Free Technology Newsletters
» All 33 InfoWorld Newsletters
Technology & Business Daily
 
InfoWorld
 
   

Reader Voices: Unpunished Spammers

By Ed Foster, Section The Gripelog
Posted on Tue Nov 04, 2003 at 01:04:02 PM PDT

In a recent Weblog item I printed the lament of an IT manager concerning two anti-spam sites that were forced to close by spammers’ denial-of-service attacks. He was upset that law enforcement officials had proven so unable or unwilling to act in such cases, and many readers felt the same way.

One piece of breaking news that may help get the attention of authorities is that the latest virus making the rounds, the W32/Mimail-E virus, appears to be specifically designed to produce denial-of-service attacks from infected computers on anti-spam sites such as Spamhaus.org. See the Spamhaus press release.

Several readers were so passionate about the issue that they said I should have played the story up more. "I think this is really one of the most important stories around, and yet even you are burying it as a sub-story without even a tagline to draw interest," wrote one reader. "I am being pummeled by these spam-worms much more than I ever was by Blaster, yet the media seems to have decided we had enough news about viruses ... but surely this rates as just as important as the do-not-call list. Here we have promulgators of pornography and cons collaborating to wipe out legitimate organizations trying to prevent our children from being exposed to much worse than a telemarketer."

A number of readers said that law enforcement is only interested in protecting big corporations or the government from denial-of-service attacks. "The simple fact is that the FBI and other law enforcement agencies aren't interested unless (a) A large, deep-pockets corporation is under attack (thus ensuring Congress will get involved if the FBI won't), or (b) a terrorist attack has already happened," a reader opined. "And when the terrorists use this distributed network of zombies to attack Federal interest computers and exploit the known vulnerabilities to obtain highly classified information for purposes of physical attacks, the FBI will claim they never had any warning. Only this time, the American public will know better, because we sysadmins are the public, and we will ensure everyone else knows that the FBI is knowingly aiding and abetting terrorism by inaction."

But some think it’s time for IT professionals to take matters into their own hands. "I have heard of citizens filing private criminal suits when prosecutors failed to act, although it would surely take deep pockets," wrote one reader. "Perhaps it's time for the IT community to form its own ACLU-type foundation, an organization to take on spammers, DoS instigators, privacy issues, security, the ITAA and H-1B visas, and -- in their off hours -- Larry Ellison."
< Monsanto Restricts Farmers From Re-planting Seeds | Great Expectations >


Display: Sort:
Reader Voices: Unpunished Spammers | 3 comments (3 topical) | Post A Comment
I agree ...[ Reply to This ] (none / 0) (#1)
by RocDoc on Tue Nov 04, 2003 at 07:42:18 PM PDT

Ed, I love this comment: "... the FBI will claim they never had any warning. Only this time, the American public will know better, because we sysadmins are the public, and we will ensure everyone else knows that the FBI is knowingly aiding and abetting terrorism by inaction."

I'm in agreement with your readers as quoted that this topic should have received more prominence. I believe that the news media routinely publicizes the sensational over the mundane as advertising dollars mean more than journalistic integrity (present company excepted, of course).

My 20-plus years of experience in IT/MIS/(whatever we call ourselves today) has shown me that it's routinely the small stuff that adds up to big problems, and not normally a single big problem that creates the havoc, problems, and destruction. To misquote an old saying in the government sector and using it as an analogy, "A few dollars here, a few dollars there, and pretty soon you're talking big money".

We've seen what has happened to email with the introduction of spam messages from the humble beginnings of a single advertisement posted by a law firm onto the USENET back in 1992 (ref: Silicon Snake Oil by Cliff Stoll, Doubleday, 247 pages, hardback, Apr 1996). We've also seen Arpanet/Darpanet/Internet change from a professional data sharing mechanism to a catacomb of misinformation, pornography, and (for a large part) the base level of human sociology in society.

Now is the time to stop this misuse of the medium, before it grows so large in size that we administrators are unable to persuade the apathetic users and lawmakers into moving and addressing the issue. Again, to misquote an old saying and using it as an analogy, "A stitch in time saves nine".

Oh, and by the way (I really do dislike the use of BTW as TLA (three letter acronym)), I believe that even if the FBI claims they never had any warning, there will be nothing that the sysadmin can do to change the public's mind because of the spin that will be placed upon the event by the news media.

Ed, thanks for your wonderful job of keeping us informed. I, and many other of my constituents, appreciate your hard work on this issue, and many others!

[ Reply to This ]



Unpunished Spammers[ Reply to This ] (none / 0) (#2)
by byelen on Thu Nov 06, 2003 at 12:49:37 PM PDT

Apparently the FTC has obtained an injunction on a San Diego spammer using the Windows Messenger Service to send "Pop Ups". The full story is at "The Register" http://www.theregister.co.uk/content/6/33834.html

[ Reply to This ]


Spamhaus Internet terrorists.[ Reply to This ] (none / 0) (#3)
by Anonymous User on Sun Aug 27, 2006 at 03:11:12 AM PDT

Spamhaus Internet terrorists. Becoming what you oppose Editorial by Dave Hayes Many folks have asked me why I stopped "contributing" to the everlasting debates in NANA (news.admin.net-abuse.*). I generally respond with something along the lines of "I don't wish to become that which I oppose". Indeed, recently I've "plonked" several entities (among them the terrorists known as "spamhaus" and "spews") simply because I no longer wish to beat my head against the stone wall of ignorance. Terrorists? Yes that's right. One definition of "terrorism" is "attacking innocents in the name of your cause". Nowhere is this more ironic and extreme than in the deeds of my old nemesi, the anti-spammer zealotry collective, some of whom are now known as spamhaus and spews. The terrorism they practice is implemented in the form of "mail blacklists". Blacklists are not a new notion. In the 1950's, the infamous McCarthy blacklists contained names of "possible communists", which ultimately led us to a more sterile culture. The social costs of what came to be called McCarthyism have yet to be computed. By conferring its prestige on the red hunt, the state did more than bring misery to the lives of hundreds of thousands of Communists, former Communists, fellow travelers, and unlucky liberals. It weakened American culture and it weakened itself. ---Victor Navasky, Naming Names (New York: Viking Press, 1980) Modern internet technology has created our own version(s) of social blacklists. Many anti-spam zealots have turned to this method for freeing their mailboxes from spam. Simply expressed, these organizations maintain databases which are supposed to contain the IP addresses of known spammers. They then provide these databases to various electronic mail servers, so that the servers can reject email based on what's in these databases. The bottom line is, if the machine that sends your email is on this list, a number of mail servers will automatically reject all email from your server. If (and only if) they restricted these blacklists to actual spammers, I doubt very seriously that I would have problem with this practice. If we could trust human beings to maintain a logical and calm viewpoint about life, I doubt that I would have a problem with these blacklists. Unfortunately we cannot trust these things in either case. Fact: Spamhaus and spews have added innocent IP blocks to their blacklists. The anti-spammer idealotry goes like this: "Anyone who gets service from a network friendly to spammers is supporting the spammers and therefore our enemy." (The friend of my enemy is my enemy too?) So here's how this goes. Once a network provider is branded "a communist"...er excuse me..."a spammer", ALL of their IP ranges are blocked. Typically a network provider is providing services for smaller service providers, many of whom would never and have never engaged in spamming of any kind. No notice is really given on these blacklisting events, rather you find out when mail starts bouncing to some destination. Usually an end customer is the first to notice, and that customers is directed by the bounce to complain to...their own ISP! In essence, the customer is tricked into presenting the terrorist anti-spam agenda to the ISP. The ISP turns around and finds out that -their- provider (or provider's provider) is what the anti-spam zealots want "silenced". Until that target complies with their arbitrary agenda (usually of the form "stop spamming", but this is not always true...see below), everyone else has to suffer with electronic mail blocks. What's wrong with this? Everything. * First and foremost, the most often heard reason anti-spammers are so rabid about anti-spam is "it makes electronic mail unusable for average people". If this is true, then how does blocking innocent email help this situation? In fact, blacklisting innocents contributes to the problem. The hypocrisy here is so thick I doubt even a knife can cut it. * The dishonor of the practice of blacklists is amazing. Many naive internet mail administrators add blacklists like spamhaus "because they work to reduce spam". Lots of these sites have no idea that they are being cut off from legitimate email because of these machinations. If their customers really knew that they were cutoff, I wonder how many would still buy service? Getting rid of spam is one thing, blocking that key business email that means $100K in sales is quite another. Lets take this one step further. Person A buys email service from ISP X who is using Spamhaus to block spam email. Person A's daughter, who's income is very low due to being a student in college, buys email service from ISP Y (because it's cheap) who uses IAP S as their connectivity. ISP Y buys network from IAP S because it's cheap. Due to real life constraints, the only contact Person A has with their daughter is email. IAP S suddenly gets put on the anti-spam master blacklist. The same day, Person A's daughter has a car accident. A roommate desperately tries to send email to Person A but it's blocked. Worse, it's blocked because these zealots have an idealogical cause which is set up to be more important than a person's life. This is the height of dishonor. * The practice is quite criminal by many definitions and with criminals on all sides: o Any ISP that is blocked is told to "comply with our demands or be blacklisted" (a.k.a. extortion). o Attacking innocents in the name of their cause (a.k.a. terrorism). o Since the control of the blacklist is out of the hands of the service provider who subscribes to it, by law you must clearly state "random people may be blocked to your email box by other people who are not under our control" before selling "email services". I've never seen this stated on any ISP ad. (a.k.a false advertising) o Blacklisting ISPs is a good way of knocking them out of business (a.k.a restraint of trade) o If spam ever goes away, these organizations will also. Thus they have a vested interest in keeping spam alive (a.k.a playing both sides of the street) Do note that the anti-spammers claim these practices are not criminal and will "reduce economic support for the 'spam friendly' ISPs". This claim is quite erroneous: Fact: Spammer companies have far more money than most innocents. Yep, to the tune of millions of dollars per month. SPAM is big business. Do you think that the income of one little ISP with 1000 customers is going to make any difference against the large income of a spam company? No! All that does is clear more bandwidth for the spammers to use, should the little ISP cave in and switch to another provider. While there's no proof (that I'm aware of), it's not so far fetched to open up questions of collusion between "the providers that are anti-spam" and the "anti-spam blacklists". Certain providers, to compete, may pay the blacklist groups lots of money to keep attacking innocents, which gets them more customers in the long run as ISPs fold because they cant afford the connectivity provided by the "anti-spam supporter" providers. I've established some things here: 1. In my opinion, blacklists are bad. 2. The anti-spammers are resorting to clearly criminal activities to further their goals: extortion, restraint-of-trade, terrorism. 3. The effect the anti-spammers are trying to have by blocking innocents only works to destroy email connectivity, the cure is worse than the disease. This brings me to my concluding point. The original complaint against spammers included accusations of being criminal. Most spammers are considered criminal. Yet look at the anti-spammers! In their undying eternal zeal to end spam, they have become just what they oppose! Criminals and email destroyers. Gee, isn't this what they call the spammers? The aware person realizes that fighting something only makes it stronger. Indeed, when you see two people rabidly on one side or the other, it's very hard to distinguish the two. They almost appear to be the same person, willing to commit any atrocity for the sake of their ideology or economics. What more do I need to know? So, in a roundabout way, that's why I don't participate. I've done my days of tilting at windmills. I've presented my pearls, but the swine didn't hear any of them. They've misrepresented my position countless times for their own agendas, failed to understand even the most basic of the concepts I've explained, and twisted what I've said to make me out to be something I am not. ("Spam supporter"...lol) I have finally realized that it has less to do with the ability to understand, it's mostly that they are not willing to understand. So in that climate I should once again venture forth into that primal never-ending argumentia that is NANA? No. I'm sorry. I have far better things to do.

[ Reply to This ]


Reader Voices: Unpunished Spammers | 3 comments (3 topical) | Post A Comment
Display: Sort:
Recent Entries
Bill Gates and PC history
21 comments

Borderline searches and seizures
15 comments

Reader voices: Angry at eBay
12 comments

Teleblend's terrible terms
2 comments

Spyware bill cloaks a mini-UCITA
9 comments

Reader Voices: Autorenewal Defenses
23 comments

More The Gripelog...

Submit a gripe
About the Author
Email Ed Foster

Help Ed and his readers build these projects:
The Gripewiki
The EULA Library

Login
Make a new account
Username:
Password:

Live Gripes
Has AOL Changed Their Ways?
12 comments

A Nestle SweeTarts Conspiracy
13 comments

AT&T Kills "Bad" Username
26 comments

DESPERATE! AOL HAS TAKEN OVER MY COMPUTER
47 comments

parkingticket.com SCAM on refunds
22 comments

Don't let Net Enforcers Ruin Your Day.
14 comments

More Live Gripes...

Sign up for my newsletter

To have my column automatically e-mailed to you, submit your email address in the form below. Of course, I will not turn your address over to any other party or send you any unrequested e-mail.

Infoworld Blogs
 Jon Udell 
 Kevin Railsback 
 Paul Venezia 
 Bob Lewis 
 Tom Yager 
 Ed Foster 
 Enterprise Mac 
 The Storage Network 
 Database Underground 
 Open Sources 
 Zero Day 
 InfoWorld Daily 
 Grid Meter 
 Real World SOA 
 SMB IT 
 IT Troubleshooter 

Recomended Sites
The AFFECT Coalition
Electronic Frontier Foundation
Electronic Privacy Information Center
Free Software Foundation
HearUsNow.org
Public Knowledge
StopBadware.org

Jeff Angus
Ben Edelman
Dan Gillmor
Bob Lewis
Brian Livingston
Freedom to Tinker
Lawmeme
PC World's Techlog
SunBeltSoftware Blog
Troubleshootsers.com

Rss Feeds
How this works
 Top News 
 Columnists 
 Tech Watch 
 Test Center Reviews 
 Applications 
 App Development 
 E-Business Solutions & Strategies 
 End-user Hardware 
 Networking 
 Operating Systems 
 Platforms 
 Security 
 Standards & Protocols 
 Storage 
 Telecommunications 
 Wireless 
 Web Services 

 

create account | faq | search