Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

Prosecutors Charge Elusive 'Spam King'

WASHINGTON -- From his 17th-floor Seattle apartment, Robert Soloway purportedly ran an illicit network of computers around the world, secretly commandeering the machines of thousands of unsuspecting bystanders. U.S. prosecutors say Internet users who clicked on infected e-mails and web sites inadvertently took part in his criminal endeavor: spam.

Soloway, 27, used his empire of hijacked "zombie" computers to send tens of millions of unsolicited e-mail messages over the past four years, prosecutors said. Described as a spammer since he was a teenager, he apparently covered his digital tracks using Chinese servers, fabricated web sites and the purloined identities of hundreds of Internet users whose names and e-mail addresses were slapped on the bulk mailings. He opened and closed bank accounts faster than creditors could track them, prosecutors said.

But federal authorities caught up last week with the man prosecutors call the "spam king" and arrested him on 35 charges of fraud, identity theft and money laundering, casting a light on the Byzantine, highly lucrative underworld of mass e-mail marketing. Soloway pleaded not guilty.

"He is one of the bad ones. He's one of the longest-running and uses criminal methods all the time," said John Reid, an investigator with Spamhaus, a European organization that fights spam. "Anyone on the web for a while would have received one of Soloway's spams."

Spamhaus had included him on its list of the 10 worst spammers until last year, when he was overtaken by more-sophisticated operators, primarily in Russia and Ukraine, Reid said.

Some forms of bulk commercial e-mailing are not illegal in the United States.

Under the 2003 U.S. CAN-SPAM law, which regulates spam, bulk e-mail marketing is allowed if the sender complies with several conditions. Most notably, recipients must be allowed to opt out of the mailings, and the sender must be transparent about the source. Still, scores of big-time spammers have flouted the requirements.

Prosecutors said Soloway's company, Newport Internet Marketing, defrauded its customers in offering to send a high volume of legitimate e-mail marketing messages or to sell software that could be used in mass mailings. Neither approach performed as advertised but generated a torrent of spam. When customers complained, prosecutors said, Soloway refused to provide assistance or refund the sales, instead threatening to charge them additional fees and refer them to collections agencies.

The scheme went far beyond a deceptive sales pitch, according to prosecutors, who said Soloway used fraudulent Internet practices to drum up customers for his business and then used them to send more spam.

Soloway purportedly used a series of subterfuges to hide his identity and his reputation. Microsoft won a $7.8 million judgment against him in 2005 for sending e-mails that falsely appeared to come from MSN and Hotmail addresses.

Although prosecutors say he has been living in a luxury apartment and driving a Mercedes convertible, Microsoft was never able to collect on the judgment because the company could not locate his bank accounts, Microsoft lawyer Aaron Kornblum said. In a separate case that year, an Oklahoma businessman won a $10 million judgment against Soloway for breaking the law regulating spam but was also unable to collect.

Soloway apparently masked his continuing involvement by using at least 50 web site names and registering some of them through Chinese Internet service providers to conceal his involvement. Chinese authorities are less aggressive than their Western counterparts in policing their online service providers and responding to complaints, Internet security experts said. In at least one case, prosecutors said, he stole someone else's credit card information to register and pay for a web site name.

Soloway is suspected of using proxy computers, called zombies or botnets, which were hijacked when the owners opened a software virus embedded an e-mail or web link. Often, the owners did not realize their computers had been taken over.

Though the indictment does not detail how Soloway first accessed the computers, Internet security experts explained that spammers often use secret online discussion groups to connect with hackers who lease out networks of zombie computers.

"This was a great success by the Justice Department. But this guy is just going to be replaced by one or two or three people in Russia providing the same service," said Craig Sprosts, security analysis manager at IronPort Systems, which sells software for e-mail and web security.