WASHINGTON – Mr. Cupcake and Mr. Spam sound like characters out of a Quentin Tarrantino movie. But, today, Mr. Cupcake is in jail and Mr. Spam helped put him there.
In the world of Internet crime, Mr. Cupcake is one of the bad guys. Mr. Spam is one of the good guys, a cybersleuth employed by the Federal Trade Commission.
Mr. Cupcake is really John Zuccarini, who was busted in a Hollywood, Fla., hotel room in September and sentenced in February to 2 ½ years in prison for using misspellings of well-known Web addresses to draw users – including children – to pornographic sites. FTC investigators dubbed the case the “Cupcake Party” after they found Zuccarini operating under 22 business names, such as Cupcake Party, Cupcake Patrol and Cupcake Incident.
Mr. Spam is really Don Blumenthal, whose bureaucratic title is “Internet lab coordinator.” But his job is far more interesting: He tracks down the bad guys who rip off consumers on the Internet, including those using spam e-mail.
His expertise as an attorney and a self-taught tech guy were instrumental in preparing the government’s case against Zuccarini.
Blumenthal and his staff of three operate two computer labs for the Washington consumer fraud agency. The labs are secure and separate from the agency’s other computers, allowing investigators to visit suspect Web sites without leaving electronic footprints.
The labs also collect a mind-numbing number of spam e-mails – about 260,000 a day – forwarded to the agency by annoyed consumers.
“The best overall term I can come up with is that it is interesting to see the range of things that is promoted,” Blumenthal said. “Everything is sold through spam – mortgages, vacations, herbal remedies, hundreds of different products.”
No one should get the mistaken impression that Blumenthal spends his days reading spam. But he is certainly aware of the wild claims that turn up daily in e-mail boxes: weight loss miracles, baldness remedies and promises of sexual prowess.
“What I really find fascinating about this is that these guys would not be doing this if they were not making money,” he said. “People really are responding to spam and buying things.”
He just wishes people would realize that if it sounds too good to be true, they should probably not pull out their credit card. “In some ways, that is the most curious part of all. Why would they do that?”
A bespectacled man with a beard, Blumenthal easily blends in with the capital’s thousands of bureaucrats. But on a recent day, he looked more computer geek than lawyer as he tooled around the Internet lab in khakis, athletic shoes and a green polo shirt bearing the FTC logo.
And he favors being a tech guy: “I find it much faster-paced. There is always something new.”
Blumenthal earned his law degree from the University of Pennsylvania in 1976. He spent several years working for the Federal Maritime Commission and an Ohio congressman and in private law practice. In 1988, he joined the FTC’s Cleveland office, where he first practiced anti-trust law.
But technology has long held his interest. While in junior high school, he and two pals built their own computer.
“By 1960s standards, it was kind of impressive,” he said proudly. “This was long before the days of PCs. Our computer had lights, had a circuit board, was in a wooden box and could count all the way up to 256.”
Blumenthal got his chance to mix FTC work with technology when the Cleveland office became the first outpost to install a local computer network. In 1992, he landed a six-month assignment in Washington to help install a similar system at the agency’s headquarters. He met his wife, Jane, during that visit and stayed on. In 1999, the FTC asked him to set up its first Internet lab.
FTC colleagues said his vast knowledge of technology and his legal training make him uniquely qualified to be the government’s Mr. Spam.
Ellen Finn, a staff lawyer in the bureau of consumer protection, said Blumenthal keeps her on track when companies under investigation try to snow attorneys with technical jargon and objections.
“Sometimes they try and blind you with science,” said Ms. Finn, noting that when she faced off with Microsoft’s attorneys and technical experts, she had Blumenthal along.
The FTC receives about 260,000 spam e-mails daily from consumers at its [email protected] address. No one reads the content, but it is broken down into individual files and stored on a powerful lab computer. It is then available to investigators who search the database for e-mails that might be related to a suspected fraud. For example, they might search for e-mails containing promises to “get rich quick” or “make easy money” to see if they are related.
Blumenthal helps investigators mine so-called headers – the subject and to-and-from information on e-mails – to try to determine who sent them. It’s tough because the bad guys have increasingly sophisticated ways of bouncing e-mail around the Internet to hide their identities and whereabouts.
“It is a painstaking process when you are dealing with somebody who knows what they are doing. We had one case that required 27 subpoenas to find a person,” he said, referring to a case in which investigators peeled through multiple Internet, e-mail and financial accounts to find a suspect’s true identity.
In addition to looking for fraud in spam e-mail, FTC investigators look for cons who flim-flam consumers on Web sites. That’s how the FTC got invited to the Cupcake Party.
It started when FTC attorney Marc Groman intended to type switchboard.com, an online directory assistance site, into his office computer. But Groman misspelled the name – sending his computer to a series of pornographic sites that opened multiple windows on his computer with sexually explicit content.
That was a bad day for Mr. Cupcake. Groman headed for the Internet lab.
With Blumenthal’s help, he determined that Zuccarini had created Web addresses for about 6,000 misspelled Internet sites. When unwitting users hit on one of the addresses, their computer screens would freeze – a technique called mouse trapping – while multiple windows of pornography would open.
Zuccarini, according to investigators, earned up to 25 cents from the porn sites for each viewer, earning him as much as $1 million a year.
Children were targeted – through misspelled addresses for Disneyland and popular cartoon sites – because they easily misspell Web addresses and Zuccarini was paid based on the number of hits on the porn sites.
The FTC obtained a court order shutting down the 6,000 misspelled Web addresses in what became a criminal case prosecuted by the Justice Department.
Blumenthal used his technical and legal skills to pen for the judge a 60-page description of how the process worked.
“He really does know his stuff,” Groman said. “He could show how the coding worked and that it was intentional. It was important to show that it was not an accident.”
Computer users who are inundated with unwanted spam e-mail may wonder whether cracking such cases is paying off. Blumenthal is quick to say yes.
“We cannot get everybody,” he said. “But all the cases we bring are valuable. We have the capability to do it, we are prepared to do it and we follow through. Hopefully, the deterrent factor is out there.”