E-mail fraud suspects released on bond

The indictment alleges the fraud was committed from the MU campus.

By Juana Summers

Published May 4, 2009

The two brothers who are accused of using MU's computer networks to spam students at more than 2,000 colleges and universities have been released on bond.

Amir Shah, 28, of St. Louis, and his brother Osmaan Shah, 25, of Columbia, used more than 8 million e-mail addresses they illegally harvested from college and university students to sell more than $4 million of projects, according to the indictment.

Don Ledford, a spokesman for the U.S. attorney's office, said the judge has not yet publicly released the bond amount for the two men.

The maximum sentence for fraud charges is 10 years for one count of fraud in connection with computers. The Shah brothers, along with two other defendants, face felony fraud charges.

Also named in the indictment were Liu Guang Ming, a Chinese national, and Paul F. Zucker of Wayne, Ind. The Shah brothers' joint business, I2O Inc., located in Columbia, was also named in the indictment.

The indictment states Ming sold the brothers server space in China that allowed them to host their Web site and send spam. Zucker was accused of partnering with the Shah brothers.

All of the defendants were prosecuted under the CAN-SPAM Act, passed in 2003. The law makes e-mail fraud a felony.

According to the indictment, the Shah brothers began using MU's computer networks in 2003 to send e-mails to the addresses they illegally harvested. A criminal investigation began in 2005.

The indictment states in seven e-mail spam campaigns, messages were sent from campus. According to chat transcripts in part of the indictment, they "blasted" from vacant classrooms in the Arts and Science Building. Messages were also sent from Cornell Hall, which houses the Trulaske College of Business.

MU officials identified the scheme, so they stopped targeting students from the UM system and instead focused on other campuses.

"Nearly every college and university in the United States was impacted by this scheme," acting U.S. Attorney Matt Whitworth said in a written statement. "These schools spent significant funds to repair the damage and to implement costly preventive measures to defend themselves against future intrusions."

Although MU spokesman Christian Basi said he could not comment on how many students were affected, he said new software was implemented as a security measure as a result.

He said the incident did not compromise any student's personal information and this was "simply a case of spamming."