Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Based Attacks in a Physical World

Posted by Hemos on from the too-bad-it's-not-internet-based-attacks-on-The-Real-World dept.

scubacuda writes "In light of the /. backlash against Spam King, Alan Ralsky, (in which /.ers published his info online--including an overhead shot of his house--and signed him up for junk) Simon Beyers, Aviel Rubin, and David Kormann have written a report entitled Defending Against an Internetbased Attack on the Physical World. Bruce Schneier notes that there's no easy defence against such an attack, largely because companies want to make it easy for consumers to get their promotional information:'Subscribing someone to magazines and signing them up for embarrassing catalogs is an old trick, but it has limitations because it's physically difficult to do it on a large scale. But this attack exploits the automation properties of the Internet, the Web availability of catalog request forms, and the paper world of the post office and catalog mailings. All the pieces (that) are required for the attack to work.' But as Rubin and his colleagues point out, there's a real danger in this ploy, one that few people have likely thought about. 'A scenario could be imagined where an attacker would do this to delay the arrival of an important letter, to wreak havoc on the postal system for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.'"

7 of 290 comments (clear)

  1. Re:The Economist by mlush · · Score: 4, Informative

    I think The Economist has the easiest and cheapest answer to the problem of spammers. Charge large emailers per send.. the economic disadvantage of sending out wasted emails would then help reduce the number and encourage targetted sending...

    You missed the point here. The problem is not spam email, its a DOS attack using snail mail which damages both the target and the bulk mailers.

  2. Re:The Economist by Timesprout · · Score: 3, Informative

    Ths article is not about preventing spam. Its about how the postal serices, and probably a few others are vunerable to malicious disruption via abuse of internet capabilities

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  3. Re:The Economist by mlush · · Score: 2, Informative
    You feel there is no causal link in this attack?

    You have again missed the point. Smail mail DOS can be targed against people who arn't spammers!!! (Gasp!) The article (if you care to read it) mentions it is a farily trivial script would automate the signup process to some 250,000 sources of junk mail. The fallout from such an attack would affect everyone in the area causing lost and delayed mail as well as exploiting many legitamate companys sending the mail.

  4. Re:usps doesn't help things, but that's the way it by bofkentucky · · Score: 3, Informative

    Spam and Periodicals actually use more efficent methods to deliver mail, those fancy bar codes make their mail easily routable, your scriblings on the envelope require human eyes to sort to the correct address, human's cost money...and postal workers are some of the most expensive, the added inefficency of union workers and gov't workers makes for very little work.

    --
    09f911029d74e35bd84156c5635688c0
  5. Those "mail dumping" incidents a few years back by swb · · Score: 2, Informative

    Weren't there a couple of "mail dumping" incidents a couple of years ago?

    IIRC, they found one postal worker with a whole basement/attic/whatever filled with undelivered mail, and other worker was found to be dumping it under an overpass or something.

    The residents had complained for years about poor mail service, lost mail, etc and when they finally found out what was going on it looked like the whole postal zone was a fscking disaster (bad management, etc etc etc).

    Overall, this seems like a rare exception. I've never had a bill not get paid or not gotten something due to the post office.

    In fact, I've had more problems with UPS trashing packages.

  6. Re:That's an easy one: by rifter · · Score: 2, Informative

    Then read the article. The source code for the script is even in there. Sheesh!

  7. Small-penalty Spam-suit State Laws by billstewart · · Score: 2, Informative
    Several states have anti-spam laws designed to make this easy. They're tort laws (person-sues-spammer-for-damages) rather than state-vs-spammer laws, and the damages are small (mostly $200-500) so you can sue in small claims court with minimal legal costs if you can catch the spammer (and if the spammer's in your state.)

    That doesn't let you catch every spammer that spams you, but it's enough that it can theoretically be very annoying to small spammers, who have to show up personally, and are more likely to be receptive to the message that "everybody hates you, and we'll make you lose money and spend lots of time being told that everybody hates you." (And if not, then hey, it's an $200 check for an evening's trip to Small Claims - busting spammers can be profitable if you 're in a state with that kind of law.) Big spammers are likely to annoy more people, and usually incorporate to protect their owners, so they probably have to send a lawyer to the courts rather than the owner, but that's fine too. On the other hand, they're much more likely to locate to states that don't have such laws, so they're only subject to Federal laws.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks