A co-defendant in a nationwide spamming case involving two MU graduates pleaded guilty to a conspiracy charge last week, according to a statement released by the U.S. Attorney for the Western District of Missouri.
The MU graduates, Osmaan Shah and Amir Shah, who are brothers, pleaded innocent when first charged, but will have a plea change hearing July 28. Co-defendant Paul Zucker pled guilty last week and Don Ledford, a spokesman for U.S. Attorney Beth Phillips, said other than insanity, “there’s really only one other option” for the Shahs—pleading guilty.
The Shahs are accused of sending spam e-mails to 8 million addresses at 2,000 college campuses, including MU, between 2004 and 2009. They allegedly used the MU network to send the e-mails, and sold $4.2 million in products through their company, I2O, Inc.
A fourth defendant in the case, Liu Guang Ming, is named in the federal indictment for the case, but lives in China and cannot be extradited. He allegedly rented the Shahs 40 servers in China to send spam.
According to a copy of the federal indictment against the four obtained by The Maneater, Zucker met the Shahs when he was customer of one of their services. The indictment alleges that in late June 2003, when the Shahs were both MU students, Osmaan Shah asked Zucker for tips of the spamming trade including ask him where to buy proxies through AOL’s Instant Messaging service.
“im [sic] gonna try to blast out some mail at my university . . . you don’t happen to have any proxies which I could try do you?” Osmaan Shah said in one conversation, according to court documents. “Could I buy proxies from you?”
“How many do you need?” Zucker said.
“well [sic] I just wanted to test it out really, see how fast I could send over there,” Osmaan Shah said. “im gonna mail for like 2 hours I think I should be able to get out a million.”
“Give me about an hour,” Zucker said. “No charge.”
The press release from Phillips’ office said the spam campaigns damaged MU’s network. MU spokesman Christian Basi said in an interview after Zucker’s plea that the damage was expensive for the university to fix, but that the university also now has a better system in place to deal with spam.
“The cost to the university was significant when you consider the hundreds of hours of staff time spent to correct the problem,” Basi said. “We installed new and better software to prevent and detect spamming.”
In his guilty plea, Zucker admitted in federal court that he provided the Shahs with proxies to hide the source of messages and bulk e-mail software to avoid spam filters. He faces up to five years in federal prison without parole and a $250,000 fine when he is sentenced, but a sentencing date has not yet been set.
MU Division of Information Technology Director Terry Robb said the Shahs not only broke federal law but also violated university policies by using it to conduct business.
“Obviously if you’re committing a crime, it’s a legal issue, but it’s also a violation of the university’s acceptable use policy,” Robb said. “You’re not supposed to use the university’s network to conduct business. They did so and did so in a way that was also illegal.”