Bulk e-mail altered to carry porn message

Somebody piggybacked a pornographic message onto a Northport woman’s bulk e-mail to thousands of her home-based business customers, prompting the state Computer Crime Task Force to investigate, police said Tuesday.

The woman said she has received some 5,000 angry replies from as far away as Australia, Scotland and Germany.

“It’s all over the planet,” said Maine State Police Sgt. Glenn Lang of the e-mail message that was sent in the woman’s name. “It really is a cruel hoax, a terribly evil thing to do to an innocent person.”

Lang heads the Lewiston-based Computer Crime Task Force and he and his team have been attempting to find the source of the e-mail since authorities began receiving complaints Sunday from recipients. He said the FBI was being briefed on the task force’s findings.

Lang said the incident was the first time the state has had to deal with a stolen e-mail address being used to deliberately harm someone. He estimated that the message, which offered recipients the opportunity to buy child pornography, may have reached millions.

“We’ve heard from Australia, England, Ireland, everywhere,” he said. “This thing went all over the world instantly. It really demonstrates, yet again, another danger of the Internet.”

The businesswoman, whom the NEWS is not identifying because she is a crime victim, said Tuesday she is “devastated” by the action. Though she declined to discuss the matter, the woman said she felt violated by the invasion of her privacy. She said she changed her e-mail address after she contacted authorities about the message.

Lang said the woman recently had used the Internet to send a bulk e-mail message promoting one of her home-based businesses. Along with the advertisement, the e-mail also included her name and address.

Lang speculated that someone among the many thousands who received the woman’s e-mail was angered by the unwanted message, known in computer jargon as “spam,” and used it to play a trick on the sender. He said the person reconfigured the woman’s ad into one with child porn content and a message soliciting money. The message then was sent out using bulk e-mailing methods similar to those used by the woman.

“One piece of her mail got to the wrong person and he apparently decided to cause her harm,” Lang said. “It’s called ‘spoofing,’ making it appear that the e-mail originated from someone else. It really put her in a bad position.”

The businesswoman who originated the e-mail awoke early Sunday to find her e-mail directory filled with more than 5,000 replies. Most admonished her, but some requested more information. Lang said police departments in Maine, across the country and throughout the world received complaints about the e-mail.

“Something this egregious, people are likely to file a complaint,” he said. “You’re not likely to call in a report on an inoffensive e-mail.”

Lang said the activity is covered by the Maine’s aggravated criminal invasion of computer privacy statutes and is a Class C felony, which carries a penalty of prison or fines or both. He said the law covers activity in which a person intentionally damages, destroys, alters or disrupts a computer system.

Although the person who altered the e-mail may live elsewhere, Lang said Maine has jurisdiction in the case.

“I suspect you could say this crime occurred in Maine because this is where the damage was done,” Lang said. “It completely shut her business down.”

The state formed the Computer Crime Task Force two years ago. It is based at the Lewiston Police Department. The task force’s computer technicians assist authorities with crime investigations by retrieving information from confiscated computers and their hard drives.

“We glean information from computers in a way that it can be presented in court as evidence,” Lang said.

He said the group was attempting to “backtrack” the source of the e-mail. It is a time-consuming effort, and one that does not guarantee success.

He said there are a number of computer programs available that can disguise the source of e-mail messages.

Lang also noted that privacy requirements place some restrictions on police ability to perform certain electronic searches. He said the task force works with the state Attorney General’s Office to ensure that the proper statutes are adhered to.

“You can harvest e-mail addresses from the Internet. You can find businesses that sell e-mail addresses. You can literally send an e-mail to millions of people, and that was the technique this person used,” Lang said. “Something like this could happen to anyone. Truth is, anyone can take your e-mail address.”