Anti-Spammer Fined For DNS Lookup Of Spammer
from the ouch dept
Anti-spam activists often need to do quite a bit of hunting to track down the real identity of various spammers. Over the years, spammers have become increasingly adept at hiding from those trying to shine light on their activities. However, when one well-known anti-spammer used some standard whois and DNS lookup tools (the same kind many of us use every day) to find out the identity of a spammer, the spammer sued him... and won! The anti-spammer has to pay over $60,000 in fines, and possibly much more once lawyers' fees are added up. The judge ruled that some rather basic tools suddenly constituted "hacking" even though the details don't suggest any actual hacking. The anti-spammer simply used the tools available to get the information necessary. He didn't need to break through any security or do anything malicious to get the info. If you read the ruling, it sounds like a judge could define plenty of perfectly normal online activities as "hacking." Update: There's a good discussion in the comments, suggesting that there's a lot more going on here than is clear from the article itself. The judge's finding of facts suggest that the anti-spammer did some questionable things, including lying and ignoring an injunction -- which certainly hurt his case. However, others are suggesting that the judge's finding of facts are incorrect and there's much more to this story that will come out on appeal.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Asshat?
And people wonder why I've lost all hope for humanity...
[ link to this | view in thread ]
WTF!!
[ link to this | view in thread ]
[ link to this | view in thread ]
And Stupidity For All
subject they have to rule on. But wouldn't
it serve justice for them to make a phone
call to the local university, or somewhere,
for some expert advise to consider before they
decide? Or are they just too puffed up with
their own importance to admit that they aren't
competent in every field?
Are these pompus jackasses even aware that the
general population holds them in contempt?
Being only slightly more respected than lawyers,
politicians and car salesmen.
[ link to this | view in thread ]
[ link to this | view in thread ]
So he's just as guilty.
You can't get to any websites without doing DNS queries.....
[ link to this | view in thread ]
um...
[ link to this | view in thread ]
So they - along with everyone else, will start to whine and complain about spammers. Maybe they will be forced to deal with it themselves, like people in IT.
After a while, perhaps they will get sick of it too.
The biggest whiners and complainers are people just like this judge. She'll make all these decisions without a clue of how things work and then later whine about the spam she's getting. From my IT experience - Lawyers have to be the single biggest segment of people that are *clueless* about IT.
[ link to this | view in thread ]
[ link to this | view in thread ]
http://yro.slashdot.org/comments.pl?sid=421122&cid=22079248
"Might want to read the actual court ruling instead of the populistic and alarmist comments surrounding it. As I read it, the defendant already had been told by the court to stop bothering the plaintiff, and he then proceeded to ignore that. In and of itself the ruling doesn't outlaw dns requests, altough the judge's grasp of the technology clearly could stand improvement."
Now, I didn't go and read the court ruling; but perhaps Mike will get the chance to do so, and let us no what's really up.
[ link to this | view in thread ]
Feels Like an Overreaction
There can certainly be argument about whether it makes sense to make innocent conduct illegal, but it seems like there's a whole lot more going on in the case.
[ link to this | view in thread ]
Reading the FOF
He also did other things that seem to be questionable. He tried to force their ISP to stop their Usenet account by threatening to have peers de-peer (doesn't sound illegal to me). He lied in court about trying that. He seems to have lied about his aliases online. The PDF has about 12 pages of information and also seems to be the small one.
[ link to this | view in thread ]
Blaming the wrong person.
This will be overturned on appeal.
[ link to this | view in thread ]
Ritz was and is guilty
Mike, you make it look so cut and dry, but it's not. This guy did hack the spammers network. I hate spammers, and don't like them winning anything, but in this case they were right. Even if you criticize them for leaving their DNS servers open to such attacks, that doesnt justify what this guy Ritz did...damn.
[ link to this | view in thread ]
Re: Reading the FOF
[ link to this | view in thread ]
Anti-Spammer Fined
The rulings being handed down from the bench these days make me think these guys should be benched, but when you consider that they are often elected to the bench by the public, based on nothing more than a 1 paragraph description on a ballot the puzzlement tends to evaporate. Ruling on things they have little or no understanding of has become SOP.
[ link to this | view in thread ]
As a comparison, just because I leave my house unlocked doesn't mean you get to walk in and use my shower, eat my food or copy my work-in-progress treatise on the mating habits of the eastern siberian reindeer. That's still trespassing and possibly burglary (if you take anything) and my home being unlocked doesn't matter. Same thing here, just because the systems were not "secure" doesn't mean any Tom, Dick OR Harry gets free reign to access them and poke around.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
!Wtf?!
Never before has it been so easily for me to say with good conscience and confidence that the judge in this case made the WRONG decision.
Even more infuriating, is that the poor guy who lost will likely have no recourse against an _obvious_ INjustice.
I no longer have any faith in our legal system.
[ link to this | view in thread ]
Re:
The WHOIS queries are publicly available services -- your house is not.
Just because you leave your car door unlocked doesn't mean people should be sued for riding the bus.
[ link to this | view in thread ]
The
Discussion among the most experienced anti-spammers on the Internet indicates that the findings of fact as recorded in the source material are wrong. Among other things, the defendant was physically incapable of committing the alleged actions at the time they're alleged to have taken place. There is much more to this story than has been disclosed here (or in the referenced links). Hopefully that will become clear on appeal.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Reading the FOF
Yeah, I've updated the post to reflect that, however, also noted Rich's comments below that the judge may have gotten some stuff wrong as well. Seems like there's a lot that wasn't entirely made clear in this case. A reminder not to rely on TheRegister as a source...
[ link to this | view in thread ]
Oh, and by the way...
Performing a DNS zone transfer (say, by running something along the lines of
dig @dns-server-name dns-zone axfr
or its equivalent) is not hacking. It's a basic diagnostic procedure that uses deliberately-published information. It's taught on the first morning of the first day of DNS 101. See, for example, "DNS and Bind" by Albitz and Liu, published by O'Reilly.
[ link to this | view in thread ]
oxyMORON
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: And Stupidity For All
I think that's what expert witnesses are supposed to be for. I've also heard of better judges appointing special advisers to the court when they needed them.
Or are they just too puffed up with their own importance to admit that they aren't competent in every field?
You've hit the nail squarely on the head.
Are these pompus jackasses even aware that the general population holds them in contempt?
Such people seem to be drawn to become judges so people are obligated address them as "your honor" and to call them "honorable" whether they are or not. In fact, it can even be illegal to hold them in "contempt". It's a great fiction.
[ link to this | view in thread ]
Re:
Only if he can afford it. Justice isn't free.
[ link to this | view in thread ]
No web surfing in Cass County ND allowed
As many have said this happens in the background when you go to websites. It amazes me that they didn't just run a packet capture on someone (maybe even the judge herself) to show that going to a website will do the same thing.
Of course the average user does not know how to perform these kinds of actions. There is a small group of people building blacklists so you (and your children)are not getting a ton of penis enlargement, and "have sex with local dripping wet [insert explicative]" advertisements in your inbox.
Quite frankly I am upset at the defense in this case because they allowed this misinformed judge to set this precedent. There is no choice in the matter, it must be appealed. Otherwise typing "www.google.com" into your browser and hitting GO will be considered hacking in Cass County North Dakota, and all because Judge Cynthia Rothe-Seeger failed to see through the bullshit of a professional liar, the spammer.
Someone should tell her what news groups are often used for. Maybe when the topic of trading images in violation of 18 USC 2252 (aka child porn) comes up maybe she will do something right and issue a warrant to have the news groups examined by law enforcement. Then they can take on the never ending task of tracking down everyone that uploaded and downloaded all contraband images.
[ link to this | view in thread ]
Dog Pile!!
OK, so I'm at the bottom of the list and will probably not get read, however, as far as I can tell there are a number of issues that posters have gotten wrong:
1) This is a District Court Ruling, and as far as I can tell it is not an officially "published" ruling. There's little to suggest that this will be considered as actual, citable "precedent", kinda like Dubbya. There isn't even any significant opining on the part of the Judge as to interpretation of the law, so it would be difficult to use as "precedent" unless the facts are practically identical. If this were an Appelate Court ruling, then I'd be more concerned.
2) I can see only one (OK, er, maybe 3 if you don't cut the Judge any I'm-not-a-Geek slack) "misunderstanding" of technology in the ruling. However, none of it seems material to the outcome. In otherwords, even if the Judge got some of the technology concepts wrong, I don't see how it would have changed her ruling.
3) Ritz is alleged to have done a lot more than make a "DNS query" that was deemed either illegal or from which he had been enjoined. Furthermore it seems that he did so deliberately and knowingly. I don't have the transcripts, nor will I as they appear to have been sealed. Unless the allegations are false, it does appear that Ritz acted like a common criminal hacker especially after being barred from doing so.
4) The legality of doing a DNS query was never at issue:
"2. The Court need not determine whether a normal, signle DNS query is authorized within the meaning of the Statute [...]"
Nor is there really a question as to whether a DNS Zone Transfer per se is illegal. If Ritz had claimed, which he seems to not have done, that the Sierra DNS servers were in fact public-facing DNS servers desinged to propagate Sierra DNS information, I believe the outcome from his DNS Zone Transfer request may have been different; however, Sierra seems to have clamed that those were private DNS servers (presumably for use from solely within the Sierra network), and therefore NOT public-facing.
I still think that people should be allowed to beat the executives of Sierra senseless with a padded wiffle-bat if they are in fact spammers, but that's another story.
I do have a hard time resisting a good dog-pile, but I just can't see where the Judge is being stupid.
Doh!
[ link to this | view in thread ]
Re: Dog Pile!!
if I can obtain a zone by using a simple dig axfr than this supposed expert is not DNS servers should be locked down from doing any type of unauthorized zone transfer.
secondly thats what a dns server is supposed to do answer queries if it was or was not public facing then thats a matter of network configuration if I ask a DNS server for a zone transfer and it gives it to me then how am I to know weather or not its supposed to be public facing
[ link to this | view in thread ]
Problems with the FOF
Here the judge seems to be condemning Ritz for being more knowledgeable than the "average computer user". Is ignorance good and knowledge evil in her court? By this standard, even using the "ping" command (which the "average computer" user probably doesn't know about) could be seen as evidence of evil. It seems like almost anything beyond using a web browser or e-mail could be a crime in her eyes.
The court rejects the test for "authorization" articulated by the defendants expert, Lawrence Baldwin.
OK, so the judge is rejecting expert testimony. I hope she's an expert herself on the subject herself then. But I doubt it.
To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down. Any hacker could allege that any form of access was authorized because he was able to penetrate the system, regardless of whether the commands were utilized were well-formed.
This is where the court really goes off the rails. The commands Ritz used were published standard Internet commands. They are not secret, unknown, or hidden. This is quite different from a cracker (although the court seems to condemn any hacker) using unknown, secret or faulty commands. The commands worked as they were supposed to and Ritz did not exploit any defects in the system. Finding that using standard commands not exploiting any defects is "unauthorized", as this judge did, really turns "the computer crime laws of this country upside down". In fact, this judge went on to characterize such usage as "penetration" as if he somehow bypassed some security measures and broke into the system. All he did was ask for the information and they gave it to him.
Ritz frequently accomplished his access to Sierra's computers by concealing his identity via proxies and accessing the servers via a Unix operating system and using a shell account, among other methods.
Now there's a real crime: He wasn't using Windows. Obviously then, Unix is evil. I wonder if she feels the same about Linux and Mac OS-X?
In the late winter or spring of 2005, Ritz published the zone information he obtained from Sierra's server in the form of a file he published by making it accessible to the Internet and which he named "zilla_queries".
Now the judge is saying that making something "accessible to the Internet" amounts to publishing it. In that case then, did Sierra not first "publish" their zone information by making it "accessible to the Internet"? In which case wasn't Ritz actually just republishing what had already been
Ritz has engaged in a variety of activities without authorization on the internet.
Here the judge seems to really be turning the law on it's head. I always thought that under our legal system (and the US constitution) individuals were free to do as they pleased as long as they weren't breaking any laws. Instead, this judge seems to be saying that we are only free to do what were have prior permission to do.
I could go on and on but this is too long already. And I realize that the FOF finds that Ritz did other things, such as violating court orders, that I'm not addressing.
[ link to this | view in thread ]
Re: Dog Pile!!
Nope. Ritz performed the DNS query on February 27, 2005. The injunction wasn't issued until August 4, 2005.
I don't have the transcripts, nor will I as they appear to have been sealed. Unless the allegations are false, it does appear that Ritz acted like a common criminal hacker especially after being barred from doing so.
Nor do I have the transcripts, but the finding says that he visited some websites after the injunction. It may have violated the injunction, but I wouldn't call it "common criminal hacker" behavior.
If Ritz had claimed, which he seems to not have done, that the Sierra DNS servers were in fact public-facing DNS servers desinged to propagate Sierra DNS information, I believe the outcome from his DNS Zone Transfer request may have been different
We don't know since the transcripts are sealed (how convenient) but I would expect that he probably did make such a claim which the judge, after admittedly rejecting expert testimony, ignored.
Sierra seems to have clamed that those were private DNS servers (presumably for use from solely within the Sierra network), and therefore NOT public-facing.
This is where things get confusing. I don't see where Sierra made that claim in the finding, but the judge did say "The private host name could not be ascertained from any publicly available source and were only known to Ritz by virtue of the zone transfer." So Judge herself said that those DNS servers were not "publicly available". This is crucial and really conflicts with the rest of the story. That would mean that he had to crack through a firewall or something like that to get to an internal network and there is no reference to any activities like that anywhere in the finding. Something's really fishy about that. After all, Ritz's whole defense as I understood it was that the DNS servers WERE public-facing and he didn't crack anything.
[ link to this | view in thread ]
How is this a hack?
I can see how you can get in trouble for publishing information, but is it really private information if it can be obtained so easily? I don't buy the argument that he hacked Sierra's servers. If Sierra can't configure a bloody DNS server, they deserve to be hacked.
The other thing the court says Ritz did was connect to a couple of sites owned by Sierra. OK, so he visited these web-sites? How is that a crime? Also, does the court have the authority to prevent someone from visiting a web-site?
I just don't see how this case holds water. If Ritz had done something obviously illegal like intimidate or harass Sierra, I could see where the court had a point. But just gleaning publicly available information from the web and publishing it? This is a ridiculous suit.
When the court says something like "this is not commonly done" or "a typical internet user would not know how to do these things" it really does betray an ignorance of both technology and the law. You cannot base a ruling on whether or not a "typical" internet user would know how to do such-and-such. You need to base your ruling on:
1. Were defendant's activities inherently illegal?
2. Did defendant's activities cause damage to plaintiff?
3. Was there a tort?
Defamation only counts if the information published is false. Obviously, what Ritz published was true, or Sierra would not have sought to hide it.
I really hope Ritz gets a better lawyer for his appeal. Also, I hope this judge gets an earful from someone for basing this decision on such ephemeral pap such as "a typical internet user..."
[ link to this | view in thread ]
Re: How is this a hack?
I hope he gets a better judge.
[ link to this | view in thread ]
this is crazy!
[ link to this | view in thread ]
Justice gone insane
[ link to this | view in thread ]
Whois
[ link to this | view in thread ]