News Stay informed about the latest enterprise technology news and product updates.

Security Blog Log: Confessions of a spam gangsta

Ryan Pitylak explains why he went from sending spam to fighting it. Meanwhile, bloggers react to news that active duty personnel were also affected by the VA data theft.


Ryan Pitylak used his blog this week to explain why he's decided on a career change, going from notorious spammer to spam fighter.

Security Blog Log
Pitylak recently settled a lawsuit with the state of Texas and Microsoft that'll cost him $1 million plus the seizure of many of the assets he accumulated as a spammer. According to published reports, he'll have to sell his 2005 BMW and $430,000 house near Austin to settle fines and legal bills.

He said he feels strongly about making a difference in the war against spam, and that his knowledge will prove a powerful weapon in the fight. He's also started a separate blog that will focus squarely on his new crusade.

But why the change of heart after earning a reputation as one of the worst spammers on Earth? Is it even possible to trust someone who at one point was unleashing up to 25 million unsolicited marketing messages a day for things like debt counseling and mortgages?

The answer to the first question is that the lawsuit has taken its toll on the 24-year-old Texan. Pitylak admits the answer to the second question remains to be seen, since it's going to take time to built trust.

About Security Blog Log

Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at

Recent columns:
The bright side of VA data theft

Uncle Sam slammed over data theft

Blue Security's demise evokes mixed emotions

"The settlements with Microsoft and the [Texas] Attorney General's office have been a serious reality check: harsh, but good, and in the public's best interest," Pitylak said. "I am pleased to announce that I am now a part of the antispam community, having started an Internet security company -- Pitylak Security -- that offers my clients advice on systems to protect against spam."

In addition to the lawsuit, Pitylak said his studies at the University of Texas -- where he recently earned honors degrees in economics and philosophy -- also helped him see that spamming is wrong.

"I look back to some of the classes I was taking while the lawsuit was proceeding and I am now remembering my micro-economic theory class, where we learned about the 'Tragedy of the commons,'" he said. "Mcgraw-Hill defines this … as 'the over-use of a natural resource as a result of unclear property rights.' If ownership of a resource is not established, everyone has an incentive to take as much of it as possible, quickly depleting the resource."

He said that he eventually realized the Internet has unclear ownership rights and that over-exploiting the unclear ownership rights was, in fact, not right at all. "I think that the individual person and the Internet service provider have the right to control what email comes through their network," he said, adding that government participation is necessary to control the spam problem.

If other blog postings are any indication, people want to believe that Pitylak is turning over a new leaf, but at this point they are skeptical.

"I certainly believe people can change their minds, but I wouldn't be the only one who remained suspicious of such a Damascene conversion as this," Guardian Unlimited technical correspondent Bobbie Johnson said in the publication's Technology blog (registration required).

"The irony that this man, who spent so much time trying to trick people who were in financially desperate position[s], is interested in solving extreme poverty is almost too much to bear," he added. "Let's hope leopards do change their spots."

VA data theft affects active-duty personnel
The blogosphere continues to follow the Veteran's Affairs (VA) data theft scandal with intense interest, and reaction was swift to news that 26.5 million veterans aren't the only ones who are at risk for identity theft.

VA officials revealed Tuesday that the names, Social Security numbers and dates of birth of about 2.2 million active-duty, National Guard and Reserve troops were likely stored on the same computer that was stolen from a VA employee's home last month.

In the Watch Your End blog, blogger Ken Westin echoed others by saying the latest developments raise concerns about national security as well as identity theft. The blog added that Army spokesman Paul Boyce delivered the endpoint security understatement of the year when he said, "Obviously there are issues associated with identity theft and force protection."

Dig Deeper on Data security breaches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.