity (now both Verizon), etc. He set up dummy ISPs pretending to have "users" that need dial-up access. This served his purposes well, as complaints were directed from the large providers to the dummy ISP and of course thrown away. Due to the big bandwidth purchase, large networks often close an eye to the spamming so as not to lose the revenue. Later, Ralsky did this by acquiring his own IP space from ARIN, again under aliases (normally Nevada corporate shells set up by he and his son-in-law), and buying connectivity from networks claiming to be an ISP or hosting company. The same game of "send us the complaints about our spamming users" was played on these networks. Nowadays Ralsky hosts 'offshore' in China to evade US authorities. But the offshore hosts are soon blocked and terminated so he's forced to hop from one Chinese provider to the next like most of the spam gangs. One of his tricks in the USA is to host the websites on the same dial-up connections he uses to spam out of. He then uses an auto-updating DNS server to point to a new IP address whenever one of the dial-ups drops carrier or gets cut off. Behind the times as usual, the companies who provide the connection for his DNS servers state that "our Acceptable Use Policy doesn't cover this... we need to talk to our lawyers, etc. etc.", which gives the Ralsky gang several weeks of use. Ralsky also hosts much of the spammed website content on servers in the USA, but uses a VPN type of pipe to route the traffic from the Chinese IP addresses back across the Pacific to his systems ("reverse proxying"). Since they've been at this since 1997, Ralsky and gang know just about every spammer trick in the book, hijacking foreign mailservers to hide their tracks and avoid filters, using free websites, fake free websites, obfuscating URL's, encrypting webpages, and always having a backup system for the inevitable time when their current accounts are canceled. What can be done to stop him or keep him off a system? Double check any signups from the Detroit, Michigan area, his home base (but he's famous for using false information). Check for anyone who just wants to run only a DNS server. Set up a large "clean up fee" for spamming in your contracts - it may be hard to collect, but at least it will give you leverage. What can you do if you are spammed by Ralsky & gang? If you are in a state that has anti-spamming laws, Ralsky would be easy to sue as he normally breaks several of the conditions current laws specify (faking headers, bad remove address, bogus subjects, etc.) See the link below. You should also complain to anyone providing him service to expedite his termination. What can you do if Ralsky & gang hijack your email server? Call the police & a lawyer, this is criminal in most of the United States. It is also "theft of services" and there is case law to support it. The problem is, Ralsky is aware of this and now normally hijacks mail servers in other countries making legal action more difficult. It also seems Ralsky himself has a criminal record, see the ROKSO records entitled "Legal troubles in Michigan" and "Legal troubles in Illinois" AND "Legal troubles in Ohio". After the 2005 FBI raid on his home, Ralsky and his gang moved to the fully criminal spam method known as "botnet spamming". Using tens-of-thousands of virus infected computers belonging to innocent home and business users, to spam for "pump-&-dump" stock and other scams was pumped out from these vast networks set up mostly by eastern European cybercriminal gangs.  Related URLs
|
|||||
The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies. |
|
|