On Tuesday, US Federal authorities filed criminal charges against Christopher Kennedy, a developer of cookie stuffing software. While the developer claims to have never engaged in cookie stuffing for his own benefit, he is being charged with conspiracy to commit wire fraud. These charges carry a maximum fine of $250K and 5 years in prison.
Saucekit is/was one of the more well known cookie-stuffing programs. At $450/month, it wasn't cheap for those that used it. The service cookie-stuffed users through broken image links. Saucekit generated and served image links that would perform the cookie-stuffing on behalf of their clients. Ben Edelman has a fantastic writeup of cookie-stuffing techniques and practices on his site: http://www.benedelman.org/cookiestuffing/
Late in 2009, Federal authorities confiscated the servers use by saucekit. Although there is limited public information about the raid, it does appear that the servers contained the payment information of saucekit's customers. I would expect that gave them enough information to understand how big of an operation this was.
eBay is one of the most frequently targeted affiliate programs of cookie stuffers because of both the footprint of the consumer base, and the nature of the user-generated content on eBay's site. It was once common for cookie stuffers to post auctions on eBay that included the cookie-stuffing image links served by services like Saucekit.
eBay has doggedly pursued cookie stuffers for the past few years. They are known for issuing Cease & Desists to blackhat forums discussing cookie-stuffing and companies and individuals selling software and training. They have also filed civil suits against pervasive cookie-stuffers, and have been engaged in a long-running lawsuit against Digital Point Solutions, Kessler's Flying Circus and a few related entities (see Justia documents).
However, I believe this is the first time that eBay has been able to generate Federal interest in pursuing criminal charges. The conventional wisdom on blackhat forums has been that cookie stuffing is not illegal. This lawsuit may substantially impact that view and make prospective cookie stuffers less likely to engage in the activity.
Both Wired Threat Level and the Register have great coverage of the case:
* Wired: Feds Bust Cookie-Stuffing Code Seller
* The Register: Feds say dev's 'cookie-stuffer' app fleeced eBay
* Wired has even posted a copy of the court documents in the saucekit case (A quick search on Justia didn't turn up the original docs).