Friday, June 13, 2008

Who Are Cyberhand Technologies And Why Would I Want To Buy Their Stocks?

Like many of you out there, I receive stock spam. (As I've posted about previously.)

Some interesting developments took place in the past year which led to action on behalf of the US Securities and Exchange Commission, and US Law Enforcement.

The former took action in suspending some 35 companies which were "the subject of recent and repeated spam email campaigns" [Read the DOJ press release here.] That caused a huge drop in the profits of stock spammers at the time (and their sponsors, who are the ones that organize these spam runs in the first place.)

The latter arrested Alan Ralsky [read the DOJ press release here, and yes I've commented on that arrest here before.]

Ralsky clearly had a well-organized group of mailers and money movers under his tutelage, and all of them were similarly indicted and investigated, notably on James E. Fite, aka bulkerforum.biz member "buba".

Following those two actions, practically no stock spam was sent by anyone for quite some time.

All of that changed in the past week, and (tellingly) the stock which is being promoted is not a new one. Cyberhand Technologies, whose stock symbol CYHA.PK should be familiar to anyone with an email address these days, has been the subject of several dozen large-scale stock-spamming pump and dump operations during the past three years.

If you're unclear on what any of this means, you can read up on the Wikipedia topic of pump and dump stock spamming here.

I previously blogged about two companies (Goldmark Industries [GDKI] and China World Trade Corp. [CWTD],) both of which turned out to be under investigation by the SEC and the DOJ specifically for their being the subject of very large stock spamming campaigns. [blog posting here.]

They both had sketchy websites, making dubious claims, which I investigated and found to be completely false. GDKI had made no such deals as their website stated, and CWTD was not building offices where they claimed to be doing so. I doubt that this figured strongly in the DOJ investigations, but it certainly should have raised an investors concern that these were false claims from two widely spammed companies.

So I decided to investigate Cyberhand Technologies as well.

Cyberhand Technologies' corporate website is located at http://www.cyberhand.com/, but many of their press releases also list http://www.cyberhandrobotics.com/ as an alternate site. I have been trying to get a response out of anyone at Cyberhand for at least two years now, with absolutely no results.

The following are a series of statements of opinion, but it's based on several years of investigating these operations.

In my opinion:

Some of the sure signs that a company exists solely to have a stock presence are...


  • Their website talks in mostly vague terms regarding their actual products.

  • Their website never shows any of their alleged products, but merely describes them in glowing terms.

  • Their website seems to talk in terms of their hopes for the products, rather than what the products are actually capable of, or actually will do when released.

  • Their website consistently refers to their stock symbol, and to press releases which are similarly vague about concrete descriptions of actual products, or sales of same, and which again consistently mention the stock symbol.



But to me (again, my opinion) the most important point that underscores the likelihood that this is what I refer to as a "paper company" or a "shell company" custom made for stock manipulation on a large scale is...


  • Nobody in the industries they claim to be a major player or performer in has ever heard of them, and have never seen or heard of their alleged products.



In the case of Goldmark Industries, they consistently made claims that they were involved in deals with major hip hop stars like Puff Daddy (note: at the time he hadn't called himself that for several months), when in fact no such deal was ever made, nor had it ever been.

You can read some of their press releases on their corporate news page, which still exists here. You'll notice that all of these news releases stop rather abruptly in May 2007, which is when the SEC suspended trading on their stock, and the DOJ announced their investigation into the 35 companies. Notice the tone of their releases:

01.02.2007
Goldmark and Radio Active Pictures on Brink of Closing Deal to Acquire Rights to Classic American Novel and Sign Major Star to Film

...

03.05.2007
Habana Blues Major Hit at Latin American Film Festival, Audiences Eager for Release of Film's Hot Soundtrack


Lots of hints of hopefulness there, isn't there. We never, not once, see news that they "have released" anything, or "have closed a deal". Merely that they are "on Brink" of doing so, or that audiences are "Eager" for such a release.

I have several contacts throughout the entertainment industry, and I can tell you that absolutely none of them had ever heard of Goldmark Entertainment, and several of them confirmed concretely that none of their claims were true.

You'll notice that they also have an entry about the stock suspension here. It features a paragraph which specifically highlights this "wishful thinking" method of communicating:

You should not place undue reliance on forward-looking statements in this press release. This press release contains forward-looking statements that involve risks and uncertainties. Words such as "will", "anticipates", "believes", "plans", "goal", "expects", "future", "intends" and similar expressions are used to identify these forward-looking statements. Actual results could differ materially from those anticipated in these forward-looking statements for many reasons, including the risks we face as described in this press release.


No mention there of "hope", "eager", "buzz" or "brink". :)

I note (as do my industry contacts) that to date they still have no concrete deals or releases. It's unclear to me whether they have resumed trading on GDKI or not.

Goldmark Entertainment may be a legitimate company, but their track record as a spamvertised and heavily-manipulated stock symbol coupled with their weird method of talking about their alleged "deals" leads me to believe that they exist solely to have a symbol on the over the counter or "pink sheets" market.

Similarly with China World Trade, I received feedback from several colleagues who lived in the area that they were claiming that they were building new offices. No such construction has ever taken place.

So now we come to Cyberhand Technologies.

What is their primary product? According to their corporate website: a "Pocketop Keyboard", a wireless folding keyboard to be used with a palm handheld device. It was released in 2001 and last reviewed in January of 2003.

If you visit the pocketop website, you will see their contact page mentions the following:

As of November 2003 Pocketop Computer Corporation will be managed by Cyberhand Technologies Inc.


Given that RIM's very popular Blackberry devise, and especially most modern Palm devices (notably the Treo and the Centros) feature built in keyboards, this would have to be seen as a legacy product. Definitely not something that the tech world at large would be clamoring for in 2008.

Next up: the "Black Widow Games Controller", which claims to be the "Fastest Game Controller In The World!". I notice that they do not include an image of the actual controller itself, merely a weirdly-designed packaging image making wild claims about its functionality.



A True 3D Controller
No Carpal Tunnel Or RSI Injuries
Designed for Ultimate Comfort and Speed
Sleek, Modern, One-Handed & Ambidextrous


I have asked several videogame stores in several states and provinces whether they have ever heard of this controller. Not one of them has. Nor was there any real excitement on behalf of game retailers when I mentioned that their alleged manufacturer claimed it was the fastest controller in the world. That statement apparently has no bearing on how good a controller is, from a retail marketing standpoint, unless it's a wireless controller, of which there are literally hundreds.

Nobody I know at any game publishing company is aware of this "product" either, nor have they ever heard of Cyberhand Technologies.

One would think that even one person in that industry would have heard of this company.

Performing a search for "cyberhand black widow" (without quotes) only turns up the Cyberhand website, followed of course by several glowing press releases making claims that "Cyberhand will be releasing 500 of its Black Widow controllers to qualified testers who will receive a fifty percent (50%) discount to release retail for their participation and control testing in advance of its fall release." [source]

This is interesting for a pretty key reason: The most recent stock spamming run began on the morning of June 10th, 2008.

Date: Tue, 10 Jun 2008 09:27:34 +0200
From:
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: [Sil@address.com]
Subject: June 10 StockWatch
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Sym: OTCBB:CYHA
Company: Cyberhand Tech
Trade: 0.02
Project: 0.10
Status: Buy Recommendation

A Definite Watch on tuesday


That's the exact date of the above-linke "press release", which (again) nobody I know in the gaming industry can confirm.

In fact the dates of all previous stock runs also coincide with the date of press releases for CYHA.

Is CYHA actually behind the stock spam? Possibly not, but they never respond to any questions regarding these relentless spam runs, or make any kind of public communication to distance themselves from these manipulations.

Whoever is actually sending these messages: you (and your stock sponsor) should know by now that stock spamming inevitably leads to arrest, and jail time, followed by seizure of your assets and lengthy trials.

Continuing to promote this "company" is only going to lead to your identity being uncovered, and prosecution.

Stock traders: I would be extremely wary of any press releases from Cyberhand Technologies, especially any press release which makes a point of mentioning their stock symbol, CYHA.

Additionally: I would never, not if you paid me huge sums of money to do so, invest in a stock which has for three years now been closely associated with repeated stock manipulation supported by illegal spamming campaigns.

Use your head. Don't invest in any stock which is promoted via spammers.

SiL / IKS / concerned citizen

Tuesday, June 10, 2008

China: The Last Resort for Spammer Domain Registration

Take any domain you've been spammed with over the past week and do a simple lookup on it. Chances are extremely good that the registrar for said domain will be located in China.

The list of the most spammer-friendly domain registrars has included the following major players:


  • Tucows.com

  • godaddy.com

  • registerfly.com

  • CSL Computer Service Langenbach GmbH d/b/a joker.com [aka: Joker.com]

  • Beijing Innovative Link Technology

  • Moniker.com

  • aceofdomains.com (a subsidiary of Moniker.com)

  • Xin Net Technology Corporation (aka: Xin Net, New Net, paycentre.com)

  • Todaynic.com

  • Chinanet

  • BizCN

  • Dotster

  • HKDNR



Of that list, four are located in China, with one in Hong Kong.

Over the past two year, following a relentless campaign of complaints and educating registrars on how to properly shut down and nullroute an illicit domain, that list shrank to:


  • Beijing Innovative Link Technology

  • Xin Net Technology Corporation (aka: Xin Net, New Net, paycentre.com)



And only within the past couple of days:


  • Xiamen Chinasource Internet Service Co., Ltd.



That's largely because Xin Net finally heeded the literally millions of complaints we were sending to them, backed up with evidence of fake contact information and links to wikipedia entries which outline the illegal operations these sponsor organizations are a part of.

It's a pretty good sign that complaining to the right people, in the right way, can have a devastating effect on the spammer economy. XIN NET was home to literally millions of spammed domains representing illegal operations. It took months of consistent communication, often using translators and other elements to get the message across to them that they were essentially supporting illegal activity.

It should be mentioned that Beijing Innovative Link Technology (aka: "BILT" to our community) have in fact been responsive regarding illegally-registered domains. It's just that they never shut them all down. There are always a handful of them which are still actively in use in widespread, aggressive spam campaigns.

I and several colleagues of mine have been diligently reporting every domain and name server we get spammed with in the hopes of getting the domains shut down. This was initially a very daunting process, since many of not most registrars weren't entirely clear on how to perform a proper domain shut down. Fortunately most of them have been very receptive and now even the most stubborn registrars have undergone a change of heart, probably because their continued ignoring of complaints could have led to their ICANN accreditation being revoked.

This is the kind of work which spammers and their sponsors assume (rightly, until recently) that members of the general public didn't want to take on. On the surface it sounds extremely overwhelming. Sponsors routinely register literally hundreds of thousands of domains, including DNS domains. I won't go into the boring details of how domain names work, and how registration takes place, but suffice to say that in the case of spammer-friendly sponsors like SanCash and Spamit, the registration of millions of domain names is not uncommon, and it all happens automatically.

There are two key failing points regarding these domain registrations:

1) They always use fake contact information for all of the contacts. (Administrative, Technical, Billing, etc.)
2) In many cases, a stolen credit card is used to register the domain, or a hacked PayPal account. Several regular domain reporters have received feedback to this effect over the past several years of reporting the domains.

Registration of a domain using fake information is in violation of ICANN accreditation. Forget what the domain is even used for (for now at least): if the contact information is along the lines of the following:

Administrative Contact:
Joe Lastname
123 Fake St.
Fake, NY
10000
tel: 123 4567890
fax: 123 4567890
joelastname@fakefakefake.com


Then that puts the domain registrar in the position of having allowed an illicit domain registration to take place.

If I report that information as being verifiably fake, and the registrar continues to allow several thousand more new domains to be registered using the same information, that puts them in violation of ICANN regulations, which stipulate that valid contact information must be present in order for a registered domain to be considered "valid."

Notably, XIN NET was continually allowing that to happen, for many years. They appeared to be ignoring our multiple complaints, making note of identifiably fake contact information.

All of that changed approximately eight days ago, and XIN NET should be commended for finally taking swift and widespread action against several tens of thousands of active domains used for heavily spammed products such as VPXL, Canadian Pharmacy and Prestige Replicas (to name only a few.)

But add to that the fact that all of these sites are doing the following:


  • Lying, everywhere, on every page, about every detail of their products, their location, their staff and their alleged online security.

  • Sale of fake "herbal remedies" with no valid active ingredient (several reports confirm this, notably the BBC report from December 2007 regarding "Elite Herbal", now known as "VPXL")

  • Sale of potentially harmful or extremely addictive pharmaceutical products without the advice or consent of any licensed pharmacist.

  • Aggravated repeat spamming to a majority of recipients who do not wish to receive any emails regarding these products and for whom there is no mechanism to opt out.



And you have a lot more ammunition to supply to the domain registrar.

If I started a website called "coccacolla.com" and claimed it was an official website of the Coca Cola corporation, Coca Cola would definitely hear about it, and the site would be shut down. I would also be sued. That's because there are laws regarding what a company (and therefore: the company's website) can and cannot claim. I can't claim, for example, that Coca Cola will cure cancer. I also can't claim that my corporate address is somewhere in the middle of the Atlantic Ocean. Again: it's not just morally incorrect behavior, it's illegal in most countries to do so.

Yet we have sites representing this barrage of spamvertised products, all registered with fake contact information, promoting fake or (at best) counterfeit products, with claims that they are located in a variety of locations where they in fact do not occupy any offices or warehouses.

One example: Canadian Pharmacy.

A recently spammed domain:

http://scoreway.cn

Whois information:

%whois scoreway.cn
Domain Name: scoreway.cn
ROID: 20071204s10001s42304059-cn
Domain Status: ok
Registrant Organization: theNoun
Registrant Name: HimNil
Administrative Email: goto@åç¸ç½ç»æéån
¬å¸nsoring Registrar: å¦é¨å
Name Server:ns0.nameedns1.com
Name Server:ns0.renewwdns1.com
Registration Date: 2007-12-04 21:03
Expiration Date: 2008-12-04 21:03


Look at that. No identifiable contact information of any sort. The brevity of the record is not unnatural, but the lack of any genuine contact info is.

But scoreway.cn actually presents you an iframe which is loading a separate domain:

http://newrxwalk.com

WHOIS for newrxwalk.com:

Domain Name: NEWRXWALK.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS0.BILLBOARDTOPTENS.COM
Name Server: NS0.GREATTENS.COM
Name Server: NS0.ONTHETENS.COM
Name Server: NS0.ORSTENSGUIDE.COM
Status: ok
Updated Date: 06-jun-2008
Creation Date: 23-may-2008
Expiration Date: 23-may-2009

Registrant:
Wen Feng
NO.397,zhuquedadao street,xian City,shanxi Province
710061



Administrative Contact:
WenFeng
Wen Feng
NO.397,zhuquedadao street,xian City,shanxi Province
xi an Shanxi 710061
CN
tel: 298 5228188
fax: 298 5393585
cncliup@21xn.com

Technical Contact:
WenFeng
Wen Feng
NO.397,zhuquedadao street,xian City,shanxi Province
xi an Shanxi 710061
CN
tel: 5228188
fax: 5393585
cncliup@21xn.com

Billing Contact:
WenFeng
Wen Feng
NO.397,zhuquedadao street,xian City,shanxi Province
xi an Shanxi 710061
CN
tel: 5228188
fax: 5393585
cncliup@21xn.com

Registration Date: 2008-05-23
Update Date: 2008-06-06
Expiration Date: 2009-05-23

Primary DNS: ns0.orstensguide.com
Secondary DNS: ns0.onthetens.com


That old standby, XIN NET.

A complaint has already been sent of course. :)

As I mentioned in previous posts, it's pretty straightforward to pick apart the falseness of this contact information, even if you know nothing about Chinese postal addresses or phone numbers. There is no "5228188" phone number. Dialing it will get you nothing. Likewise the fax number. The regsitrant behind this scam of a domain knows this.

"Wen Feng" is similar to numerous other bogus registrant names we've seen in the past. The address is bogus. etc. etc. All verifiable if you do some legwork.

An aside here: note that registrant's email address: cncliup@21xn.com. For the past year or more, hundreds of thousands of domains have been registered using a similar address: cncliup@21cn.com. Do a google search on that and you'll find numerous complaints and reports regarding spammed domains for these sites. We focused on the use of that domain as an indicator that it was registered illegally. XIN NET and Todaynic took that information and used it in conjunction with our detailed reports to shut down thousands of domains at once, and may be using that information to block registration of any new domains. This would explain the shift to the 21xn.com domain. Note: 21cn.com and 21xn.com are both providers of free email addresses. Sort of like a Chinese Hotmail.

Anyway...

If we visit the site, and look at what they claim:

You may contact us at +1(210) 888-9089, please, keep your order I.D. every time you make a call.


That phone number is a VOIP phone number (or otherwise digital phone line) registered by Level 3 communications in San Antonio, Texas. The owner of the number could in theory be located anywhere in the world. Just like everything else regarding this operation, it's quite possible that the number was also registered using fake contact info, and / or using a stolen credit card number.

Calling the number initially results in a voicemail prompt:

Hello. You have reached united pharmacy support service. Unfortunately, our operators are currently unavailable, so please leave a message after the beep.


They also mention that you can email them at support@uphs.info, or visit the website: uphs.info

Subsequent phone calls however result in a woman answering the phone, and denying any connection whatsoever to the spammed website "scoreway.cn", or its subsequent redirected domain "newrxwalk.com". Unless you have a concern regarding an order you actually placed, they won't discuss anything with you.

If we visit the "contact us" link, we're presented with a form, and the email address: support@canadianmedicationsupport.com

That email address has of course changed several times over the past several years. No contact with that address or via the form has ever gotten any kind of response, and I've been trying for the past two years under a variety of identities.

No corporate address is listed anywhere, no physical location is given.

My (long winded) point: no legitimate company would run in so many circles to hide its location, nor would it need so many thousands of illegally-registered domains to operate. The reason Coca Cola doesn't hide it's corporate office addresses (in Atlanta, GA) is because it operates legally, and communicates with its customers and the public in appropriate and legal ways.

Of course, they also don't illegally abuse numerous systems while attempting to promote their products. Spamit sites, and Canadian Pharmacy in particular, are routinely hosted on botnets (assumedly Storm), use hacked public domains to perform redirections, abuse whitelisted email templates from well known corporate email campaigns, and abuse all manner of systems just to ensure that you recieve a message from them, promoting their products. No legitimate company would engage in these tactics.

This is only one example, obviously.

If you want to join the cause and begin making more of a dent in these illicitly-run spam operations, go over to complainterator.com and download the complainterator. Read the supplied instructions and enter any of the numerous domains you got spammed with. Send off the complaint. Join the cause. (Apologies in advance: at the moment this is a Windows-only application. And no, I didn't create it.)

You would be surprised at just how effective this can be. If a company like XIN NET can be turned around, so can any other registrar being hit with these fake domain registrations. XIN NET is more vigilant about this process. Now it's time to educate Xiamen Chinasource Internet Service Co., Ltd..

SiL / IKS / concerned citizen