E360’s Linhardt: Hacker Sent Porn to Client’s Database

David Linhardt—the marketer engaged in a mud-slinging legal battle with blacklisting organization Spamhaus and some individual anti-spammers—is claiming that someone hacked his system and sent pornography to almost 300,000 of a client’s e-mail addresses.

“Someone gained unauthorized access to one of our mail servers a few weeks ago,” the CEO of e360 Insight wrote in an e-mail exchange with this newsletter. “They connected several times over a 2-week period. During their last session, the perpetrator modified several of our clients' messages. In the most egregious case, the perp substituted pornographic images for our client’s images.”

Linhardt said whoever hacked his system sent pornography to 297,000 of his client’s customers.

He added that some recipients of the pornography complained and that he lost the company’s e-mail marketing business, as a result. “We lost them as a customer for eMessaging services, however, we retained their business for database management,” he said.

Log files indicate that the system was hacked by someone in Washington State, Linhardt said. “Coincidently, two of the named parties in our suit against the [anti-spam] vigilantes live in this area.”

Linhardt is suing a handful of participants of the Nanae online anti-spam discussion group, claiming that some of their comments in the forum got his company blacklisted by Spamhaus and resulted in lost business.

Linhardt believes the Nanae participants he is suing have been feeding Spamhaus information, and that exposing them will also show Spamhaus has U.S.-based operations, something the blacklister claims does not exist.

However, two sources with strong ties to the anti-spam community who wished not to be identified have told this newsletter that though one of those being sued may have done some volunteer work for Spamhaus in the past, they believe none of those named currently works for Spamhaus.

In any case, Linhardt has filed a motion for expedited discovery to subpoena log files from Electric Lightwave, the Internet service provider he believes controls the IP address the porn hacker used to crack his system. “We don't know how long Electric Lightwave will keep their log files, so we are moving as quickly as possible,” Linhardt said.

Linhardt said the hacker exploited a vulnerability in his e-mail transfer agent technology, which the vendor has since fixed.

Linhardt added he has reported the incident to the Federal Bureau of Investigation and the Internet Crime Complaint Center, a joint initiative of the FBI and the National White Collar Crime Center.

Linhardt sued Spamhaus last year claiming the blacklisting concern wrongly accused his company of sending unsolicited bulk commercial e-mail and caused many of his outbound massages to be blocked.

Linhardt won an $11.7 million default judgment against Spamhaus in September when representatives of the blacklister failed to show up and defend themselves in court. Spamhaus refused to abide by the ruling, claiming the Illinois federal court has no jurisdiction over the UK-based organization. Spamhaus has since retained a lawyer and is appealing the ruling.