By Andrew Bomford BBC Radio 4 's PM programme

The spam trail led to a Russian mail order bride site

A special investigation by the BBC has revealed that British Airways was used without its knowledge to host a website advertising Russian mail order brides.

Home computer users are even more at risk, because their equipment is usually even less protected.

The people responsible for the British Airways attack appear to be based in Argentina and send millions of indiscriminate spam e-mails a day, many of them pornographic in nature.

Tracking down the spammers

FINDING THE SPAMMERS Superzonda is a South American spam gang It is responsible for sending 20 to 30 million spam e-mails each day Used BA's computer without its knowledge

Like most people I get my fair share of spam e-mails, and like most people I have wondered why they send it to me - and who is responsible.

A few weeks ago I thought I would do something about it.

I contacted a company called MessageLabs, based in Gloucester, England. They had recently been in the news when they announced that more than half the world's e-mail traffic was now spam.

Paul Wood and Matt Sergeant from MessageLabs sifted through my motley collection of spam - everything from debt consolidation to Viagra offers to penis enlargement - and we alighted on one e-mail, literally drawn at random.

What we found out surprised all of us.

An examination of the e-mail headers (the computer's IP address showing where the e-mail came from) revealed that it was being sent via a computer being used as a proxy to disguise the true origin of the message.

The proxy was one known to be used by a South American spam gang called Superzonda.

A link led us to a website called beautifulwomentodate.com, which advertises Russian mail order brides.

And then came the surprising bit.

When Paul and Matt looked up which computer the website was using to host its service, the IP address belonged to British Airways.

So Superzonda was using a computer belonging to British Airways without its knowledge to host its website.

Mail order brides are not BA's normal line of business.

For British Airways the immediate problem was quickly solved. The internet connection to that computer was severed and later a quick check revealed that Superzonda had moved onto another poorly protected computer to host their site, this time in Madrid.

BA confirmed that their security was breached in this way, but did not want to comment publicly for fear that it would invite attacks from other spammers.

It was time for me to find out more about Superzonda, and how they can hijack innocent people's computers in this way.

After all if a large company like British Airways can be abused, what about the home computer user with a broadband "always on" connection?

Notorious

They've [Superzonda] learned every trick in the book to get around the anti-spam filters and to throw everyone off track Steve Linford, Spamhaus

They are unlikely to have the sort of computer support back-up and security that big companies should have.

I went to see Steve Linford, one of the world's foremost experts on spam, on his houseboat on the River Thames near London.

From here he runs Spamhaus, a major spam blacklist used by 140 million computers users around the world to screen out spam.

"Superzonda appeared about five or six months ago," said Steve, tapping away at one of the bank of computer screens in front of him.

"They are at the moment probably one of the worst spam outfits on the internet for the amount of stuff that they do."

Superzonda is thought to operate from Argentina and specialise in wholesale takeovers of insecure computers to send e-mails and host websites.

They are thought to be responsible for 20 to 30 million e-mails a day, mostly advertising products like Viagra and penis enlargement.

Spammers generally work on a ratio of one sale per million e-mails - so 20 to 30 sales a day is good business for Superzonda.

"They've learned every trick in the book to get around the anti-spam filters and to throw everyone off track," said Mr Linford.

Removing spam

There was one more piece of information to glean from that Superzonda website beautifulwomentodate.com.

The registry information listed a Moscow address that led nowhere, but it also mentioned a computer server the website was using belonging to an Amsterdam based company called Cyberangels.

So Cyberangels were providing a computer server for Superzonda's websites.

The European internet registry listing for Cyberangels gave an address, names and phone number, but predictably they were false.

However this investigation has revealed a large amount of evidence linking Cyberangels with a man called Martijn Bevelander who runs a Dutch Internet Service Provider called MegaProvider.

I phoned Martijn Bevelander at MegaProvider and over the course of a few days had several conversations with him in which he twice promised to record an interview with me, and then twice withdrew at the last minute.

I offered to travel to Amsterdam to meet him, but in the end I decided to record a phone call without his knowledge.

Mr Bevelander repeatedly denied any connection to Cyberangels.

Indeed the first time I spoke to him he said he had never heard of them. Later he changed his story to say that they were a client of his who had not paid their bill, so he had thrown them off his ISP.

"There is no relationship, absolutely none," he told me, "There is no evidence that I am connected to or doing anything with Cyberangels."

"I don't care about what people say about me Martijn Bevelander, Megaprovider

The evidence though is clear. Two company registries, one at the Belgium internet name registry and one at the Dutch Chamber of Commerce, both gave Mr Bevelander's name and address as the contact for Cyberangels.

The day after I asked him why he had registered Belgium Cyberangels in his name, the domain name was suddenly dropped from the Belgium registry.

But the clearest piece of evidence came in an e-mail written by Martijn Bevelander himself, obtained by the BBC, in which he describes himself as "an investor" in Cyberangels, and claimed that he manages their network.

As well as hosting pornographic websites for Superzonda, Cyberangels and MegaProvider send out large quantities of spam for mostly American clients. But when I spoke to Martijn Bevelander he seemed unconcerned about his growing reputation.

"I don't care about what people say about me," he said.

Asked whether he thought it was bad for business being associated with spam, he said:

"No absolutely not. No one ever failed to sign up with MegaProvider because of that. We had a problem last year and we fixed that, and the network works perfectly. Our carriers are happy with us, so they can do anything they want - I don't care."

Removing the spam

But the carriers he referred to are not happy. For the last six weeks Cyberangels internet traffic has been carried by Telefonica, the Spanish telecoms firm.

Last week I contacted Telefonica to ask why they were allowing a spammer to use their network.

Just today (Tuesday July 1st) Telefonica announced that they had dropped Cyberangels as a client for breach of their terms and conditions regarding unsolicited bulk e-mail.

In England and Wales it is illegal under the Computer Misuse Act to remotely control other people's computers without their knowledge - something which spammers like Martijn Bevelander and Superzonda do twenty four hours a day, seven days a week, all over the world.

But it is a crime that is very difficult to police, and a crime that is growing daily, as spammers find ever more inventive ways of staying ahead.