In May of last year, federal cybercrime cops had what seemed like a big win: After years of investigation, they had finally bagged the man they called the 'Spam King', otherwise known as Robert Alan Soloway of Seattle. Earlier this month, Soloway pleaded guilty to charges of mail and e-mail fraud that together carry a sentence of up to 26 years in federal prison.

But as cybercrime evolves, a criminal who seemed to cast a big shadow over the Internet a year ago now looks more like the runt of the cybercriminal litter. Looking back on Soloway's trial, his case illustrates how even major cybercriminal busts fail to capture the biggest targets--or put a dent in spam and fraud on the Web.

Slideshows:
The year's biggest cybercrime convictions
Cybercriminals' map of the world

During his heyday, Soloway spent years spewing millions of spam e-mails promoting the products of anyone willing to pay for his services. Starting around 2003, Soloway rented about 2,000 computers at a time from other cybercriminals who had hijacked them with malicious software--a so-called 'botnet'--to send out his junk e-mails, according to the attorneys who prosecuted him.

Soloway was particularly brazen about his transgressions: He advertised his spam services on a public site and bragged in Web forums about ignoring two multimillion-dollar lawsuits brought against him under the federal CAN-SPAM law.

The public record Soloway created made him a clear target for federal agents. "It's a success for law enforcement, and it's great to have his head on a spike," says Pat Peterson, a spam researcher for e-mail security firm Ironport. But given that the total spam volumes on the Internet are now measured in tens and hundreds of billions of e-mails, Soloway was ultimately a 'rinky-dink' criminal, Peterson says. "Soloway's spam volume was relatively low. He was a dumb guy going after the easy money."

Slideshows:
Seven ways your site can be sabotaged
Hacking without technology

To be sure, Soloway's arrest in May of 2007 was just the first in a wave of cyberbusts that have swept through the cybercriminal world over the past year. Two stings in May and November, called Operation Bot Roast, netted 11 spammers and botnet 'herders' including Soloway.

Another bust in January captured another 11 members of a stock-promoting spam ring. The past 12 months have also seen the first conviction based on federal spam laws and some of the longest prison sentences ever handed out for insider data breaches and identity theft.

But by nearly every measure, cyber crime keeps growing without a hiccup. According to Ironport, spam e-mails reached a peak of 120 billion messages a day during last year's holiday season, a 50 per cent increase over the same period the year before.

Eleven per cent of computers are unknowing members of the botnets that distribute spam, according to a report from botnet research firm Damballa, and botnet activity on the Internet has more than tripled over the past year.

Slideshows:
How to disappear online
Seven tips for keeping your kids safe online

The financial effects of spam are growing, too: phishing scams, which fool users into revealing their bank codes, cost Americans $3.2 billion in the 12-month period ending August of 2007, up from $2.8 billion in the previous comparable period, according to a report from Gartner Research.

Why haven't cybercrime crackdowns made the Internet a cleaner, safer place? Snagging a cybercriminal in the US does nothing to control international criminals, says Mike DuBose, the Department of Justice's chief of computer crimes and intellectual property. Every major bust in the US, he says, drives more spam and fraud targeting Americans to Europe and Asia.

"Strong domestic enforcement alone is not enough any more," says DuBose. "The hackers of five years ago are increasingly organised, sophisticated and profit motivated, and they're also increasingly located overseas."

To tighten its net, the Department of Justice and the Federal Bureau of Investigation are both working more closely with foreign governments to snag spammers and other cybercriminals. The FBI's deputy assistant director of its Cyber Division, Shawn Henry, points to the November arrest of the hacker known as AKILL, an 18-year-old in New Zealand running a botnet of 50,000 computers.

In another case resolved last year, FBI officials spent more than nine months stationed in Romania, tracking a group of more than 20 cybercriminals who were eventually arrested by local authorities. Thanks to toughening cybercrime legislation in countries like Romania, Henry says, those cybercriminals were imprisoned locally and didn't need to be extradited.

But the real 'spam kings', argues Ironport's Peterson, are still likely to evade law enforcement in Eastern Europe or Russia. Since 2006, Peterson has been tracking one ring of cybercriminals responsible at times for billions of spam messages a day through 150,000 infected bot computers.

Every bust of a comparatively insignificant criminal like Soloway simply brushes away a weaker competitor, Peterson says.

"We tend to get the stupid ones, and we tend to get the ones in the US," he says. "But as law enforcement ramps up, we're building law-enforcement-resistant spammers. Right now, they're unassailable."