2012/08/10

aa419.org Purchase Inquiry

This just arrived in the aa419 email. We thought we would share it as it shows how everyone is an "expert". However, it would seem this expertise is limited to devious, unethical and other privacy invading tactics much frowned upon on the net. However the term "expert" cannot be linked to knowledge in this instance.
Subject: aa419.org Purchase Inquiry
Date: Thu, 9 Aug 2012 20:13:10 -0700
From: Jennifer R. Leadsen <jennifer.leadsen@webacquisitionco.com>
Reply-To: jennifer.leadsen@webacquisitionco.com
To: e629ab1607ee4ff59c3631fb86e70ecd.protect@whoisguard.com


We are private venture capital brokers.  If you are looking to exit from your online business, we specialize in bringing you buyers.
Our buyers are interested in acquiring profitable online businesses in this niche that have profits above $50,000 per year.
The current market for online businesses making over $350,000 in annual profit is up to 5 times your annual profit.  For online businesses making under $350,000 in annual profit, we are seeing up to 3.5 times your annual profit in your niche.
If interested in entertaining offers or getting an estimate of your online business, what would be the best phone number to reach you at?

Best Regards,

Jennifer R. Leadsen
Buying Team Lead
Site Sales Specialists
jennifer.leadsen@webacquisitionco.com
http://webacquisitionco.com
Phoenix, AZ.

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

ICANN Compliance Statement: Sent from physical address 485 Lexington Ave #
600 New York, NY.
All remove requests are fullfilled within 24 hours.  Simply reply to this
email with the subject line or body stating "remove"
It does not exactly take a brain surgeon to determine how this party obtained the contact email address they spammed;
To: e629ab1607ee4ff59c3631fb86e70ecd.protect@whoisguard.com


Whoisgaurd is a domain name proxy.  This is an ever changing changing email address that was changed to the above email address in the last seven days, the one that got spammed. 

Let us have a look at what anybody doing a domain WHOIS lookup agrees to:
Access to .ORG WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy.  This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
(emphasis above our own)
aa419 and "webacquisitionco.com" has no business relationship past or present, nor did aa419 solicit any such relationship. The received email can only be considered unsolicited.

However the party at "webacquisitionco.com" that did the domain name lookup for marketing purposes, deliberately ignored the terms;  under no circumstances will you use this data to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers (shown in the PIR lookup).

We also need to ask "webacquisitionco.com" what relationship they have with ICANN and saying "ICANN compliance statement" in their spam?

The give address in the email is: 485 Lexington Ave #600 New York, NY
No "Site.." or "Web .." exists in the online directory for 485 Lexington Ave

This makes the received illegal email spam under US law.

The FTC summarizes the requirements for sending unsolicited email quite well. Of note:
Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
We can clearly see the above email does not comply. This address is a skyscraper with an online tenant directory where the email sender clearly does not appear.

But then again everyone is an "expert" and "specialist", especially "webacquisitionco.com".

You may have noted we quote ""webacquisitionco.com" every time when mentioning them. This is deliberate. "webacquisitionco.com" is changing names at about the same rate the author changes socks (it's a cold here). Here are some of the names, looking at the telephone number 602-364-9455 :
Site Sales (as per their website)
Webbrokersco.com - same party and website.
Global Marketing Direct, S.A spammed osdir's debian mailing list, giving us more insight into the manner in which there "experts" operate.
Global Marketing Unit is advertising "expert SEO consulation".
Globalmarketingunited.com is another linked website.
internetsalesandmergers.com is the topic of discussion on DNForum.com after someone received a mail much like we did.

Previously:
globalmarketingseo.com
globalmarketingwebservices.com / "Cutting Edge Link"

What becomes extremely clear, is that this party is using extremely unfriendly marketing tactics and believes that being a good law abiding network citizen simply does not apply to them.

An open question to our "expert" Jennifer at Whatever-you-decide-your-surname-to-be-next@whatever-you decide-your-next-expert-seo-name-is:

Where are you really based? Your "ICANN Compliance Statement "address keeps on changing between the spams we found.

Anyway just so we are clear:
The AA419 may be sold when hell freezes over, but not before that. It belongs to abuse fighting internet community. As long as there are parties abusing the net, there will be a need for parties like us.

What happens when hell freezes over?
We may well change our minds and take on the devil's cyber cronies off course. If not we would get a real specialist to assist, one that knows the difference between ICANN and the CAN-SPAM Act and what it actually means. A second absolute qualifying requirement would be that they do not harvest domain registrant's details from the the domain registries. As such we would not face a potential $16,000 overhead per email,a bit rich for us.

Would we recommend "webacquisitionco.com"?
No. Any marketing by "webacquisitionco.com" on behalf of anyone would be their responsibility under the CAN-Spam Act. Let's head over to the FTC web pages again and look at what it says regarding this:
Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.

Each email sent in a non-compliant fashion on behalf of the client "is subject to penalties of up to $16,000", as we also read here.

Oh, and Jennifer, you may even be fined and/or imprisoned:
The law provides for criminal penalties – including imprisonment – for:
...harvesting email addresses ...
You clearly violated this law by harvesting an email address from PIR's .ORG registry. Your other much published expert marketing messages just further proves this.

As such a kind request to Jennifer-Whatever-you-decide-your-surname-to-be-next@whatever-you decide-your-next-expert-seo-name-is, please do not contact us again. But thank you for your humorous, though illegal, spam. It kept us entertained for about five minutes. We sincerely hope you enjoy Honduras and your Toshiba Laptop which is a tad removed from Lexington Ave.

Kind regards,

The aa419 team.

2012/05/03

A mistaken assumption in DDoS

AA419 is under a DDoS attack once again. This has become a regular event, yet never fails to silently amuse the AA419 members. It is a sure sign that we have hurt criminals.

There may be many reasons to DDoS a website. A DDoS may be a protest against institutions such as we have seen in the Anonymous DDoS'es on financial institutions and like in Operation Payback. They may be politically motivated as in the case of the Georgia DDos attacks. In a bizarre twist a DDoS may also actually be silently targeting clueless DDoS'ers who allow their systems to be used for "the cause", stealing their sensitive information like passwords and banking details.

However, as for the DDoS'es against AA419:
We are hurting the business of criminals by exposing them. These DDoS'es are revenge attacks, also an attempt at shutting us down. Scammers lose money and potential victims by us exposing their scams. We are also indirectly putting the spotlight on them. We can trace individuals back as far as 2004. This information has been used by the authorities on various occasions and will most likely be used again.

However the scammer that hires a botnet to DDoS us, uses flawed logic. AA419 is not a business. We have no profit motive, in fact no income. Our website being down does not hurt us financially.  Yet while the DDoS is ongoing, we are still shutting down websites. Not having to administer forums and list scam websites frees us up to concentrate on finding and having scam websites terminated. No forum spam, no database updating ... just pure scam website termination. We have a longstanding reputation of sending reliable abuse reports to service providers.

Of course there is another rather interesting aspect to being on the receiving end of a DDoS, studying the DDoS and related infrastructure used for the DDoS. Logs are kept and silently shared with the security community, a small additional way of making the net a safer place for all. A previous post on this blog gave a small insight into these activities.

AA419 will not get tired of the consistent DDoS'es. AA419 is not a person, AA419 is a regenerating community. Some of us were around when we experienced our first DDoS, others have since pursued other causes. New eager volunteers have filled their shoes. We have nothing to lose, yet everything to gain. Time is also on our side.

So, for now we are just "killing" scam sites, but we will be back.

A parting thought just for laughs: 
We tend to find and target a certain type of site during DDoS'es for take-down, resulting in more abuse reports for those type of sites, just like those that led to the DDoS initially.

Our power is not a website, our power is our reputation.

Well, signing off for now. A few more abuse reports need sending.