Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Password Gropers Hit Peak Stupid, Take the Spamtrap Bait

Unknown Lamer posted about a month ago | from the bad-strategy dept.

Security 100

badger.foo (447981) writes Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're taken from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally hit Peak Stupid.

cancel ×

100 comments

Sorry! There are no comments related to the filter you selected.

This guy might be overvaluing his files (5, Interesting)

damn_registrars (1103043) | about a month ago | (#47662621)

I expect his file was probably indexed by a search engine (he does talk about it fairly often in his blog) and the botnet found it there. The botnet isn't smart enough to know that the email addresses aren't real - it only knows they are valid - so it went ahead and went for it. Hell if you were looking to compromise email addresses for your own nefarious purposes and had a small army of compromised PCs to attempt the password hacking, you wouldn't care if you were attempting to access valid addresses or not.

Re:This guy might be overvaluing his files (-1, Offtopic)

arth1 (260657) | about a month ago | (#47662935)

Right, it is irrelevant for the spammer. He's not using his own resources. Whether he sends e-mail to a million real and a million fake addresses, or to a million real and two million fake ones does not matter.

What's "peak stupid" here is the submitter not understanding how spamming works before posting on it.

Re:This guy might be overvaluing his files (3, Insightful)

BitZtream (692029) | about a month ago | (#47663027)

As if you understand how spam prevention works.

What happened here is that the spammers have turned over the fingerprint of their spam directly to the spam stoppers. By emailing these particular addresses they are directly supplying information that can be used to block spam. They don't need to 'confirm' these messages are spam, THEY ARE SPAM, by definition. They don't need to wait for several people to report them as spam, they don't need to manually inspect them or weight them as 'potentially spam'.

Spam one of these addresses then:
Your host is instantly on a blacklist in most cases.
URLs in the message are ranked as high probability of spam
The message is fingerprinted and added to anti-spam software

All of that without any user actually having to report it as spam, and thats just the simple stuff that happens.

This is EXACTLY WHY this list is online, to catch stupid spammers who aren't careful enough to avoid these addresses.

Its working EXACTLY AS DESIGNED. Hitting just one of these fake addresses can save it from hitting MILLIONS of real addresses.

So before calling someone else stupid, look in the mirror, you're at peak ignorant.

How fucking stupid are you (4, Informative)

Mr 44 (180750) | about a month ago | (#47663283)

This is great news for stopping this particular batch of spam.

You just posted the same point twice in this thread, and its completely wrong both times, and shows a total lack of reading comprehension on your part.

They are NOT emailing these addresses, they are attempting to log in to them.

Read the fucking summary, at least. You are what's wrong with the internet.

Re:How fucking stupid are you (0)

Anonymous Coward | about a month ago | (#47664843)

No, YOU are what's wrong with the internet.

Re:How fucking stupid are you (0)

Anonymous Coward | about a month ago | (#47665573)

No, I am what's wrong with the internet.

Re:How fucking stupid are you (3, Insightful)

Zeromous (668365) | about a month ago | (#47664857)

Mister44, it doesn't matter if it's for mail or for passwords, the result is the same. It is using hacker's automation to automate blacklists. Parent is not wrong, just misstated.

Re:How fucking stupid are you (0)

Anonymous Coward | about a month ago | (#47665291)

And if you automate your spam classifer without sanity checking the list it makes, you open yourself up to polluting the list by someone sending valid harvested emails to the SPAM list.

As the article mentioned, automating automation can go very wrong. The broken login bots from teh article are one example. Automatically updating email blacklists based on data from users is another.

Never trust two things in computing: the automated automation of processes and user input*. The comment from BitZtream on using this for automatic blackhole list maintenance manages to combine both.

* And a salsemen who didn't pass Algebra, but that's another joke.

Re:How fucking stupid are you (0)

Anonymous Coward | about a month ago | (#47667195)

why are you so angry and full of hatred and loathing?

you are a troll, the very thing that is wrong with the internet.

Re:This guy might be overvaluing his files (0)

arth1 (260657) | about a month ago | (#47663647)

Why is this "insightful"? By the time the spam is processed by the trap and is blacklisted, the million e-mails have already been delivered.
The next time the spammer sends e-mail, it will be a different e-mail, so the existing rule won't trigger.

The only real effect this has is adding fat to the spam checkers, making mail delivery slower for everyone. Except the spammer.

Re:This guy might be overvaluing his files (1)

Anonymous Coward | about a month ago | (#47664383)

Seems one could really screw with legitemat business by "registering" using one of the spam-trapping addresses.

Re:This guy might be overvaluing his files (4, Insightful)

s13g3 (110658) | about a month ago | (#47664633)

I designed a honeypot built on similar principles at the last data center I worked for, whereby I had at least two different VM's comprising at least two different OS' on each and every subnet on our network.

Using a custom implementation of PSAD and a bunch of PERL, the basic idea was that any time a specific IP (external *or* internal) scanned more than eight ports per IP across two or more subnets, it was unquestionably an illegitimate scan of our network, and the IP originating the scan in question was immediately submitted for null routing, because nobody could possibly have a legitimate reason for doing such a scan.

Port scans from internal IP's, along with those matching other patterns (such as multiple scans within a single subnet or attempting certain exploits/attacks that can be deduced from snort's output in /var/log/messages, like the slammer worm, etc.) were output to a file that was reviewed daily, and could then be fed either in whole or in part(s) to a script that would process the desired actions. Before I knew it, I was blackholing hundreds or even thousands of addresses a day... ~70% of which were from China Telecom, followed immediately by Russia, Brazil, and Moldova, with less than 5% of attacks originating from U.S. or European addresses. The number of compromised customer servers on our network plummeted, along with a corresponding and by-no-means-insignificant dip in network traffic.

What got me started on this project was that, among other things, hackers were scanning our network for Plesk's default admin login port (as Plesk at that time *had* a default admin login and password), and any time they got a response from port 8443 on an IP that previously did not have that port open, they would jump in and root new installs often before the customer ever logged in for the first time. Needless to say, I put an end to that nonsense.

However, calling spammers dumb as others have above is probably a mistake: they can often be fairly smart, but what they really are - usually - is Peak Lazy, and are aiming for low hanging fruit. Eventually, the more sophisticated ones will create or adapt new techniques to defeat - or at least cope with - this particular methodology, and the cat-and-mouse-arms-race game of security will continue on as it always has, with one side or the other evolving new defenses or offenses, and the other evolving an appropriate response. The fact that a particular batch of spammers got caught and will find the emails from their current spam campaigns not reaching their intended audience on this go round will only slow them down for a time on the domains this list covers, but to say the spammers have hit "Peak Stupid" as a result of excessive automation is, in fact, an NP-Dumb analysis.

Re:This guy might be overvaluing his files (1)

sexconker (1179573) | about a month ago | (#47664701)

As if you understand how spam prevention works.

What happened here is that the spammers have turned over the fingerprint of their spam directly to the spam stoppers. By emailing these particular addresses they are directly supplying information that can be used to block spam. They don't need to 'confirm' these messages are spam, THEY ARE SPAM, by definition. They don't need to wait for several people to report them as spam, they don't need to manually inspect them or weight them as 'potentially spam'.

Spam one of these addresses then:
Your host is instantly on a blacklist in most cases.
URLs in the message are ranked as high probability of spam
The message is fingerprinted and added to anti-spam software

All of that without any user actually having to report it as spam, and thats just the simple stuff that happens.

This is EXACTLY WHY this list is online, to catch stupid spammers who aren't careful enough to avoid these addresses.

Its working EXACTLY AS DESIGNED. Hitting just one of these fake addresses can save it from hitting MILLIONS of real addresses.

So before calling someone else stupid, look in the mirror, you're at peak ignorant.

100% fucking wrong.
They're trying to log into these email addresses.
They addresses CANNOT be sent to - they are INVALID addresses for their domains.
It's right there in the fucking summary.

Re:This guy might be overvaluing his files (0)

Anonymous Coward | about a month ago | (#47666629)

Ignorant, arrogant and rude. Yup, that's our BitZtream.

Re:This guy might be overvaluing his files (1)

Anonymous Coward | about a month ago | (#47663041)

What's "peak stupid" here is the parent and GP not understanding that this isn't about spamming, and that it's explicitly mentioned that the list was likely automatically obtained but should have been ignored, like attempts to access any accounts at example.com.

Re:This guy might be overvaluing his files (3, Funny)

camperdave (969942) | about a month ago | (#47664357)

What's "peak stupid" here is the submitter not understanding how spamming works before posting on it.

Isn't it even more stupid to assume that stupidity has a peak in the first place?

One script kiddie made a mistake (5, Funny)

Nimey (114278) | about a month ago | (#47662641)

so now they've all hit peak stupid.

I'm not sure it's the script kiddies that have hit that or the submitter and editor.

Re:One script kiddie made a mistake (2, Funny)

Anonymous Coward | about a month ago | (#47662865)

so now they've all hit peak stupid.

I'm not sure it's the script kiddies that have hit that or the submitter and editor.

"Peak Stupid" will be the dupe story...

Re:One script kiddie made a mistake (4, Insightful)

Noah Haders (3621429) | about a month ago | (#47663487)

unfortunately, it's unlikely to be "peak stupid." This would imply that stupidity has hit a maximum and things are only going to get less and less stupid as we move forward. Never undervalue humanity's capability to get more and more stupid as time goes on.

although to be fair, you could call the nuclear arms race "peak stupid" because humanity was flirting with destroying all human existence. n00b spammers have no chance of being this stupid, and hopefully we will never be so stupid again.

Re:One script kiddie made a mistake (1)

Immerman (2627577) | about a month ago | (#47664073)

Indeed - stupidity is the one "resource" our species is unlikely to ever run out of - even the brightest amongst us have more than enough stupid to screw up regularly.

And I think even the nuclear arms race probably wasn't peak stupid - we almost certainly couldn't sterilize the planet, and within a few centuries the radioactive fallout would have decayed to background levels again - probably only decades in some of the more out-of-the way corners of the globe.

Meanwhile things like nanotech and biotech have the potential to completely escape our control. You don't even need a grey-goo scenario - release enough buckyballs into the environment and virtually all cellular life on the planet will grind to a stop - you can't clean the stuff up, and it essentially never breaks down.

Not to mention doing things like operating particle accelerators on Earth that we think could well produce quantum black holes. Sure we're pretty sure they'd evaporate harmlessly, but if we were *certain* of the physics we wouldn't be wasting time building ever-larger particle accelerators. Take that shit to the Moon or something - then if something goes wrong we just end up with a black hole in orbit - sure, it screws up romantic moonlit nights, but who knows what advances might be possible with a singularity in easy reach.

No, I'm pretty sure we'll have plenty of stupidity for millennia to come.

Re:One script kiddie made a mistake (1)

camperdave (969942) | about a month ago | (#47665207)

One could argue that Peak Stupidity might correlate with Peak Population

Re:One script kiddie made a mistake (1)

Immerman (2627577) | about a month ago | (#47665287)

Only if one presumes that per-capita stupidity is constant or decreasing...

Re:One script kiddie made a mistake (1)

lgw (121541) | about a month ago | (#47665563)

Meanwhile things like nanotech and biotech have the potential to completely escape our control. You don't even need a grey-goo scenario - release enough buckyballs into the environment and virtually all cellular life on the planet will grind to a stop - you can't clean the stuff up, and it essentially never breaks down.

What hubris. The only thing nano-scale that humans can make that will be more threatening than the worst plagues humanity has already survived are biological weapons based on the worst plagues humanity has already survived.

Not to mention doing things like operating particle accelerators on Earth that we think could well produce quantum black holes. Sure we're pretty sure they'd evaporate harmlessly, but if we were *certain* of the physics we wouldn't be wasting time building ever-larger particle accelerators

The only thing special about LHC energy levels is that they can occur inside some neat detectors and measurement equipment, When the LHC comes online with its new, higher beam energies, the goal is 6.5 TeV per beam. Not bad for monkeys playing with fire. The OMG Particle [wikipedia.org] was about 300000000 TeV, and that's just the universe mooning us after a drunken party.

Still if you're nervous, check here [hasthelhcd...eearth.com] form time to time - just to be sure.

LHC distinctions (1)

Immerman (2627577) | about a month ago | (#47667901)

Heh heh. The only problem of course being that they're not actually monitoring the LHC for all possible black holes that could potentially be created, and we have no idea how long it would take for a terminal event to build to noticeable levels. There could at this very moment be a microscopic black hole orbitting within the Earth, absorbing new matter just barely faster than it evaporates, biding it's time as it grows toward critical mass.

And no, there's two more important things special about the LHD as compared to the reactions taking place in our upper atmosphere (I assume that's what you were implying):

1) The reaction density is far higher - one black hole/strange-matter particle/etc. might well decay faster than it could reach critical mass, but what happens when you're creating thousands or millions of them all at once within a few cubic millimeters? A bit of bad luck and a few of them may combine into a mass large enough to be self maintaining - especially considering...

2) It's on the ground. Anything spawned in the upper atmosphere is going to spend the first few seconds of it's existence falling through low-pressure air. Opportunities to "feed" off normal matter would be few and far between. The same self-catalyzing particle created in the LHD would be encountering millions or billions of times as much matter in the same amount of time, as it passed through the test chamber and rapidly into solid rock. And the matter would be solid, which could potentially accelerate things dramatically as well - perhaps a black hole could not absorb free particles fast enough to survive for long, but how do the dynamics change when absorbing a large molecule, causing mutual acceleration of subsequent atoms towards the black hole through electrostatic forces rather than the vanishingly weak gravitational attraction which would be all it could initially muster.

Of course we could try to take comfort in the old "all events not prohibited are mandatory" - the earth has been around for billions of years after all, and we know cosmic rays do occasionally reach the ground. But mandatory does not mean frequent, the Earth has only been around for a few billion years, and our instruments are not yet sensitive enough to notice a collapsed planet around another star to do a statistical survey. Would you care to speculate on how often a huge, super-tight cluster of cosmic rays manages to reach the Earth's surface all at once in order to mimic a single large-scale LHC test?

Re:LHC distinctions (1)

lgw (121541) | about a month ago | (#47668913)

Heh heh. The only problem of course being that they're not actually monitoring the LHC for all possible black holes that could potentially be created, and we have no idea how long it would take for a terminal event to build to noticeable levels. There could at this very moment be a microscopic black hole orbitting within the Earth, absorbing new matter just barely faster than it evaporates, biding it's time as it grows toward critical mass.

Ahh, you miss my point. LHC-level events happen in the atmosphere quite routinely and have for 4 billion years. Anything bad that happens, takes at least that long to destroy the world, and will happen today whether the LHC is on or off.

Anything spawned in the upper atmosphere is going to spend the first few seconds of it's existence falling through low-pressure air. Opportunities to "feed" off normal matter would be few and far between.

High energy cosmic rays are moving at very nearly the speed of light. From their point of view, the Earth's atmosphere is a nanometer or so think.

Would you care to speculate on how often a huge, super-tight cluster of cosmic rays manages to reach the Earth's surface all at once in order to mimic a single large-scale LHC test?

Sure, the cosmic ray particle flux is well known [wikipedia.org] . Events at the scale of a LHC collision happen about once per square kilometer per 10 seconds. IRIC, the LHC gets about 100 million collisions a second. That's only about 8x what hit the Earth (of that energy level alone) continuously - for 4 billion years. And there's a whole sea of energy levels - single cosmic rays with all the energy in that second of LHC operation hit yearly.

Now imaging the same rain falling on every neutron star. No black holes form that way either, and that's as dense a target as you can ask for.

Re:LHC distinctions (1)

Immerman (2627577) | about a month ago | (#47671389)

And you, it seems, miss my point as well: I'm perfectly aware of how often *single events* of LHC energies or higher hit the Earth, and am not terribly concerned with them - in a few billion years if a single-event catastrophe were at all likely it probably would have occurred.

But consider multi-event interactions that might permit a dangerous particles to clump together into something that could expand fast enough to become catastrophic. Have you actually looked at the LHC flux? The LHC's design luminosity (interactions per second per cross-sectional area) is 10^34 cm^-2s^-1. Or to use the units in the graph, 10^30m^-2s^-1. Compare that to the TeV-range flux in your graph, at ~10^-6. The LHC is creating a TeV flux 10^36 times higher than that due to cosmic rays.

Besides which those flux levels are for the upper atmosphere - only an extremely small percentage of cosmic rays actually make it to the surface since, while the atmosphere is vanishingly thin at (essentially) lightspeed, it's also incredibly dense. The odds of making it through a few hundred miles of atmosphere without interacting with a single atom is extremely low.

Also worth considering is that thanks to conservation of momentum any black hole produced by a cosmic ray will itself be traveling at an appreciable fraction of lightspeed, and unless it accumulates mass VERY quickly to slow down it will pass through the Earth in a matter of milliseconds and be free to evaporate in interplanetary space. An LHC black hole on the other hand would be created from a head-on collision of equal-energy particles - any resultant black hole would be nearly at rest, and firmly gravitationally bound to the Earth.

>Now imaging the same rain falling on every neutron star. No black holes form that way either, and that's as dense a target as you can ask for.
Citation? ;-). We've never even definitively observed a black hole, and now you want to make absolute claims about how they do and don't form? How would we know if every once in a while a neutron star collapsed due to an encounter a micro black hole? We've only been seriously watching the skies for a few decades. Also - neutron stars tend to be extremely small, at ~20km across, and have MASSIVE magnetospheres, often with jets of material belching out along the poles which would mostly pre-collide with any cosmic rays that might be aimed at that weak point. They're probably almost completely shielded from cosmic rays.

Re:LHC distinctions (1)

lgw (121541) | about a month ago | (#47672583)

You'd need to propose a mechanism by which flux maters, as I don't see it at all. The count of LHC-collision-level events happens naturally. The total energy in a second of colliding LHC beam happens naturally. Sure, cosmic ray collisions usually start high up, but the atmosphere appears quite dens at that speed, and momentum is conserved, so if some micro black hole formed, it would also see the atmosphere as quite dense, and then pass through the Earth very shortly thereafter.

As far as how we know: there are old planets. There are old neutron stars. Therefore, there are no events caused by cosmic ray collisions that cause destruction at that scale more frequently than "billions of years" per target.

The physicists who can do the actual math on this stuff are comfortable being in the same building with these collisions (and it's reached the point now where every particle physicist spends a few years at the LHC as part of normal career progress, so pretty much everyone in the know has strong reason to care)..

Re:LHC distinctions (1)

Immerman (2627577) | about a month ago | (#47675727)

No, I'm arguing for conservative risk-taking in the face of a species-terminating potential risk. You need to propose a mechanism under which you're CERTAIN that flux doesn't matter. One quantum black hole or strange particle may well evaporate faster than it can feed, but create a swarm of dozens or thousands of them simultaneously and some of them may manage to combine into something dangerous.

Certainly, we know that their are old planets and neutron stars. That's not the question. The question is "are their any we've never seen because they were swallowed up before we looked?" There's a world of difference between "very rare" events and "impossible events"

Why wouldn't someone be comfortable working at the LHC? If it does somehow manage to destroy the world it's not going to matter where you're standing, and at ground zero you might at least have a chance to know what happened.

Re:LHC distinctions (1)

david_thornley (598059) | about a month ago | (#47679181)

Ever thought about what counts as a species-terminating potential risk? If I get sick, it's possible that whatever is getting me sick is going to mutate into something incredibly nasty, so I should burn myself and my house with gasoline every time I get sick? (Well, I guess, only once.)

To be taken seriously, propose a mechanism how this might happen.

I'm not familiar with strange particles or why a flux of them might be dangerous, so let's talk about black holes.

How do you know elementary particles aren't black holes in the sense of being the minimum possible size in the Universe? How do you know that quantum black holes are possible? (I once plugged a few reasonable-looking assumptions in the radius of a black hole with a given mass and the uncertainty principle and came up with 100 tons as the minimum black hole. I don't guarantee either assumptions or calculations are correct, but until shown otherwise I don't think they're possible.)

Assuming we have a quantum black hole, and that this is something different, how do they combine? Holes that have charge will of course attract stuff of the opposite charge until neutral, but after that? They're incredibly small, so a collision with anything is exceedingly unlikely. They exert essentially no force on anything else, so they effectively do not attract anything. (Ever figured out the gravitational force between a couple of nucleons? Ever seen any treatment of it in a study of the nucleus?) Assume that a small black hole defies probability and scoops up a proton: once it has then grabbed an electron or something else negative, it's in pretty much the same situation.

In short, I think this has a slightly less chance of destroying civilization than a random sneeze does.

Re:LHC distinctions (1)

lgw (121541) | about a month ago | (#47686461)

Ahh, I get it now. You're frightened. Well, I prefer that humanity continues to do science, with the inevitable minor risks that entails. If the overwhelming agreement of experts in the field it that "it's safe", I'm going to go with that, and be content with the risk that they're all wrong, because the alternative is worse.

Re:One script kiddie made a mistake (1)

DMUTPeregrine (612791) | about a month ago | (#47666037)

The quantum black hole thing was never a real threat. First, because if they were the earth would have been destroyed long ago: cosmic rays regularly strike with far greater energies than the LHC produces. Since they would therefore also produce even bigger quantum black holes, if it were an issue it would have long ago destroyed the earth.

The second thing is that black holes don't suck material in any more than their constituent mass would. They also have charge if made from charged particles, so the proton-proton collisions of the LHC would produce positively charged quantum black holes. The electric charge is far stronger than the gravitational field, so you'd get something like a helium atom with a black hole for a nucleus. Even if it didn't evaporate it would be harmless.

Re:One script kiddie made a mistake (1)

Immerman (2627577) | about a month ago | (#47667953)

Certainly cosmic ray events occur on a regular basis - however, how often do you suppose a tight cluster of thousands or millions of cosmic rays all simultaneously strike a same square millimeter of the Earth's surface in order to mimic a LHC event? A single QBH or strangelet may be harmless - make a few, or a few million, in close proximity in the same instant and the same isn't necessarily true.

As for your charged black hole - what makes you think it would stay charged? It's going to be falling right through solid matter, passing through innumerable electron clouds, and if it should snare a few for itself with its charge it will no longer have a net charge. How long do you suppose an electron whose wave-function interpenetrates a black hole will avoid being absorbed?

Aside from which you are again presuming our theories on the mechanics of black holes are correct. If that is the case then they've run the numbers and the risk is vanishingly small - not nonzero of course, but it would take a *really* unfortunate string of coincidences to occur. As I've explicitly pointed out I'm operating on the assumption that our theories are NOT perfect - it would be hubris to assume otherwise.

Don't be silly (5, Funny)

Kierthos (225954) | about a month ago | (#47662657)

There's no such thing as 'Peak Stupid'. Every time someone gets to the top of the current peak, the fog clears and another mountain of stupid looms in front of them.

Re:Don't be silly (5, Funny)

alex67500 (1609333) | about a month ago | (#47662787)

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
Douglas Adams

Re:Don't be silly (1, Troll)

Archangel Michael (180766) | about a month ago | (#47662823)

Directly evidenced by the population's insistence on voting for the most stupid of politicians in the hope that they can't screw things up further, or in the mistaken belief that they can make things better.

Re:Don't be silly (3, Funny)

wonkey_monkey (2592601) | about a month ago | (#47663293)

Now, that's not true. Some of them vote for the second most stupid politician.

Re:Don't be silly (3, Insightful)

TheCarp (96830) | about a month ago | (#47663651)

No that is what nearly all of them do, the only difference is really a disagreement over which is the penstupimate politician.

Re:Don't be silly (-1, Offtopic)

Noah Haders (3621429) | about a month ago | (#47663503)

search the web for "nunn memo", or even better the wapo, nytimes and politico writeups about it. Just leaked in the past week, it's a 144 page "strategy memo" on how Nunn should win her congressional race and then be a "legislator". It's a real downer.

sorry for [citation needed], but I'm at work and shoudn't be seen on the intertubes (tapping this post into my phone while on the crapper).

Re:Don't be silly (1)

Anonymous Coward | about a month ago | (#47664865)

Politicians are not stupid. They are liars, and they are loyal to special interest groups other than the American people. This sometimes makes them appear stupid to us, since what they are doing seems to contradict their stated intentions.

In the domain of politics, one should never attribute to stupidity that which can be explained by disloyalty.

Re:Don't be silly (0)

Anonymous Coward | about a month ago | (#47662825)

Design something foolproof and only a fool would use it.
Albert Einstein

Re:Don't be silly (1)

totallyarb (889799) | about a month ago | (#47662961)

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein.

Re:Don't be silly (1)

ZorglubZ (3530445) | about a month ago | (#47664615)

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the latter." - Albert Einstein.

FTFY.

Re:Don't be silly (2)

ColdWetDog (752185) | about a month ago | (#47665477)

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the latter." - Albert Einstein.

FTFY.

Einstein was right, apparently.

Re:Don't be silly (4, Funny)

Thanshin (1188877) | about a month ago | (#47662793)

There's no such thing as 'Peak Stupid'. Every time someone gets to the top of the current peak, the fog clears and another mountain of stupid looms in front of them.

A phenomenon well documented in the study "the unpeakability of stupid".

Re:Don't be silly (1)

angel'o'sphere (80593) | about a month ago | (#47663541)

That is not funny, it is so sad it is insightful :)

Re:Don't be silly (2)

quenda (644621) | about a month ago | (#47664233)

No, we know "peak stupid" has been reached when the password gropers are getting more intelligent, reversing the previous trend of increasing stupidity.

Either that, or the submitter is too stupid to know the difference between a record high, and a peak.

Re:Don't be silly (2)

Darinbob (1142669) | about a month ago | (#47664985)

True. Last time we hit Peak Stupid we were still doing pipelining stupid stuff. With modern technology we have super-scalar concurrent stupidity.

Re:Don't be silly (1)

camperdave (969942) | about a month ago | (#47665295)

There's no such thing as 'Peak Stupid'. Every time someone gets to the top of the current peak, the fog clears and another mountain of stupid looms in front of them.

Yeah, but that doesn't mean the have to climb it.

Re:Don't be silly (1)

jamiesan (715069) | about a month ago | (#47670191)

Yeah, this is just penultimate stupid until the next penultimate stupid.

Editors (0, Funny)

Anonymous Coward | about a month ago | (#47662683)

haven't finally peak stupid because they were already there.

Re:Editors (4, Funny)

Hsien-Ko (1090623) | about a month ago | (#47662717)

These moron editer's should better there English.

Re:Editors (-1, Redundant)

MRe_nl (306212) | about a month ago | (#47662821)

Thees moran editer's shuld beter there Engrish. FTFU

Re:Editors (1)

Hsien-Ko (1090623) | about a month ago | (#47663001)

Here here!!! [slashdot.org]

Re:Editors (0)

Anonymous Coward | about a month ago | (#47663155)

Their their.

Re:Editors (0)

Anonymous Coward | about a month ago | (#47663085)

Trees moan edited shy butter the angles. FU.
I fix it!

Re:Editors (0)

Anonymous Coward | about a month ago | (#47663109)

Great, now I have to change the password on my luggage.

Re:Editors (0)

Anonymous Coward | about a month ago | (#47664333)

*their

Re:Editors (0)

Anonymous Coward | about a month ago | (#47667253)

*their

*Whoosh!!!

Re:Editors (0)

Anonymous Coward | about a month ago | (#47662879)

He accidentally Peak Stupid.

Peak Stupid (5, Insightful)

wasteoid (1897370) | about a month ago | (#47662709)

So is trying so hard to coin a phrase like "peak stupid".

Re:Peak Stupid (1)

camperdave (969942) | about a month ago | (#47664715)

So is trying so hard to coin a phrase like "peak stupid".

I was going to comment that they would have an easier time trying to make "fetch" happen [youtube.com] , but with stupidity always on the rise...

Well (4, Funny)

Spad (470073) | about a month ago | (#47662753)

While reading this story I accidentally peak stupid.

Re:Well (4, Funny)

TapeCutter (624760) | about a month ago | (#47662797)

Obviously now is the time to sell stupid.

Re:Well (0)

Archangel Michael (180766) | about a month ago | (#47662835)

Elections in the US are coming up shortly. Politicians are well known for selling stupid.

Re:Well (0)

Anonymous Coward | about a month ago | (#47665651)

Elections in the US are coming up shortly. So we can't possibly have hit peak stupid yet. FTFY.

Re:Well (2)

totallyarb (889799) | about a month ago | (#47662995)

No, no, it's the *supply* of stupid that has peaked; therefore as good economists we can anticipate the cost of stupid to rise in the future, as demand is unaffected. Now is the time to BUY stupid, and stockpile it for later when it will be rarer.

Re:Well (2)

Opportunist (166417) | about a month ago | (#47663809)

A world where stupidity is in short supply?

Hmm... one may dream...

Re:Well (1)

freeze128 (544774) | about a month ago | (#47664517)

But who would buy it? Only the stupid would do such a thing, and they already have enough stupid, stupid!

Re:Well (0)

Anonymous Coward | about a month ago | (#47662803)

Well, it piqued my stupidity.

Isn't "Peak Stupid" writing about it. (4, Insightful)

Chrisq (894406) | about a month ago | (#47662813)

The script kiddies are wasting time and resources looking for non existent email addresses. Wouldn't it be better to let them get on with it rather than tell them exactly where a whole list of email addresses that they needn't check can be downloaded?

Re:Isn't "Peak Stupid" writing about it. (0)

BitZtream (692029) | about a month ago | (#47663069)

No.

By them mailing these addresses, they make it clear they are spammers. That is what these leasts are designed to do, if you mail them, you're not only a spammer, you're too stupid to even have done any due diligence into your spam lists/page scraping.

These lists are public for this EXACT purpose, so morons who scrape pages get hold of them and email them, which then gives the spam stoppers a whole bunch of information about currently active spam. No need to wait for users to submit it, weight it, get enough user info to assume its not just a user who forgot he subscribed to a mailing list and doesn't want the message ... getting a message to these addresses flat out says 'he, heres some spam for you to learn how to block!'

When means things like hosts sending these messages can be blacklisted instantly will little concern since large ISPs use these lists for the same reason and never let the messages leave their networks, so its only going to be small organizations.

This is great news for stopping this particular batch of spam.

Re:Isn't "Peak Stupid" writing about it. (2)

synaptik (125) | about a month ago | (#47663417)

You should re-read the comment you are replying to. You have misunderstood Chrisq's point (which is, in summary: by talking about the spammer's stupidity in this case, we risk alerting said spammers to their stupidity, in which case they might correct it. It is better for us to just STFU about it.) And of course, by replying to you I am now part of that problem. Damn!

Re:Isn't "Peak Stupid" writing about it. (1)

Opportunist (166417) | about a month ago | (#47663833)

Correct, but spammers rarely (if ever) harvest mail addresses by hand. It's an automated effort. It would of course be more sensible to not put a huge list of mail addresses out (since, well, it's rather unlikely that they're a list of good addresses, something's highly bogus when all it is is a list and nothing else, hence spammers might get wise in the future and avoid them), but having a few pages that normal surfers won't reach with a bit of an explanation that this is a mail address you should probably not mail to if you don't want to end up on a blacklist can go far when you try to protect yourself from spammers. As soon as a mail hits the spam-me-please address, you can fingerprint it and /dev/null every copy you get of it on any mailserver you're responsible for.

No, it's not "email" it's auth! (1)

s.petry (762400) | about a month ago | (#47664459)

I know, most here skim a title or summary and think they know it all, but really you should occasionally read TFA. The issue is not with people sending spam to a spam trap, they are harvesting email addresses and trying to authenticate to them. This is an attempt to compromise accounts, not an attempt to send SPAM mail.

Let me give you a bit of detail, I work with these issues daily.

Long ago in an Internet far far away Spammers learned that they could skim content to find email addresses. Using DNS resolution, they would know what servers should authenticate those addresses. They developed kits that sit and use various attacks to try and break into these accounts. _IF_ they were successful they would use that account to send out SPAM. So your server was listed in a Spam BL, they don't own a mail server.

Resource wise, this was not a stupid thing for them to do. A few servers trying to break into your mail accounts yielded lots of accounts for them to send spam from, and their crackbots were not impacted by SPAM BLs or reputation.

Security people got wise to this, and we now use various methods of blocking brute force password attacks. They are easy to detect, as long as you are nimble enough to look for them. So hackers started breaking into hosts to install their brute force kits, which added another layer for people to detect. This allowed spanning attacks over a span of hosts.

Still detectable, but we are not at a massive amount of log monitoring to find at least two layers of abstraction.

The latest craze is to harvest email addresses and run a static password against those accounts. Different hosts/botnets use different passwords, so it's a reverse methodology. Again these are detectable, but another layer of abstraction makes it a bit harder to look, for. The log queries I run to find the better ones are extremely complex and span a massive amount of logs. Using Sumologic or Splunk makes detecting these types of attack much faster. It would be possible to find without, but I would not want to manage that much Perl code or wait days for queries to run. Been there done that.

Now, with the background laid out we can discuss TFA. As soon as an IP with a known spamtrap address tries to connect we can immediately banish the IP. No cross referencing is needed, spanning no longer matters, I know that that IP address is a bad guy without any other information.

That is the level of stupidity being discussed, and yes it is very very stupid on their part. I believe this is not really "stupid" but an unintentional consequence of overly automating. A big "whoops!" if you will, which is not necessarily "stupidity".

Re:Isn't "Peak Stupid" writing about it. (1)

Kaz Kylheku (1484) | about a month ago | (#47663167)

Ah, but then we can supply the following counter-measure: put some good addresses into the list too!
The crackers and spammers won't know which are which.
If they use the list to perpetrate, then their IP address is immediately tagged as being malicious.
If they use the list to cull their own list of nonexistent addresses, then they inadvertently cull your good address also. So you win again.

Re:Isn't "Peak Stupid" writing about it. (1)

penguinoid (724646) | about a month ago | (#47663717)

They're trying to crack the passwords for the emails in our spam prevention system. Presumably they can then start editing it to contain legitimate mail from legitimate addresses, which would cause a royal pain to people working on spam prevention.

Re:Isn't "Peak Stupid" writing about it. (1)

penguinoid (724646) | about a month ago | (#47663731)

And on a related note, this could also give them insight into the sort of passwords used by the anti-spam community.

Re:Isn't "Peak Stupid" writing about it. (1)

Opportunist (166417) | about a month ago | (#47663843)

You mean the "Keepass, generate a bunch of 20 character passwords, letters and numbers" kind? Yeah, they're damn predictable...

Maybe this can be used against the bots (5, Interesting)

ZorinLynx (31751) | about a month ago | (#47662897)

Populate the net with files like this full of E-mail addresses that are not valid. Have dummy accounts on the appropriate servers that will accept the logins, allow the spambots to think they're successfully sending E-mails when in fact they're all going into the bit bucket.

For added effect, make the servers respond v e r y s l o w l y under these accounts, taking tens of seconds to "send" the E-mail, a minute or so to log in, etc. Basically, slow the spam bots down and waste their time. Of course, the bots will probably eventually evolve to detect such shenanigans, but why make spammers' jobs easy? :)

Re:Maybe this can be used against the bots (0)

Anonymous Coward | about a month ago | (#47663139)

I use these addresses as from/reply-to in my job application emails. (also, look up tarpitting - not a new idea :)

Re:Maybe this can be used against the bots (1)

QuietLagoon (813062) | about a month ago | (#47663213)

...For added effect, make the servers respond v e r y s l o w l y under these accounts, taking tens of seconds to "send" the E-mail, a minute or so to log in, etc. Basically, slow the spam bots down and waste their time....

OpenBSD's spamd has done this for years.

Now I see the bots moving on to the next target when the SMTP conversation takes too long.

It's been done. (teergrube) (4, Informative)

oneiros27 (46144) | about a month ago | (#47663653)

There's even a term for this, teergrube [wikipedia.org] .

An ISP that I worked for in the 1990s used to do this (dcr.net, owned by Drew Curtis, of fark.com fame).

We had some code that would look for blatant e-mail harvesters, and would SLOWLY return random bogus e-mail addresses ... wait a couple seconds, spit out an address ... etc. The page at the top even had warnings that the page was completely bogus.

At first, all of the e-mail addresses were all in our domain (but not our real mail server), but I went and added some code that would look up the connecting IP's network (I think I used whois.ra.net), and would also include '{abuse,postmaster}@(network)' and again for the network's upstream providers.

I can't remember if the bogus mail server was also the box that we had set up so that if *anything* tried touching it, it'd blackhole the connecting IP at our external router, if it was a teergrube itself.

Re:Maybe this can be used against the bots (1)

Opportunist (166417) | about a month ago | (#47663855)

Hmm... my server can do all that and more (umm... ok, less) out of the box!

Re:Maybe this can be used against the bots (0)

Anonymous Coward | about a month ago | (#47664187)

Those things are called Teergrube [wikipedia.org] (litterally tar pit in German). Sadly, they aren't all that effective anymore, because the botnet operators don't really care if one or two of the thousands of bots has a few blocked threads.

Maybe I'm new at this.. (1)

Anonymous Coward | about a month ago | (#47662923)

I don't fully understand this term "Peak Stupid", but it seems to me the meaning is that it can't get any more stupid. If so, then this activity would be far from the peak, because stupid people will always surprise you by being even more stupid. (Or most stupider, as some of them phrase it)

That would mean to hit "Peak stupid", then the results would be fatal .. Like searching for gas leaks by candle light

Re:Maybe I'm new at this.. (2)

camperdave (969942) | about a month ago | (#47665225)

I don't fully understand this term "Peak Stupid"...

It's the name of the mountain under which the most secure mail server complex exists. After decades of trying to get past the defenses, the password gropers have finally hit Peak Stupid.

Next stop? (1)

Tha_Zanthrax (521419) | about a month ago | (#47662939)

By simple brute-forcing spammer are generating a lot of traffic. Almost 70% of all e-mail traffic is spam, how long before 70% of all login attempts are done by bots? "Is someone DDOSing our website? Nope, just bots trying to get in."

Re:Next stop? (1)

BitZtream (692029) | about a month ago | (#47663079)

The two are inclusive, not mutually exclusive.

Re:Next stop? (2)

Culture20 (968837) | about a month ago | (#47663235)

It's already close to 99.99%. Set up ssh on port 22 and don't block it. Check your security log. Valid logins versus failed attempts to access root, admin, or other common usernames. Even with fail2ban or denyhosts and ignoring slow distributed attacks like in the article, the number of failed attempts can sometimes dwarf valid logins. I remember the "Web 2.0" just prior to captchas. It was tough finding content that wasn't written by a spambot.

all that CPU-time (1)

hooiberg (1789158) | about a month ago | (#47663003)

going down the drain. They probably have a bigger chance of profit and fame were they do check Mersenne numbers with all that CPU power.

Speaking of stupidity... (0)

sootman (158191) | about a month ago | (#47663133)

"... the password gropers have finally Peak Stupid."

I think you accidentally a verb.

Weird log file activity... (1, Offtopic)

QuietLagoon (813062) | about a month ago | (#47663191)

I've been seeing weird log file activity for the web server that runs some of my sites.

.
A lot of requests for odd URLs, all of which return 404. All of the requests that I checked originated at an IP address in Russia, and dozens of different IP addresses were used. These odd requests started about 5 or 6 months ago and have been ramping up lately. Makes me wonder just what they originators are looking for?

Re:Weird log file activity... (1)

Anonymous Coward | about a month ago | (#47664449)

WordPress admin login pages and PhpMyAdmin installations with poor passwords, mostly.

I'm sorry, there is no peak stupid ... (1)

gstoddart (321705) | about a month ago | (#47663269)

Stupid is not a finite quantity in the universe, and it's not a zero sum game.

You can have an infinite amount of stupid.

Now, one might argue that telling the spammers how they've fallen for this and what to avoid ... well, that might be stupid.

I think you a verb (0)

Arker (91948) | about a month ago | (#47663317)

Also there is no peak stupid. There is no limit to stupid, and it's impossible to make things stupid-proof. Stupid is just too ingenious.

Hit me! (0)

Anonymous Coward | about a month ago | (#47666533)

The verb is "hit". The rest of your statement is accurate (q.e.d.).

Password gropers? (1)

Anonymous Coward | about a month ago | (#47664043)

When I was young we groped our girlfriends. Now get off my lawn.

How much ... (1)

PPH (736903) | about a month ago | (#47665553)

... did they pay for that email list?

That's the only thing that could possibly trump the current stupid position.

Peak Stupid (1)

Ottawakismet (2798639) | about a month ago | (#47665905)

I think by Peak Stupid you are trying to say this is the height of stupidity, I think you are underestimating the stupid that is out there The truly stupid is yet to come... just wait

Questions (1)

tomkost (944194) | about a month ago | (#47666005)

1. Does "password guessing" mean they are just trying to login using common passwords like "password" or is it more sophisticated than that?
2. Assuming these brute force methods were used against real accounts, they would presumably become locked. It seems this would have been tried many times already in the past and present and lots of accounts would be getting locked all the time. Thus the email sites must have some way to detect and prevent this?
Just curious about these details... thx.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>