From: dritz@primenet.com (David Ritz) Subject: Re: Don't let these net bullies push you guys around!! [MCIDSD:0901:9929] (TINC) Date: 1997/10/30 Message-ID: Followup-To: news.admin.net-abuse.usenet Keywords: Netzilla, Sexzilla, spam, fraud, forgery, Denial of Service, extortion, racketeering, mail bombing, spoofing, hijacking, Usenet, NetNews, R.I.C.O., Supreme Court of the United States, S.C.O.T.U.S., SCOTUS, newsfeeds.com, jam.net X-Attribution: DR X-Complaint-To: "Douglas J. Kirk" , Dave Ekman Reply-To: David Ritz X-Complaint-Cc: "F. Michael Frank" , postmaster@ftc.gov, fraud@ftc.gov, National Fraud Information Center X-Pgp-0xC17490D5: 7D73 189A C8CE 5F26 8C25 A0FF F7D4 B9CE Organization: SpamBusters! X-Comment: Posted without comment. Newsgroups: news.admin.net-abuse.usenet,news.admin.net-abuse.misc Received: from ns1.corpcomm.net (ns1.corpcomm.net [199.165.217.101]) by primenet.com (8.8.5/8.8.5) with ESMTP id JAA11520 for ; Wed, 29 Oct 1997 09:43:50 -0700 (MST) Received: from [207.70.214.20] (ojsimpson.net [207.70.214.20]) by ns1.corpcomm.net (8.8.5/8.8.5) with ESMTP id KAA21070 for ; Wed, 29 Oct 1997 10:43:13 -0600 (CST) X-Sender: zed@corpcomm.net Message-Id: Precedence: bulk Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 2 (High) Date: Wed, 29 Oct 1997 11:33:44 -0600 To: dritz@primenet.com From: David Ritz Subject: Re: Don't let these net bullies push you guys around!! [MCIDSD:0901:9929] (TINC) Status: O X-Status: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 27 Oct 1997, Jerry 'SpamZilla' Reynolds, pretending to be a SpryNet News Admin, wrote: : Dear admin's, : : You guys are the back bone providers. Us smaller isp's are fully capable : to control what is on our own news server. Major peering points should not : be making those decisions. Mr. Reynolds, You aren't an ISP. You're a rogue, spam-domain. You are engaged in fraud, forgery, theft of service, as well as the most massive denial of service attack ever unleashed on Usenet. Having paid several visits to all but one of your nine news servers, I am completely aware that you know precisely how to control what is on your own news servers: ========================================================================== Machine IP Machine DNS Appears in Path as ========================================================================== 207.70.214.93 dnewsweb3.netzilla.net (was *) 207.70.214.94 dnewsweb2.netzilal.net.netzilla.net (was **) 207.70.214.200 news.netzilla.net 207.70.214.201 jam.NET [nitka.maiden.ru] * 207.70.214.202 NEWSFEEDS.com [trois.eiffel.fr] ** 207.70.214.203 [news.fantama.nz] 207.70.214.204 steve.netzilla.net [was win.mil.nl] 207.70.214.245 dnewsweb1.netzilla.NET 207.70.214.246 cancel.hunter.netzilla.net ========================================================================== * stamps path: nitka.maiden.ru!qapmoc.uk!gateway.cm.org!news.cm.org!bcarh189.bnr.ca! bcarh8c.bnr.ca!news.primenet.com!nntp.primenet.com ** stamps path: trois.eiffel.fr!bandenoye.de!news1.exit109.com!bug.rahul.net! samba.rahul.net!rahul.net!wilbur.ohww.norman.ok.us!news.1.radix.net!a2i ========================================================================== The following are examples of your _recent_ activities. This one looks like its *going*to*be* posted, about eleven hours from now, but it was injected through CRL, already: |Date: Wed, 29 Oct 1997 14:15:38 -0600 ^^^^ ^^^ ^^ ^^^ ^^^^ ^^^^^^^^ ^^^^^ |From: !Incest@is.Best (!Incest Is Best) |Newsgroups: alt.fuck,alt.fuck.the.skull.of.jesus,alt.fuck.the.skull.of | .jesus.binaries.pictures.erotica,alt.fuck.the.skull.of.jesus.binar | ies.pictures.erotica.d,alt.sex,alt.sex.,alt.sex.aliens,alt.sex.alt | ,alt.sex.alt.syntax,alt.sex.alt.syntax.tactical,alt.sex.aluminum,a | lt.sex.aluminum.baseball,alt.sex.aluminum.baseball.bat,alt.sex.ana | l,alt.sex.animals,alt.sex.asphyx,alt.sex.babies,alt.sex.balls,alt. | sex.bdragon.and.jimdana |Subject: - !!Incest.html (0/1) MY MOM AND I LIKE TO POSE NUDE TOGETHER |Message-ID: |Organization: Reposted for unauthorized cancel |Mime-Version: 1.0 |Content-Type: text/plain; charset=ISO-8859-1 |Content-transfer-encoding: 8bit |X-Newsreader: Yet Another NewsWatcher 2.4.0 |NNTP-Posting-Host: arabian.zuntov.chv |Lines: 63 |Path: ...!news.bbnplanet.com!nntp2.crl.com!osaka.ad.jp!japnet-ad.jp! ^^^^^^^^^^^^^ ########### (POP relay) | nitka.maiden.ru!qapmoc.uk!gateway.cm.org!news.cm.org!bcarh189.bnr.ca! | bcarh8c.bnr.ca!news.primenet.com!nntp.primenet.com!news.fantama.nz! | !Incest |Xref: <...> This one was injected through one of the NEWS-IN*.UU.NET machines. Its due to be posted, in about ten hours: |Date: Wed, 29 Oct 1997 13:51:36 -0600 |From: !You@will.obey.Satan (!LSatan) |Newsgroups: alt.fuck,alt.fuck.the.skull.of.jesus,alt.fuck.the.skull.of | .jesus.binaries.pictures.erotica,alt.fuck.the.skull.of.jesus.binar | ies.pictures.erotica.d,alt.sex,alt.sex.,alt.sex.aliens,alt.sex.alt | ,alt.sex.alt.syntax,alt.sex.alt.syntax.tactical,alt.sex.aluminum,a | lt.sex.aluminum.baseball,alt.sex.aluminum.baseball.bat,alt.sex.ana | l,alt.sex.animals,alt.sex.asphyx,alt.sex.babies,alt.sex.balls,alt. | sex.bdragon.and.jimdana |Subject: - !!HELL.html (1/1) >>>>>>>>>>>> PICTURES FROM HELL!!!! | <<<<<<<<<<<<<<<<<<<<<<<<<< |Message-ID: |Organization: LSatan |X-Newsreader: Yet Another NewsWatcher 2.4.0 |NNTP-Posting-Host: arabian.zuntov.chv |Lines: 34 |Path: ...!Sprint!uunet!in2.uu.net!feed.newsfeeds.com!jam!trois.eiffel.fr! ^^^^^^^^^^ ################## (FORGED!) | bandenoye.de!news1.exit109.com!bug.rahul.net!samba.rahul.net! | rahul.net!wilbur.ohww.norman.ok.us!news.1.radix.net!a2i! | nitka.maiden.ru!qapmoc.uk!gateway.cm.org!news.cm.org!bcarh189.bnr.ca! | bcarh8c.bnr.ca!news.primenet.com!nntp.primenet.com!news.fantama.nz! | !You |Xref: <...> The point, indicated as 'feed.newsfeeds.com' is actually a POP, being used to gain fraudulent access to the NEWS-IN*.UU.NET servers. Since POST is disabled on these machines, it is being injected using IHAVE or TAKETHIS commands. Everything to the right of 'in2.uu.net' is forged, even the domains and IP address which are in the 207.70.214.0 net-block. I suspect that the future dating of these articles exploits a software bug and keeps them from getting rejected, due to their being too old. I encountered a similar situation on the NETZILLA news servers located to [207.70.214.203] and [207.70.214.246], which will only accept IHAVE commands, so long as the date is set into the future. Here's one which was injected at InternetMCI: |From: Beverlee@saginaw.com |Subject: this site is NOT for the faint of heart it's sweet and nast - | !index.htm(1/1) |Reply-To: Beverlee@saginaw.com |Newsgroups: alt.sex.telephones,alt.binaries.pictures.sex,alt.sex |NNTP-Posting-Host: atlantic.zuntov.chv |Message-ID: <34565ba9.0@news.fantama.nz> |Date: 28 Oct 97 21:39:53 GMT |Lines: 38 |Path: ...!newsfeed.internetmci.com!207.70.214.202!feed.newsfeeds.com! ^^^^^^^^^^^^^^^^^^^^^^^^ ############## (FORGED!) | jam!trois.eiffel.fr!bandenoye.de!news1.exit109.com!bug.rahul.net! | samba.rahul.net!rahul.net!wilbur.ohww.norman.ok.us!news.1.radix.net! | a2i!nitka.maiden.ru!qapmoc.uk!gateway.cm.org!news.cm.org! | bcarh189.bnr.ca!bcarh8c.bnr.ca!news.primenet.com!nntp.primenet.com! | news.fantama.nz!atlantic.zuntov.chv |Xref: <...> This same fraudulent ploy is being exploited by you and your fellow spammers, at Intel Telecom Corporation (NETZILLA), to gain fraudulent access to Sprint's, InternetMCI's, CRL's and UUNET's newsfeed machines. So far, I've managed to get your news peering arrangements nuked, no fewer than ten times. This number, may in fact be closer to thirty, if you take into account the security holes I've managed to get plugged. This doesn't take into account your gaining fraudulent access (hijacking) to an U.S. Naval Computer, which may be construed as fraud, under U.S. Code, s 1030: (see ) ========================================================================== UNITED STATES CODE ANNOTATED COPR. (c) WEST 1990 No Claim to Orig. Govt. Works TITLE 18. CRIMES AND CRIMINAL PROCEDURE PART I--CRIMES CHAPTER 47--FRAUD AND FALSE STATEMENTS s 1030. Fraud and related activity in connection with computers (a) Whoever-- <...> (3) intentionally, without authorization to access any computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects the use of the Government's operation of such computer; (4) knowingly and with intent to defraud, accesses a Federal interest computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer; <...> (b) Whoever attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section. (c) The punishment for an offense under subsection (a) or (b) of this section is-- <...> (2)(A) a fine under this title or imprisonment for not more than one year, or both, in the case of an offense under subsection (a)(2), (a)(3) or (a)(6) of this section which does not occur after a conviction for another offense under such subsection, or an attempt to commit an offense punishable under this subparagraph; and (B) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(2), (a)(3) or (a)(6) of this section which occurs after a conviction for another offense under such subsection, or an attempt to commit an offense punishable under this subparagraph; and (3)(A) a fine under this title or imprisonment for not more than five years, or both, in the case of an offense under subsection (a)(4) or (a)(5) of this section which does not occur after a conviction for another offense under such subsection, or an attempt to commit an offense punishable under this subparagraph; and (B) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(4) or (a)(5) of this section which occurs after a conviction for another offense under such subsection, or an attempt to commit an offense punishable under this subparagraph. (d) The United States Secret Service shall, in addition to any other agency having such authority, have the authority to investigate offenses under this section. Such authority of the United States Secret Service shall be exercised in accordance with an agreement which shall be entered into by the Secretary of the Treasury and the Attorney General. (e) As used in this section-- (1) the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device; (2) the term "Federal interest computer" means a computer-- (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects the use of the financial institution's operation or the Government's operation of such computer; or (B) which is one of two or more computers used in committing the offense, not all of which are located in the same State; (3) the term "State" includes the District of Columbia, the Commonwealth of Puerto Rico, and any other possession or territory of the United States; <...> (7) the term "department of the United States" means the legislative or judicial branch of the Government or one of the executive departments enumerated in section 101 of title 5. (f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States. <...> ========================================================================== Just how much spam are we talking about? Loads. ========================================================================== Daily Cancel Analysis, courtesy of Andrew Gierth (see ) Note: Actual numbers may be significantly higher, depending on despammer protocals. Date Count Source ========================================================================== report971014, line,89: 342 forged!news.netzilla.net!forged report971015, line,67: 1041 forged!news.netzilla.net!forged report971016, line,55: 1641 forged!news.netzilla.net!forged report971017, line,71: 1512 forged!news.netzilla.net!forged report971018, line,56: 3112 forged!news.netzilla.net!forged report971019, line,52: 1899 forged!news.netzilla.net!forged report971020, line,75: 22677 forged!news.netzilla.net!forged report971021, line,67: 13426 forged!news.netzilla.net!forged report971022, line,57: 12625 forged!news.netzilla.net!forged report971023, line,57: 27958 forged!news.netzilla.net!forged report971024, line,57: 10833 forged!news.netzilla.net!forged report971026, line,59: 18278 forged!news.netzilla.net!forged report971027, line 58: 7753 forged!news.netzilla.net!forged ========================================================================== Spam Statistics, courtesy of SpamHippo (see ) Note: These are just a handful of the forged tags used by NETZILLA, in the past week. Actual numbers *are* significantly higher. Date Rank Forged Tag Count (n/25) ======================================================================== hippo971017, line 26: 14 webtrends.cz 2549 hippo971017, line 49: 10 news.webtrends.cz 3758 hippo971018, line 15: 3 webtrends.cz 11854 hippo971018, line 42: 3 news.webtrends.cz 11954 hippo971019, line 19: 7 webtrends.cz 4973 hippo971019, line 46: 7 news.webtrends.cz 4914 hippo971020, line 13: 1 webtrends.cz 18769 hippo971020, line 40: 1 news.castaway.gb 17743 hippo971020, line 48: 9 news.kpu-m.ac.jp 3734 hippo971021, line 15: 3 webtrends.cz 9948 hippo971021, line 54: 15 news.kpu-m.ac.jp 1651 hippo971021, line 58: 19 news.castaway.gb 1460 hippo971022, line 14: 2 webtrends.cz 14363 hippo971022, line 43: 4 news.macintosh.ir 13261 hippo971022, line 52: 13 news.kpu-m.ac.jp 2316 hippo971023, line 13: 1 webtrends.cz 24850 hippo971023, line 42: 3 news.macintosh.ir 23786 hippo971023, line 52: 13 news.kpu-m.ac.jp 3155 hippo971024, line 23: 11 webtrends.cz 6721 hippo971024, line 47: 8 news.macintosh.ir 6710 hippo971025, line 52: 13 news.kpu-m.ac.jp 3335 hippo971026, line 48: 9 news.kpu-m.ac.jp 2864 hippo971027, line 61: 22 news.kpu-m.ac.jp 1350 ======================================================================== : It is up to the end user or the moderator of the moderated groups to decide : what should or should not be read, or carried. You are wrong, Mr. Reynolds. It is up to the owners of the machines which store and distribute NetNews. You are more than welcome to store anything you wish on your machines. Once it leaves there, you have no right to tell anyone what they must *pay* to store or distribute. Somehow, you've come to hold an erroneous belief that you can abuse other people's machines, forcing them to shell out hard cash for the disk space, to store, and the bandwidth, to carry your spew. As is the case with every spammer on the planet, you are dead wrong. To make an analogy to the Freedom of the Press, guaranteed under the First Amendment to the U.S. Constitution, no one give a fig what you print on your printing press. However, what you try to print on printing press belonging to someone else, if not such a constitutionally protected right. "We therefore categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another." Mr. Chief Justice BURGER U.S. Supreme Court ROWAN v. U. S. POST OFFICE DEPT. , 397 U.S. 728 (1970) As is, the actions you are engaged in amounts to extortion, not only in causing ISPs to drop what used to be some of the most actively participated in areas of Usenet, but trying to burn them down. It seems that you and your associates are so intent on burying some hierarchies of Usenet, nose deep in your manure, as to render then unusable, thus making your pay web-sites more attractive. Since this is an organization, you're running, its my personal belief that R.I.C.O. [Racketeering, Influence and Corrupt Organizations Act] statutes may be applicable, in any Federal civil action which may stem from your activities. While this Act of Congress was originally designed to be used against organized crime, the Supreme Court of the United States has ruled that it can be applied, even when there is no monetary aim of the organized criminal activity. [see: N.O.W. v. Scheidler] Since you're only in it for the money, its even more likely that the Federal Justice system will find that these laws do apply. In the past, you've claimed this is a First Amendment issue, claiming that advertising your sex-spam sites is a constitutionally protected matter. As with everything else you claim, you are wrong. Advertising isn't speech. Its something you can pay for, rather than forcing others to pay for it. If the freedom of speech is to be addressed, in any legal proceedings to stem from your criminal activity, it is the right to speak at all, for millions of Usenet participants, which needs to be considered. Since you obviously have never been an Usenet participant, you can have no appreciation for what its like to open a newsgroup only to have it be anywhere from 90-100% Excessively Multi-Posted, Excessively Cross-Posted sex-spam, up to fifty percent of which is directly traceable to you. I've tried killfiling your spew in the past, only to have it reappear with a different set of parameters, as shown by your continually morphing forgeries, shown above. Your activity is directly responsible for turning me into one of the most widely respected and effective SpamBusters around. I don't know whether to thank you, or continue to curse your very existence. For now, I'll go with the latter. : Members of the cabal (Howard Knight, Ed Falk, Clewis, David Ritz, etc...) : have GOD complexes and like to order isp's (large and small) around. I : personally do not like to be harassed and told how I should run my news : server for my company. I sincerely hope you do not take them seriously and : allow them to push you around. There is no CABAL. (TINC) The only time I've applied any pressure, on those who allow you to access Usenet, is when they've bought your bill of goods and refused to act against massive fraud, forgery, extortion and libel, not to mention just being plain ill mannered. Yes, I believe that those who have not acted to bring your reign of terror against Usenet, to be at least accessories, if not outright accomplices and co-conspirators. At this late date, any backbone provider, let alone ISPs, who allows you to continue your activities, either by allowing you a newsfeed, or continuing to provide you with backbone connectivity, may be added to any legal proceedings, which follow from your often illegal activities. Mr. Reynolds, the only thing I ever asked you to do is stop spamming Usenet. I began by asking that you simply bypass a single newsgroup. In return for my trouble, you have attacked me personally, mail bombed me in various DOS attacks, and turned to forging the ISP(s) I use, into the paths of your spew. The intent of that action is to cause additional pressure on me and my provider(s), by generating tons of hateful complaints, misdirected away from the real source of your manure spreader: NETZILLA. You've even taken to 'spoofing' real DNSs, both in your path forgeries, and in the appropriation of real domain names. The owner of BLAZON.COM, was really surprised to hear from me. Just to make matters more interesting, he's an employee of the real Intel, in Portland. He was certainly as surprised, as I, when I saw this appear in my data: Device Information Name: ns1.blazon.com. DNS Name: ns1.blazon.com. Address: 207.70.214.6 : "Can't we all just get along" : :-) Sure. Say you are a spammer and promise to stop trying to burn down Usenet. Until this occurs, and you've served whatever time behind bars which can be metted out to you, I'll just say, "Drop dead." So long as I can see bits being moved out of 207.70.214.*, I will not be satisfied. I sincerely hope, that ITC will be my first confirmed full Class C net-block kill. I'm very tired of playing 'whack-a-weasel' with you. I'm ready to play Nuke-a-Net-Block, and you're at the top of my hit parade. : Just my two sense ^^^^^ Mr. Reynolds, its obvious you have no sense. Reasoning with a spammer who posts the tripe found at is fruitless. I'm not sure that wasting any more effort on reasoning with a sociopath such as yourself, is warranted. The author, just as you, have failed to distinguish between the InterNet and Usenet. Thankfully, they are not the same thing. This document, which can be found in its original, *unedited* version, at , holds not one whit of truth. For a full, logical and well researched rebuttal, to "The Case For Advertising on Usenet" please refer to . As for your two _cents_, it isn't worth much. I'm hoping that your activities will lead to much higher sums being levied against you. : The unknown admin Mr. Reynolds, I'm afraid I'm much more familiar with you than I ever wished. It only took me about two minutes to identify and see through your pretense. When one has been following your activities, from 'mwaba' to 'news.fantama.nz', you're going to have to try a lot harder or, better yet, give up. Trying harder is just more likely to dig you a deeper hole. Usenet is not a right. Its a privilege. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - David Ritz Finger for PGP Public Keys Anti-spam resources: Support the anti-Spam amendment. Join at - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - P.S. Give my love to Brad, Steve, Rodney, Rick, Kim, 'Fatboy' and the rest of your spammy minions. I hope to see them *all* in court. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQB1AwUBNFhSOD88lV/BdJDVAQFaEwL/Q+ReV8kFHLZhe4euAyvjzKqwATbHfLoy cNdZN69M5uYcBlO4rPpI/1oaItYQ2bZ1JYJIxhO01yqLcaMxsJeeW7p057R15x4E sLdRraNK+tV305XzmLGKxVnc/UVUQG+Q =Gjcq -----END PGP SIGNATURE-----