Observations on the Jeremy Jaynes Criminal Spam Trial Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com.

Observations on the Jeremy Jaynes Criminal Spam Trial

Jon Praed Internet Law Group

jon.praed(at)i-lawgroup.com

Who Is Jeremy Jaynes?

• ROKSO listed spammer• Alias “Gaven Stubberfield”• 29, resident of Raleigh, North Carolina• Investor in local restaurant and health club• More insights available at:

http://newsobserver.com/news/story/1828341p-8141513c.html

• Tried with sister Jessica DeGroot and Richard Rutkowski

The Spam Samples

Spam Sample -- Penny Stock

Picker

Spam Sample -- Internet History

Eraser

Spam Sample -Fed Ex Refund

Processor

Spam Timeline, Volumes & Fingerprints

Spam Fingerprints from July 16

Complaint Count Unique IPsAll IP Blocks 493,181 1,862

64.247.166.* 94,287 24864.247.167.* 93,316 24869.42.227.* 46,215 250216.245.239.* 86,007 218

319,825 964

By IP Block

Domain Registrant Address Telephone Contact Traceroutecamperon.com Dante Consulting 6300 Creedmoor Rd., Raleigh, NC 27613 919-785-4287 Janet Marsh 157.130.48.98realbiz.cc Dante Consulting 6300 Creedmoor Rd., Raleigh, NC 27613 919-785-4287 Janet Marsh 157.130.48.98singlesource.cc Dante Consulting 6300 Creedmoor Rd., Raleigh, NC 27613 919-785-4287 Janet Marsh 157.130.48.98valleyweb.bz Manner Ops 6458 Creedmoor Rd, Raleigh, NC 27613 919-782-5472 Sam Ramsey n/a

From Domains

bidonit.bz Not Registeredbuttercookie.net Not Registerednomorepride.com Not Registeredwiggyweb.com Not Registered

Helo Domains

IP Block Block Owner Address Telephone Contact Traceroute216.245.239.*** Inet Consulting 8601 Ray Rd, Raleigh, NC 27613 919- 839-2702 John Jones 157.130.48.98

Davis Consulting 3105 Holston Lane, Raleigh, NC 27610 919-230-2661 Charles Davis 157.130.48.98Vinter Internet 6557 Glenwood Ave., Raleigh, NC 27613 919-565-7438 Patesh Vinter 157.130.48.98

64.247.166.*** CJ Online 2054 Kildaire Farm Rd. Cary, NC 27511 919-777-1404 John Rodgers 157.130.48.98Circular Web Services 2448 Melvid Ct., Raleigh, NC 27610 919-347-1484 Robert Franks 157.130.48.98BufferD 4882 Poole Rd., Raliegh, NC 27610 919-347-1484 Robert Franks 157.130.48.98

64.247.167.*** CJ Online 2054 Kildaire Farm Rd. Cary, NC 27511 919-777-1404 John Rodgers 157.130.48.98Circular Web Services 2448 Melvid Ct., Raleigh, NC 27610 919-347-1484 Robert Franks 157.130.48.98BufferD 4882 Poole Rd., Raliegh, NC 27610 919-347-1484 Robert Franks 157.130.48.98

69.42.227.*** JKR Communications 2115 E. Millbrook Rd, Raleigh, NC 27604 919-856-8327 Don Drummon 4.24.239.122ATC Internet Solutions 5003 Falls of Neuse, Raleigh, NC 27609 919-875-3000 Andy Holmes 4.24.239.122a1 Consulting 45 E Ridge Road, Raleigh, NC, 27606 919-868-5472 William Jefferys 4.24.239.122

Connecting MTA IP Addresses

Virginia Criminal Spam Statute (Va. Code § 18.2-152.3:1)

1. Use of a computer or computer network

2. With intent to falsify or forge electronic mail transmission information or other routing information in any manner

3. in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers

Felony (Class 6)

• 10,000 attempted recipients over one day (24 hour period)

• 100,000…over 30 days

• 1 million…over one year

Penalty (per offense)

• 1 year to 5 years in prison

• $2,500 fine

Criminal Investigation Proceeds

July through December 2003

Jaynes Arrested, House Searched & Evidence SeizedDecember 11, 2003

Spam Office in Spare Bedroom

Rack Mount in Spare Bedroom

Evidence Seized

• Computers, routers– Laptops, desktops, servers– Contents recovered

• CDs & DVDs– email address lists – lists of user names & domain names– “anti-spammer” email address lists

• Other Physical Evidence

“Spam Interruptus”

Text of Email Found on Seized Computer

Email Text from Seized Computer

Email Sample from Report Spam

Notes Recovered from Trash Can

Notes Admitted into Evidence

Notes Admitted into Evidence

Merchant Credit Card Account

Sales per month

Merchant Credit Card Account

x $40.00 per sale

$440,000 per month

Sales per month

Merchant Credit Card Account

Refunds/charge backs

Merchant Credit Card Account

Refunds/charge backs

x $40.00 per sale

($332,000) per month

Merchant Credit Card Account

Sales per month

$440,000 sales

- $332,000 returns

$108,000 gross profit per month

Falsification of Transmission Information

ARIN Contract

Proof of Payment for Domain Name Registration

• Valid Visa credit card

• False names (“Janet Marsh”)

• Card successfully charged

• Charge was not disputed

• Signatory on card (Jessica Jaynes)

Testimony of UPS Store Owner

• Postal Form 1583 Required by Law• Not One Customer Named “John Rogers” • Nine Years of Records

UPS Store Application

Proof the Emails were “Unsolicited”

• Recipient testimony– Burdensome and unwieldy– Indirect admission is difficult (hearsay)

• Absence of evidence of request for solicitation in spammers’ possession (Absence of business record)

• Expert testimony

Expert Testimony:Drug Dealers and Spammers

• Police officers routinely qualify as experts on drug possession charges

• No “ultimate fact” (can’t say “in my opinion, defendant is a dealer”)

• Quantity of drugs found on defendant is “not consistent with personal consumption”

• Prosecutor argues evidence shows defendant “is a dealer”

Dr. John Levine

• Expert for the Commonwealth• Testified Defendants’ email patterns were

“not consistent with solicited email practices”– Inconsistent from lines

– Large number of IP addresses used

– .bz domain names (Belize)

• Untouchable on cross examination• See Dr. Levine’s article on CircleID.com

(http://www.circleid.com/article/804_0_1_0_C/)

Defendants’ Defenses• No factual defense• Constitutional Challenges

– First Amendment– Commerce Clause

• Personal Jurisdiction in Virginia• Venue in Loudoun County• Lack of proof that volumes exceeded 10,000/day• Meaning of “Falsification” and “Unsolicited”• July 1, 2003 as “flag day”

Jury Verdict & Sentence

• Deliberated day and a half• Jeremy Jaynes

– Guilty of 3 felony spam counts– 3 years per count

• Jessica Jaynes DeGroot– Guilty of 3 felony spam counts– $2,500 fine per count

• Richard Rutkowski– Not guilty

Lessons Learned• Juries understand the technology• Searches and seizures are important to preserving

evidence• While difficult, “unsolicited” can be proved without

testimony from recipients, via an expert• Offshore movement of bank accounts will complicate

proof• The “Jessica Effect” -- spam accomplices are now more

likely to “flip”• Despite public animosity against spam, jury system

works well

Questions?

Observations on the Jeremy Jaynes Criminal Spam Trial

Jon Praed Internet Law Group

jon.praed(at)i-lawgroup.com