Anti-Spammer Fined For DNS Lookup Of Spammer

from the ouch dept

Anti-spam activists often need to do quite a bit of hunting to track down the real identity of various spammers. Over the years, spammers have become increasingly adept at hiding from those trying to shine light on their activities. However, when one well-known anti-spammer used some standard whois and DNS lookup tools (the same kind many of us use every day) to find out the identity of a spammer, the spammer sued him... and won! The anti-spammer has to pay over $60,000 in fines, and possibly much more once lawyers' fees are added up. The judge ruled that some rather basic tools suddenly constituted "hacking" even though the details don't suggest any actual hacking. The anti-spammer simply used the tools available to get the information necessary. He didn't need to break through any security or do anything malicious to get the info. If you read the ruling, it sounds like a judge could define plenty of perfectly normal online activities as "hacking." Update: There's a good discussion in the comments, suggesting that there's a lot more going on here than is clear from the article itself. The judge's finding of facts suggest that the anti-spammer did some questionable things, including lying and ignoring an injunction -- which certainly hurt his case. However, others are suggesting that the judge's finding of facts are incorrect and there's much more to this story that will come out on appeal.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: anti-spam, fines


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Aaron *Brother Head* Moss, 18 Jan 2008 @ 10:18am

    Asshat?

    I think the Judge should be fined $60,000 for stupidity.

    And people wonder why I've lost all hope for humanity...

    link to this | view in chronology ]

  • identicon
    Insane!!!, 18 Jan 2008 @ 10:24am

    WTF!!

    If the use of diagnostic tools in conjunction with publicly available information to determan who is breaking the law is a crime. Then the world is a bad bad place now.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Jan 2008 @ 10:28am

    The judge is obviously an mis-informed idiot. This needs to be appealed and brought to a higher court, where judges need to be a little more intelligent to get their positions.

    link to this | view in chronology ]

  • identicon
    Anonymous of Course, 18 Jan 2008 @ 10:29am

    And Stupidity For All

    I don't expect judges to understand every
    subject they have to rule on. But wouldn't
    it serve justice for them to make a phone
    call to the local university, or somewhere,
    for some expert advise to consider before they
    decide? Or are they just too puffed up with
    their own importance to admit that they aren't
    competent in every field?

    Are these pompus jackasses even aware that the
    general population holds them in contempt?
    Being only slightly more respected than lawyers,
    politicians and car salesmen.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jan 2008 @ 12:50pm

      Re: And Stupidity For All

      I don't expect judges to understand every subject they have to rule on. But wouldn't it serve justice for them to make a phone call to the local university, or somewhere, for some expert advise to consider before they decide?

      I think that's what expert witnesses are supposed to be for. I've also heard of better judges appointing special advisers to the court when they needed them.

      Or are they just too puffed up with their own importance to admit that they aren't competent in every field?

      You've hit the nail squarely on the head.

      Are these pompus jackasses even aware that the general population holds them in contempt?

      Such people seem to be drawn to become judges so people are obligated address them as "your honor" and to call them "honorable" whether they are or not. In fact, it can even be illegal to hold them in "contempt". It's a great fiction.

      link to this | view in chronology ]

  • identicon
    Nick, 18 Jan 2008 @ 10:29am

    I'm *quite* sure this will be appealed to a higher court, which will then correct the situation.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jan 2008 @ 12:51pm

      Re:

      I'm *quite* sure this will be appealed to a higher court, which will then correct the situation.

      Only if he can afford it. Justice isn't free.

      link to this | view in chronology ]

  • identicon
    Overcast, 18 Jan 2008 @ 10:31am

    Every time the Judge himself goes to a website - his computer does this in the background. He just doesn't realize it.

    So he's just as guilty.

    You can't get to any websites without doing DNS queries.....

    link to this | view in chronology ]

  • identicon
    Hellsvilla, 18 Jan 2008 @ 10:36am

    um...

    Wow... that's just... wow... NICE PRECEDENT! (we're doomed...)

    link to this | view in chronology ]

  • identicon
    Overcast, 18 Jan 2008 @ 10:42am

    But then seriously - who cares? The government can say it's a no-no. But then Anti-Spam defense is pretty well down the tubes.

    So they - along with everyone else, will start to whine and complain about spammers. Maybe they will be forced to deal with it themselves, like people in IT.

    After a while, perhaps they will get sick of it too.

    The biggest whiners and complainers are people just like this judge. She'll make all these decisions without a clue of how things work and then later whine about the spam she's getting. From my IT experience - Lawyers have to be the single biggest segment of people that are *clueless* about IT.

    link to this | view in chronology ]

  • identicon
    Everybody is guilty!, 18 Jan 2008 @ 10:42am

    Couldn't we then sue the RIAA for hacking?

    link to this | view in chronology ]

  • identicon
    Mudlock, 18 Jan 2008 @ 10:43am

    Did the judge actually say DNS is illegal to use, or is this comment from yesterdays /. discussion on this correct:

    http://yro.slashdot.org/comments.pl?sid=421122&cid=22079248

    "Might want to read the actual court ruling instead of the populistic and alarmist comments surrounding it. As I read it, the defendant already had been told by the court to stop bothering the plaintiff, and he then proceeded to ignore that. In and of itself the ruling doesn't outlaw dns requests, altough the judge's grasp of the technology clearly could stand improvement."

    Now, I didn't go and read the court ruling; but perhaps Mike will get the chance to do so, and let us no what's really up.

    link to this | view in chronology ]

  • identicon
    Venkat, 18 Jan 2008 @ 10:52am

    Feels Like an Overreaction

    It certainly feels like an over-reaction to me. I don't know whether the order was drafted by the other side's lawyers or by the judge, but it makes reference to the defendant providing "false" testimony. This never sits well with a judge. And there's the matter of the previously issued injunction.

    There can certainly be argument about whether it makes sense to make innocent conduct illegal, but it seems like there's a whole lot more going on in the case.

    link to this | view in chronology ]

  • identicon
    Chronno S. Trigger, 18 Jan 2008 @ 10:53am

    Reading the FOF

    Reading the Findings of Fact(PDF) it seems as if this Ritz guy (Anti-spammer) did more than just use a whois or DNS Lookup. It seems that the servers he got the information from are privet internal DNS servers, not normally accessible from outside. He did this not to get public information but privet network setup information and post that information on the web. He continued to post even after a Court injunction not to.

    He also did other things that seem to be questionable. He tried to force their ISP to stop their Usenet account by threatening to have peers de-peer (doesn't sound illegal to me). He lied in court about trying that. He seems to have lied about his aliases online. The PDF has about 12 pages of information and also seems to be the small one.

    link to this | view in chronology ]

    • icon
      chris (profile), 18 Jan 2008 @ 11:21am

      Re: Reading the FOF

      gee thanks, you ruined a perfectly good "government is teh stoopid" op-ed with your pesky facts. i hope you're happy.

      link to this | view in chronology ]

    • icon
      Mike (profile), 18 Jan 2008 @ 12:10pm

      Re: Reading the FOF

      Reading the Findings of Fact(PDF) it seems as if this Ritz guy (Anti-spammer) did more than just use a whois or DNS Lookup. It seems that the servers he got the information from are privet internal DNS servers, not normally accessible from outside. He did this not to get public information but privet network setup information and post that information on the web. He continued to post even after a Court injunction not to.

      Yeah, I've updated the post to reflect that, however, also noted Rich's comments below that the judge may have gotten some stuff wrong as well. Seems like there's a lot that wasn't entirely made clear in this case. A reminder not to rely on TheRegister as a source...

      link to this | view in chronology ]

  • identicon
    Rick, 18 Jan 2008 @ 11:13am

    Blaming the wrong person.

    Shouldn't this be more the fault of the defense lawyer? It would have been his job to educate the court properly. He obviously failed.

    This will be overturned on appeal.

    link to this | view in chronology ]

  • identicon
    J Shady, 18 Jan 2008 @ 11:16am

    Ritz was and is guilty

    Wow, this is unbeliveable, I just read the Fining of Facts, and I have to say that without a doubt this guy deserves whatever he gets.
    Mike, you make it look so cut and dry, but it's not. This guy did hack the spammers network. I hate spammers, and don't like them winning anything, but in this case they were right. Even if you criticize them for leaving their DNS servers open to such attacks, that doesnt justify what this guy Ritz did...damn.

    link to this | view in chronology ]

  • identicon
    nittahkachee, 18 Jan 2008 @ 11:27am

    Anti-Spammer Fined

    I wonder if the judge, or any sitting judge these days, can answer me one question? Are you smarter than a 5th grader?
    The rulings being handed down from the bench these days make me think these guys should be benched, but when you consider that they are often elected to the bench by the public, based on nothing more than a 1 paragraph description on a ballot the puzzlement tends to evaporate. Ruling on things they have little or no understanding of has become SOP.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Jan 2008 @ 11:29am

    This is the 2nd time in a short period where Techdirt has posted something that was so off as to, in my opinion, constitute being wrong. Do you not READ the subject documents before posting about them? I went and read the court order. The guy lied under oath about some of his activities and continued to access/attempt to access the systems AFTER being ordered not to by the court. Seems to me this guy got what he deserved.

    As a comparison, just because I leave my house unlocked doesn't mean you get to walk in and use my shower, eat my food or copy my work-in-progress treatise on the mating habits of the eastern siberian reindeer. That's still trespassing and possibly burglary (if you take anything) and my home being unlocked doesn't matter. Same thing here, just because the systems were not "secure" doesn't mean any Tom, Dick OR Harry gets free reign to access them and poke around.

    link to this | view in chronology ]

    • identicon
      Nate, 18 Jan 2008 @ 11:47am

      Re:

      The comparison here is an invalid one. Your house is private property, despite whether you've left your door unlocked or not.

      The WHOIS queries are publicly available services -- your house is not.

      Just because you leave your car door unlocked doesn't mean people should be sued for riding the bus.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Jan 2008 @ 11:51am

        Re: Re:

        NO...read the findings, it appears he hacked the internal DNS servers to the network.

        link to this | view in chronology ]

        • identicon
          ehrichweiss, 18 Jan 2008 @ 12:50pm

          Re: Re: Re:

          What I read was that he did a zone transfer on one of their servers that had been configured, accidentally I presume, to allow such actions. Maybe, just maybe, it wasn't configured by them but I've seen first-hand, behind-the-scenes how spammers operate and this is likely a setup for one of their tools.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Jan 2008 @ 11:29am

    Did anyone read the judges ruling decision? It is quite possible that the nature of this decision is being misrepresented.

    link to this | view in chronology ]

    • identicon
      nittahkachee, 18 Jan 2008 @ 11:37am

      Re:

      Of course we didn't read the Finding of Facts. Sadly, we expected TechDirt to have read it. Guess we'll have to do the research for ourselves before shooting from the hip. Gawd, that's just too much like work!

      link to this | view in chronology ]

  • identicon
    Nate, 18 Jan 2008 @ 11:41am

    !Wtf?!

    This is the most psychologically constipated thing I've ever read. This is exactly what happens when stupid people are taught self confidence and placed into positions of power.

    Never before has it been so easily for me to say with good conscience and confidence that the judge in this case made the WRONG decision.

    Even more infuriating, is that the poor guy who lost will likely have no recourse against an _obvious_ INjustice.

    I no longer have any faith in our legal system.

    link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 18 Jan 2008 @ 11:48am

    The

    Discussion among the most experienced anti-spammers on the Internet indicates that the findings of fact as recorded in the source material are wrong. Among other things, the defendant was physically incapable of committing the alleged actions at the time they're alleged to have taken place. There is much more to this story than has been disclosed here (or in the referenced links). Hopefully that will become clear on appeal.

    link to this | view in chronology ]

  • identicon
    RIch Kulawiec, 18 Jan 2008 @ 12:13pm

    Oh, and by the way...

    Performing a DNS zone transfer (say, by running something along the lines of

    dig @dns-server-name dns-zone axfr

    or its equivalent) is not hacking. It's a basic diagnostic procedure that uses deliberately-published information. It's taught on the first morning of the first day of DNS 101. See, for example, "DNS and Bind" by Albitz and Liu, published by O'Reilly.

    link to this | view in chronology ]

  • identicon
    Some Guy, 18 Jan 2008 @ 1:01pm

    No web surfing in Cass County ND allowed

    I have seen this so many times. One side spews a bunch of crap to the judge and the other side fails to call them on it.

    As many have said this happens in the background when you go to websites. It amazes me that they didn't just run a packet capture on someone (maybe even the judge herself) to show that going to a website will do the same thing.

    Of course the average user does not know how to perform these kinds of actions. There is a small group of people building blacklists so you (and your children)are not getting a ton of penis enlargement, and "have sex with local dripping wet [insert explicative]" advertisements in your inbox.

    Quite frankly I am upset at the defense in this case because they allowed this misinformed judge to set this precedent. There is no choice in the matter, it must be appealed. Otherwise typing "www.google.com" into your browser and hitting GO will be considered hacking in Cass County North Dakota, and all because Judge Cynthia Rothe-Seeger failed to see through the bullshit of a professional liar, the spammer.

    Someone should tell her what news groups are often used for. Maybe when the topic of trading images in violation of 18 USC 2252 (aka child porn) comes up maybe she will do something right and issue a warrant to have the news groups examined by law enforcement. Then they can take on the never ending task of tracking down everyone that uploaded and downloaded all contraband images.

    link to this | view in chronology ]

  • identicon
    Super Anonymous Ultra Coward, 18 Jan 2008 @ 2:17pm

    Dog Pile!!

    Let's all pile on to the "how stupid is stupid" dog pile, and maybe elbo someone here and there.

    OK, so I'm at the bottom of the list and will probably not get read, however, as far as I can tell there are a number of issues that posters have gotten wrong:

    1) This is a District Court Ruling, and as far as I can tell it is not an officially "published" ruling. There's little to suggest that this will be considered as actual, citable "precedent", kinda like Dubbya. There isn't even any significant opining on the part of the Judge as to interpretation of the law, so it would be difficult to use as "precedent" unless the facts are practically identical. If this were an Appelate Court ruling, then I'd be more concerned.

    2) I can see only one (OK, er, maybe 3 if you don't cut the Judge any I'm-not-a-Geek slack) "misunderstanding" of technology in the ruling. However, none of it seems material to the outcome. In otherwords, even if the Judge got some of the technology concepts wrong, I don't see how it would have changed her ruling.

    3) Ritz is alleged to have done a lot more than make a "DNS query" that was deemed either illegal or from which he had been enjoined. Furthermore it seems that he did so deliberately and knowingly. I don't have the transcripts, nor will I as they appear to have been sealed. Unless the allegations are false, it does appear that Ritz acted like a common criminal hacker especially after being barred from doing so.

    4) The legality of doing a DNS query was never at issue:

    "2. The Court need not determine whether a normal, signle DNS query is authorized within the meaning of the Statute [...]"

    Nor is there really a question as to whether a DNS Zone Transfer per se is illegal. If Ritz had claimed, which he seems to not have done, that the Sierra DNS servers were in fact public-facing DNS servers desinged to propagate Sierra DNS information, I believe the outcome from his DNS Zone Transfer request may have been different; however, Sierra seems to have clamed that those were private DNS servers (presumably for use from solely within the Sierra network), and therefore NOT public-facing.

    I still think that people should be allowed to beat the executives of Sierra senseless with a padded wiffle-bat if they are in fact spammers, but that's another story.

    I do have a hard time resisting a good dog-pile, but I just can't see where the Judge is being stupid.

    Doh!

    link to this | view in chronology ]

    • identicon
      teknosapien, 18 Jan 2008 @ 2:37pm

      Re: Dog Pile!!

      Wait a moment here if the DNS server was set up correctly then a Zone transfer would never have happened
      if I can obtain a zone by using a simple dig axfr than this supposed expert is not DNS servers should be locked down from doing any type of unauthorized zone transfer.

      secondly thats what a dns server is supposed to do answer queries if it was or was not public facing then thats a matter of network configuration if I ask a DNS server for a zone transfer and it gives it to me then how am I to know weather or not its supposed to be public facing

      link to this | view in chronology ]

    • identicon
      Gruff, 18 Jan 2008 @ 3:48pm

      Re: Dog Pile!!

      Ritz is alleged to have done a lot more than make a "DNS query" that was deemed either illegal or from which he had been enjoined.

      Nope. Ritz performed the DNS query on February 27, 2005. The injunction wasn't issued until August 4, 2005.

      I don't have the transcripts, nor will I as they appear to have been sealed. Unless the allegations are false, it does appear that Ritz acted like a common criminal hacker especially after being barred from doing so.

      Nor do I have the transcripts, but the finding says that he visited some websites after the injunction. It may have violated the injunction, but I wouldn't call it "common criminal hacker" behavior.

      If Ritz had claimed, which he seems to not have done, that the Sierra DNS servers were in fact public-facing DNS servers desinged to propagate Sierra DNS information, I believe the outcome from his DNS Zone Transfer request may have been different

      We don't know since the transcripts are sealed (how convenient) but I would expect that he probably did make such a claim which the judge, after admittedly rejecting expert testimony, ignored.

      Sierra seems to have clamed that those were private DNS servers (presumably for use from solely within the Sierra network), and therefore NOT public-facing.

      This is where things get confusing. I don't see where Sierra made that claim in the finding, but the judge did say "The private host name could not be ascertained from any publicly available source and were only known to Ritz by virtue of the zone transfer." So Judge herself said that those DNS servers were not "publicly available". This is crucial and really conflicts with the rest of the story. That would mean that he had to crack through a firewall or something like that to get to an internal network and there is no reference to any activities like that anywhere in the finding. Something's really fishy about that. After all, Ritz's whole defense as I understood it was that the DNS servers WERE public-facing and he didn't crack anything.

      link to this | view in chronology ]

  • identicon
    Liberty, 18 Jan 2008 @ 2:58pm

    Problems with the FOF

    At various other times Ritz, issued a variety of commands, including host-l, helo, and vrfy. The afore-mentioned commands are not commonly known to the average computer user.

    Here the judge seems to be condemning Ritz for being more knowledgeable than the "average computer user". Is ignorance good and knowledge evil in her court? By this standard, even using the "ping" command (which the "average computer" user probably doesn't know about) could be seen as evidence of evil. It seems like almost anything beyond using a web browser or e-mail could be a crime in her eyes.

    The court rejects the test for "authorization" articulated by the defendants expert, Lawrence Baldwin.

    OK, so the judge is rejecting expert testimony. I hope she's an expert herself on the subject herself then. But I doubt it.

    To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down. Any hacker could allege that any form of access was authorized because he was able to penetrate the system, regardless of whether the commands were utilized were well-formed.

    This is where the court really goes off the rails. The commands Ritz used were published standard Internet commands. They are not secret, unknown, or hidden. This is quite different from a cracker (although the court seems to condemn any hacker) using unknown, secret or faulty commands. The commands worked as they were supposed to and Ritz did not exploit any defects in the system. Finding that using standard commands not exploiting any defects is "unauthorized", as this judge did, really turns "the computer crime laws of this country upside down". In fact, this judge went on to characterize such usage as "penetration" as if he somehow bypassed some security measures and broke into the system. All he did was ask for the information and they gave it to him.

    Ritz frequently accomplished his access to Sierra's computers by concealing his identity via proxies and accessing the servers via a Unix operating system and using a shell account, among other methods.

    Now there's a real crime: He wasn't using Windows. Obviously then, Unix is evil. I wonder if she feels the same about Linux and Mac OS-X?

    In the late winter or spring of 2005, Ritz published the zone information he obtained from Sierra's server in the form of a file he published by making it accessible to the Internet and which he named "zilla_queries".

    Now the judge is saying that making something "accessible to the Internet" amounts to publishing it. In that case then, did Sierra not first "publish" their zone information by making it "accessible to the Internet"? In which case wasn't Ritz actually just republishing what had already been

    Ritz has engaged in a variety of activities without authorization on the internet.

    Here the judge seems to really be turning the law on it's head. I always thought that under our legal system (and the US constitution) individuals were free to do as they pleased as long as they weren't breaking any laws. Instead, this judge seems to be saying that we are only free to do what were have prior permission to do.

    I could go on and on but this is too long already. And I realize that the FOF finds that Ritz did other things, such as violating court orders, that I'm not addressing.

    link to this | view in chronology ]

  • identicon
    Shun, 18 Jan 2008 @ 5:04pm

    How is this a hack?

    First of all, he was found to have used the "host -l" command. How is this illegal? That he used it without authorization of the owner of the web site owner is irrelevant. If the command can be run over the internet, unless you're doing something that is obviously illegal, it's valid. That the command was "unauthorized" is irrelevant. Am I going to get punished for running a ping or a traceroute? OK, if I SYN flood the site, I can see how that could be considered "not nice" but a simple "host -l" command? Come on.

    I can see how you can get in trouble for publishing information, but is it really private information if it can be obtained so easily? I don't buy the argument that he hacked Sierra's servers. If Sierra can't configure a bloody DNS server, they deserve to be hacked.

    The other thing the court says Ritz did was connect to a couple of sites owned by Sierra. OK, so he visited these web-sites? How is that a crime? Also, does the court have the authority to prevent someone from visiting a web-site?

    I just don't see how this case holds water. If Ritz had done something obviously illegal like intimidate or harass Sierra, I could see where the court had a point. But just gleaning publicly available information from the web and publishing it? This is a ridiculous suit.

    When the court says something like "this is not commonly done" or "a typical internet user would not know how to do these things" it really does betray an ignorance of both technology and the law. You cannot base a ruling on whether or not a "typical" internet user would know how to do such-and-such. You need to base your ruling on:

    1. Were defendant's activities inherently illegal?
    2. Did defendant's activities cause damage to plaintiff?
    3. Was there a tort?

    Defamation only counts if the information published is false. Obviously, what Ritz published was true, or Sierra would not have sought to hide it.

    I really hope Ritz gets a better lawyer for his appeal. Also, I hope this judge gets an earful from someone for basing this decision on such ephemeral pap such as "a typical internet user..."

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jan 2008 @ 6:28pm

      Re: How is this a hack?

      "I really hope Ritz gets a better lawyer for his appeal."

      I hope he gets a better judge.

      link to this | view in chronology ]

  • identicon
    Nathat, 19 Jan 2008 @ 2:54pm

    this is crazy!

    This is crazy...if a robber broke in ur home, u'd bust him up for it if ya could, then what would you say if the robber charged u for kickin the shit outta him...how would u feel....same thing basically just different situation...fuck the government is dumb!

    link to this | view in chronology ]

  • identicon
    rusty shackleford, 20 Jan 2008 @ 10:56pm

    Justice gone insane

    Is it at all surprising to any of you.... in a world where the justice system can have a burgler win a law suit against the people who own the house he was breaking into... because he got stuck in their chimmny...

    link to this | view in chronology ]

  • identicon
    budz, 22 May 2008 @ 5:40pm

    Whois

    The judge should have consulted with Al Gore, he invented the 'Net, right? This type of internet use is the reason why the operating system is called Windows: every bit of information/code is available for anyone to see.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.