Éditoriaux Défense Sécurité Terrorisme Zones de conflits Logistique Livres de référence Liens
Terre Air Mer Gendarmerie Renseignement Infoguerre Cyber Recherche

CAN-SPAM Act Congressional Testimony

CAN-SPAM Act Congressional Testimony

Testimony of Jana Monroe, Assistant Director of the Federal Bureau of Investigation before the Senate Committee on Commerce, Science, and Transportation, May 20, 2004. Source: FBI.

  • Introductory Statement:

Good morning Chairman McCain, and other members of the Committee. On behalf of the FBI, I would like to thank you for this opportunity to address the FBI's role in anti-spam initiatives.

Cyber crime, in its many forms, continues to receive priority attention from the FBI. A paramount objective of the Cyber Division has been to arm field investigators with the necessary resources to identify and combat evolving cyber crime matters. Over the past 18 months, the FBI has supported the establishment of more than 50 multi-jurisdictional task forces nationwide. Partnerships with federal, state, and local law enforcement are vital to the success of these teams, because cyber crime, by its nature, does not respect jurisdictional boundaries and we need to leverage existing resources to effectively and efficiently fight cybercrime.

In addition to law enforcement partnerships, another prime objective of the FBI's Cyber Division is to establish active partnerships with subject matter experts from the private sector. Such experts are often better equipped to identify cyber crimes at their earliest stages. Early identification of cyber crimes is an absolute must, and directly correlates to ultimate successes in investigating and prosecuting cyber criminals.

In keeping with this approach, and even before passage of the CAN-SPAM Act by Congress, the FBI had begun work in a Public/Private Alliance to specifically target the growing spam problem. The Internet Crime Complaint Center (IC3), working in coordination with industry, developed "SLAM-Spam," an initiative that began operation last fall. This initiative targets significant criminal spammers, as well as companies and individuals that use spammers and their techniques to market their products. It also investigates the techniques and tools used by spammers to expand their targeted audience, to circumvent filters and other countermeasures implemented by consumers and industry, and to defraud customers with misrepresented or non-existent products.

  • Enforcement Before and After the CAN-SPAM Act:

Before Congress passed the CAN-SPAM Act of 2003, some schemes perpetrated by spam could have been pursued as violations of statutes such as Title 18, United States Code, Section 1030 (fraud and related activity in connection with computers) Title 18, United States Code, Section 2319 (criminal Infringement of a copyright) or Title 18, United States Code, Section 1343 (wire fraud), as well as through several other existing criminal or civil statutes. No existing statute, however, directly addressed some typical behaviors of spammers, including: using widely-available "open proxies" to bounce e-mail traffic through intermediary computers with the intent to hide the true location of the sender, the abuse of free e-mail services to send out spam from accounts with false registration information, and the use of tools to forge the return address and other headers associated with the e-mail. Prior to the CAN-SPAM Act, law enforcement lacked the legal tools to address the spam problem directly. Because of this, many investigators and prosecutors viewed cases based primarily on the sending of spam as unlikely to result in successful investigations and prosecutions. As the economic impact attributable to spam, and the use of spam to send unwanted pornographic images have become known, however, law enforcement interest increased. Similarly, investigations of computer intrusions and viruses have uncovered that infecting computers with viruses is now often being done to facilitate spam. In the SoBig.F computer intrusion investigation, we learned that millions of computers were infected globally, primarily to convert those computers into spam relays.

The CAN SPAM Act now allows law enforcement to apply criminal leverage to spammers, who previously were viewed as "facilitators" of fraudulent schemes, but who would disclaim any knowledge of the fraudulent or pornographic nature of the products they were advertising. CAN-SPAM's provisions address the most significant fraudulent and sexually explicit spam, and provide both civil and criminal tools to combat them.

  • Project SLAM-Spam:

In response to the growing number of complaints it was receiving about fraudulent and pornographic spam, the Internet Crime Complaint Center began development of a project to address the spam problem. The Center has developed extensive experience in taking complaints relating to all types of crime occurring over the Internet, analyzing them for significant patterns, and then referring appropriate case leads out to the field for further investigation. The IC3 receives more than 17,000 complaints every month from consumers alone, and additionally receives a growing volume of referrals from key e-commerce stakeholders. The use of spam is a substantial component of these schemes, which includes reports of identity theft schemes, fraudulent pitches and "get rich quick" schemes, and unwanted pornography. Currently, over 25 percent of all complaints to the IC3 involve some use of spam electronic mail.

To develop the project, the IC3 coordinated with industry Subject Matter Experts and representatives of the Direct Marketing Association (DMA), which have provided essential expertise and resources to the project. The IC3 has also consulted with the Federal Trade Commission, which has several years of working with consumers on the spam problem. This project has also identified a significant list of the methods used by subjects to advance their individual schemes. I will describe some of the efforts and summarize the primary accomplishments of this project over the past six months, and project future accomplishments, consistent with the overall project plan. This include a national initiative in which suitable cases developed or advanced through this project, will be highlighted as part of our overall effort against those who have committed criminal and civil violations of the CAN-SPAM Act.

The first several months of the project focused on building support structures to support the initiative. The IC3 identified and consulted with Subject Matter Experts from Internet Service Providers, anti-spam organizations, and other groups. They defined responsibilities of participants, and began weekly strategy meetings to ensure that progress and priorities were consistent and clear. Experts developed communications channels and databases to exchange information quickly and robustly among the experts in the alliance. Finally, a list of potential subjects was developed by analysts from the Internet Crime Complaint Center (IC3), and compared against existing IC3 referrals to determine if law enforcement had already initiated investigations of subjects, and if those investigations were making progress.

After the effective date of the CAN-SPAM Act, the IC3 helped organize and participated in three regional training conferences on a number of subjects relating to cybercrime. At these conferences, representatives of the FBI and Department of Justice gave presentations designed to familiarize agents specializing in cyber crime with the SLAM-Spam initiative, the techniques used by spammers to falsify their identity, and the additional criminal prohibitions in the CAN-SPAM Act.

Identifying the most significant subjects involved in criminal spam scenarios is a prime objective of the SLAM-Spam initiative. Equally significant has been developing those cases so that they can be further investigated and prosecuted by field offices, cyber task forces, and United States Attorneys' Offices around the United States. Accordingly, while a growing number of Internet crime schemes use spam to target larger pools of victims, the Cyber Division's task force capabilities have increased as well. Cyber Crime squads in our field divisions are trained in quickly investigating computer intrusions and virus attacks. When they are available, these resources can also be used to investigate the source of unwanted fraudulent and pornographic spam.
Project SLAM-Spam is on course and on schedule to achieve substantial results against individuals and organizations that are complicit in criminal (and potentially civil) schemes where spam is used. As a result of these activities, more than 20 Cyber Task Forces are actively pursuing criminal and in some cases joint civil proceedings against subjects identified to date. We expect that this number will continue to rise, as successful actions are brought under this act.

We are also improving our cooperation with the FTC, State Attorneys General, and industry partners, because we understand that criminal enforcement is only one aspect of the fight against spam. While we cannot share every detail of ongoing criminal investigations, we can and will share our knowledge about tools and techniques used by spammers, their current primary targets of opportunity, and the types of schemes they are favoring.

  • Notable Early Accomplishments of SLAM-Spam:

The SLAM-Spam initiative has now moved beyond the planning stages, and has begun identifying and packaging investigations from the field. Within the last few months, the Initiative has:

  • Identified over 100 significant spammers
  • Targeted 50 Spammers so identified as points of focus for the SLAM-Spam project.
  • Developed ten primary subject packets developed and for referral to Law Enforcement
  • Linked three groups of subjects into potential organized criminal enterprises
  • Referred five significant ongoing investigations linked to spammers.
  • Over 350 compromised and misconfigured resources identified, including 50 government sites.
  • Engaged military criminal investigators to help identify criminal acts associated with compromised Government sites.
  • Identified common denominators relating to spam both domestically and internationally.
  • Catalogued numerous exploits and techniques being used by spammers, including e-mail harvesting, use of viruses, and turn-key tools to bypass filters. [A sample of these exploits and techniques is attached to the end of this testimony.]

    Future Initiatives:

    The FBI, via the IC3, periodically coordinates National Investigative Initiatives, together with our Federal, State, and Local partners. Such initiatives are designed to highlight escalating areas of cyber crime, and demonstrate decisive action taken by law enforcement to combat it. These events also serve to alert the public to new and evolving cyber crime schemes, such as criminal spam. Three such initiatives have been carried out over the last 2 ½ years, including Operation Cyber Loss, Operation E-Con, and most recently Operation Cyber Sweep. A succeeding initiative is being projected for later this year in which it is anticipated that criminal and civil actions under the CAN-SPAM Act of 2003 will be included.

    We have begun preliminary notification to our field offices of our newest initiative, underscoring our emphasis on cases involving criminal uses of spam. Such cases may be investigated and prosecuted as computer intrusion matters, or as on-line cyber frauds which may lend themselves to a variety of existing state and/or federal statutes, including the recently passed CAN-SPAM Act. Similar notifications have been or will be made through appropriate channels to the U.S. Secret Service, U.S Postal Inspection Service, the FTC, the Department of Justice, and in the state and local agencies that are members of the National White Collar Crime Center. We are already planning meetings to ensure that this initiative is on track, and to further define the scope and packaging of this activity are being planned. We will be happy to brief you on the results of this initiative when it has been completed.

Conclusion:

Once again, I appreciate the opportunity to come before you today and share the work that the Cyber Division has undertaken to begin to address the problem of spam. Our work in this area will continue, and we will continue to keep Congress informed about our progress in overcoming the challenges in this area.


Derniers articles

Verdun 2016 : La légende de la « tranchée des baïonnettes »
Eyes in the Dark: Navy Dive Helmet Display Emerges as Game-Changer
OIR Official: Captured Info Describes ISIL Operations in Manbij
Cyber, Space, Middle East Join Nuclear Triad Topics at Deterrence Meeting
Carter Opens Second DoD Innovation Hub in Boston
Triomphe de St-Cyr : le Vietnam sur les rangs
Dwight D. Eisenhower Conducts First OIR Missions from Arabian Gulf
L’amiral Prazuck prend la manœuvre de la Marine
Airmen Practice Rescuing Downed Pilots in Pacific Thunder 16-2
On ne lutte pas contre les moustiques avec une Kalachnikov...
Enemy Mine: Underwater Drones Hunt Buried Targets, Save Lives
Daesh Publications Are Translated Into Eleven Languages
Opération Chammal : 10 000 heures de vol en opération pour les Mirage 2000 basés en Jordanie
Le Drian : Daech : une réponse à plusieurs niveaux
Carter: Defense Ministers Agree on Next Steps in Counter-ISIL Fight
Carter Convenes Counter-ISIL Coalition Meeting at Andrews
Carter Welcomes France’s Increased Counter-ISIL Support
100-Plus Aircraft Fly in for Exercise Red Flag 16-3
Growlers Soar With B-1s Around Ellsworth AFB
A-10s Deploy to Slovakia for Cross-Border Training
We Don’t Fight Against Mosquitoes With a Kalashnikov
Bug-Hunting Computers to Compete in DARPA Cyber Grand Challenge
Chiefs of US and Chinese Navies Agree on Need for Cooperation
DoD Cyber Strategy Defines How Officials Discern Cyber Incidents from Armed Attacks
Vice Adm. Tighe Takes Charge of Information Warfare, Naval Intelligence
Truman Strike Group Completes Eight-Month Deployment
KC-46 Completes Milestone by Refueling Fighter Jet, Cargo Plane
Air Dominance and the Critical Role of Fifth Generation Fighters
Une nation est une âme
The Challenges of Ungoverned Spaces
Carter Salutes Iraqi Forces, Announces 560 U.S. Troops to Deploy to Iraq
Obama: U.S. Commitment to European Security is Unwavering in Pivotal Time for NATO
International Court to Decide Sovereignty Issue in South China Sea
La SPA 75 est centenaire !
U.S. to Deploy THAAD Missile Battery to South Korea
Maintien en condition des matériels : reprendre l’initiative
La veste « léopard », premier uniforme militaire de camouflage
Océan Indien 2016 : Opérations & Coopération
Truman Transits Strait of Gibraltar
Navy Unveils National Museum of the American Sailor
New Navy, Old Tar
Marcel Dassault parrain de la nouvelle promotion d’officiers de l’École de l’Air
RIMPAC 2016 : Ravitaillement à la mer pour le Prairial avant l’arrivée à Hawaii
Bataille de la Somme, l’oubliée
U.S., Iceland Sign Security Cooperation Agreement
Cléopatra : la frégate Jean Bart entre dans l’histoire du BPC Gamal Abdel Nasser
Surveiller l’espace maritime français aussi par satellite
America's Navy-Marine Corps Team Fuse for RIMPAC 2016
Stratégie France : Plaidoyer pour une véritable coopération franco-allemande
La lumière du Droit rayonne au bout du chemin





Directeur de la publication : Joël-François Dumont
Comité de rédaction : Jacques de Lestapis, Hugues Dumont, François de Vries (Bruxelles), Hans-Ulrich Helfer (Suisse), Michael Hellerforth (Allemagne).
Comité militaire : VAE Guy Labouérie (†), GAA François Mermet (2S), CF Patrice Théry (Asie).

Contact