Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

335 comments

Not Just Spam (5, Interesting)

eldavojohn (898314) | more than 5 years ago | (#25732821)

From the article:

The badness attributed to McColo was not limited to spam. It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide.

And they operated for how long before they were shut down ... as a United States based hosting provider?

If they have evidence of these things, I certainly hope that The Washington Post turns any evidence over to the FBI or at the least the local law enforcement where McColo is operating. And I hope a warrant is obtained through the appropriate channels to collect evidence from Hurricane Electric & Global Crossing ... I'm all for user privacy policy from an ISP but obviously these people are criminals.

Re:Not Just Spam (3, Funny)

Anonymous Coward | more than 5 years ago | (#25733057)

Your post advocates a

( ) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Not Just Spam (5, Insightful)

Goaway (82658) | more than 5 years ago | (#25733339)

Did you just fill that in at random, or what?

Re:Not Just Spam (5, Insightful)

theaveng (1243528) | more than 5 years ago | (#25733365)

I don't see how providing evidence to the government is "vigilante justice". On the contrary it is government justice which is what government is there to provide.

Re:Not Just Spam (4, Insightful)

Smelly Jeffrey (583520) | more than 5 years ago | (#25733157)

The CAN-SPAM Act [ftc.gov] is directed at the commercial entities that actually create the message, not the service providers who happen to be the medium. There are no penalties defined for the ISP at the source end of the spam. This is a slippery slope, and one the US has done well to avoid so far.

While many have an opinion otherwise, the fact is United States based internet service providers are protected by common [lectlaw.com] carrier [wikipedia.org] laws.

While shutting down this ISP may have slowed the spam for today, the two fundamental flaws remain:
  • the United States does not have and will never have jurisdiction over foreign spammers
  • the spammers can relay their email through yet another ISP tomorrow.

Re:Not Just Spam (3, Informative)

theaveng (1243528) | more than 5 years ago | (#25733427)

False. ISPs are Not common carriers. They have never applied for that distinction within the courts, and so they remain private-owned businesses. Therefore they are liable for actions committed.

Re:Not Just Spam (1)

Rogerborg (306625) | more than 5 years ago | (#25733479)

GP didn't say that they are common carriers. Go back and read again, slowly.

Re:Not Just Spam (2, Informative)

theaveng (1243528) | more than 5 years ago | (#25733653)

"internet service providers are protected by common [lectlaw.com] carrier [wikipedia.org] laws"

That's pretty damn close. If they are protected by "common carrier laws" then they are "common carriers" in effect, if not actual name.

Re:Not Just Spam (3, Informative)

Aranykai (1053846) | more than 5 years ago | (#25733441)

Except that ISP's are NOT common carriers in the USA.

http://yro.slashdot.org/article.pl?sid=05/06/27/1510219 [slashdot.org]

Now, please stop promoting nonfactual bullshit.

Re:Not Just Spam (0, Offtopic)

John Straffin (902430) | more than 5 years ago | (#25733515)

Now, please stop promoting nonfactual bullshit.

Um... this is /. we're talking about here...

ISPs are not common carriers (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25733495)

...or at least, no judgement or legislation in the US has ever held ISPs to be common carriers in the sense that phone companies are.

ISPs are clueless? (5, Insightful)

Bearhouse (1034238) | more than 5 years ago | (#25733177)

Also FTA:

'Two hours later, I heard from Benny Ng, director of marketing for Hurricane Electric, the Fremont, Calif., company that was the other major Internet provider for McColo.

Hurricane Electric took a much stronger public stance: "We shut them down," Ng said.

"We looked into it a bit, saw the size and scope of the problem you were reporting and said 'Holy cow! Within the hour we had terminated all of our connections to them."'

So, after much hand-waving here, and elsewhere, about what info the Gov. and your ISP may be collecting about you, they could not spot this, a major spam, child-porn and theft site?

Maybe the honest version would be;
"We were making shitloads of money out of selling bandwidth to these bastards, 'no questions asked', but now you've blown the whistle on them I guess we've gotta look responsible."

Re:Not Just Spam (0)

Anonymous Coward | more than 5 years ago | (#25733247)

From the article:

If they have evidence of these things, I certainly hope that The Washington Post turns any evidence over to the FBI or at the least the local law enforcement where McColo is operating.

News orgs, as a rule, do not turn evidence directly to law enforcement. This would be bad for the separation between the fourth estate and police (how comfortable would you feel being interviewed as a source if you suspected a reporter to be another arm of the police?).

If the FBI can't successfully investigate and prosecute based on the details published by the WaPo, then it's time to clean house there.

Re:Not Just Spam (5, Insightful)

ojintoad (1310811) | more than 5 years ago | (#25733327)

I certainly hope The Washingto Post doesn't have to do the job of the Federal Authorities in the future.

I think this quote down on the third page was probably the best, from a Trend Micro researcher (emphasis mine):

"There is damning evidence that this activity has been going on there for way too long, and plenty of people in the security community have gone out of their way to raise awareness about this network, but nobody seems to care," [Paul] Ferguson said. "It's a statement on the inefficiencies of trying to pursue legal prosecution of these guys that it takes so long for anything to be done about it. Law enforcement is saying they're doing what they can, but that's not enough. And if law enforcement can't address stuff like this in a timely fashion, then the whole concept of law enforcement in the cyber world needs to be readdressed, because it's hardly making a dent at the moment."

Re:Not Just Spam (3, Insightful)

theaveng (1243528) | more than 5 years ago | (#25733561)

The "federal authorities" cannot be everywhere at once. If you see a man getting beat by another man, do you just stand by and wait for the police to show-up 30 minutes later to collect the body? Of course not. You and your fellow citizens act to stop the abuse.

What happened here is no different. This reporter noticed an illegality, collected evidence, and then took action (called the ISP) to see if he could stop it. Later on, he will provide the evidence to the government.

Re:Not Just Spam (3, Funny)

Lord Apathy (584315) | more than 5 years ago | (#25733639)

If you see a man getting beat by another man, do you just stand by and wait for the police to show-up 30 minutes later to collect the body?

Well lets not get ahead of our self here. Depends on why the other man is kicking his ass. If the one getting his ass kicked is known child molester and the one doing the ass kicking clams that he has molested his daughter, I would be more inclined to pop open a cold beer watch the show. In the case of a known spammer I might be even willing to lend a hand.

Hell, I was at a fight a few weeks ago that I paid 50 bucks to see....

Re:Not Just Spam (4, Insightful)

kkwst2 (992504) | more than 5 years ago | (#25733587)

Be careful what you wish for.

I'd like to suggest quite the opposite, that this is the way it should be. Do not trust the government to protect your interests in this regard. Time and time again they've been proven slow, incapable, and even corrupt.

Meanwhile, it is private groups, reporters, etc. that keep things in check. While this system is far from perfect, it's certainly better than the government as the sole "protector" of our interests.

Re:Not Just Spam (5, Insightful)

zaffir (546764) | more than 5 years ago | (#25733335)

Anyone wanna guess how much faster would they have been taken down had they been hosting RIAA or MPAA copyrighted works?

Re:Not Just Spam (1)

squoozer (730327) | more than 5 years ago | (#25733669)

I'm quite frankly shocked and a little disapointed that they didn't manage to work a terrorist angle into that list of "badness". What are journalists coming to these days.

Slashdot can shut down spammers, too (5, Funny)

Anonymous Coward | more than 5 years ago | (#25732827)

Just give us an IP address linked in the summary. That's all we ned.

Re:Slashdot can shut down spammers, too (2, Informative)

Goaway (82658) | more than 5 years ago | (#25733203)

The days when Slashdot could shut down a site with proper hosting are long since past. Imaging it could shut down a whole ISP is preposterous.

Re:Slashdot can shut down spammers, too (2, Insightful)

Khemisty (1246418) | more than 5 years ago | (#25733589)

"Just give us an IP address linked in the summary. That's all we ned."

It's funny, laugh.

Re:Slashdot can shut down spammers, too (1)

biet (632569) | more than 5 years ago | (#25733523)

127.0.0.1

good job! (5, Funny)

larry bagina (561269) | more than 5 years ago | (#25732917)

First they shut down McCain, now McColo. Next up: McDonalds?

Re:good job! (4, Interesting)

TheLink (130905) | more than 5 years ago | (#25732967)

Re:good job! (1)

theaveng (1243528) | more than 5 years ago | (#25733611)

Hmmmm..... I have Hunger for Quarter Pounder with pomme frites!

Re:good job! (4, Funny)

flyingfsck (986395) | more than 5 years ago | (#25733019)

Well, shutting down McDonalds will reduce artery clogging spam by 75% too. ;)

Oblig. (4, Funny)

Mateo_LeFou (859634) | more than 5 years ago | (#25732933)

Re:Oblig. (5, Funny)

TheThiefMaster (992038) | more than 5 years ago | (#25733241)

More like:

Your post advocates a
(x) technical (x) legislative (x) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won'... Holy crap how did you do that? 75% of all spam!? So much for it being botnets causing it! Congratulations!

As long as there is money in it... (4, Insightful)

Ritz_Just_Ritz (883997) | more than 5 years ago | (#25732935)

the spam will flow. It's the old "balloon dog" effect. Squeeze it in one place and it balloons in another. The ONLY way to attack this problem is to go after the advertisers who are willing to use spam as a medium to sell product.

Re:As long as there is money in it... (2, Interesting)

postbigbang (761081) | more than 5 years ago | (#25732977)

Or change the protocol set to something that can still work with anonymous yet non-commercial/legal mail. I can't think of a single person that would mind changing their email address or taking a few steps to eliminate the spam they get.

Re:As long as there is money in it... (0)

Anonymous Coward | more than 5 years ago | (#25732995)

I use gmail precisely to avoid even having to worry about spam filtering. When I had my own vanity domain, I would have agreed with you. Now, I just don't care anymore as the problem has ceased to impact me (directly).

Re:As long as there is money in it... (2, Funny)

postbigbang (761081) | more than 5 years ago | (#25733079)

No offense, but that's when gmail is working.

Re:As long as there is money in it... (0)

Goaway (82658) | more than 5 years ago | (#25733389)

My net connection goes down far more often than GMail does. I've never even noticed GMail being down that I can remember.

It's good enough for the vast majority of people, including me.

Re:As long as there is money in it... (1)

postbigbang (761081) | more than 5 years ago | (#25733603)

We would disagree on 'good enough'. And counting yourself as the majority would be wrong, too. Hotmail, yahoo, and/or aol beats gmail by a significant margin, it's believed. Add them up and gmail becomes much smaller. It also proves that initial market share is difficult to surmount. Google knows this, and just presumes we think they've taken over the world. They have not.

Re:As long as there is money in it... (3, Interesting)

TheThiefMaster (992038) | more than 5 years ago | (#25733147)

I use GMail with email addresses on my own domain (and it's free!)
The only downside is having only 7GB of mail storage space.
GMail's spam filtering is indeed second to none, I'm piping one of my old yahoo accounts through to my new address, and yahoo lets a few spams through per day, and then gmail blocks all of those.

Re:As long as there is money in it... (0)

Anonymous Coward | more than 5 years ago | (#25733239)

> GMail's spam filtering is indeed second to none,
> I'm piping one of my old yahoo accounts through
>to my new address, and yahoo lets a few spams
> through per day, and then gmail blocks all of
> those.

Blocked? I guess for some definition of blocked. My gmail Junk folder gets 50+ spam emails per day, and I have to look at them because I get an occasional false positive.

Re:As long as there is money in it... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25733321)

The problem with spam filtering is that when a government official contacts you to ask you visit a website to supply your bank details so that they can wire frozen funds to you, the filter thinks something dodgy is happening.

Usually it is of course, but the Financial Services Compensation Scheme (UK equivalent of FDIC) actually did send such an email to Icesave customers to tell them how to get their insured deposits back from Icesave which went bust a few weeks ago.

Lots of ISPs, not just GMail, apparently use Google's spam filtering service, and it picked up the FSCS email as a 419 style spam.

Re:As long as there is money in it... (4, Insightful)

HungryHobo (1314109) | more than 5 years ago | (#25733037)

So how do you set up a system where people can still be anon(even if the government issues some warrents) but held accountable for spam?Got any protocols which allow that?

Re:As long as there is money in it... (2, Interesting)

postbigbang (761081) | more than 5 years ago | (#25733087)

proxy anonymity. someone will think it up and make it work.

Re:As long as there is money in it... (1)

squizzar (1031726) | more than 5 years ago | (#25733493)

I'd suggest, although it's not a direct solution to spam, something along the lines of http://en.wikipedia.org/wiki/Ecash [wikipedia.org] would be a good place to start. I can't remember where I found the exact paper, but essentially it allowed completely anonymous electronic financial transactions. However if necessary a 'coin' could be marked with an additional signature from an investigative agency. This mark would be undetectable to the recipient, but could be traced, allowing illegal cash flow (e.g. money laundering) to be detcted. Thus somebody buys their dodgy pills or dodgy porn with traceable cash and the entire supply chain can be exposed.

Rather than plugging ID cards and biometrics and all that crap, this would actually be a brilliant system to see implemented, that actually increases anonymity and facilitates law enforcement. Surely a net win?.

I think it may have been: http://www.emis.de/journals/AUA/acta8/Popescu-Oros.pdf [www.emis.de] or something referenced to/from it.

That's tough, and here's why (1)

jonaskoelker (922170) | more than 5 years ago | (#25733257)

Or change the protocol set to something that can still work with anonymous yet non-commercial/legal mail.

Sure, that's easy. Here's a few things to think about:

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:That's tough, and here's why (1)

postbigbang (761081) | more than 5 years ago | (#25733319)

Great, another wizard that can't do the work.

Re:That's tough, and here's why (1)

Goaway (82658) | more than 5 years ago | (#25733407)

Did you just fill that in at random?

Re:As long as there is money in it... (2, Interesting)

I.M.O.G. (811163) | more than 5 years ago | (#25733119)

Usually when people make absolute/exclusionary statements, like "the ONLY way", they end up being not entirely correct.

While going after the advertisers could solve the problem, that assumes you could track them down AND have any control over their actions. Jurisdictional hurdles and similar problems are obvious with this approach.

Fortunately tho, that's not the ONLY way to address the problem. It'd be good if ISPs had incentives to address the problem - large scale bittorent protocol usage is something that wreaks havoc on the ISPs network and many ISPs are actively trying to come up with solutions to ease their pain. If there were an incentive for ISPs to monitor for abuse over SMTP, then perhaps another solution to the SPAM problem would be possible.

Theres lots of "answers". Any answer you provide to this problem falls prey to the same general set of problems tho. Theres a standard form slashdotters post in response to suggestions like this, and by checking off the correct options it can shoot down any possible solution you can think of.

Re:As long as there is money in it... (0)

Anonymous Coward | more than 5 years ago | (#25733263)

This might come as a revelation to you, but SPAM on a large scale is used mostly by illegal business (unregulated drug sales, etc...) that can not use "normal" advertisement channels.

Saying "to go after the advertisers" in this case means the same as saying "go after organized crime". It is done, but this crime went global a long time ago, while governments are still trying to figure out what exactly is this inter-tuby-thingy.

Re:As long as there is money in it... (1)

jonaskoelker (922170) | more than 5 years ago | (#25733423)

The ONLY way to attack this problem is to go after the advertisers who are willing to use spam as a medium to sell product.

Your post advocates a

( ) technical (X) legislative (X) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work.

(X) No one will be able to find the guy or collect the money.
(X) The police will not put up with it.
(X) Anyone could anonymously destroy anyone else's career or business.
(X) Jurisdictional problems.
(X) Dishonesty on the part of spammers themselves
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries

And my favorite...

(X) Killing them that way is not slow and painful enough

You're (in most cases) right: the cause of spam is the profitability of spam. We need to make it not profitable.

There's technical problems in altering the flow of mail, and there's jurisdictional problems in handling the flow of cash.

Maybe if we start requiring emails to be signed by a user's keys, and keys would only be certified if you donated money to a charity or something; then we could blacklist keys if enough users reported them as sending spam [uh-oh, joe job ahead]... oh well...

Re:As long as there is money in it... (4, Funny)

Jonboy X (319895) | more than 5 years ago | (#25733439)

the spam will flow. It's the old "balloon dog" effect. Squeeze it in one place and it balloons in another. The ONLY way to attack this problem is to go after the advertisers who are willing to use spam as a medium to sell product.

I think we need to go after the clowns making the balloon animals!

God, I hate clowns...

Re:As long as there is money in it... (1)

squoozer (730327) | more than 5 years ago | (#25733697)

Or we could stick the balloon dog with a pin, I find that a pretty effective way to get rid of them.

Wow (3, Interesting)

Reality Master 101 (179095) | more than 5 years ago | (#25732941)

I had ONE spam message last night. I average probably 20 a night.

Sigh (4, Funny)

elrous0 (869638) | more than 5 years ago | (#25732961)

Well, I guess now my Nigerian prince will never come.

Have no fear! (1)

Vinegar Joe (998110) | more than 5 years ago | (#25733221)

Enzite is here!

http://www.enzyte-male-enhancement.com/ [enzyte-mal...cement.com]

Re:Have no fear! (1)

Muad'Dave (255648) | more than 5 years ago | (#25733289)

Oh that's funny! The shortened URL for your link came out as "[enzyte-mal...cement.com]" aka "Enzyte - bad cement".

Re:Have no fear! (2, Funny)

compro01 (777531) | more than 5 years ago | (#25733421)

It'll make you rock hard, but then it will crumble after a few months.

Re:Have no fear! (4, Funny)

AMSmith42 (60300) | more than 5 years ago | (#25733663)

For erections lasting more than 4 months, see a mason.

Re:Sigh (1)

ji777 (1107063) | more than 5 years ago | (#25733301)

Only because he is now being held by rebel forces. His relative still needs your help, seeing as he has heard you are a reliable person, moving his disposed relative's vast fortune across seas... simply wire transfer him a small sum to cover legal fees and he will share a percentage with you!

is it morally right to DDoS spaming ISPs? (4, Interesting)

petes_PoV (912422) | more than 5 years ago | (#25732973)

as the title says. if it gets them "off the air" is this a public service or a criminal act (or both)?

Re:is it morally right to DDoS spaming ISPs? (2)

drinkypoo (153816) | more than 5 years ago | (#25733021)

Since morality is subjective, only you can decide. However, it is certainly illegal, and could get you sent to federal pound-me-in-the-ass prison.

Re:is it morally right to DDoS spaming ISPs? (3, Interesting)

inviolet (797804) | more than 5 years ago | (#25733373)

Since morality is subjective, only you can decide. However, it is certainly illegal, and could get you sent to federal pound-me-in-the-ass prison.

Interesting. So it's up to me whether it is good or bad to eat broken glass.

Look, since your mission is to undermine everyone's certainty, at least do it right. The one part of morality that is completely subjective is the discount rate, which is the time horizon that you set for your outcomes. Most things are good in the short term and bad in the long term, or vice versa, or some mixture. Nobody anywhere has yet figured out any rule for choosing or weighting one's time horizon.

Indeed, probably most political disagreements are really disagreements over time horizon. E.g., stay in Iraq? It's all about how far into the future you look for justification.

Re:is it morally right to DDoS spaming ISPs? (2, Informative)

mdmkolbe (944892) | more than 5 years ago | (#25733337)

This was not a DDoS. They simply convinced their upstream providers to cut them off.

This is perfectly legal(*) and moral, but is most cases completely impractical (upstreamers don't want to loose the revenue stream, downstreamers can always find a new upstream, etc).

Of course it is also very susceptible to abuse as it is the digital age's equivalent of old-world shunning.

(*) There may be contractual obligations and penalties for such actions but perhaps the downstreamer's bad behavior might contractually dissolve those obligations (it depends on the contract).

Hosting Child porn? (2, Interesting)

arkham6 (24514) | more than 5 years ago | (#25732979)

According to the article, the provider hosted servers that provided child porn.

1: Is that really possible for kiddie porn sites to be active in the US?
2: If its true, would that company be partially responsible legally speaking?

Re:Hosting Child porn? (5, Insightful)

bhima (46039) | more than 5 years ago | (#25733231)

I have come to the conclusion that it must be impossible to engage in any criminal activity which does not somehow involve child porn, as it seems to me that all stories of illicit behavior include accusations of trafficking in child porn.

Re:Hosting Child porn? (1)

Goaway (82658) | more than 5 years ago | (#25733451)

It's not impossible, but it certainly is stupid to not take that chance. Pedophiles tend to be gullible and desperate, and you can no doubt make a killing off them with extremely little effort, provided you have no conscience.

Recomment (5, Informative)

Anonymous Coward | more than 5 years ago | (#25732999)

The comments on the Washington Post site are pretty worthless, but this one was particularly good:

"Brian - Well done, and well reported. For the user who asked about reporting news versus creating news, you misunderstand Krebs's reporting. Like most good reporters who write big stories, he either got tips or analyzed data regarding spam and cyber-security. It probably was a combination of both. If he determined from his research, reporting and analysis that this data was coming from one place, he did not create a story by informing the spam host's business partners. Rather, he sought comment from them about this site, and they took action. What Krebs reported is not a big a story as Watergate, but what do you think Woodward & Bernstein did? Wait for a press release? A regulatory filing? No, they took one news event, worked backwards from it, and determined that something big was going on -- just like a spammer. Then they wrote about it, just like Krebs did. When Henry Blodget on Silicon Alley Insider wrote that The New York Times Co faces several possibilities for survival, he did not tap into a planned news event. He analyzed a balance sheet and made conclusions. Much of the news that comes out is because beat reporters see connections and draw conclusions that are not opinion, but reasoned and accurate viewpoints based on evidence out there that resists coalescing into a larger news event because most of us don't get it. That's why we have journalists, and this is a great example of that. And now for the full disclosure: I'm Robert MacMillan. I am a reporter at Reuters who covers the journalism business, and I worked at washingtonpost.com for many years with Brian. I sat right across from him so I know what he eats for lunch. Posted by: easymac | November 11, 2008 9:45 PM "

Better to NOT shut them down? (5, Interesting)

plsuh (129598) | more than 5 years ago | (#25733059)

When it comes to these sorts of things, oft times law enforcement and intelligence agencies who know about a source of major operations DON"T shut them down, so as to build a case against the bigger players or to maintain the ability to track what is going on. Given that this is a US-based corporation with US-based servers, I wonder if this shutdown has seriously compromised on-going monitoring and criminal cases. While this has almost certainly seriously disrupted operations of the various bad guys for now, I would give it only a few days before they're back online based at overseas locations where they're less easily reachable. Except for some script kiddies, the operations are all sophisticated enough to use standard techniques such as multiple hardcoded fallback IPs. DNS redirection, and using fake BGP announcements to hijack IP blocks to get back online.

--Paul

Re:Better to NOT shut them down? (4, Insightful)

dbIII (701233) | more than 5 years ago | (#25733507)

I think law enforcement and intelligence is too busy working hard in other areas (IMHO due to mismanagement and fear campaigns) to be able to handle their traditional roles. If you see criminal activity that you can stop immediately without any danger to yourself why look the other way? You can report it later instead of making yourself an accessory after the fact by condoning the criminal activity by continuing to let them operate with your resources.

As for the other stuff, in a world scripted by Tom Clancy the supervillians simply switch to their backup systems. However in reality shutting down something that has taken a long time to establish can stop them for a long time and can open them up to exposure when they are trying to do it again.

I wonder what made them turn? (5, Funny)

EmperorKagato (689705) | more than 5 years ago | (#25733089)

This is their AUP from 2005 (Mccolo.com)

Acceptable Use Policy (AUP)

All Maxis' Commerce colocation or dedicated server customers are bound by the following Acceptable Use Policy. This document may be updated from time to time. Please consult this site periodically for the most recent revision of this document.

No Maxis' Commerce customer shall:

Do anything illegal or anything that adversely affects Maxis' Commerce legal interests. The following list is non-exclusive, and should not be considered license to commit other illegal activities not specified below. All illegal activity is prohibited, and Maxis Commerce will cooperate fully with any law enforcement officials and/or agencies investigating and/or prosecuting such activities.

Cracking/Hacking - attempts to access accounts or systems other than the userâ(TM)s own accounts or systems or an account or system that the user has been explicitly authorized to access is illegal under federal and state law.

Child pornography - as defined by U.S. law. This is strictly prohibited and dealt with quickly and harshly.

Interstate gambling - because Internet traffic generally ignores state and country boundaries, any Internet based gambling site is restricted by Federal Inter-state gambling regulations.

Pyramid schemes or fraud - are illegal under a number of Federal, State and Local laws.

Theft of services - attempts to utilize services that are not contracted for is considered theft and will be dealt with as such.

Harassment - use of Maxis' Commerce network to harass or threaten (in the legal sense of those terms) any other person is prohibited.

Please consult an attorney if you are unsure of the legal status of your activities.

Do anything that threatens the integrity of Maxis' Commerce network or the utilization there of by other persons.

Denial of Service (DOS) attacks - no customer will commit a DOS attack against any Maxis Commerce customerâ(TM)s host, or any other host on the Internet. Similarly, no Maxis Commerce customer will willfully or negligently allow incitement of others to attack any host on Maxis' Commerce network, or any other host on the Internet.

Blacklists - No customer shall do anything that could get any portion of Maxis' Commerce IP space (or address space announced by Maxis Commerce on behalf of Customer) put on blacklists such the RBL (Realtime Black List) as maintained by MAPS (http://www.mail-abuse.com) or other similar organizations, or perform activities that would cause portions of the Internet to block mail or refuse to route traffic to any portion of Maxis' Commerce IP space (or address space announced by Maxis Commerce on behalf of Customer).

Perform actions that cause unusual load on Maxis' Commerce servers (for example, mail servers, web servers, usenet servers, name servers, etc.), that cause slowness or denial of service to other Maxis Commerce customers.

Do anything that threatens the Internet or any other network.

No customer shall take actions that cause any portion of the Internet, or the Internet as a whole, to become unusable to any other portion of the Internet, or the Internet as a whole.

No customer shall take actions that degrade the usefulness of the Internet, or any portion of the Internet, either through network degradation, flooding of usenet or email or so on.

Spam - No customer shall send unsolicited commercial email, unsolicited mass mailings, spam or flood usenet newsgroups, or anything of that sort. If you have questions about what is allowed and what is not, please email abuse@mccolo.com for clarification.

No spam may originate from Maxis Commerce IP space.

No spam may advertise sites or services located on Maxis Commerce IP space (even if the spam originates elsewhere).

No Maxis Commerce customer shall use third party mail servers to relay spam. This is considered a DOS attack on the third party and will be treated as such.

No customer shall participate in pyramid schemes or email chain letters.

Use of Maxis' Commerce facilities to provide software or lists for mass mailing unsolicited email is prohibited.

Furthermore, all Maxis Commerce customers must:

Maintain the following email addresses and respond promptly to all email sent to these addresses:

abuse@yourdomain.com

postmaster@yourdomain.com

Maintain and enforce on their clients an AUP similar in scope and intent to this document.

Maintain a policy requiring proper "From" and/or "Reply-To" headers for email and usenet postings.

Maintain proper security on their mail server, to prevent the mail server from being used as a "spam amplifier" by third parties. Servers must restrict "email relaying." (Not applicable to customers who do not maintain a mail server.)

Maxis Commerce reserves the right to terminate or interrupt any account in part or in full without refund for violation of these Acceptable Use Policy. In all but the most extreme or serious cases, good faith attempts will be made to resolve an issue without interruption of service. In cases where service has been terminated or interrupted, resolution will be handled on an individual case basis, at Maxis' Commerce sole discretion.

For further explanation of any portion this document, and the terms set herein, or to determine whether your intended activities are permissible under the terms of this document, contact us at abuse@mccolo.com

How much spam? (2, Insightful)

Rik Sweeney (471717) | more than 5 years ago | (#25733105)

So, how much spam does everyone get each day on average? I think I get between 5 and 8, not much by most people's standards I imagine it's still depressing to see.

I'll be interested to see if this number goes down in the next few weeks, but I doubt I'll notice.

Re:How much spam? (1)

gapagos (1264716) | more than 5 years ago | (#25733233)

My gmail account deletes all spam older than 30 days, and I never bother to go into that folder.
Considering I currently have 517 spam emails, that means I receive 517/30=17.23 emails of spam per day on average.

So yeah, quite a bit. I had this email address for a little bit more than 4 years.

Re:How much spam? (0)

Anonymous Coward | more than 5 years ago | (#25733391)

My gmail spam folder contains 35374 mails. I suppose I am a tad over average then...

Re:How much spam? (0)

Anonymous Coward | more than 5 years ago | (#25733555)

Yeesh...I've got over 12,000 in my Gmail box right now, or 400 per day. However one of the addresses I use there has been open since about 1990.

Re:How much spam? (1)

ed.mps (1015669) | more than 5 years ago | (#25733657)

my spam folder has 1146 currently, so I can say, 35 spam/day on average and the same 4 years apply to me

Re:How much spam? (2, Interesting)

SCHecklerX (229973) | more than 5 years ago | (#25733343)

You'd have to ask my greylist, mimedefang, and spamassassin filters, as most of it gets killed before even making it to the 3rd, which kills the rest. Stuff in that small threshold I allow, maybe 1-2 every couple of months gets through, and that's usually from a company I actually had done business with in the past.

Mimedefang rejections on dumb things at the helo/from stage, and greylisting kill most things without ever having to receive or process it.

Re:How much spam? (3, Interesting)

argent (18001) | more than 5 years ago | (#25733431)

So, how much spam does everyone get each day on average?

Well, according to my mail logs, my mail server that currently provides mail service for myself in the past 8 hours:

Has blocked 2879 messages, based simply on the IP address, using RBLs.
Has blocked 1013 messages, based on some early tests in mail delivery.
Has passed 176 messages on for further filtering, with my address. I haven't checked how many were to my wife or to invalid addresses. Typically that's several hundred an hour.

The next level of filtering:

Dropped 18 messages completely.
Filed 127 messages in the "probable spam" box, where they will be deleted within a week.
Delivered 31 messages to my home server.

Of those messages, about half of those were filed as "spam" by Apple's Mail.app.

That's pretty low by my standards. Good work.

Re:How much spam? (1)

Nursie (632944) | more than 5 years ago | (#25733609)

Depends on the account. One account I've had for close to a decade is inundated. I barely use it any more and deleted all the aliases I gave out to places I wasn't sure of, but it seems that the root address is on all the lists. It's unusable and I now check it about once a month to remove the two to three thousand spam messages that have accumulated.

My other accounts sit behind varying levels of spam filtering, rbl checking, SMTP validation, SPF, rDNS etc etc so not too much gets through. Thunderbird tends to eat the rest.

Re:How much spam? (1)

bipbop (1144919) | more than 5 years ago | (#25733627)

About 10,000. *sigh*

Re:How much spam? (2, Funny)

Ant P. (974313) | more than 5 years ago | (#25733651)

Zero. I stopped using email and can't say I miss it.

OMFG!! (5, Funny)

glock22ownr (734154) | more than 5 years ago | (#25733125)

MY SITE IS DOWN!! WTF !

Re:OMFG!! (0)

Anonymous Coward | more than 5 years ago | (#25733287)

The child porn one or the spam one?

Holy generic viagra batman! (1, Funny)

Drakkenmensch (1255800) | more than 5 years ago | (#25733191)

Does that mean that I will NOT be getting my millions of dollars from that friendly nigerian prince?

Registration? (1)

Hatta (162192) | more than 5 years ago | (#25733193)

The story, linked to from the story, linked to by slashdot requires registration. Anyone got a handy login?

Re:Registration? (0)

Anonymous Coward | more than 5 years ago | (#25733621)

http://www.bugmenot.com/view/washingtonpost.com

Re:Registration? (1)

compro01 (777531) | more than 5 years ago | (#25733691)

It's not asking me for a login (Could be as I'm Canadian and in Canada), but did you try bugmenot? [bugmenot.com] ?

BS. Not by volume. (3, Interesting)

suso (153703) | more than 5 years ago | (#25733207)

This couldn't be by volume. Given the amount of spam that everyone receives every day, I don't think a single ISP could possibly generate 75% of it. It would take multiple gigabit connections and I'm sure someone would have already noticed that kind of traffic coming from one place.

Re:BS. Not by volume. (4, Informative)

radish (98371) | more than 5 years ago | (#25733317)

RTFA. The ISP in question hosted the control points for the botnets which generated the spam. They didn't need crazy bandwidth, just solid hosting.

Re:BS. Not by volume. (3, Interesting)

suso (153703) | more than 5 years ago | (#25733491)

Ok, I did RTFA that slashdot posted too, but not the link inside the article. The initial article didn't mention anything about botnets and made it sound like it was the source of the spam.

What I don't like about this is that it gives normal people a false sense of security about the whole issue. The real issue is that governments aren't cracking down on people within their borders causing these problems including the U.S.

The Washington Post is not a security agency, they are a news agency. And when they do stuff like this they don't really have the right motives. Its just like those investigative reports that your local news channel does.

Slimy business practices have a way to continuing on despite everything, so in the wake of McColo it won't be long before we have a Colo King.

Evidence (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25733261)

Would have been nice if they posted the evidence they sent to the ISPs.

My personal experience (4, Interesting)

rwyoder (759998) | more than 5 years ago | (#25733281)

I use a procmail filter that sends mail from known addresses into my mailbox, and dumps everything else into a "garbage" file that I check every morning before deleting it, (on the off change that a friend or business has sent mail from a new address). This morning for the first time in *years*, the file was empty.

All well and good, but... (4, Interesting)

Time Ed (970465) | more than 5 years ago | (#25733303)

...once the folks who sell spam and porn find a hosting provider who turns a blind eye, they tend to stick with it and consolidate their operations. Paying attention to Spamhaus and the more reliable botnet trackers tells me where these operations are located, and helps me write good gateway filters for my employer, my house, and my friends. Cutting off internet access tends only to disperse the nere-do-wells rather than stop them, and I have to start over again tracking and writing new filters. In other words, I like to know where these guys hang out so I can avoid them, the same way I avoid the riff-raff in the physical city where I live.

I think its great that someone is doing something about the problem, but I don't think it should be the ISP. We already have laws against spam and certain porn, and it should be up to the government to enforce those laws. Vigilantism is never the answer.

The tried-and-true way works: if you have evidence, take it to the police. If the police won't do anything, take it to the press. Sure it takes a little longer, but it keeps - in this case your internet connection - safe from the Random Crusader. And the criminals may actually get arrested.

Less spam? (1)

Huwawa (923056) | more than 5 years ago | (#25733347)

Who's going to email me now?

I mostly get "nigerian scam" emails (1)

jonwil (467024) | more than 5 years ago | (#25733367)

Most of what I tend to see in my inbox (or SeaMonkey junk folder) are various variants of the "Nigerian Scam". I dont see all that much actual commerical spam for some reason.

Re:I mostly get "nigerian scam" emails (1)

Mazzie (672533) | more than 5 years ago | (#25733471)

Same here. I get about 40 or 50 "negerian" type spams, 5 to 10 spams with what looks like asian characters in the title, 4 or 5 viruses and maybe 2 or 3 misc spams for things like Viagra and warez.

Must be back online already (1)

Scutter (18425) | more than 5 years ago | (#25733399)

I haven't seen so much as a slight dip in spam-per-hour on any of the spam filters I manage.

Spam graph way down (3, Informative)

ESCquire (550277) | more than 5 years ago | (#25733525)

For all those who don't believe that a single ISP can be responsible for this amount of spam: take a look at the munin graph [imageshack.us] from our spam scanner. When I looked at it in the morning I went "huh, did I misconfigure something on our mail server?", didn't find anything, went to Google News and submitted to /. shortly after that.

Ep!u? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25733537)

less? (1)

revisionz (82265) | more than 5 years ago | (#25733545)

Seems like every time there is a story about a spammer getting shut down , the amount of spam that I get increases.

The spam solution... (1, Insightful)

Cesaro (78578) | more than 5 years ago | (#25733579)

The problem with spam isn't that people send out 35 billion emails... it is that SOMEONE out there is clicking on it. They just need one person out there to respond and they have made money...

The correct solution to this spam problem is to keep these places up. Find out who it was that actually responded and either
1) Go educate them about what they're doing
2) Show them how to shop on their own for hair growth and penis enlargement
3) Take away their internet connection

If they weren't making any money, they wouldn't be doing it.

It is like prostitution... Prostitution doesn't exist for the sake of existing. It exists because people will pay for sex. If everyone, everywhere stopped visiting prostitutes then there wouldn't be prostitutes for very much longer. They would have to get other jobs to survive.

Re:The spam solution... (1)

Nursie (632944) | more than 5 years ago | (#25733667)

"If everyone, everywhere stopped visiting prostitutes then there wouldn't be prostitutes for very much longer. They would have to get other jobs to survive."

Good luck with that. Just like the drink and drug issues. All we need is for people to stop using them and then the problems go away. Unfortunately, humans like those activities. I don't think it's really a good analogy to spam/phishing/scams/botnets/child porn though, which are out'n'out criminal activites with victims and everything.

IAAL (2, Funny)

Anonymous Coward | more than 5 years ago | (#25733641)

I have been retained as the attorney for the Hormel Foods, LLC. I feel that you shutting down 75% of global spam violates free trade. Please cease and desist from shutting down global spam or Hormel will have no other option but to sue for punitive damages.

Now how long before the void is filled by another (0)

rodney dill (631059) | more than 5 years ago | (#25733679)

THIS SPACE FOR RENT!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...