Two Missouri brothers behind a nationwide spamming operation, which targeted students, have been indicted by a federal grand jury in Kansas City, along with other co-conspirators, at the end of last month. The investigators claim that the gang's actions during the last seven years affected more than 2,000 colleges and universities across the United States and earned them over $4 million.

Amir Ahmad Shah, 28, and his brother, Osmaan Ahmad Shah, 25, along with their company, I2O, Inc., have been charged with 51 counts of fraud in connection with e-mail, fraud in connection with computers and conspiracy. Liu Guang Ming, a Chinese citizen, and Paul Zucker, of New Jersey, have also been named as defendants.

The spam operation can be traced back to early 2002, when the Shah brothers secured hosting in China on 40 servers controlled by Ming. They then started advertising and selling anonymous hosting and spam services under the name of "Offshore Bullet Proof Hosting." Meanwhile, Paul Zucker provided them with spam proxies and software.

The whole operation consisted of harvesting e-mail addresses of students from educational institutions across the country, then spamming them about products allegedly sold by alumni-owned companies. After a complaint from the University of Missouri resulted in a search warrant on their properties in 2005, the gang removed the e-mail addresses belonging to the students of the university from their list, but continued to spam the rest.

"Nearly every college and university in the United States was impacted by this scheme," Matt J. Whitworth, acting United States attorney for the Western District of Missouri, commented. "The University of Missouri has worked closely alongside our office throughout this investigation. We appreciate their partnership and cooperation, which has been instrumental in bringing this case to indictment," he added.

Just to emphasize the scope of the operation, during the 2005 raid, the authorities found around three million student e-mail addresses collected during 2002, and five million from 2003. Additionally, they also located 33.7 million MSN addresses, 37.5 million AOL e-mail addresses, 5.2 million Yahoo addresses, 10.8 Hotmail addresses, and some four million co.uk addresses.

"As you may have heard, several alumni-owned companies have teamed up to sponsor a campus-wide gift for our students and faculty. Working with Apple, they have acquired a small quantity of the new iPod Nano Chrome. This limited supply has now been made available to students and faculty at a significant discount. If you were at all interested in getting one of these iPods with this educational discount, please be sure to place your order online before this offer expires NEXT WEEK," one of the recent spam e-mails, posted by Gary Warner, director of research in computer forensics at University of Alabama at Birmingham, on his blog, reads.

According to the evidence, the brothers registered up to 60 different domain names for each of their campaigns, all hosting the same content. Other spam filter-evading practices such as header forging and subject rotating were also employed by the spammers. All of their assets, including a house in Columbia, another in St. Louis, a luxury loft, a parking space, and two cars, Lexus and BMW, will be forfeited to cover the losses estimated at $4,191,966.57.