×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Cracks "Largest Phishing Case Ever"

CmdrTaco posted more than 4 years ago | from the inbox-still-full-of-spam dept.

Security 132

nk497 writes "The FBI and Egyptian authorities have arrested 100 people in what they're calling 'the largest international phishing case ever conducted' as part of a wide-scale investigation called Operation Phish Phry. The criminals used phishing to get access to hundreds of bank accounts, stealing $1.5 million. 'This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands of bank customers,' said Acting US Attorney George S. Cardona."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

132 comments

That was fast (5, Funny)

Bob_Who (926234) | more than 4 years ago | (#29679761)

....talk about damage control!

Re:That was fast (2, Insightful)

erroneus (253617) | more than 4 years ago | (#29679863)

I think it goes to show what being personally involved and affected can do to job performance at the FBI. The previous story talks about why the FBI head guy doesn't do online banking... he was almost fooled by this sort of scammer. Suddenly they apply the weight of their position against the problem and come up with results.

So when it comes to the many, many things that aren't be accomplished, I have to wonder if it's because they don't care.

Re:That was fast (5, Insightful)

justinlee37 (993373) | more than 4 years ago | (#29680365)

If you had read the article, you'd notice that the FBI have been working on this particular case since 2007. The story about Mueller nearly falling for a phishing scam is from 2009. I don't think the two events have anything to do with each other.

Classic boss scenario (2, Insightful)

thijsh (910751) | more than 4 years ago | (#29680507)

Have you learned nothing at your work? The FBI was 'on the case' since 2007, probably outsourced the real work to some poor suckers in IT and just sat on their asses for two years. Until Mueller gave them an angry call why he was still being phished while they were 'fixing the problem'. From that moment they had to produce results fast to please the boss... they probably just arrested the first guys on the watch list compiled in 2007.

Re:Classic boss scenario (1)

BrokenHalo (565198) | more than 4 years ago | (#29682489)

they probably just arrested the first guys on the watch list compiled in 2007.

In which case, I hope for the sakes of the ~100 people they've nailed so far that they managed to skim more than $1.5M between them. If they're all involved in the same scam, that's only $150K each, which is pretty much peanuts nowadays.

If I were likely to do the same time in PITA jail for stealing $100 as I would for $100*10^6, I'd make damn sure I did the latter.

Re:That was fast (0)

commodore64_love (1445365) | more than 4 years ago | (#29680505)

>>>I think it goes to show what being personally involved and affected can do to job performance at the [government]

You think it's coincidence that the roads leading into and out of D.C. are the smoothest in the whole nation? People in power fix what affects them directly, give a passing notice when constituents complain, and ignore all else. (Which is a good argument for why power & politicians should be concentrated *at home*, rather than 2000 miles away in some central capital.)

Re:That was fast (2, Informative)

Coren22 (1625475) | more than 4 years ago | (#29680663)

You're joking right? I can't say I would call them exactly smooth, though they do get repaired on a regular basis.

Re:That was fast (1)

commodore64_love (1445365) | more than 4 years ago | (#29681751)

Perhaps it's because you've never driven anywhere else? DC's I-95, I-295, I-66, and I-270 are like glass compared to the terrible pothole-ridden interstates leading into or out-of Philadephia, New York, Boston, Chicago, Seattle.

And the absolute worst interstate I've ever driven was I-40 through Oklahoma City which feels like your car's going to shake to pieces. The highways/interstates leaving D.C. truly are the best in the whole nation, because that's the center of power and Congressmen would not stand for poor quality roads ruining their cars' suspensions.

Re:That was fast (1)

justthinkit (954982) | more than 4 years ago | (#29681401)

The counterpoint to this is that "the cobbler's children have no shoes". In this case, the Washington big boys could care less about local roads while they are trying to bring back billion contracts to their home states.

Re:That was fast (0)

Anonymous Coward | more than 4 years ago | (#29681761)

You have obviously never actually driven around the DC area before. The roads are not that smooth. And why would a politician from out of state care about the roads in DC? They are all too busy trying to get pork barrel projects approved for their home states. They don't give a rat's ass about DC or it's roads.

Re:That was fast (5, Funny)

A. B3ttik (1344591) | more than 4 years ago | (#29679887)

Lets set up our e-mail accounts to forward all Spam to the head of the FBI. If this story is any indication, it shouldn't take more than 45 minutes to get rid of the problem.

Re:That was fast (5, Insightful)

Jurily (900488) | more than 4 years ago | (#29680135)

Your post advocates a

( ) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:That was fast (2, Insightful)

Anonymous Coward | more than 4 years ago | (#29680305)

You have a lot of time on your hands, don't you?

Re:That was fast (4, Funny)

xonar (1069832) | more than 4 years ago | (#29680425)

You must be new here

Re:That was fast (3, Informative)

Antiocheian (859870) | more than 4 years ago | (#29680789)

But "here" was new as well (actually non existing) when these forms first appeared on the Usenet.

This particular form is quite right and not just funny.

There are others, especially of flamebaiting nature, which are really creative.

Re:That was fast (0)

Anonymous Coward | more than 4 years ago | (#29681053)

haha that's been copied to different topics for ages he didn't just write it up himself. Besides this is /. none of us really work we just edit wiki's and rate boobs while our pet monkeys move papers from the in to the out box for us.

Re:That was fast (0)

Anonymous Coward | more than 4 years ago | (#29681177)

Doesn't take much time to copy [slashdot.org] and paste...

Re:That was fast (1)

ais523 (1172701) | more than 4 years ago | (#29681829)

( ) Asshats

There must be something wrong with you: I've never seen one of these forms before where "Asshats" wasn't ticked.

Re:That was fast (0)

Anonymous Coward | more than 4 years ago | (#29681995)

Mmmmm, I smell delicious CopyPasta!

Is this related to the next story? (2, Interesting)

ubrgeek (679399) | more than 4 years ago | (#29679809)

The one about "Why the FBI Director Doesn't Bank Online"?

Re:Is this related to the next story? (3, Insightful)

olsmeister (1488789) | more than 4 years ago | (#29679835)

I guess when the big dog nearly falls for the scam himself, resources magically get devoted to the case.

Re:Is this related to the next story? (1)

confuto (1453393) | more than 4 years ago | (#29680257)

Memo to self: Don't Mess With The FBI

Re:Is this related to the next story? (2, Insightful)

Mister Whirly (964219) | more than 4 years ago | (#29681795)

Additional memo: hire idiots to be the head of major organizations. Then when they almost fall for stupid scams, things will actually get done to help prevent them in the future.

Re:Is this related to the next story? (1)

jacktherobot (1538645) | more than 4 years ago | (#29679905)

The moral of the story is that we can eliminate all spam and phishing by signing Robert Mueller up on every spam list we can find.

Quick! (3, Funny)

bryanp (160522) | more than 4 years ago | (#29679891)

Someone tell the FBI director it's safe for him to log on again.

Re:Quick! (3, Funny)

The New Andy (873493) | more than 4 years ago | (#29680021)

What's his email? I'll send him a link so he can reactivate his account and get going again.

Re:Quick! (4, Funny)

L4t3r4lu5 (1216702) | more than 4 years ago | (#29680209)

Don't forget that he'll need to re-validate his security credentials at http://confirm.credentials.here.genuine.yourbank.fsdnp4895.imgonnagetyourmoney.com/bankbanksecurity.html [imgonnagetyourmoney.com]

Re:Quick! (5, Insightful)

TheRaven64 (641858) | more than 4 years ago | (#29680581)

http://confirm.credentials.here.genuine.yourbank.fsdnp4895.imgonnagetyourmoney.com/bankbanksecurity.html [imgonnagetyourmoney.com]

Am I the only one that thinks it's sad that Slashdot's code for avoiding accidental goatse clicks is better than many mail client's code for avoiding having someone steal all of your money?

Re:Quick! (1)

aztracker1 (702135) | more than 4 years ago | (#29681615)

Honestly, I don't know why mail readers don't simply disable, or not link to urls with more than 3 dots in the hostname portion, or are an IP address. I mean, is there *REALLY* a need to have more than four points in a domain for an emailed URL... sub.section.your.domain is enough... if there's more, you can always copy/paste, but this might get people to think twice, not to mention catch the people who paste URLs into their google/yahoo/bing search page instead of the URL input.

Re:Quick! (1)

ais523 (1172701) | more than 4 years ago | (#29681905)

The homepage of the place I currently work has four dots: "www.department.organisation.secondleveldomain.country". Of course, pretty much everyone here will know that it's hugely crazy that the site doesn't work without the www, but there's often legitimate need for URLs like those. (You probably forgot that country codes are used in many non-american domains...)

Re:Quick! (1)

troll8901 (1397145) | more than 4 years ago | (#29681997)

How about this?

  http ://www.yourbank.com@mydomain.com/bankbanksecurity.html ?

Does it pass the "more than 3 dots" test?

Re:Quick! (0)

Anonymous Coward | more than 4 years ago | (#29680239)

robert.mueller@ic.fbi.gov

Re:Quick! (0, Flamebait)

elrous0 (869638) | more than 4 years ago | (#29680719)

It's probably best that he stay off the internet. Of course, it's probably also best that he not be the head of the FBI either.

Best use of money? (2, Interesting)

yamfry (1533879) | more than 4 years ago | (#29679907)

They spent 2+ years of US and Egyptian government resources to prosecute 100 people for tricking other people out of 1.5 million dollars. They will spend more resources on each of the 100 peoples' court cases. If their cases hold up in court they will spend more government resources to keep them in jail for up to 20 years each. They didn't state a dollar amount spent on this initiative in TFA, but wouldn't it be more efficient to use that money to educate online banking users on how to avoid phishing scans?

Re:Best use of money? (3, Insightful)

Kokuyo (549451) | more than 4 years ago | (#29679977)

Thereby teaching people it's okay to scam away as long as they just get a few million out of it. So when about a thousand different people do it independently, you're looking at total damages of 1.5 BILLION all of a sudden.

Sure, hte effort cost a lot of money but imagine what would happen if people started to believe they can get away with this sort of thing.

They can't? (1)

cmseagle (1195671) | more than 4 years ago | (#29681613)

It took 2 years to build a case against 100 of these people, and I'd be incredibly surprised if 100 people even amount to 1% of all phishers. I'd say that that the other 99% have pretty much gotten away with it.

Re:Best use of money? (1)

Krneki (1192201) | more than 4 years ago | (#29680019)

but wouldn't it be more efficient to use that money to educate online banking users on how to avoid phishing scans?

If the FBI director (almost) falls for it, what are the chances Joe will spot the difference?

The techniques used gets better and better and you really must know what you are doing and be focused to avoid the scam. But maybe a better technique would be to give banks a rating, so we know which one has the highest amount of successful online scams.

Re:Best use of money? (2, Interesting)

Bigbutt (65939) | more than 4 years ago | (#29680211)

I'd expect higher level managerial types to be just as likely as the average Joe on the street really. There's nothing technically special about managers. Heck, my wife has been just as close to falling for a phishing scam. Maybe he has a postit note on his monitor too. The one that says "Don't click on links in e-mails!" :)

[John]

Re:Best use of money? (1)

craagz (965952) | more than 4 years ago | (#29680509)

Maybe because the managerials types are from another generation. Not used to the varied ways of the tubes.

Re:Best use of money? (1)

Bigbutt (65939) | more than 4 years ago | (#29680715)

Well, perhaps the higher level ones like Mueller. He's likely 15 years or so older than me.

[John]

Re:Best use of money? (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#29680255)

The old boss of GCHQ [wikipedia.org] was Director of Personnel and Director of Finance before taking over the top job for the Home Office. Consider; He only has to be a good manager / director, not a good intelligence expert.

Re:Best use of money? (1)

morgan_greywolf (835522) | more than 4 years ago | (#29680319)

If the FBI director (almost) falls for it, what are the chances Joe will spot the difference?

You're right. Joe Sixpack is much smarter than the director of the FBI.

Re:Best use of money? (0)

Anonymous Coward | more than 4 years ago | (#29681141)

You're pretty smug for someone who just had their password stolen by me.

Re:Best use of money? (2, Insightful)

thepooh81 (1606041) | more than 4 years ago | (#29680043)

This is a great point. Although educating online banking users might not be the answer. Why don't banks have a 2-phased authorization type system (i.e. What you have and What you know)? I would gladly pay $5-$20 to have a PRNG pass-key (What I have) used in conjunction with a PIN (What I know) and have a more secure online banking system.

INGDirect uses a fairly good system by having a personalized phrase & picture displayed every time you log in while you click on the number images to input your PIN to bypass keyloggers. it's still relying on Joe Schmoe to actually pay attention to the picture and phrase every time they visit the site. Thus, it's still susceptible to social engineering. The above mentioned 2-phased is a better solution IMO.

Re:Best use of money? (2, Interesting)

Hinhule (811436) | more than 4 years ago | (#29680205)

My bank has had this for years.

To log on you enter your SSN, you get a random number. You take your pass generator, enter the pin then the random number number. You get a new number which you use as the password.
Also, new recipients must be authenticated in the same way, which makes it much less likely a program running on your computer can add a transaction once you have logged on.

Re:Best use of money? (1)

Pentium100 (1240090) | more than 4 years ago | (#29680541)

Both of my banks have this, however, the basic service is a card with 20-30 passwords on it.
To log in, you need to type your user number, regular password and one password from the card. 3 failed attempts and your access is blocked (you need to go to the bank to reactivate it).
If you want to transfer money to some account that does not belong to you, you also need to enter one password from the card.

For some money you can get a password generator which you use instead of the card.

Re:Best use of money? (1)

adavies42 (746183) | more than 4 years ago | (#29681181)

my world of warcraft account is now more secure, courtesy of the iphone authenticator, than my real bank account. this is pathetic.

Re:Best use of money? (0)

Anonymous Coward | more than 4 years ago | (#29680921)

Schneier:

I've met users, and they're not fluent in security. They might be fluent in spreadsheets, eBay, or sending jokes over e-mail, but they're not technologists, let alone security people. Of course, they're making all sorts of security mistakes. I too have tried educating users, and I agree that it's largely futile.

http://www.schneier.com/blog/archives/2006/08/educating_users.html

Re:Best use of money? (1)

shentino (1139071) | more than 4 years ago | (#29681045)

You forgot to take into account the number of thefts that WON'T happen because of one of the following:

1) assholes who are sent to jail and knocked out of the fraud business by virtue of being behind bars
2) would-be assholes who get spooked out of the fraud business by virtue of being scared of going to jail

Jurisdiction (5, Funny)

TwistedGreen (80055) | more than 4 years ago | (#29679983)

Shouldn't this have been handled by the Department of Phisheries?

Re:Jurisdiction (1)

NoYob (1630681) | more than 4 years ago | (#29680077)

I think it's be the NOAA [noaa.gov]

Sorry, didn't mean to be a pedant, but I was curious exactly who regulates the fisheries.

There are so many Government agencies that regulate shit, it's hard to keep track and it does occasionally come in handy - like when a bank screws you the folks that they are afraid of is the Office of the Comptroller of the Currency. occ.treas.gov [treas.gov]

Re:Jurisdiction (2, Funny)

morgan_greywolf (835522) | more than 4 years ago | (#29680331)

There are so many Government agencies that regulate shit

No, I think that would be your local government/water utility.

Re:Jurisdiction (1)

CarpetShark (865376) | more than 4 years ago | (#29680813)

Shouldn't this have been handled by the Department of Phisheries?

Rather than the current Department of Philistines?

Osama Bin Laden captured! (-1, Offtopic)

PinkyDead (862370) | more than 4 years ago | (#29680141)

He was sleeping with the FBI director's wife.

Re:Osama Bin Laden captured! (0, Offtopic)

Starayo (989319) | more than 4 years ago | (#29680693)

Found hiding in the closet after director came home early?



...New headline. Bin Laden comes out of the closet! Hee hee.

Operation code name (2, Funny)

Danathar (267989) | more than 4 years ago | (#29680177)

I think Fried Phish would of been better.

Re:Operation code name (0)

Anonymous Coward | more than 4 years ago | (#29680307)

Dude, it is the FBI, they have to be all formal and stuff... so add Operation before it and we're green to go.

I finally know how we can win the "war on terror"! (1)

elrous0 (869638) | more than 4 years ago | (#29680191)

We just wait for the Al Quaida to attack the FBI director and the FBI will finally start to bring them down the next day.

Largest phishing case ever? (1)

Magrovsky (883765) | more than 4 years ago | (#29680217)

There was a guy arrested in Brazil a couple of years ago that scammed over 10 million dollars.

New Mail (0)

Anonymous Coward | more than 4 years ago | (#29680285)

CONFIDENTIAL:
Dear Sir,

Good day and compliments. This letter will definitely come to you as a huge surprise, but I implore you to take the time to go through it carefully as the decision you make will go off a long way to determine the future and continued existence of the entire members of my family. Please allow me to introduce myself. My name is Dr. (Mrs.) Alexandria Massri, the wife of the head of state and commander in chief of the armed forces of Egypt who arrested by FBI on the 8th of October 2009.

My ordeal started immediately after my husband's arrest on the morning of 8th October 2009. FBI is determined to portray all the good work of my husband in a bad light and have gone as far as confiscating all my late husband's assets, properties, freezing our accounts both within and outside Egypt.

My husband has $1.5 Million USD ($1,500,000.00) specially preserved and well packed in trunk boxes of which only my husband and I knew about. It is packed in such a way to forestall just anybody having access to it. It is this sum that I seek your assistance to get out of Egypt as soon as possible before FBI finds out about it and confiscate it just like they have done to all our assets.

I implore you to please give consideration to my predicament and help a woman in need.

May Allah show you mercy as you do so.

Your faithfully, Dr (Mrs.) Alexandria Massri.

Hope those 'BOA' Phishes I forwarded helped (2, Interesting)

david.emery (127135) | more than 4 years ago | (#29680303)

I was pretty religious about forwarding all the phishing emails I got purporting to be from Bank of America to BOA's fraud line.

Lately I'm getting swamped by IRS phishes "notice of underreported income" (perhaps 100 of them so far), that I've been sending to the phishing mailbox at irs.gov. Hopefully that'll help close that particular scheme.

How about capital punishment for widespread internet fraud???

Re:Hope those 'BOA' Phishes I forwarded helped (2, Funny)

Java Pimp (98454) | more than 4 years ago | (#29680951)

Lately I'm getting swamped by IRS phishes "notice of underreported income" (perhaps 100 of them so far), that I've been sending to the phishing mailbox at irs.gov.

Wait... those aren't Phishes... I was doing the same thing for a while... then the IRS just started showing up at my house in person. They didn't buy it when I tried telling them I thought someone was trying to scam me... Bad times those were... Bad times...

Re:Hope those 'BOA' Phishes I forwarded helped (1)

Gilmoure (18428) | more than 4 years ago | (#29681017)

Yeah, I keep getting some kind of phishing email saying it's from Southwest Airlines and that the TSA wants me to 'update' my info.

Yeah, I'll get right on that one.

Save us from the real criminals (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#29680369)

Seriously, 1.5 million? That's a drop in the bucket to the waste the government has been doing the last few years.

Billion is the new million, but they think 1.5 million was a big bust? Give me a break.

I, alone, could pay that off in my lifetime. The money our own government stole from it's people over the last two years alone will take lifetimes of tens of millions of hardworking Americans to pay off.

Codename (4, Funny)

MBGMorden (803437) | more than 4 years ago | (#29680371)

I swear I would have never believe that the FBI had it in them to pick a name as cool sounding as "Operation Phish Phry".

Re:Codename (0)

Anonymous Coward | more than 4 years ago | (#29682231)

I like FBI operations naming,from wikipedia [wikipedia.org]

Operation Buccaneer

"law enforcement agents in six countries targeted 62 people suspected of software piracy, with leads in twenty other countries."

Operation D-Elite:
"Operation by agents of the FBI and U.S. Bureau of Immigration and Customs Enforcement against leading members of EliteTorrents"

And the fameous Operation Sundevil

Only $1.5 million? (0)

Anonymous Coward | more than 4 years ago | (#29680411)

Only $1.5 million? Sounds like a small time ring to me. If I were inclined to do so, I could pull that off in two weeks with an organized ring of Cracker Barrel waitresses.

Start charging (2, Insightful)

m0s3m8n (1335861) | more than 4 years ago | (#29680455)

This is not a popular idea and most say it is a fail, but we need to start charging for each email sent, not much, but enough so that zombie box owners will wake up when their next monthly bill arrives. But the email charge must be ultimately paid by the ISPs who are the actual gateways onto the net. This way they too have an incentive to stop the flow of spam. And since the ISP must pay or be disconnected, third-world spam would dry up too. Use the money generated for backbone maintenance/improvement. Flame on.

Re:Start charging (0)

Anonymous Coward | more than 4 years ago | (#29680827)

but we need to start charging for each email sent

Between 'people' and 'spammers', that would only solve the problem in that no person could afford to send email, and all spammers can. So yes, removing everyone BUT the spammers from using email would kinda sorta solve the problem, but no more than just everyone shutting down every mail server on the same day.

But the email charge must be ultimately paid by the ISPs who are the actual gateways onto the net.

So two ISPs are sharing data between eachother (email) and no one else is involved. Who exactly is to charge this fee? Why should the ISPs bother paying?

It is also unmaintainable, as other ISPs will simply advertise their main advantage of "No per charge email!" and get a flock of new customers from the ISPs that do.

If you understood the basis of how email and packet switched networking worked, you would realize there is no possible way to do what you suggest short of fully killing email off, and even then, it only takes two people to ignore your rules and run their own mail servers to freely email each other. One day, one of those two will send an email to the other which the other did not want, and you are back to the same spamming problem as now.

Re:Start charging (1)

aztracker1 (702135) | more than 4 years ago | (#29681685)

I still say require the sender's email domain to match credentials in DNS.. hard SPF rules basically... then combined with black/white-lists it could get better... if MS, Yahoo, Google, and a few of the larger ISPs would get together and require strong SPF records, rejecting mails without them it would get implemented fairly quickly. Of course none of them can make money off of everyone else using this concept so they'll never do it...

Re:Start charging (0)

Anonymous Coward | more than 4 years ago | (#29681131)

You don't need to actually charge money to make this useful, you can charge CPU cycles. If you charged each email some number of available CPU, and approx 10 seconds of real time to be sent, then mass mailing spambots would cease to be useful as their CPUs become full and the time it took to mass spam millions of messages would exceed allowable time.

It obviously would not put an end to such things but it would significantly curtail.

Re:Start charging (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29681133)

Your post advocates a

( ) technical ( ) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Start charging (0)

Anonymous Coward | more than 4 years ago | (#29681237)

Wouldn't it be better to force the digital signing of emails in order to ensure that the sender is indeed the person it claims to be?
After all websites uses certificates (although the current implementation is flawed).

If we're really progressive, we could also force the encryption of the email, which would also ensure the confidentiality of our conversations (better safe than sorry?).

Re:Start charging (0)

Anonymous Coward | more than 4 years ago | (#29681347)

Your post advocates a

( ) technical (X) legislative (X) market-based () vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

() Sorry dude, but I don't think it would work.
(X ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Start charging (1)

spidkit (992102) | more than 4 years ago | (#29681443)

We already get a bill for internet services. It's not complicated to send each email account holder the total quantity of emails sent as part of their monthly bill. Surely that approach should twig a compromised machine owner to action if their box sent 1000's of emails.

Re:Start charging (1)

Luthe_Faydwire (700369) | more than 4 years ago | (#29681869)

Very small amounts of the spam is sent though the ISP mail gateway. To get a mildly accurate number the ISP would need to deep packet inspect all traffic to the standard mail gateways ports. While this is possible there is very little immediate benefit to the ISP. As the infrastructure cost is immediate most ISPs only deploy a trial to benchmark the system before abandoning the project.

I am also fairly sure that most people only glance at their bills for the amount due.

even just a fraction of a penny would work (1)

circletimessquare (444983) | more than 4 years ago | (#29681467)

then take all that cash, and invest it in third world communication infrastructure. that should shut the critics up

Re:Start charging (0)

Anonymous Coward | more than 4 years ago | (#29681921)

Sorry, but I have to comment arrogantly to your post enumerating the different flaws of your reasoning; interpret this as an attempt to make you rethink this.

[...] enough so that zombie box owners will wake up when their next monthly bill arrives. But the email charge must be ultimately paid by the ISPs who are the actual gateways onto the net.

This contradicts itself. Or the client pays, or the ISP pays.

But the email charge must be ultimately paid by the ISPs who are the actual gateways onto the net

This way ISPs will have also an extra reason to undermine net neutrality (the how is left as a trivial exercise to the reader).

And since the ISP must pay or be disconnected, third-world spam would dry up too.

Yes, let's get the United States (which is ATM the authority over ICANN) to collect taxes from the poorest countries and limit their freedom of expression; I'm sure that would help with your popularity, and respected everywere.

Use the money generated for backbone maintenance/improvement.

You've screwed it a lot, so I guess a bit of state intervention is just mildly annoying at this point. But I guess is futile to collect taxes from ISPs, when you're going to pay them later.

Yeah, right (0)

Anonymous Coward | more than 4 years ago | (#29680493)

Sure it was the "largest phishing case ever". Just how long was it again? Some phish story.

Wouldnt it be nice... (1)

Zantac69 (1331461) | more than 4 years ago | (#29680609)

...if the offenders are stuffed and mounted. Maybe they can be implated with cheesey electronics and form a choir of Billy Bass!

Poor Phish (the band) (0)

Anonymous Coward | more than 4 years ago | (#29680625)

Poor Phish (the band)
Their name is forever ruined.

What actually happened (1)

gaspyy (514539) | more than 4 years ago | (#29680985)

Contrary to popular opinion on Slashdot, I believe the Mueller story was a classic bait to raise interest and to be followed by this real story.

Think about it - mainstream media ignores tech stories or buries them somewhere no one reads them. Meanwhile, stories about people affected by a problem are always given prominence.

Let me put it this way:
1. Put out a sensationalistic story about how no one (not even the head of FBI) is safe from phishing - raise fear, uncertainty and doubt.
2. Get the real story out about FBI catching phishers. The media will link the two, where otherwise the real story would have gone unnoticed.
3. Profit! (Bonuses, awards, whatever)

Problem with this business model is... (2, Interesting)

hesaigo999ca (786966) | more than 4 years ago | (#29681113)

They let this go on, because they think the cost of ruining a few lives is ok, as long as in the end they make their bust and all is ok in coptown. Problem is , real time transactions are happening while they study the case, and letting 1.5 million slip through in order to follow the trace back to the top. Like a guy holding a camera while someone is being mugged by a lynch mob and doing nothing, should there not also be consequences especially when FEDS (of all people) let something like this happen,
when they have the power to stop it in its tracks....instead of letting it go on, and on, how long was this case going on for...?

Hard decisions, but sometimes the ends do not justify the means.
I had a ticket once for running through a stop sign, although it was covered almost 100% behind a tree, as I mentioned this to the cop, they told me to just say that in court as they knew many people would run through, instead of just telling the city to fix the problem....however I felt very frustrated, should there have been a kid playing nearby and I had not seen the sign, I would have maybe run him over by accident, then the cop would have been responsible for his life being lost, because instead of directing traffic (like when an intersection is burned out) they were using the hidden stop sign to generate revenue....very depressing!

4 sale: the ultimate credit card collection (1)

Skapare (16644) | more than 4 years ago | (#29681293)

The ultimate credit collection is now for sale. For 10 million dollars ($10,000,000.00), plus $500,000 copying and media fees, you can be the exclusive buyer of this collection. That's right. This is the ULTIMATE credit card number collection. There is no collection any larger. Only ONE copy will be sold to the lucky buyer. This is actually a lower cost than any other offer by any other credit card list provider. This is an amazing 10 million (10,000,000) card numbers per penny ... a total of ten quadrillion credit card numbers. And it can all be exclusively yours if you send the payment within 24 hours.

Old School Rap, Vol 5 (1)

LoudMusic (199347) | more than 4 years ago | (#29681333)

Are you down with the O.P.P.?

O is for Operation, P is for Phish don't you know,
The last P, well that's not so simple bro ...

Operation Phish Phry???!!! (1)

smilnrt (1648147) | more than 4 years ago | (#29681565)

My goodness that is about as dumb as an undercover officer wearing one of those tee-shirts that says "Police" on it! I mean, if I were into malicious computer activity, (disclaimer: I am not involved in malicious computer activity, nor do I condone or recommend it, and know of no one who is, nor have I ever knowingly engaged in it) I sure as heck would not name my activity after what I am doing. Let's call it the "Biggest Worm Ever", think we'll get caught???!!! Dumb, just palin (not a typo) dumb!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...