Slashdot Mirror
On The Trail Of Super-Zonda
Dynamoo writes "BBC Radio 4 has been on the trail of the notorious Super-Zonda spammers and crackers, according to this article. Super-Zonda's trick is to find insecure hosts and pressgang them into webservers for mail order brides, viagra and other spam favorites. In this case a server is traced back to a hacked machine at a major international airline.
The BBC investigate some of the people allegedly behind the spam in an investigation starting on the Spamhaus houseboat in London and ending in the Netherlands via Moscow. The BBC point the finger at Martijn Bevelander of MegaProvider as being not the innocent party he seems. The BBC provide some evidence to back this up, and are not known for rash accusations."
Finally, investigative reporting that is actually helpful and interesting. Go the Beeb : )
Vino, gyno, and techno -Bruce Sterling
Sorry - that's dumb. They send 1 million emails per sale. They would send 1 billion if it were an order of magnitude cheaper. There must only be 1 idiot to make it worth annoying 1 million people. The problem is not resolvable with market solutions.
vigilantism, yeah.
Look idiot. How easy to you think it is to convince everyone to stop paying for stuff they get in spam. It's not even possible to get everyone to stop murdering people and molesting children. (I'm not saying that buying something from a spam is as bad as that, of course)
.001% in order to make money.
But seriously, these spammers only need to get
autopr0n is like, down and stuff.
If reporters can find these spammers who break the law why can't law enforcement do the same?
Who owns your data?
Yeah, and likewise with con artists. If all 7 billion people on the planet agreed that they would no longer be conned, there would be no scammers left.
.001% represents something like 5,000 internet users, which can be enough to make the whole thing profitable (since sending the spam is free, using stolen resources).
The problem with spam is that it exploits statistics: Even if 99.99% of people just delete it, that
Cheers
-b
When applied to crises, legislation rarely affects changes as intended. Please, people, do not let the politicians get into this. Do not give them another issue to gain face time, tack non-germane amendments to another bill, and complicate a problem with a simpler technical solution. Please, those of you with bigger programming wits than I, develop an alternative to SMTP.
So somebody sends out annoying emails. Perhaps they even do some squirrely things to do so. But good god, man -- it's an email. Throwing someone into a place reserved for killers and rapists and then summarily depriving them of all modern forms of communication might make you feel better about your overly self-important sense of time, but that does not justify the evil of the deed.
Repeat after me: your life, just like mine and most everyone else's, is inherently meaningless. It has not been somehow made even less valuable because you had to hit the delete key. Spam is annoying. Spam is nothing more than that -- it does not deserve "hard jail time". We live in a world veering towards a police state quickly enough as is -- and the inability to take a deep breath just because you got an email for something you don't want need not push us there faster.
We who were living are now dying
With a little patience
It is a fairly trivial matter for most regular /. readers to back trace a spam mail to the source server. In nearly all cases the server is an open relay or has been owned - either way the plug should be pulled.
I would like to see a semi-automated tools to assist in this. It would allow people to respond to the majority of spam they receive with little effort.
The tools would require a minimum of:
* Extract IP from header.
* Reverse DNS lookup of host computer (to get domain).
* Extract primary contact from DNS registration or email the postmaster advising them of situation.
* And finally a temporary blacklist site could be an option as well (We don't want to permanently blacklist British Airways do we?).
Does anyone else have any thoughts on desirable functionality or incorrect assumptions I have made?
Q.
Insert Signature Here
That wouldn't really solve the problem, unless the replacement was effectively to not have worldwide email. It really comes down to a problem of authenticating the source of the mail, and even then you need some way to know if that source is acceptable. Both of those are really tough problems when applied to a worldwide scale.
Think about secure TLS/SSL websites. The authenticity check is dependent upon the trustworthyness of the root CAs. The respectable CAs must do a lot of manual checking of the registrant's identity before signing a certificate. And that costs a lot of time and money and infrastructure. And even then the certificate-based system we have for webpages is not all that great, it's still relatively easy to hijack websites or even run it yourself (who besides me actually bothers to look at the certificate details when they go to a secure site, or even removes some of the root CAs from their browser's builtin list?).
Now, there certainly should be a way to get the domain name registration information as verifyable as certificate registrations; because the whois databases right now are laughably corrupt, not even the most fundamental checks are performed to insure that the data is correct. But even then, that doesn't stop spam, although it may help you track them down better.
And asuming you have perfect authentication, knowing the source is authentic still doesn't determine whether you consider the source to be a spammer or not. A certificate only proves identity, it doesn't say anything about the type of content being sent. You certainly wouldn't be able to know the millions of different potential email sources, nor keep up with the minute-to-minute changes. And if you're a business you can't use a known sender whitelist; or you may never get job resumes, sales inquires, and so forth. So someone would have to build a list of all "good" non-spammer certificates.
But then you're back to the same situation we have now. You'd just be using certificates or something like that instead of IP addresses as the "identity" you'd be matching against some database, like the many blackhole lists. And given how easy it is to hijack insecure computers, there would certainly be holes around that type of system too.
Now true, the insecurity of vanilla SMTP is an issue for confidentiality purposes, but you can't really blame spam on that. And if you use the already standardized SMTP extensions, such as STARTLS or S/MIME, then SMTP can be pretty secure. Spam is a social problem, not a technology problem.
yeah, but some Israelis think that anybody who doesn't proclaim that shooting kids for throwing rocks is OK (er, sorry -- shooting Palestinian kids for throwing rocks) is a nazi.
As far as I'm concerned, there is a big difference between being critical when Israel does something stupid/nasty and being anti-semitic -- especially if you're just as critical of Palestinian stupidity.
Free Software: Like love, it grows best when given away.
I'm sorry that the BBC being a truly independent news organisation ruins your enjoyment of the suffering of the Iraqi people.
Perhaps you prefer getting all your news from "patriotic" broadcasters, like FOX News, who won't bring you anything that doesn't paint the US/UK/other invasion in anything apart from a positive light. Good for you - if you want your news censored by a broadcaster who's more interested in keeping you watching at any cost that it is in the truth then that's your perogative. But some of us prefer getting the raw facts and making our minds up for ourselves.
Yes, the BBC's coverage of the war hasn't been a flag-waving exercise. But why should it be? Because you say so? Because a government official says so? Sometimes the truth isn't as pretty as we would like but that doesn't make that truth any less valid or worthy of our attention.
Perhaps you like watching the news brought to you by people who would probably have their war coverage sponsored by a handgun manufacturer if they thought that they could get away with it. But I and many others don't.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
That is worth sending someone to jail for. Given that we've got these sledgehammer anti-hacking laws on the books, we might as well put them to a good use.
Which reminds me: is hacking for profit considere an extraditable offence??
Free Software: Like love, it grows best when given away.
No, it's another form of harrassment.
it is still protected here in the U.S.
Really? Cheif Justice Berger, of the US Supreme Court disagrees with you.
Are you a supreme court justice? Are you a even a lawyer? No, you're just a lousy
So, what, exactly, gives you the authority to claim that the harrassing actions of spammers are "protected"? Please list any relevant quotes that say that harrassment and theft are legal.
Sure... until I want to run a mailing list. Then I think it sucks.
Repeat after me: your life, just like mine and most everyone else's, is inherently meaningless.
Hi! Philosophers know this as the naturalistic fallacy. The way the world is implies nothing about the way we should choose to make it. You are welcome to choose a zero value for human life. I pick bigger ones, as do most people.
Spam is annoying. Spam is nothing more than that -- it does not deserve "hard jail time".
No, Britney Spears is annoying. Spam is a major societal problem.
From the estimates I've seen, the worldwide cost of spam is$10-$50 billion/year, and it's still growing unchecked. As this article suggests, it seems to be moving from the control of low-lifes to outright criminals. I guess that's not surprising, given how much of the stuff advertised via spam is either fraudulent or illegal.
When you compare the costs of spam to some of the recent large business bankruptcies, it's clear that spam in in the same league. People are clamoring for jail time for the recent set of CEOs/con-men; why shouldn't spammers, who cause a similarly big problem, face similarly big sentences?
I think they also got dropped from another provider as well. There was some speculation that they were using a hijacked IP block.
There's betting on NANAE about where he pops up next.
One line blog. I hear that they're called Twitters now.
I'm really sick of hearing how the way to take the money out of spam is to charge for e-mail.
Instead of attacking the supply side, attack the demand side. Forget the fact that most of these spammers are outside the US. The fact is, most spam *advertisers* are in the US.
If the law allowed companies/people to be sued for using a service that has been convicted of using illegal means to send spam (invalid return address, hijacked systems, forged headers, etc), it would take about one or two high publicity lawsuits against a couple of spam buyers (lower mortgage rates! viagra! enlargement!) to curb the problem.
This legislation to kill spam by going after the senders will work for all of about a day, until all the buyers start buying service from someone offshore.
This would be self-regulating, market driven phenomenon if played out properly. Legitimate mailing companies could advertise their "legitimacy" and real companies could use those services for real, honest-to-goodness marketing. If someone used a shady mailing company, then they expose themselves to damages.
Whatever. Spam will not significantly decrease until the companies that contract out the services of these mailers have the screws put to 'em.
The BBC sees its role as providing balance. You have to view its output in the context of the overall media environment in the UK, and indeed globally.
The BBC may appear to only present one side, or to push one perspective at the expense of others in its own coverage, but generally this will be because the side it is presenting is not otherwise represented in the mainstream media. So, for example, its presentation of Israeli issues is meant to add information to the debate within the UK on Israel/palestine that is not found from other sources, particularly TV news sources such as ITN and Sky news. (incidentally, ITN, which is the main provider of news for commercial TV in the UK, walks a very strange line in its news presentation, providing a conservative (small c) perspective on international politics in its news broadcasts on ITV, and a more liberal perspective in its channel 4 coverage)
This often means the BBC takes what can be seen as an 'anti-government' position, simply because most ocmmercial news doesn't tackle the government on issues, and the BBC's remit is to fill in that gap in the national debate.
That said, they're not making a great showing at the moment in this petty fight with downing street over 'dody dossiers' and 'sexing up'... it's all rather embarrassing, and sounds like it was based on somewhat flaky journalism.
"Let us also recall the recent guilt of Great Britian in Northern Ireland using very similar methods as the Israelis"
While it is true that the government of Great Britain did commit some despicable acts in Northern Ireland, they were nothing like the methods that Israel is using against the Palestinians.
At no point did the British Army start blowing down the doors of civillian houses with explosives, or bulldozing houses while the occupants were still inside. They never laid seige to Jerry Adam's house and bombarded it. They never prevented Jerry Adams from travelling abroad. (Although for a while they did band him from speaking on TV...). They never had a policy of assassination against IRA memebers, and they never used helicopter gunships to attack IRA members and their families, blowing up anybody else who happened to be nearby.
During the whole period of the troubles, the British Government probably only killed about 40 people. The Israeli government has killed something like 3000 palestinians.
Now, it is also true while that the IRA did kill a lot of people, (several hundred), The palestinian terrorist organisations have killed considerably more (probably getting near 2000 people now)
Personally I think that if both sides in the Israeli/Palestinian conflict had taken a few leads from the way things are being solved in Northern Ireland, hundreds of people would still be alive today.