, SecurityFocus 2004-09-29
A Los Angeles man who used other people's wi-fi networks to send thousands of unsolicited adult-themed e-mails from his car pleaded guilty to a single felony Monday, in what prosecutors say is the first criminal conviction under the federal CAN-SPAM Act.In a plea agreement with prosecutors, Nicholas Tombros, 37, faces a likely sentencing range stretching from probation to six months in custody, assuming he has no prior criminal convictions. Sentencing is set for December 27th.
Tombros drove around the Los Angeles beachfront suburb of Venice with a laptop and a wi-fi antenna sniffing out unsecured residential access points, which he then used to send thousands of untraceable spam messages advertising pornography sites.
An FBI spokesperson said earlier this month that Tombros obtained the e-mail addresses from a credit card aggregation company where he used to work, but officials have not revealed how they caught the spammer.
The CAN-SPAM Act, which took effect January 1st, doesn't criminalize unsolicited bulk commercial e-mail, but it does prohibit most of the deceptive practices used by spammers. Tombros was charged under a provision that prohibits breaking into someone else's computer to send spam. Also outlawed is the practice of deliberately crafting spammy messages to disguise the origin; materially falsifying the headers in spam; spamming from five or more e-mail accounts established under fake names; or hijacking five or more IP addresses and spamming from them.
A first-time violator face up to one year in federal stir for a small-time operation-- three years if he or she meets one of several minimum standards of bad behavior, like leading a spam gang of at least three people, sending over 2,500 messages in one day, or using 10 or more falsely-registered domain names.
Assistant U.S. attorney Wesley Hsu, who prosecuted Tombros, says he believes the spammer is the first to be convicted under CAN SPAM. "It is my understanding that it is, in fact, the first," said Hsu.
But even without the spam-fighting legislation, Tombros' drive-by spamming technique would likely have put him afoul of existing computer crime laws, said David Sorkin, an associate professor at the John Marshall Law School. "It sound to me like this could very well have been prosecuted under other statutes."
The Tombros case is one of a handful of wireless hacking convictions federal prosecutors reeled in this year. In June, a Maryland man with a grudge against a Connecticut-based patent firm
The same month, two Michigan men, Brian Salcedo and Adam Botbyl, pleaded guilty to conspiracy charges stemming