Hacking at spammers

There’s a curious link at the top of the Direct E-Mail Advertisers Association Web site (www.deaa.org). It says “Anti-Spammers Click Here.”

Clicking it opens an MP3 with the famous Spam routine from Monty Python’s Flying Circus, in which patrons at a restaurant order Spam and begin talking about Spam, and pretty soon, the conversation degenerates into every word being “Spam,” complete with a Viking chorus singing, “Spam, spam, spam, spam … ”

Many computer geeks are notorious Monty Python fans, so this skit was what gave the name “Spam” to unsolicited commercial e-mail back in the early days of the Internet. The idea was that, unchecked, spam would overwhelm online communications, just as the word overwhelmed the skit.

Yet what’s curious about DEAA including this skit and other anti-spam claims on its Web site is that to most computer users, spam is what this association is all about. Whether it be e-mail advertising porn sites, get-rich-quick schemes or simply trying to sell recipients the latest widget, spam’s critics rail against those who fill their electronic “in-box” with unwanted messages.

DEAA goes to great lengths in trying to redefine spam as being unsolicited commercial e-mail only with certain messages (DEAA uses the vague standard “if the content of the message seems unacceptable then it is spam,” and lists porn and chain letters as two examples), or whose sender doesn’t honor “remove” requests, or which uses deceptive header information designed to disguise the source.

But to Sacramento area resident Josef Chamberlin, spam is spam. Like many of his ilk, he defines spam as unsolicited e-mail, period.

Who is Josef Chamberlin? Well, click the “Exposed” link on the DEAA Web site and you’ll learn that he is a “net terrorist anti-spammer.” Talk to Chamberlin and he just may agree with that label, because he believes spammers need to be stopped by any means necessary.

Chamberlin sits transfixed by his computer screen, the long ash on his cigarette defying gravity. By day, Chamberlin is a computer security consultant, one of those well-paying jobs for hackers gone legit. By night, he is the enemy of spammers everywhere.

“This is the hobby,” he says as he taps away at his keyboard, at once proud and almost apologetic for his excesses, recounting sleepless nights extending into sleepless nights as the hacker hunted his quarry, sort of the computer geek equivalent of the alcoholic’s bender.

He tries to hack into systems of his enemies. The tools of his trade are things like “proxies” to disguise his identity, “Trojan horses” that create back door entries into spammers’ systems, full frontal “denial of service” attacks, programs like Retina that probe a system for ports of entry and note tidbits like when a username and password are the same, and “people finder” Web sites that will give him phone numbers and e-mail addresses for spammer employees.

Chamberlin, 35, has been known to place nasty phone calls to spammers, bombard fax machines with demands to “stop spamming me!” or “Buddha would not spam” challenges, order unwanted stacks of pizzas (with extra anchovies) for spammers, or tie up a spammer’s time by flashing “net send” message after message on their screens (to which they must hit the “return” button each time).

In the old days, when Chamberlin began, hacking required extensive technical computer knowledge. These days, the free market has stepped up to help hackers out. Need to send an anonymous e-mail? Just swing by Web sites such as multiproxy.org or anonymizer.com.

“Now, Joe Six Pack can get on Google and find out anything about anybody,” Chamberlin said.

Chamberlin’s connection to the Internet hovers somewhere between the maternal and the obsessive. He looks a little misty as he pulls out his first computer, a Timex laptop he got in 1984, well before “Internet” entered our lexicon. When asked whether the insidious ubiquity of spam might cause him and others to turn away from the Internet, he looks confused, like his questioner was speaking in tongues, as if the question was whether air pollution would make people decide to stop breathing.

Chamberlin’s long love affair with the Internet is what caused him to become the sworn enemy of spammers.

Chamberlin’s crusade began in the mid-’90s when he was working in Japan as the computer guy for AT&T WorldNet. Not only was he responsible for defending the start-up company against the growing spam menace—which was taking up company time, effort and bandwidth—but it also came to his home dial-up account.

“That’s where I got sick of it, because I had to pay by the minute,” he said. “I wanted to stop it, so that’s where I learned a lot of my hacking skills.”

Early on, some of the spam involved complex, get-rich-quick Ponzi schemes, and Chamberlin would lash out at the names highest up on the list, presumably the originators of the spam, often making long-distance phone calls from Japan. Today, porn is the biggest spam culprit. Visit an adult Web site, and your e-mail address gets recorded and sold to others who hope to lure you to their Web sites, too.

Spammers cast their practice in terms of freedom: free markets, freedom of speech, freedom to use information like e-mail addresses found in the public domain. But Chamberlin and others point out that such freedoms aren’t free. Recipients pay for spam with their time and effort in viewing and deleting, and for those who pay for online access by the minute, that translates into cash. And we all pay for the extensive bandwidth that spam uses in infrastructure costs and ISP (Internet Service Provider) payments.

“I don’t pay for junk mail, but I pay for your spam,” he said.

Chamberlin’s early practical efforts to cut down on the spam he received soon morphed into an all-consuming hobby. For technical reasons, it was easier to hide the source of spam back then, but that just egged Chamberlin on. “As less and less information was available, I became more determined to get those fuckers. It became sort of a crusade with me. And a hobby.”

With everything so expensive in Japan, hacking was a relatively cheap source of entertainment. This was during the Internet’s young and idealistic years, so its denizens wanted to shield their baby from consumerism’s more crass elements.

Chamberlin would trace spam back to its original ISP so its administrator could stop it if they didn’t want users targeted with spam. There was an innocence back then, and Chamberlin estimated that 70 percent of the people he called were unaware of the problem. Today, he said most spammers are more aggressive and unconcerned about their impacts.

Ironically, it was Chamberlin’s efforts to help those being used by spammers that got him caught by DEAA. While tracing some spam back to its source, he sent an e-mail to an ISP administrator, thinking he was unaware that spam was being routed through his server.

But the recipient, Beannet Interactive President Matthew Dalton, wasn’t an ally, and he forwarded Chamberlin’s work in an e-mail to DEAA titled “put this guy on the list of net terrorists,” writing, “He misinterpreted our disgust with a spammer that was forging headers with sympathy toward militant anti-spammer action. He is dead wrong, and I thought I would forward this one to the appropriate parties.”

Chamberlin hadn’t done anything illegal in this case, so he shrugs off the incident as a case of bad judgment, and a lesson in how spammers are trying to redefine the word spam in an effort to protect what they do from regulation. DEAA representatives did not return calls seeking comment.

Most “anti-spam” laws, such as the California law recently upheld as constitutional by the California Supreme Court, deal only with spammers who disguise their identity or fail to include coding indicating the e-mail is an advertisement or easy ways to be removed from spammers’ lists.

Yet to Chamberlin, there still isn’t good spam and bad spam. There’s just spam.

Chamberlin isn’t alone. If he and his compatriots are indeed “terrorists,” then they make Osama bin Laden’s Al Qaeda network look tiny. Type “spam” into an Internet search engine and you’ll find dozens of anti-spam soldiers and armies, such as spamcop.net, spamcon.org (formerly suespammers.com) and the Coalition Against Unsolicited Commercial E-Mail (cauce.org).

While he’s concerned with the anger now associated with the word “terrorist,” especially given the USA Patriot Act’s crackdown on cyber-terrorism, Chamberlin doesn’t mind being considered someone willing to terrorize those who defile his sacred Internet.

“It’s a badge of pride. Most people complain about [spam], but I did something about it,” he said. “If I go after kiddie porn guys, I’m a freedom fighter,” he said of his other favorite hacking target. “But if I go after spammers, I’m a terrorist.”

His creed is similar to that of the terrorists—that assaults by infidels need to be answered in kind, that to do nothing in the face of massive injustice is to be complicit. “No matter how insignificant the act,” he says, “it’s significant that you do it.”

Yet he shrugs off the impacts of his "terrorism," offering this wry, offbeat conclusion: "I’m not killing babies."