WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
A sobbing John Zuccarini pleaded guilty Wednesday afternoon to 49 counts of using domain names to direct minors to sexually explicit content.
The former millionaire Web scam operator is the first person convicted under the Truth in Domain Names Act, a new law that makes it a crime to use a misleading Web address to direct children to pornographic Internet sites.
The 56-year-old Zuccarini also entered a guilty plea to having child pornographic images on his computer. As part of his plea bargain, federal prosecutors recommended a sentence of 30-37 months to U.S. District Judge Michael B. Mukasey .
Under the new law, Zuccarini faced a maximum of four years in prison and a $250,000 fine. The child pornography possession charge carried a maximum sentence of 10 years in of jail time and a $250,000 fine. Sentencing is scheduled for February.
The Truth in Domain Names Act was passed by Congress as part of the Protect Act of 2003, which includes a broad range of protections for children. Among the tougher penalties for crimes against children is a provision for criminal sanctions against deceptive adult Internet site operators. It was signed into law earlier this year by President George Bush.
In September, Zuccarini was arrested in Hollywood, Fla., and charged with creating an estimated 3,000 domain names that slightly transposed well known commercial site names popular with children and teenagers such as dinseyland.com for Disneyland.com. Accessing Zuccarini's sites directed users to advertising sites, many of them pornographic.
Prosecutors said the advertising sites paid Zuccarini as much as $1 million a year for directing traffic to their sites. At the time of his arrest, Zuccarini owned at least 3,000 Internet addresses.
Zuccarini has long been a target of law enforcement officials. Last year, he was ordered by a federal court to stop a similar scheme that bombarded those who mistyped Web addresses with gambling pop-up ads and then directed them to pornographic sites.
In 2001, the Federal Trade Commission (FTC) charged Zuccarini with using more than 5,500 copycat URLs to trick Web surfers. The FTC action led to a court order requiring him to pay back $1.8 million in "ill-gotten gains."
According to the 2001 FTC complaint, Zuccarini registered domain names that were misspellings of legitimate domain names or that incorporate transposed or inverted words or phrases. For example, he registered 41 variations on the name of teen pop star, Britney Spears. Surfers who misspelled a Web address for Spears were then directed to one of Zuccarini's sites.
There, they were hit with a rapid series of windows displaying ads for goods and services ranging from Internet gambling to pornography. An FTC investigator entered one of Zuccarini's copycat domain names, annakurnikova.com, and 29 browser windows opened automatically. In some cases, the legitimate site to which the consumer was attempting to go was also launched, so that consumers thought the hailstorm of ads to which they were being exposed was from a legitimate Web site.
Once consumers got to one of Zuccarini's sites, it was very difficult for them to exit. In a move called "mousetrapping," special programming code at the sites obstructed surfers' ability to close their browser or go back to the previous page. Clicks on the "close" or "back" buttons cause new windows to open.