Police powerless as spam hijackers target UK firms

The police are powerless to act against a US company accused of sending tens of thousands of junk e-mails via e-mail addresses...

The police are powerless to act against a US company accused of sending tens of thousands of junk e-mails via e-mail addresses hijacked from UK firms that use the Demon ISP service.

The Surrey Police Computer Crime Unit said it has no powers under existing UK laws to act against the firm, despite receiving complaints from businesses and individuals on the receiving end of thousands of misdirected spam messages.

The incident highlights a gap in the UK laws relating to computer crime. Computer Weekly, backed by leading industry figures, is urging the Government to review and update the law as part of its Lock Down the Law Campaign.

Detectives at Surrey Police have passed the complaints to the US Embassy and requested that the FBI takes up the investigation into possible breaches of US anti-spamming laws.

"We are looking into an incident that has been reported to us about a Demon account," said detective constable Andy Crocker. "We are limited on what laws are being broken in the UK. We have been in contact with the FBI. The US has state laws against spamming."

Paul Whitehead, director of public relations company Western Associates, contacted the police after discovering that his company's domain name was being used to send e-mail's advertising judicial review correspondence courses. Thousands of e-mails that failed to reach their targets were bounced back into Western's e-mail account. "It was a nightmare," said Whitehead.

Tony Hall, another victim, said he was concerned that people on the receiving end of the junk e-mail would believe he was responsible for the mailing. "It is quite stressful to have your domain name fraudulently used," he said. "Some recipients might not be technically aware enough to know that you are not the person sending them."

The e-mails appear to have been sent from a server based in Korea by a company called Universal Advertising Systems, which operates from a post office box in Aruba, a small island off the coast of Venezuela.

Callers to the phone number given in the e-mail find themselves talking to sales staff at a company operating under the name Windsor Judicial Processing. They are offered a home study course in collecting judicial judgements for $300, with the promise that it can help them earn a lucrative income.

Demon said there is nothing it can do about the spam, which does not originate from the Demon network. However, it is investigating the possibility of giving customers new services to intercept and filter messages automatically.

"Unfortunately, spam is increasing at a tremendous rate," said Steve Kennedy, head of technology futures at Demon. "People harvest e-mail addresses. It is very common for people to fake addresses, either from accounts that don't exist or from valid accounts.

SMEs back Computer Weekly campaign
Small companies in the UK face a threat to their livelihood unless the 1990 Computer Misuse Act is updated, the Federation of Small Businesses (FSB) warned this week.

Backing Computer Weekly's Lock Down the Law Campaign, Peter Scargill, IT chairman at the FSB, said the law as it stands is inadequate, and called for much tougher sentences for those found guilty of computer crime.

"There is currently nothing remotely approaching adequate legal recourse against hackers," he said. "Those who are found guilty of deliberately creating programs for the express purpose of damaging computers should be given several years in jail - far away from computers so that when they come out they have forgotten how to program."

Read more on IT for small and medium-sized enterprises (SME)