Web Exclusives: Alumni Spotlight


January 24, 2007:

PROFILE: Aaron Kornblum ’93
Catching cybercriminals

Aaron Kornblum ’93

In tracking the source of spam, Aaron Kornblum ’93 must wend his way back to the real person duping users.

(Courtesy Aaron Kornblum ’93)

Aaron Kornblum ’93 loves the chase. Not through the streets, or even through mounds of paper. For Kornblum, a senior attorney in charge of Microsoft’s Internet safety-enforcement group, the chase is about tracking cybercriminals through a virtual maze of corrupted computers, fake identities, and spamming scams that send millions of bogus offers to people every day.

“It’s very important to go after the people hitting the send button, because at the end of the day there’s a real person trying to separate you from your money,” says Kornblum, a politics major at Princeton.

Kornblum leads Microsoft’s program against the spammers and phishers who plague Microsoft’s e-mail service, Hotmail. Spammers send billions of unwanted messages to Internet users, advertising products ranging from fake diet pills to hot stock tips. Phishers lure Internet users into giving away their credit-card information by sending them something resembling a real bank statement and threatening to close their accounts.

When Kornblum looks at spam he is looking for patterns; he wants to find out who’s sending Hotmail the most junk. Then he’ll contact private Internet service providers to see who’s paying for the connections behind fake links. He works with state attorneys general and international law enforcement to track cybercriminals from Iowa to Africa. Sometimes spammers work through a series of computers to send the e-mails out, so it’s harder to trace the spam back to one source.

“Chasing down spammers and phishers is a lot about link analysis, finding people who don’t want to be found,” says Kornblum, who is based in Redmond, Wash.

Kornblum has helped hunt down some of the biggest spammers, including Scott Richter, based in Colorado. Richter sent out 38 billion spams a year, using more than 500 compromised Internet addresses in 35 countries. In 2004 alone, Richter’s company made $19.6 million. But he lost out after he was sued by Microsoft. He settled with the company for $7 million. As long as people buy things over the Internet, Kornblum says, there will be spammers and phishers to catch.P

By Anne Ruderman ’01

Anne Ruderman ’01 is a graduate student at Yale University.