Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Major Anti-Spam Lawsuit To Be Filed In VA

kdawson posted more than 7 years ago | from the honey-pot-paying-off dept.

Spam 77

Rick Zeman sends us to the Washington Post, which is reporting that a John Doe lawsuit will be filed in US District Court today in spam-unfriendly Alexandria, Virginia. The suit will be filed by Project Honey Pot, which is having a week of big announcements. The suit seeks the identity of individuals responsible for harvesting millions of e-mail addresses on behalf of spammers. From the Post: "The company is filing the suit on behalf of some 20,000 people who use its anti-spam tool. Web site owners use the project's free software to generate pages that feature unique 'spam trap' e-mail addresses each time those pages are visited. The software then records the Internet address of the visitor and the date and time of the visit. Because those addresses are never used to sign up for e-mail lists, the software can help investigators draw connections between harvesters and spammers if an address generated by a spam trap or 'honey pot' later receives junk e-mail."

cancel ×

77 comments

Sorry! There are no comments related to the filter you selected.

RIAA tactics to catch spammers? (2, Funny)

morgan_greywolf (835522) | more than 7 years ago | (#18883123)

So these guys are using the same tactics as the RIAA to catch spammers? I smell a patent lawsuit! ;)

Re:RIAA tactics to catch spammers? (2)

Bedouin X (254404) | more than 7 years ago | (#18883249)

Yeah except I'm sure these guys are more likely to be capturing innocent people as I would guess that a lot of this work is probably done via botnets. But maybe I'm wrong.

Re:RIAA tactics to catch spammers? (2)

tekiegreg (674773) | more than 7 years ago | (#18883399)

Not sure, but I'd think the spider code used to harvest email addresses off the web is still done in house rather than "farmed out" to botnets. Then again, what do I know...

Re:RIAA tactics to catch spammers? (1)

tekiegreg (674773) | more than 7 years ago | (#18883429)

As a postscript to what I just said tho, botnet, in-house or whatever. It's all got to submit to somewhere. If one could work his way right up the trail yeah you could find out who did it, good luck to ya tho...

Maybe that's the solution. (4, Insightful)

Kadin2048 (468275) | more than 7 years ago | (#18884655)

Maybe the solution to the botnet problem isn't to go after the botnet operators, but to go after the people who are leaving unpatched machines connected to the net? Or, perhaps more to the point, their ISPs?

I understand this wouldn't be an exactly popular solution -- it's sort of the equivalent of a "scorched earth" tactic towards spammers -- but what if you implemented strict liability on all computers under your control? You get rootkitted or botnetted, sorry pal, it's your problem. Don't want to deal with it? Keep your machines up-to-date or keep them unplugged.

Unpatched machines that are connected to the internet are a public nuisance, in the same way that an abandoned house in an otherwise good neighborhood is. It's nearly impossible, and probably a losing battle, to try and go after the individual criminals who are using the abandoned house for nefarious purposes (which isn't to say that we shouldn't try); sometimes the best solution is just to go after the person who owns the house and make them either fix it or raze it.

A compromise, which would avoid true strict liability, would be making it a positive defense that you took reasonable steps to secure a system; i.e. it was kept up-to-date with the latest vendor patches and was behind a firewall. But if you can't take those reasonable steps, or are too incompetent/lazy/ignorant to do it, maybe you shouldn't be on the net at all.

Re:Maybe that's the solution. (2, Interesting)

itlurksbeneath (952654) | more than 7 years ago | (#18885091)

MOD PARENT UP!

Amen brother. In today's society of "ooh.. it's not my fault.." somebody needs to take the initiative to make the people responsible for the problem responsible and those people are the OWNERS of the pwned machines. Yes, Microsoft sucks. Yes, Microsoft has security problems. They do, however, release patches in a semi-reasonable time frame and people just DO NOT patch their machines like they should. Of course, there's kind of a "catch-22" with if you'r system is cut off from the network, how do you obtain patches... Still, that's a minor issue that could be managed with some network monitoring software and notifications like "hey - your system is infected and about to be disconnected unless you go apply all your patches and clean it up."

However, if after everybody with a Windows box agrees to keep their systems up to date and apply all the patches, how would this scorched earth policy work? You'd be snipping off access to somebody that has been exercising due diligence to keep their machines current. At that point, I think it's safe to start pointing the gun at the maker of the operating system and make them accountable for the damage their sub-standard security is causing.

But RIAA says it is my fault (1)

mtmra70 (964928) | more than 7 years ago | (#18889257)

In today's society of "ooh.. it's not my fault.." somebody needs to take the initiative to make the people responsible for the problem responsible and those people are the OWNERS of the pwned machines.

So if my PC gets hacked, it is my fault. But if I hack CD/DVD encryption, it is still my fault?

If we are going with the attitude of PC owners need to take responsibility, then I want to see RIAA take responsibility and "path" their CDs (not likely to happen of course).

Re:Maybe that's the solution. (2, Interesting)

drinkypoo (153816) | more than 7 years ago | (#18885253)

Maybe the solution to the botnet problem isn't to go after the botnet operators, but to go after the people who are leaving unpatched machines connected to the net? Or, perhaps more to the point, their ISPs?

I think most of us would support a system that would, upon detection of an infection of your system, apply firewall rules to prevent you from doing anything other than viewing a webpage that says "Your ass is infected, call this number to find out how to get back on the internet." The problem is that it's not easy to detect all bot behavior. If I wget a website, am I a spider, a spambot looking for email addresses, or just a guy downloading some documentation?

Technological solutions solve part of it. (3, Interesting)

Kadin2048 (468275) | more than 7 years ago | (#18885677)

True. However, there are some behaviors that ought to be immediately detectable -- sending out hundreds or thousands of nearly-identical emails, for instance, or DDoSing a server with repeated identical requests in patterns that are too fast to be a human being.

But you're right; technological solutions would probably only further the cat-and-mouse game between bot authors and the authorities; it would probably be fairly easy to write a DDoS bot that mimicked human browsing -- it wouldn't be as effective as sending out a few thousand requests per second, but if you had enough bots you could melt a server in the same way that a large number of bona fide humans do when a page gets mentioned on Slashdot. That would be nearly impossible to reliably detect. So in the long run I'm not sure that's effective; what's needed is a way of making sure more people follow the recommended guidelines given by their OS manufacturer, in terms of security updates and best practices.

In that way, I think that to be effective, you would need to have both a legal solution and a technological one. If you really went after people whose computers were compromised because they weren't keeping them patched and were leaving them on the Internet, in a very public way, you might encourage people to either patch their machines or disconnect them.

I'm not sure that such a tactic would be politically feasible -- as other people have pointed out, it is exactly the same tactic used by the RIAA to scare people into not file sharing, and the effect of that is questionable at best (however, in the case of discouraging people from leaving their PC unpatched, you're really not working against something they want to do, in the same way that the anti-file-sharing people are; very few people want to have an unpatched machine, they're just too lazy to do anything about it -- you're not really being punitive as much as you're giving them some very pointed encouragement to do something about a problem they're today comfortably ignoring).

Re:Maybe that's the solution. (2, Interesting)

robogun (466062) | more than 7 years ago | (#18888331)

Well, you're talking about removing their common carrier protection.

You need to think long and hard if you actually want that to happen, because this is definitely one of those cases of "be careful what you wish for."

Because a couple years from now you'll be in here bitching "My ISP won't let me use any p2p app, or telnet even ssh, or download exe files etc etc" just because someone *might* sue them.

Re:Common carrier (0)

Anonymous Coward | more than 7 years ago | (#18895287)

ISP's don't have common carrier status, and they will fight to the death to keep it that way. CC would disallow arbitrary unpublished bandwidth limits [slashdot.org] , for instance.

Re:Maybe that's the solution. (0)

Anonymous Coward | more than 7 years ago | (#18894419)

Gone are the days when everyone you talked to on the internet was either adept at computers, was a university student or worked in some technical field. I do support for Comcast and I can tell you... most people HAVE NO IDEA how the computer works. They also just expect the internet to work. They'll tend to blame just about any computer problem on thier internet service as well. Customers don't know what a toolbar, alt-key, forward slash, control panel, IP address, firewall, popup blocker, mail client, virus scanner vs. spyware scanner, modem vs. router, computer vs. monitor vs. hard drive is... You have to take things rather slowly and explain in explicit detail to get things done. I had an older woman who had the hardest time figuring out how to "right click" an icon on her laptop... I had to explain it to her many different ways over the course of 5 minutes... all the while she's muttering under her breath how she wished she had gotten ahold of someone that actually knew what they were doing. My supervisor just happened to be nearby me and heard my conversation and started smiling, but then after listening a while even he started to feel the pain.

Re:RIAA tactics to catch spammers? (3, Informative)

daeg (828071) | more than 7 years ago | (#18883423)

They aren't seeking the identity of the unintentional middlemen involved, or are, but only so far as to find the identity at the end of the tunnel, so to speak. If they identify the particular botnet involved, they can attempt to trace it back to whoever controls it, installed it, or locate who picked the bundle of addresses up.

And even if they can't find the end person, they can at least educate the zombie PC owners using a real-world example instead of the fear tactics used to push crapware like Norton Internet Security.

Re:RIAA tactics to catch spammers? (1)

Intron (870560) | more than 7 years ago | (#18884589)

First off, you can't educate zombie PC owners. By definition, all they want is BRAINS.

Second, it's going to be tough to interest law enforcement in a $200 purchase of harvested email addresses. Linking that to the botnet or webscrapers is going to be difficult, and CAN-SPAM did not create any mandate or provide any funds to law enforcement. It was a joke played on the gullible by Congress.

Third, project Honeypot has a major problem if they think they can fund their organization by selling these [cafepress.com] to geeks. And I'm a little disturbed by the ad in the top right corner.

Re:RIAA tactics to catch spammers? (0)

Anonymous Coward | more than 7 years ago | (#18884731)

Ad? What kind of a slashdot user are you? You shouldn't even be able to see ads!

Loser.

Re:RIAA tactics to catch spammers? (2, Interesting)

Dachannien (617929) | more than 7 years ago | (#18884239)

Scenario I: The e-mail harvesters are using their own crawlers. The IP addresses picked up by the honeynet lead directly to the e-mail harvesters, making it easier to make a case against them. No innocent third parties are involved.

Scenario II: The e-mail harvesters are using botnets. The IP addresses lead to third-party zombie machines that were infected by malware pushed by the e-mail harvesters. The honeynet operators file the anti-spam lawsuit, settle with the actual spammers for reduced damages in exchange for the identities of the people they bought their e-mail lists from, and thereby uncover the botnet operators. The relevant police organization arrests the operators for violating their country's relevant computer trespass laws and prosecutes a criminal case against them. Large imprisoned cop-killing psychopath subsequently pounds them in the ass, and justice is served.

Re:RIAA tactics to catch spammers? (1)

orielbean (936271) | more than 7 years ago | (#18884869)

Perhaps this is a useful way for people to be more aware about unpatched machines and clicking every stupid link on the net...A beneficial side effect?

Re:RIAA tactics to catch spammers? (2, Insightful)

crymeph0 (682581) | more than 7 years ago | (#18883707)

Same thing I thought. Of course, since this is being done by the good guys, there won't be any major flames directed towards them. If you honestly don't believe the RIAA can find who owned an IP address at a certain time, what makes you think these guys will do any better?

Re:RIAA tactics to catch spammers? (1)

Ornedan (1093745) | more than 7 years ago | (#18886613)

Possibly by not being utter wankers like the RIAA and actually analysing the data first and only targeting the most likely matches. For example, anyone that shows up in the logs just once is probably a false positive and can be discarded. So can anyone that does show up multiple times, but only over a single, short time period - say, an hour. On the other hand, someone that gets logged consistently over longer time periods and even from different IPs is far more suspicious and worth investigating more closely.

Re:RIAA tactics to catch spammers? (1)

cswiger (63672) | more than 7 years ago | (#18891997)

You have a point, but I think the Honeynet project has a better one-- the RIAA and MediaSentry do all kinds of proactive seeding of bad audio files, scanning for open filesharing ports, etc, etc...but a honeynet starts off by being passive and only responds to connections which are initiated from elsewhere.

If you discover a subnet which scans your IP range and snarfs up a buncha email addresses which have never been publicised elsewhere (and are hidden behind appropriate robots.txt or META noindex,nofollow tags), and then later you find lots of spam coming towards these addresses, you can track them down much more precisely. Of course, some or many of the IPs involved will be from random virusized dynamic IPs at large ISPs, but I betcha they'll be able to track down a number of static subnets running on shady ISPs who tolerate spammers.

*cough* PSInet/UUNet *cough* Telephonica.es *cough* cogentco *cough*

Re:RIAA tactics to catch spammers? (1)

AdebisiTheGamer (1085723) | more than 7 years ago | (#18900781)

It is hardly the same tactic.

Spammers are caught because companies like this will build a website and simply put an email address in the code some place. The email address is valid but has never been given out for any reason anywhere by anyone. Therefore, anyone sending email to that address MUST have gotten it by webcrawling the code. And any mail sent to that address cannot have been done so with the owner's consent, or a claim the owner somehow opted in.

how about a link to the actual article? (5, Informative)

Anonymous Coward | more than 7 years ago | (#18883147)

which is here [washingtonpost.com]

Re:how about a link to the actual article? (4, Informative)

Anonymous Coward | more than 7 years ago | (#18883453)

Or what about a link to the Project Honey Pot page that explains the lawsuit [projecthoneypot.org] and contains a link to that Washington Post article?

Re:how about a link to the actual article? (0)

Anonymous Coward | more than 7 years ago | (#18886083)

how about about a link to a /. comment [slashdot.org] that links to the Project Honey Pot page that explains the lawsuit and contains a link to that Washington Post article?

Re:how about a link to the actual article? (1)

Rick Zeman (15628) | more than 7 years ago | (#18883541)

D'oh! The editor edited it out! I had it in there. I swear!

What would the natural response be? (5, Interesting)

pzs (857406) | more than 7 years ago | (#18883161)

Obviously this kind of litigation is a good step and to be encouraged, but it's interesting to imagine what would happen if nobody took action against spammers through the courts.

Clearly spam works, so the amount of spam being sent would only continue to grow. Would this lead to increased vigilante action? More privacy and restrictions imposed by administrators? Decrease in the use of Email as the signal-to-noise ratio continues to degenerate? All of the above?

Peter

Re:What would the natural response be? (0)

Anonymous Coward | more than 7 years ago | (#18883225)

Phrasing thine dumb opinions in the form of rhetorical questions isn't cool, it's lame.

Re:What would the natural response be? (2, Funny)

BlueTrin (683373) | more than 7 years ago | (#18883347)

learly spam works, so the amount of spam being sent would only continue to grow. Would this lead to increased vigilante action? More privacy and restrictions imposed by administrators? Decrease in the use of Email as the signal-to-noise ratio continues to degenerate? All of the above?


The answers to these and other questions in the next episode of "Honey Pot Advantures". Do not miss the next episode on Channel Dupe !

Re:What would the natural response be? (3, Insightful)

Anonymous Coward | more than 7 years ago | (#18883361)

Clearly spam works, so the amount of spam being sent would only continue to grow.

Sometimes I wonder if that's the case or if it's a case of slash and burn marketing - the spammers just keep signing up folks (especially overseas) who don't know any better, take their money, the folks who "advertised" realize it doesn't work and stop, the spammer just moves on and keeps signing folks up.

My ISP's spam filters are great and I'm really careful about sharing my email address. That being said, are there still a lot of spams selling spam services like there was a few years ago? In other words, are most spams just advertising spam and "sure thing" stock market tips?

Re:What would the natural response be? (1)

UbuntuDupe (970646) | more than 7 years ago | (#18883737)

Sometimes I wonder if that's the case or if it's a case of slash and burn marketing - the spammers just keep signing up folks (especially overseas) who don't know any better, take their money, the folks who "advertised" realize it doesn't work and stop, the spammer just moves on and keeps signing folks up.

Then why would the "spammer" have to actually send emails? Wouldn't that just be extra effort, since they're lying to the client anyway?

Re:What would the natural response be? (0)

Anonymous Coward | more than 7 years ago | (#18884031)

Then why would the "spammer" have to actually send emails? Wouldn't that just be extra effort, since they're lying to the client anyway?

I'm sure there's a few out there who just completely rip folks off that way. But by doing the slash and burn method, you are actually providing the service, even if it is worthless, you are giving what the client paid for, and it's their decision if it's worth it or not: regardless of the provider's opinion - see? The spammer hasn't done anything really wrong (spam laws aside) but he's still getting his money for a service that has no real value.

Want a non-spam example?

Yellow pages. A few business owners that I know purchased ads in the Yellow pages. When folks called, they asked where did they hear about them, very few got their name from the Yellow pages and when you consider the $$$ they paid for those ads, they had a negative return. But, the Yellows pages folks will insist that you will get more business because of the ads (true) but they aren't worth the $$$ - at least for the businesses that these guys had. They keep selling those ads. If there are folks who are getting a positive return from those ads, I haven't met them.

The same goes for ads on the back of those folders that the real estate agents hand out. Their sales folks will say, "When people get their material from the agent, your business is their under their noses! What better placement!"

No one looks at those ads.

Yeah but what will the judge think (1)

DTemp (1086779) | more than 7 years ago | (#18883171)

So, if they get emails at this honey pot email account, and they are able to make deductions and say that a certain outfit was responsible for mining that email address and giving it to spammers... does that hold any legal weight*?

I'm trying to figure out how they can do this AND have it be able to hold water in court. Theres a hundred ways an account can get an email (spam or not) without it being mined specifically by the future defendant. I don't think it will suffice as the plentiff's sole burden of proof. It probably wouldn't be "clear and convincing evidence" (civil) or "beyond a reasonable doubt" (criminal).

*I have zero training in anything remotely related to law.

Re:Yeah but what will the judge think (2, Informative)

thona (556334) | more than 7 years ago | (#18883201)

::Theres a hundred ways an account can get an email ::(spam or not) without it being mined specifically ::by the future defendant. How? I put up a new email account. Noone ever uses it. It is only shown on a website for ONE page (i.e. next visitor gets another account). Nopw, I grant that someoone may mistype an address. But then - this will not result in a lot of emails coming. q.e.d.

Guided search of all the address space (2, Interesting)

rbarreira (836272) | more than 7 years ago | (#18883265)

It is possible if you brute-force all the e-mail address space, and you don't really need to brute force it. Markov Chains and other techniques can help you reduce the number of possibilities to try.

Let's hope this project thought about this issue (for example, by generating quite long AND random addresses), I would suppose so but haven't checked.

Re:Yeah but what will the judge think (1)

morgan_greywolf (835522) | more than 7 years ago | (#18883237)

So, if they get emails at this honey pot email account, and they are able to make deductions and say that a certain outfit was responsible for mining that email address and giving it to spammers... does that hold any legal weight*?


Ask the RIAA. The same tactics have worked for them at least half the time -- other half is spent suing grandmothers and small children.

Re:Yeah but what will the judge think (4, Insightful)

aadvancedGIR (959466) | more than 7 years ago | (#18883283)

Directly proving how the address was collected may indeed be a weak evidence, but you'd better see that as a working base.
Starting evidences:
-A send spam to targeted email, obviously without opt-in.
-B is suspected to have harvested that adress.
And then:
-Investigation shows a link between A and B.
Then you have something solid to sue on.

Re:Yeah but what will the judge think (1)

cybercrime (930352) | more than 7 years ago | (#18886365)

The connection between the harvester and the spammer will be key (assuming they are separate entities - if they are the same entity - then the buck stops there).

Here's some math. There are 15K harvesters identified by Honeypot. About 20% are US-based. This makes more than 3K harvesters that are US-based and subject to jurisdiction by US courts. With the power of legal process it won't be that hard to unmask the identities of a large portion of these 3K harvesters. With some pressure and threat of damages and expenses of defending a large lawsuit, many harvesters would happily disclose any relationships they have with a spammer - no more John Does - the plaintiffs can now be named. The rest is easy. Slightly more analysis here [cybercrimelaw.org] .

Re:Yeah but what will the judge think (1)

Peeteriz (821290) | more than 7 years ago | (#18883381)

"Theres a hundred ways an account can get an email" - of course, and the honeypot construction is completely irrelevant to the case, as long as they have not submitted these adresses directly to the defendant (subscribed; entered business relationship, etc, etc)
    According to the anti-spam laws they are suing for, that would be the only legal way for these e-mails to be used in advertising.
    They only have to prove that it was the defendant who sent these e-mails - it is pretty clear that the sending was illegal.

Harvesting is the only source here (2, Informative)

Kelson (129150) | more than 7 years ago | (#18886655)

Theres a hundred ways an account can get an email (spam or not) without it being mined specifically by the future defendant.

The way Project Honeypot works is this:

  1. A webmaster puts a script somewhere on his site.
  2. The webmaster then puts hidden links to that script such that most human visitors will not notice them.
  3. Bots crawl the site, and access the script.
  4. The script contacts Project Honeypot, which generates a unique email address (or several) and a legal statement explaining that you do not have permission to use the email address. Date, time, and IP address are logged along with the email address generated.
  5. Legit bots, like search engine spiders, won't do anything with the addresses picked up from the script. But address harvesters will eventually hand the address to a spammer.
  6. If spam is received at the email address, Project Honeypot knows:
    • The spammer picked up the address from a harvester, either directly or indirectly.
    • The IP from which the harvester connected, and when.

Lovely idea, but... (1)

Billosaur (927319) | more than 7 years ago | (#18883373)

Is there any kind of mandate for this? I mean, this is a private organization doing this, not local police or the FBI as part of some larger investigation, so I imagine the suit would have to be civil, rather than criminal. They might have a harder time doing this than they realize. If I were them, i might have gotten law enforcement involved at some point. The link in the article is useless, since it really says nothing about the suit.

Nothing worthwhile is easy (1)

abb3w (696381) | more than 7 years ago | (#18886291)

I mean, this is a private organization doing this, not local police or the FBI as part of some larger investigation, so I imagine the suit would have to be civil, rather than criminal. They might have a harder time doing this than they realize.

On the other hand from what I(AmNotALawyer) understand, a civil suit needs only prove wrongdoing by preponderance of evidence, as opposed to beyond reasonable doubt; that is, you only need to prove that they probably did it, rather than almost certainly. It also has the possibility to increase the "expected" costs of such scum, which may shift the supply curve and reduce the spam level. (Alas, we're talking about a non-exclusive good, so the typical supply-demand model isn't very good. But one may hope.)

Also, a civil suit does not preclude later criminal charges.

Re:Lovely idea, but... (1)

WaltFrench (165051) | more than 7 years ago | (#18886583)

Is there any kind of mandate for this?

I can think of several good reasons.
* CAN-SPAM makes unsolicited commercial email illegal in the US, but enforcement is very difficult.
* Spam must be a huge expense to the broad community of internet users -- bandwidth, filter costs, manual efforts, etc.
* Providing spammers with incentive to take over others' PCs with zombie botnets extracts further costs to hapless users.
...
And maybe a collective satisfaction of seeing anti-social thieves locked up should count for something, too.

Vatican spam (4, Funny)

paulatz (744216) | more than 7 years ago | (#18883383)

Maybe in the USA nobody knows, but the acronym VA uses to stand for Vatican (http://www.vatican.va/) not Virginia. You may imagine how dazzled I was after reading that the Pope himself will take care of spammers, will they be excommunicated?

Re:Vatican spam (0, Flamebait)

incorporalis (195741) | more than 7 years ago | (#18883405)

Perhaps article submitters or editors can start thinking outside of the USA?

Re:Vatican spam (1, Funny)

Anonymous Coward | more than 7 years ago | (#18883573)

Don't come crying to us because you live outside the U.S.

You hate us for our freedom!

Re:Vatican spam (5, Funny)

allscan (1030606) | more than 7 years ago | (#18883905)

Perhaps a it's time for the SPAMish Inquisition.

Re:Vatican spam (0)

Anonymous Coward | more than 7 years ago | (#18884491)

Nobody expects the SPAMish Inquisition...

I know everybody is thinking it .... (0, Redundant)

IwantToKeepAnon (411424) | more than 7 years ago | (#18884793)

so I'll say it:
    Nobody expects the SPAMish Inquisition!

Re:I know everybody is thinking it .... (1)

IwantToKeepAnon (411424) | more than 7 years ago | (#18947323)

Hey moderator, just cuz someone TOP REPLIES does not mean I am redundant.

Read yer FREEKIN timestamps b/f you mod me down..... geeesh.

Re:Vatican spam (3, Funny)

FrankNputer (141316) | more than 7 years ago | (#18885025)

Perhaps a it's time for the SPAMish Inquisition.

I didn't expect that...

Re:Vatican spam (3, Insightful)

operagost (62405) | more than 7 years ago | (#18884457)

VA was an accepted postal abbreviation for Virginia way, way, way before there was a vatican.va.

How can I register god.i.va ? (1)

hadaso (798794) | more than 7 years ago | (#18921219)

god.i.va - seems like a nice domain name, and it's not in use by anyone, but where does one register *.va domains?

How can I help? (1)

ZachPruckowski (918562) | more than 7 years ago | (#18883563)

I live in the vicinity of Alexandria (well, about 60-90 minutes away). Is there any way regular spam-targets like me can help?

Re:How can I help? (1)

jalet (36114) | more than 7 years ago | (#18883677)

Sure you can help : just go there and break the spammers' legs.

Sign-up for Project Honeypot? (0)

Anonymous Coward | more than 7 years ago | (#18883749)

If you have a website, you can help. If you have mail servers, you can help. If you have a blog, you can help.

Re:How can I help? (1)

wargolem (715873) | more than 7 years ago | (#18883885)

If you live in VA, you might have already done your part depending on how you voted! VA has some awesomely strict anti-spam laws which even make it illegal to route spam through VA, even if the spammer and recipient don't reside anywhere in VA. Do a search for "Virginia Computer Crimes Act", or just click here for VA Codes and Laws [state.va.us] . As always, the EFF [eff.org] is a good place to look around too.

Now if VA would just get rid of UCITA... *sigh*

Re:How can I help? (1)

PeeAitchPee (712652) | more than 7 years ago | (#18884469)

Sure -- quit ordering those Canadian meds! ;-)

Ah, the Beltway (1)

jfengel (409917) | more than 7 years ago | (#18886271)

60-90 minutes from Alexandria puts you in about Annandale, at least during certain times of the day.

Probably no major players. (2, Interesting)

rel4x (783238) | more than 7 years ago | (#18883709)

This is cool, but I doubt many big players still use web crawlers to find e-mails. Not with plentiful sources of hacked databases and co-registation e-mails available. Servers cost money, time to setup, and man hours to make sure they're up. Pushing low quality e-mails wouldnt be worth it, since the response rate of spam has lowered so much over time. Too many of the e-mails were posted years ago(and since died), are honeypots, or unverifiable e-mails(large domains like yahoo.com do not support the method spammers use to verify the existance of e-mail addresses).

VA?! (-1, Troll)

c0ldfusi0n (736058) | more than 7 years ago | (#18883721)

Woooo hold up. VA is in the news.... without any mention of VT? HAVE YOU NO HEART, SLASHDOT?! WHAT'S WRONG WITH YOU, AMERICAN MEDIAS???? You're just gonna let this happen? Let the tragedy be forgotten and overwritten by some other junk? BLASPHEMATORY! Where are my images of the killer, his video and the interviews of random students?! I hate you slashdot, i HATE YOU!!

One spammer less? (1)

zehrila (1093577) | more than 7 years ago | (#18883847)

Looks ok, hope this spam thing gets to an end but it does not look like its ever going to end as they catch one and 99 are still spamming. in fact they are growing with in crease in number of internet users. Hope some one put a full stop in front of spammers some day.

Re:One spammer less? (0)

Anonymous Coward | more than 7 years ago | (#18888355)

The amazing thing is that it is a relatively small number of spammers responsible for most of the millions and millions of spam messages sent out every day. Your guess at 100 is perhaps not that far from the mark -- and I'll take a reduction of 1% of the spam any day.

Kdawson, I know no one RTFA, but c'mon (0, Redundant)

tsu doh nimh (609154) | more than 7 years ago | (#18883895)

Might not be a bad idea to update the summary with a link to the full story [washingtonpost.com] mentioned in the blurb.

Close but no cigar (1)

eMbry00s (952989) | more than 7 years ago | (#18883959)

This method of collecting evidence assumes that the email addresses aren't collected using the same zombie computers that send the spam.

Two things can happen:
1) Spammers used their own computers, and (maybe) face the consequences - after this lawsuit the collecting is distributed onto zombies aswell. As long as there's a market, there'll be new people exploiting it.

or

2) The spammers didn't use their own computers to collect addresses, and will continue that way.

Re:Close but no cigar (0)

Anonymous Coward | more than 7 years ago | (#18888211)

This method of collecting evidence assumes that the email addresses aren't collected using the same zombie computers that send the spam.

This is addressed in the article.

Re:Close but no cigar (1)

eMbry00s (952989) | more than 7 years ago | (#18890659)

Heh, well, you know where we are. (shit)

Quest for Information (1)

ITMagic (683618) | more than 7 years ago | (#18884055)

Not that I have any hard information, but I guess these guys are using this as an information gathering exercise prior to something bigger (at least I hope it leads to something...)

The gathering of IP addresses has been discussed here before (though I cannot offhand remember when). It is theorectically trivial to serve up a cryptohash of the IP address of the visitor harvesting email addresses with the intention of spamming. So, we know how the email address in question was gathered.

SMTP connection tracking will tell us from which IP address the email was delivered.

What we don't know is how these two events are linked - ie. who is involved in the chain. Hopefully, court action will force the participants out, and maybe reveal other interesting information...

and I wish these guys all the best. Someone is actually attempting to do something. It may not work first time - but they are giving it a damn good go, and I for one hope they suceed.

Hoorah (1)

Mockylock (1087585) | more than 7 years ago | (#18884439)

This needs to be done more often. Where do we get the software!?

If only they could find a solution to Domain Tasting and Kiting, we'd be taking a good step forward.

NOT Viginlante (2, Insightful)

DynaSoar (714234) | more than 7 years ago | (#18885491)

This is in response to various replies, not the parent or TFA: This is not "vigilante" activity. A vigilante is someopne who usurps or subverts established social structure, acting as judge, jury and/or executioner.

Before there were laws on the books about spamming, there was no social structure for identifying and acting against spammers. Those who did it then were emergent order enforcement acts. They were volunteers carrying out the desires of many based on the consensus, or at least vocal majority, of the net. There was a socially accepted behavior, people who violated it, and people who took it upon themselves to enforce the socially accepted. All law enforcement has evolved from social systems in precisely this manner.

Now that there are laws, these people seek to identify the perps, and use the established social structure by turning them over to the proper channels and authorities.

Those who provide filtering/blocking services are acting within a social structure suitably designed and executed for property protection. They are offering private protection services and people sign up with them, or not.

Ever since Canter & Seigel people have accused anti-spammers of vigilantism without understanding what it means. Of course this was semi-informed media, hot headed critics, or spammers caught in the act, all of them using the word for hot-button value.

Now, people who cat together their tracking cookies with large garbage files to try to buffer overflow spammers' data collection activities, and people who set up botnets to DDoS spammer botnets, those are vigilantes. There are laws in place. Going around them is what vigilantism is about.

I was there for Canter & Seigel, and many more for several years. Only Alan Boyle, science editor at MSNBC, ever noted that the word "vigilante" was frequently misused in this way by others in the media. The few others anywhere near as correct simply didn't refer to us in that way.

The sound of money? (2, Interesting)

John3 (85454) | more than 7 years ago | (#18886349)

From the lawsuit mini-faq [projecthoneypot.org] :

What happens to any money you win in the lawsuit?
        We're a long way from that, but we'd like to help out the people who have helped us. Obviously a large chunk would go to paying legal fees. Intriguingly, though, since we will know what Project Honey Pot members provided the data that ends up winning the case, maybe we'll be able to send them a little bonus. :-)


I've been running a few of their honeypots for the past two years, so hopefully one of the spammers I "caught" will wind up paying a big time settlement. Sure, it's a pipe dream, but it's my pipe dream.

Why do ISPs allow direct SMTP outbound? (1)

rat_love_cat (844761) | more than 7 years ago | (#18886895)

Botnets are the biggest source of spam, so why do ISPs still allow direct outbound SMTP from home connections by default? It wouldn't be too difficult to force all outbound SMTP through the ISP's mailserver by default, but allow direct SMTP connections for those who ask for them. If the mail goes through the ISP's mailserver, it can easily be tagged and the ISP can monitor for suspicious activity.

Is there some reason why this can't be done, or is it just that there's noone to enforce it on the ISPs? If it's a question of enforcement, wouldn't an agreement by some of the big ISPs not to peer with ISPs that are spam sources help matters along?

I'm just waiting for that "your idea won't work because" template now...

Re:Why do ISPs allow direct SMTP outbound? (0)

Anonymous Coward | more than 7 years ago | (#18888843)

Sounds like what DSLExtreme does. They have a firewall tool that blocks outbound port 25 by default. You have to login to the website and check a box to manually enable outbound port 25 traffic.

Washingtonpost.com has a copy of the complaint (1)

tsu doh nimh (609154) | more than 7 years ago | (#18889113)

Available at this link [washingtonpost.com] (PDF)

been there done that (1)

v1 (525388) | more than 7 years ago | (#18889519)

I run my own mailserver and I can generate a unique email alias on a whim, that forwards to my main account. I use this whenever I need to give my address to someone that I either don't trust or want to be able to track.

I usually include part of the vendor in the address so I can remember it easlier. So like for NewEgg, I give them "v1newegg@vftp.net". Any email I receive that is addressed to v1newegg@vftp.net, I know exactly where it legitimately could have come from. If it comes from someone selling prescription drugs at a discount, I know that one of two things has happened:

(1) newegg sold me out
(2) newegg's incompetent IT department allowed a spam virus to run loose on one of their internal machines and it harvested my address and sent it to the spammers.

While I'm sure that 95% of the cases are (2), neither is any worse than the other, as they have the exact same effect on me.

One I sent to was for ford, I wanted some dealers in my area to contact me about a hybrid. I got my calls. Six months later, one spam per day arriving, addressed to v1ford. I don't believe ford sold me out, but likely one of their dealers that they sent my email to to contact me, was owned and got my name on the list.

Fortunately, when this happens I just delete the alias and stop doing business with them, I give my real address out to my friends and family, though I probably shouldn't even do that. Who knows when a friend of mine is emailing me from someone else's PC and gets me nailed. If the spammers get my real address, I am screwed.

I tried to do this with my mom, but she knows so many people with PCs, her main address was on several lists within two months. Amazing how windows security even screws with the mac users.

Re:been there done that (0)

Anonymous Coward | more than 7 years ago | (#18894323)

Let me guess, your e-mail is v1@vftp.net ? If not, kudos to you.

yay! (1)

Cygnostik (545583) | more than 7 years ago | (#18890445)

If you're technical enough to have a good idea how thing really work, have dealt with the hell spammers cause the industry (hosting especially, abuse departments, CS, hah) and you're familiar with Project Honey Pot, what they do, how and why; you'd know this is a great thing. It's awesome to finally see efforts put to good use and progress made, even only in small steps, any kind of progress gives me a hell of a sense of hope for the future...
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>