Unique spammer/LiveJournal world crossover

[azekeil]

This shocked me a bit. Working for who I do, I know a fair bit about the antics of this particular spammer, but he's proven the point that cyber terrorism does work. If you think that's a bit extreme, then think of the implications. He has successfully fought a legitimate (although admittedly vigilante) company into reversing its policies and activities through his illegal activities.

Of interest to the people here, it should be noted that the company sought to continue their activities through a TypePad blog (hosted by SixApart, the same company that now owns LiveJournal) they redirected their domain to through DNS, but the spammer simply launched a massive DDoS on TypePad, which affected LiveJournal as reported here by LJ staff.

The spammer reportedly told Blue Security in an ICQ conversation that if he can't send spam, there will be no internet.

UPDATE: This blog seems to give some more information. Also, some work colleague just came up with the analogy that spammers were like drug dealers. Blue Security were doing the same as organising vigilante action against the drug dealers. So what do the drug dealers do? Send round their heavies to 'deal' with Blue Security. Pretty dumb, all in all. Blue Security's actions haven't helped anyone, just annoyed them.

UPDATE2: Interestingly, Blue Security appear to be out of business.

Comments

[meltie.livejournal.com]

Yes, it's what i'd call 'a trifle unnerving'.

[chaosdeathfish.livejournal.com]

What this should do is shock ISPs and suchlike into realising just how much of a problem botnets and suchlike are, and implement decent filtering mechanisms on all links in and out of their networks - including the connections to users' machines. That should include opt-out SMTP port filtering by default on all users' connections, to prevent compromised computers being used for spam.

Or that's my opinion at least, not properly thought through or researched..

[azekeil.livejournal.com]

This article suggests that any ISP who attempts to do this may be singled out for action by the spammers, further reducing their desire to do so.

In any case, spammers often pay ISPs for connectivity; why would they want to harm this source of income? They don't pay for spam, after all...

Finally, ISP consumers still have valid reasons to connect to port 25 on machines outside the ISP network. I suspect that the support headache this would create for ISPs makes it unmanageable.

All this goes to promote the status quo - not a pleasing thought.

[dennyd.livejournal.com]

I'm tentatively in the camp that says if the spammers were this pissed off, BS were doing something right. I'd have signed up after hearing about this if BS hadn't decided to fold.

Incidentally, I've read rumours that the sending the heavies around bit is more than an analogy... BS seemed to be taking the DDoS as proof they were doing well, almost pleased by it, then suddenly they decide to fold their entire business? It has been suggested that the threats from spammers against BS escalated from virtual to real.

[tefkas.livejournal.com]

re Update2, Yep, the_register relayed that news a little earlier (actually, I thought that was what had prompted your post).

I find it all rather depressing - this, along side moves to move back to the walled-garden enclaves of the Compuserve days et al seem to suggest that things could morph quite drastically in the not too distant future, as people seek to escape from increasing waves of spam.

[azekeil.livejournal.com]

I read the reg's article as a climbdown, not as a disbanding of the company, but now I read it again I see that actually yes they mention it.

I would be very surprised if things change drastically. It may simply be the case that new messaging protocols spring up that enforce sender responsibility. Until then, companies like the one I work for will continue to do business helping people communicate safely and effectively on the internet.

[azekeil.livejournal.com]

Yeah, I have to admit that goading the spammers into action must mean that something was irritating them enough to do it. It could also be because it was an easy central target for this.

I suspect the ISPs hosting BS's internet and DNS got fed up of the risks and suspended their operation, forcing BS into realising that any success they had would be met by another DDoS and further hosting problems, leading them to conclude their business model was not workable.

Spam is an interesting subject. I personally receive very little spam, which I attribute to never spreading my email address. If I were a business, I would probably end up employing the services of a company like the one I work for to ensure I was able to communicate safely and effectively.

[dennyd.livejournal.com]

I suspect the ISPs hosting BS's internet and DNS got fed up of the risks and suspended their operation

http://www.prolexic.com/spam/spam-051006.php is relevant here. They don't sound like they were in a giving up sort of mood to me.

[azekeil.livejournal.com]

Um, that just sounds like a company that BS employed to help fend off the attack and got caught in the cross-fire looking to minimise any damage to themselves...

[poggs.livejournal.com]

Vigilante action is no way to enforce law and order.

[stuartl.livejournal.com]

So what's happened to authenticated email relaying?

It's cryptographically and mathematically possible, there's probably even RFCs to cover it...

If you authenticate the source email address as a valid source for the given domain it eliminates source address faking and allows backtracking to the registrar of the domain.

International law starts to play a part but I, and many others, could feasibly say that I'll block all .il, .ru or .hk addresses (for example) since I'm very unlikely to get real email from them.

Thoughts?

[azekeil.livejournal.com]

Authenticating the source email address requires distributed identity management (much like SSL certificates are authenticated now). However, every person wanting to exchange email would have to upgrade their mail systems - it's just not feasible.

The change is radical enough to lump it in the 'whole new protocol' problem that I explained above.

If you're talking about DKIM, then it's slowly happening. It's still not a complete answer though, as it at least is backwards compatible, but requires people to integrate DKIM into their email infrastructures. It also doesn't solve the problem of who is a trustworthy person? Spammers can set up DKIM authenticated mail servers too; the central piece is missing from this.