Trade commission runs Web dragnet

'Surf's up' is not a phrase most people would associate with scam investigators at the Federal Trade Commission.But surfing is one of the chief pastimes at the FTC Internet Laboratory'surfing the Web, that is.Commission attorneys and investigators use the lab to track down online-savvy violators of the 87-year-old Federal Trade Commission Act and related laws.'FTC has a very broad mandate,' lab coordinator Don M. Blumenthal said. 'Section 5 of the FTC Act lets us look at any unfair act or practice affecting commerce.'One of the techniques that FTC investigative teams use to ferret out cyberscammers is what they call a surf. During a surf, several investigators choose a topic and roam the Web looking for related online scams.For example, in November, a surfing team announced the results of a review of 110 Internet retailers' sites. The commission's goal was to bolster consumer confidence during the holiday season.The surf, among other things, checked to see that vendors were abiding by rules on the use of shipping and warranty claims. As a result of the surf, FTC sent warning letters to 72 retailers. To conduct surfs, commission teams use conventional browsers such as Netscape Navigator and Microsoft Internet Explorer and search engines such as google.com, altavista.com and hotbot.lycos.com.It's Blumenthal's job to provide the technical tools to gather evidence.'I came down from the central IT department in April of 1999 to set [the lab] up,' he said. 'At that time, it used a 1.5-Mbps digital subscriber line' and a few older desktop systems.Today, the lab has a T1 line and nine Dell Computer Corp. Pentium 4 PCs with 512M of RAM and 20G hard drives at headquarters and an additional pair in other commission offices.'All these systems are on a network completely apart from the FTC's main systems,' Blumenthal said. The lab PCs run off a Compaq ProLiant ML570 server under Microsoft Windows 2000. To stow its 1T of records, the lab has a Netfiler 820 RAID 4 device from Network Appliance Inc. of Sunnyvale, Calif.The lab supports investigations into three main types of Internet abuse, including old scams carried out in new ways, such as bogus business opportunities and exaggerated advertising claims.'We also look at cases that are new because of our authority under the Children's Online Privacy Protection Act, that sets out guidelines for vendors' ability to gather information from children,' Blumenthal said.The third type of case is classified as technical, and Blumenthal gave two examples.The first is a dial-up violation. In such a case, a scam artist disconnects a user's computer and dials a 900 number in a distant country for an expensive call while the user is attempting to download software. Victims of this type of scam 'get a very ugly surprise with their phone bill,' Blumenthal said.In one such case, the commission in August reached a $10,000 settlement agreement with Hillary Sheinkin after filing suit in the U.S. District Court in South Carolina.Sheinkin operated sites that advertised themselves as free. But the sites disconnected consumers from their Internet service providers and reconnected them via long-distance links to Madagascar.In these cases, consumers 'have to battle with the phone company,' Blumenthal said.To investigate the Madagascar scam, FTC investigators used CleanSweep software from Symantec Corp. of Cupertino, Calif. 'The system logs installations of software on PCs'we could document what was happening and what files were being installed,' he said.FTC investigators also use modem logs in the lab to track the phone traffic. They use Camtasia from TechSmith Corp. of East Lansing, Mich., to capture screen recordings and Visual Trace from McAfee.com Corp. of Sunnyvale, Calif., to trace traffic and figure out the owners of Web sites.Another type of technical case is mousetrapping: A computer user is diverted from an intended destination and pelted with a barrage of advertisements.One of FTC's more renowned mousetrap investigations is known as the Cupcake Case. The commission filed suit against John Zuccarini and more than 20 of his companies'many of which had the word 'cupcake' in their names'for using mousetraps to illegally earn between $800,000 and $1 million annually from advertisers on his sites.In its complaint, FTC said Zuccarini used more than 5,500 misspelled versions of legitimate addresses to lure visitors to his mousetrap sites, which featured ads for Internet gambling and pornography. The U.S. District Court for the Eastern District of Pennsylvania has issued an injunction against Zuccarini, pending resolution of the case.In the Cupcake Case, FTC investigators used Camtasia and Internet Explorer to track and capture HTML code from the Zuccarini sites.After a lab team finds something questionable, the focus becomes capturing and preserving data for potential use as evidence, Blumenthal said.FTC investigators use Teleport Pro from Tennyson Maxwell Information Systems Inc. of New York. The offline browser and Web spider lets the lab download and document files from sites and analyze them.'It also brings down raw pages,' Blumenthal said, including tags in which misleading advertising can be embedded.For example, a metatag that used the phrase 'cancer cure' on a Web site that advertised shark cartilage was a subtle way for the site to make a claim that the substance was a cancer cure even though the visible portion of the site didn't mention cancer. 'We prosecuted that one successfully,' Blumenthal said.But one chief effort of the commission is curtailing spam. The lab obtains much of its abusive spam from Joe Citizen. It encourages the general public to submit examples by sending them to .The team also uses SamSpade.org, which is a set of network diagnostic and spam-tracking tools from Word to the Wise LLC of San Carlos, Calif.Amber Ramege, a legal assistant in the Consumer Protection Bureau, used the lab for spam research during the Eileen Harrington Case.'A lot of people send suspicious spam. In that case, it was a progressive chain letter that we were able to document and went after in court,' Ramege said.The Harrington case gained its sobriquet because the fraudsters claimed in their letters that Harrington, FTC's associate director of marketing practices, had approved the scheme.'We used IP addresses to trace the sources of the spam,' Ramege said. 'We can go into a site and prove we were using it.'To unravel the Harrington case, investigators used RetrievalWare, a full-text index application from Convera Corp. of Vienna, Va., that scans files looking for terms or phrases.'We have all of the spam in a full-text database, and we were able to search it for specific terms such as 'associate director for marketing practices,' ' Blumenthal said. Ultimately, the perpetrators of the Harrington letters settled with FTC, which obtained permanent injunctions against them.Ramege said the beauty of the lab is that its work is surreptitious and suspects rarely are tipped to who is traipsing around their sites. 'This is an undercover lab, but they can't tell that it's a government lab,' she says.