increasingly popular get-rich scheme in the world of malicious users is to
somehow "trick" users' hardware into dialing or texting
premium numbers. The trick is a pretty old one, dating back 10
to 20 years. Its efficacy has led to a pickup in such schemes within the
U.S. and abroad in places like Russia and China.
The FBI has made some important progress in the fight against one such robo-dialing scheme. The
perpetrator, Asu Pala, executed a low-tech version of this scheme. For
his role in the scheme, a court this week sentenced him to 82-months (almost 7
years) in prison, fined him $7.9M USD, and ordered him to pay $2.2M USD in back
Mr. Pala opened a small internet service provider called Sakhmet that sold
dialup services. That's when a group of European criminals approached him with
an ambitious scheme to use his obscure ISP as an attack platform to deliver
autodialers to dialup customers in Germany, where dialup was still frequent.
The money, they promised, would be great.
And it was. Between 2003 and 2007, the partnership raked in €12M
($16.5M USD) by serving up malicious trojan auto-dialer software that caused
users modems to automatically call the German equivalent of 1-900 numbers (e.g.
sex lines, etc.), racking up huge phone bills.
Mr. Pala's increasingly ostentatious displays of wealth drew the watchful eye
of the U.S. Federal Bureau of Investigations. When he bought a second
Lamborghini sports car, they became suspicious when verifying with the IRS that
his reported income was far below what he appeared to be spending.
Ultimately, Mr. Pala agreed to cooperate with the feds to try to catch his
European business partners in exchange for a reduced sentence. In May
2009 he began to work with the FBI to try to lure its partners into the U.S.
for arrest. But the plot didn't work.
Disappointed, the FBI pulled out. Given that they felt they had credible
evidence the phantom partners were in fact real, the FBI pushed for a partially
reduced sentence, but Mr. Pala ended up getting a couple years in prison more
than originally planned.
His lawyer, Geoffrey Nathan, insists his client didn't understand the full
extent of what was going on. He comments, "Most regrettably, it
turns out that the big fish got away with the crime and they remain in
While that may be true, without their serving partner, they will find it much
harder to execute their attacks in the future. And surely German
authorities are now keeping a closer eye out for the perpetrators.
Mr. Pala, a New Hampshire resident, in April 2010 pled guilty in a U.S.
District Court for the District of Massachusetts, the state where his business
was located. He was sentenced this week and has the opportunity to try to
appeal, should he choose to do so.
quote: fined him $7.9M USD, and ordered him to pay $2.2M USD in back taxes.
quote: Between 2003 and 2007, the partnership raked in €12M ($16.5M USD)
quote: So instead of taking ALL the money and giving it back to the people they stole it from, the authorities just care about getting the tax revenue from all the money they stole. Lovely.
quote: Wouldn't it be neat if the victims could sue in some sort of CIVIL court to get their money back?