'Spam king' Robert Soloway of Newport Internet Marketing has been arrested in Seattle on charges including fraud and money laundering. Soloway is being detained prior to arraignment, and the order for detention labels him as a risk for both flight and obstruction. The 24-page indictment covers ten counts of mail fraud, five of wire fraud, two of fraud in connection with electronic mail, five of aggravated identity theft and thirteen of money laundering.
The mail fraud charges are conventional enough: the indictment alleges that Soloway sold spam software and mailing lists that weren't as advertised and didn't work, and that he failed to provide the promised refunds. No surprises there (Soloway, incidentally, is behind the messages that you get which say We Email Advertise Your Charity Web Site to 15,000,000 PEOPLE FOR FREE!
, and these charges apparently relate to that part of his activities). The five counts of wire fraud also relate to these activities, the use of spam in execution of the alleged fraud making it count as wire fraud. Count 16 asserts that Soloway knowingly used a protected computer
, which presumably relates to his use of botnets, while Count 17 says that he falsified header information ... in furtherance of a felony.
. In other words, business as usual for a spammer.
Count 18 has him paying for domains with a stolen credit card (at a guess, he may have used one belonging to someone who paid for his spam package), but it's at Counts 19 where things get really interesting. Count 19 reads:
... ROBERT ALAN SOLOWAY and NIM knowingly transferred, possessed and used, without lawful authority, a means of identification of another person, to wit the domain name '******ilot.net', registered to and owned by A.P. of St. Petersburg, FL., which ROBERT ALAN SOLOWAY and NIM used in a forged email header ... during and in relation to a felony ...
Count 20 is another instance of the same thing, while Counts 21 and 22 relate to Soloway's alleged use of individual email addresses in forged headers. Finally, the money laundering charges relate to Soloway's use of the income from his business — which the indictment views as the proceeds of mail fraud — to pay for his rent, hosting and so forth.
Counts 19 thru 22 are, to me, the most interesting. The indictment suggests that domain names and email addresses are a means of identification of [a] person
, and thus using them in forged email headers constitutes identity theft (considered aggravated identity theft where it occurs in the course of a felony). Under the Identity Theft Penalty Enhancement Act, aggravated identity theft is good for an additional two years, with no possibility of probation. If the court makes those charges stick in this case, we have a very interesting precedent and — potentially — a lot of spammers who will be getting some extra prison time when the law catches up with them. A large percentage of pharmacy spam uses other people's email addresses in the 'From:' field, and stock spammers are particularly fond of systematically forging addresses at other people's domains.
Arrest and indictment is not conviction. Nevertheless, this is a heartening step in the right direction. If Soloway is found guilty of some of those charges it will set an interesting precedent for the criminalization of many aspects of 'business as usual' for spammers.