Internet Based Attacks in a Physical World

← Back to Stories (view on slashdot.org)

Internet Based Attacks in a Physical World

Posted by Hemos on Monday May 12, 2003 @01:31AM from the too-bad-it's-not-internet-based-attacks-on-The-Real-World dept.

scubacuda writes "In light of the /. backlash against Spam King, Alan Ralsky, (in which /.ers published his info online--including an overhead shot of his house--and signed him up for junk) Simon Beyers, Aviel Rubin, and David Kormann have written a report entitled Defending Against an Internetbased Attack on the Physical World. Bruce Schneier notes that there's no easy defence against such an attack, largely because companies want to make it easy for consumers to get their promotional information:'Subscribing someone to magazines and signing them up for embarrassing catalogs is an old trick, but it has limitations because it's physically difficult to do it on a large scale. But this attack exploits the automation properties of the Internet, the Web availability of catalog request forms, and the paper world of the post office and catalog mailings. All the pieces (that) are required for the attack to work.' But as Rubin and his colleagues point out, there's a real danger in this ploy, one that few people have likely thought about. 'A scenario could be imagined where an attacker would do this to delay the arrival of an important letter, to wreak havoc on the postal system for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.'"

25 of 290 comments (clear)

Min score:

Reason:

Sort:

Who trusts the US Mail anyway? by efedora · 2003-05-12 01:37 · Score: 3, Insightful

"A scenario could be imagined where an attacker would do this to delay the arrival of an important letter...."
I don't know about you but I haven't trusted an important letter the the USPS for many years. Tax returns etc. go Certified or Fedex only. The USPS is just not reliable any more when the mail item is important.
1. Re:Who trusts the US Mail anyway? by HowlinMad · 2003-05-12 01:56 · Score: 5, Insightful
  
  I both agree and disagree. For $.37, if it is in fact important, then no, I would not use the standard option. But, the USPS does have other services available, i.e. Certified Mail, Registered Mail, Delivery Confirmation, Signature Required, etc. These all cost more money, but once again, if the package is important, it is well worht the small cost.
  
  So basically I find the USPS to be reliable, if you pay for the proper service.
  
  --
  Great Linux Site
2. Re:Who trusts the US Mail anyway? by jellomizer · 2003-05-12 02:05 · Score: 3, Insightful
  
  Like Spam can delay the arrival of an important email or even have it compleatly loss in the mass, filtering, or by accident. That is the real threat of Spam. The fact that an Import Message via E-mail gets cluttered with a bunch of spam. This makes the email difficult to find. It like those pieces of junk mail that look like they are bills so you have to open them up to make sure that they are not billinging you for something you didnt sign up for.
  If Spam companies were really reptibual they would actually be working for their stuff to be easilly filtered like the ADD: to the subject line. Because there are some people who like Spam for some reason, and others who hate it, and the majority who dosent care. So by helping people filter out their own Spam give a less bitter taist in peoples mouth about the Spam. Also it helps controol their e-mail.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
3. Re:Who trusts the US Mail anyway? by Oswald · 2003-05-12 02:41 · Score: 4, Insightful
  
  This is wrong. The mail is not unreliable. In 25 years of paying my own bills, I cannot recall a single instance where somebody I owed money claimed not to have received the check I sent them. That's hundreds of pieces of important mail without a single loss or serious delay, going back to the late Seventies.
  Mostly people bash the USPS because it's something they've heard others do, not because they've had bad experiences. Have you had trouble with your mail?
  And what is Certified Mail if it isn't USPS?
  Thirty-seven goddamn cents for three- or four-day delivery anywhere in the country. A couple bucks to send a book via Media Mail and have it arrive 5 days later (10 days sooner than the estimate). I don't know what you want.
4. Re:Who trusts the US Mail anyway? by jridley · 2003-05-12 03:18 · Score: 2, Insightful
  
  I find the USPS to be extremely inexpensive and reliable. They have never lost a letter or package of mine.
  
  UPS has. I have only used FedEx on a couple of occasions, so have no basis for comparison. Every damaged package I've ever gotten came via UPS; some was literally run over by a truck; they had tire tracks on the boxes. This has happened to me twice. UPS forklifted a telescope on me once. I've never seen anything that was properly packaged get damaged by USPS.
  
  USPS is also amazingly fast. For reasonably local mail (within 200 miles or so) if I drop it in the mailbox today, the person will ALWAYS have it tomorrow. Long distance stuff can take a long time, up to a week or a little bit more, but that's to be expected; they MUST run hub/spoke distribution to be able to provide service for the piddling amount they charge.
  
  I don't believe that a private company could do any better than USPS does. USPS is, after all, essentially a private company anyway. I believe that if you compare similar (and similarly priced) services from USPS and a private carrier, you'll see at least as good service from USPS.
5. Re:Who trusts the US Mail anyway? by duffbeer703 · 2003-05-12 04:31 · Score: 2, Insightful
  
  All US Court Systems, the army, most all banks, etc.
  
  You should tighten your tinfoil hat, the mind control beams are getting in!
  
  --
  Conformity is the jailer of freedom and enemy of growth. -JFK
stop terrorism paranoia by borgdows · 2003-05-12 01:39 · Score: 2, Insightful

to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.

This is NOT terrorism, it IS a crime!
1. Re:stop terrorism paranoia by Anonymous Coward · 2003-05-12 01:50 · Score: 1, Insightful
  
  That all depends on the intent of the letter. Terrorism is the use of force or threat of force for political or social objectives. So if the intent of sending a contaminated letter has either of those in mind, then it is terrorism.
2. Re:stop terrorism paranoia by Bartmoss · 2003-05-12 02:01 · Score: 1, Insightful
  
  One man's terrorist is another man's freedom fighter.
3. Re:stop terrorism paranoia by Divide+By+Zero · 2003-05-12 02:02 · Score: 3, Insightful
  
  Depends on the perpetrator.
  
  Depends more on the date.
  Before 11 Sept 2001: a crime (harassment)
  After 11 Sept 2001: a vicious terrorist act orchestrated by Osama bin Laden, and supported by Saddam Hussein's totalitarian regime to undermine the Homeland Security of the US (and justify the existence of Tom Ridge)
  
  Bombing a building is terrorism. Gassing a subway is terrorism. Holding hostages is terrorism. These acts inspire terror.
  
  Getting too much mail is just a pain in the butt. Maybe a crime, but mostly a pain in the butt. If getting too much mail is a crime, and mail is comparable to email, then getting too much email is a crime and we need to call out the feds on spammers. Maybe not a bad idea.
  
  --
  Dare to Hope. Prepare to be Disappointed.
4. Re:stop terrorism paranoia by Anonymous Coward · 2003-05-12 02:56 · Score: 1, Insightful
  
  To quote the estimable George Carlin, "If crime fighters fight crime and fire fighters fight fire, what do freedom fighters fight?"
DOS by lawsuits? by joostje · 2003-05-12 01:41 · Score: 5, Insightful

I've always thought that in a way, a lawsuit often serves like a DOS attack, especially if it's a big company filing against an individual.

Basically, the individual is swamped with requests s/he has to answer, and using up larges amount of resources (lawyer fees).

Very similar to a DOS attack where a server has to answer loads of requests, eating away in its resources (CPU/netwerk traffic).
1. Re:DOS by lawsuits? by Redking · 2003-05-12 02:26 · Score: 2, Insightful
  
  You're forgetting about the lawyer fees associated with launching such an attack. Yeah the big company has deeper pockets but it's not like companies are swimming in cash to launch a physical DDoS at their whim. There are significant "overhead" costs such as bad publicity and loss of reputation. And the company has to have some legal basis to file a lawsuit otherwise it's libel/slander city. However, if the company has a case against an individual, I would think ONE lawsuit is enough to cause the loss of the individual's resources (time, money, lack of stress).
  
  Besides, launching an DDoS attack on the internet is relatively cheap in comparison. Once you have a large group of zombied computers on broadband you can control them to do your bidding with relatively no cost to yourself, unless you count the time used to conceal your activities.
  
  rk
  
  --
  Rangers Lead the Way!
Give me a break. by Anonymous Coward · 2003-05-12 01:43 · Score: 1, Insightful

All credibility was lost with this scare tactic:

"to serve as a diversion for a terrorist act"
Guerrillas and gorillas... by jkrise · 2003-05-12 01:43 · Score: 3, Insightful

"Let's hope anti-spam, anti-marketing guerrillas can keep their perspective and priorities in order."

When the spam and other ass-orted gorillas get their perspectives in order - then let's talk of anti-spam guerrillas.

"A scenario could be imagined where an attacker would do this to delay the arrival of an important letter, to wreak havoc on the postal system for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter,"

Pure FUD and crap. How many times has spam stopped important mail? How many times anti-spam filters have deleted the 'wrong' mails? Apparently spammers have exclusive abuse rights on the 'system' while lesser users don't! Intriguing.

--
If you keep throwing chairs, one day you'll break windows....
1. Re:Guerrillas and gorillas... by dave_mcmillen · 2003-05-12 03:26 · Score: 5, Insightful
  
  "A scenario could be imagined where an attacker would do this to delay the arrival of an important letter, to wreak havoc on the postal system for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter,"
  
  Pure FUD and crap.
  
  Oops, I'm sorry . . . They've invoked the T-word ("terrorist"), so you are no longer allowed to express any doubts, reservations, or hesitation. Your Patriotic Duty(TM) is to wave a flag and go along with whatever they say. If you're not one of Us, you're one of Them.
Mass Showing by Flamesplash · 2003-05-12 01:59 · Score: 2, Insightful

I think that when a large number of people are willing to spend their time physically DoS attacking someone then maybe that person deserves it. I don't think that if an individual just had a grudge against the spam king that person would have been able to really do much damage, but obviously enough people felt the same way.

I see it kind of like picketing, one person doesn't really do that much harm, but if enough people are pissed off....

--
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
Idiot by theLOUDroom · 2003-05-12 02:01 · Score: 5, Insightful

or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.'

God damn. This just makes me want to punch him in the face. Why the fuck does everyone always have to bring terrorism into everything? Ever since 9/11 we have had idiots, making comments like this about EVERYTHING. I am so sick of it.

This guy's statement require ridiculous stretches of the imagination of one to even think of a way it might benefit a terrorist. I mean, seriously, use some common sense here. If you're trying to send someone a letter full of anthrax, you want it to actually get there.

Yes, terrorists could use cars too. Maybe we should ban cars! That way a terrorist can't get his hands on a car and start running people over. Just imagine how many people he could kill by driving down a busy sidewalk! We better hurry!

Then we'll have to ban chair-lifts too. Imagine how many people would be injured or killed if someone cut the cable! We can't have that, now can we?

Ya know, they used fertilizer to make that there Oklahoma City bomb. We better get rid of fertilizer too.

But wait! That still leaves arson! We better make matches a restricted item. Can't have a terrorist going around burning down houses, no can we?

This kind of moronic reasoning makes me want to get this guy alone and "exploit the automation properties" of a few choice power tools.

See! Power tools can be used for evil! Better get rid of those too. Never mind that the benefit they provide to society far outweighs the cost. Never mind that this is supposed to be a "free" society. Won't someone please think of the terrorists?

--
Life is too short to proofread.
1. Re:Idiot by brettlbecker · 2003-05-12 02:50 · Score: 5, Insightful
  
  I completely agree.
  
  The culture of fear is just sickening, and the fact that the government and state agencies are exacerbating the 'terrorist' buzzword is repulsive. As if it wasn't bad enough, the major media outlets are constantly trying to one-up each other with hysterical reporting.
  
  All of this serves to show how gullible, how willing most people are to accept all of this as fact. It brings out the frightened-herd metaphor in all of its glory. And it makes one wonder what happens when the world's greatest superpower is also the world's most terrified nation. What happens when animals are backed into corners?
  
  This is not likely to end soon. Things are going to get worse before they get better... that is, if there is a chance for things to get better.
  
  B
  
  --
  "We must still have chaos within in order to be able to give birth to a dancing star." --Friedrich Nietzsche
2. Re:Idiot by curtisk · 2003-05-12 03:16 · Score: 3, Insightful
  
  This is not likely to end soon. Things are going to get worse before they get better... that is, if there is a chance for things to get better.
  ....elections are coming up before you know it....make 2004 count!
  I'm a severe cynic as far as the election process goes, but if you don't even vote thats even more useless.
  Good post and parent post BTW
  
  --
  Sehr geehrter Toilettenbenutzer!
3. Re:Idiot by swordgeek · 2003-05-12 03:24 · Score: 4, Insightful
  
  Well since you're already modded up to 5 (i.e. I can't moderate it up anymore), I might as well post.
  
  Agreed 100%. I keep hearing about the potential for "Terrorist attacks," mostly coming from US government officials or Concerned Citizens(tm). Do they forget that the anthrax attacks in the US, terrible as they were, were initiated by a born-and-raised American citizen? Or that they killed less people in total than are killed in the US by handguns every single day?
  
  Give it a rest folks! There will always be some way for psychopaths to kill people, possibly en masse. All that regulating every aspect of life does is annoy people, and make it impossible to live normally anymore.
  
  --
  
  "People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Don't make the mob mad. by Ironpoint · 2003-05-12 02:24 · Score: 5, Insightful

The best way to defend from internet attack also works in the real world. Its called "Don't make large groups of people angry."

This seems like complaining that the internet allows collaboration of large numbers of like minded people. Yeah, thats the point. The failure of this article is to understand that it is not organized. Thats like saying that all the death threats the Dixie Chicks got all came from one organized structure.

Hundreds of thousands of people are not going to conspire to commit a single crime (Anthrax letter example). That's ridiculous.

To suggest that just because a large number of people are equally angry and respond in a similar way (through mailing etc), that the response is organized is stupid. People who want control set up straw man organization because they can't compete against 100,000 individuals. How many times have we heard "Those protests are completely organized by organization XYZ, they have buses that bring people in". Or in labor problems: "Its XYZ union that is causing the strike, most of the workers don't care" By using the tactic of combining the perception of voice down to a single entity, detractors can be more persuasive in gaining mindshare.
Think about what this can do to companies.. by defile · 2003-05-12 02:28 · Score: 5, Insightful

Imagine though, that instead of signing up just any plain individual with an ego problem, that you signed up a business for all of this junkmail.

Think about a company sabotaging its upstart competitor by saturating their mailbox with junk. The competitor starts missing bills, notices from vendors, etc.

Or even worse, imagine someone who has been screwed by the phone company one too many times decides to mailing list bomb their bill payment center. The costs of processing payments shoots up while mail peons have to separate the payments from the junk.

Congresspeople start getting cut off from their constituency.

etc...

And the worst part is that this is so hard to undo. Even if you take the effort to unsubscribe from every single mailing list you're on, it would take the attacker mere seconds to re-add you to all of them.

This is probably one of the most devastating non-violent denial of service attacks you can utilize today.

Moral of the story: don't piss people off.
1. Re:Think about what this can do to companies.. by stephenbooth · 2003-05-12 03:06 · Score: 3, Insightful
  
  Congresspeople start getting cut off from their constituency.
  
  If politics in the US is anything like it is in the UK then junk mail bombing is not required, it's already happened. Politicians are already cut off from the electorate; isolated behind walls of secretaries, PAs and special interest group contributions.
  
  Maybe things are better in the states? But here in the UK it's rare to find someone who can name their MP or local councillor, let alone remember any of their election promises. I've been eligable to vote for 15 years now, I've written to my MP about once every 18 months on average (5 different MPs) about various local and national issues. So far I've received only one reply, and that tried to dodge my questions.
  
  Stephen
  
  --
  "Don't write down to your readers, the only people less intelligent than you can't read" - Sign on Newspaper Office Wall
Re:usps doesn't help things, but that's the way it by duffbeer703 · 2003-05-12 04:40 · Score: 2, Insightful

You're a real ass. The postal workers union is about as useless as tits on a bull, and the government exempts itself from all sorts of labor laws.

Postal workers, particularly those in the sorting centers work very hard -- they don't have a choice or a teamsters union to lighten the load.

--
Conformity is the jailer of freedom and enemy of growth. -JFK