Spammer in List Theft Identified; Whodunit Still in Question
At least five and possibly as many as 21 list owners whose files are hosted by SparkLIST Corp. claim some subscribers began complaining about receiving unsolicited pornography e-mail in August, about the time SparkLIST was acquired by Lyris Technologies and moved operations from Green Bay, WI, to Lyris' headquarters in Berkeley, CA.
The spam was received at some single-use e-mail addresses specifically set up to track such things and, as a result, tipped the list owners that their files either were copied and stolen or hacked and made available to at least one spammer.
Word-to-the-Wise LLC, the company Lyris hired to investigate, has identified the source of the spam as Gaven Stubberfield, a name listed on anti-spam site Spamhaus.org as the contact person for a "Raleigh North Carolina Spam Gang." Word-to-the-Wise is consulting lawyers to see whether there is any recourse against Stubberfield.
"We're also continuing the investigation to see who leaked those addresses to him," said Laura Atkins, a principal at Word-to-the-Wise, San Carlos, CA.
It is unclear, though, that Gaven Stubberfield is even the name of a real person. So far, evidence suggests that the incident likely resulted from an inside job at SparkLIST, Atkins said.
"We're looking at something that happened long before Lyris took over SparkLIST," she said. "It's not all of the lists, and not even lists that were all hosted on the same machine. A spammer is not going to [hack] in and just pull a small subset of addresses. They are going to take every address they can get their hands on."
Meanwhile, Lyris claimed in a letter to customers that it has contacted its local office of the Federal Bureau of Investigation "to begin the process of an official investigation." Lyris also said in the letter that it knows of five affected customers. Sources say, however, the figure is more like 20.
Steven Brown, chief operating officer of Lyris, declined an interview request, saying he did not want to jeopardize the FBI's investigation.
A phone call from DM News to one of the numbers listed under Stubberfield's name on Spamhaus.org reached the voice mail of an unidentified male with a Southern accent. A message left asking for Stubberfield was not immediately returned.
The name Gaven Stubberfield is infamous in tech circles, said Anne Holland, publisher of MarketingSherpa.com and one of the list owners whose files were affected.
"Gaven's on many 'most-wanted spammer' lists," Holland said. What's more, she has known for a month the source of the spam. But knowing the source brings her no closer to knowing how the spammer got her files. However, Stubberfield's reputation in the anti-spam camp may have limited the damage.
"The majority of ISPs know Gaven and already filter against him," Holland said. "That's why we didn't have more readers complaining. Luckily, he's so well-known, he's already blocklisted."
Also, whoever Stubberfield is, he may think he came by SparkLIST customers' lists legitimately.
"I would be deeply surprised to find out that he stole the names," Holland said.
Meanwhile, Lyris sent an e-mail to customers detailing security measures it has taken to protect its customers' lists. Holland, however, countered that most of the measures should have been in place already and that Lyris cannot know whether it is preventing another list theft until it knows if and how the first one happened.
Word-to-the-Wise "is part of the answer, but that's not going to solve everything," she said. "Until you investigate how it happened, how can you say for sure you've stopped it? It's like saying, 'We don't know how the horse was stolen, but we've closed the barn door so it won't happen again.'"
All agree, however, that no security measures are foolproof if an unscrupulous employee with access to files wants to steal them.