Slashdot Mirror
Spamfighters Get A Hold Of Spammers' Incoming Mail
Karin Spaink writes "On July 3 2003, cyberangels.nl was obtained by Spamvrij.nl, a Dutch foundation fighting spam. Previously,
the domain was owned by the infamous Cyberangels, who are majorly involved in spamming. Cyberangels felt forced to drop the domain when the ground under their feet got too hot after BBC journalist Andrew Bomford connected Dutch ISP Megaprovider to Cyberangels.
Since the MX-records for cyberangels.nl now point to spamvrij.nl too, they get all Cyberangels' incoming mail: bounces, spam complaints and what have you. Have a peek: what kind of mail does a major spammer receive in the course of three days? By now, they have a
very precise answer: 6305 mails. Spamvrij.nl published an analysis of those mails on its site."
that they are getting many eCards of sympathy from other spammers? In that business, I would be surprised if they didn't try to sabotage each other now and then.
One line blog. I hear that they're called Twitters now.
These guys are entitled to wear the "I read your email" tshirts.
Or at least immoral? I don't think "the end justifies the means" is really a valid defense, especially as there's no "end" in this case. They are just reading someone else's email. And "White hat hacking" doesn't apply either, as that refers to people who are asked to break in to a computer to test it, not vigilantes like our own Fyodor, who use their skills to merely harass people that annoy them.
2 attempts to subscribe ba@cyberangels to a gay magazine;
The trolls strike again!
--------
Free your mind.
This is probally one of the best news stories I have seen on /. in a while. I went ahead and sent a link to everyone in my address book. Matter of fact I sent it to them all 3 times and then sent 1 additional message advertising how i made 55 thousand dollars in 2 hours. Now if I only knew these people in my address book.
Everyday You see me is the worst day of my life -Office Space
Hmm... My employer's domain filter won't let my browse through this one.
I guess I'll simply check my mail to see what these spammers are up to today.
6305 incoming emails and not one of them contained an order or anything else positive.
So, lessons to be learnt here if you're a spammer:
1. Give up - it's clearly not worth the effort; or
2. Keep at it - if at first you don't succeed, try again!
Now if only we could somehow get them all to learn lesson 1 instead of lesson 2 then we'd be home and dry.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
...what kind of mail does a major spammer receive in the course of three days? By now, we have a very precise answer: 6305 mails.
They are wrong. Look in the page linked:
Introduction: 6305 mails in (basically) one day
"...a generation of kids has grown up thinking Trance is the shittiest music since country and western." - Paul van Dyk
It's all about a young guy called Martijn Bevelander, there is alot of press now here in Holland because the net is closing around him. Hope he gets banned from the Dutch Internet provider group and his company stops.
Latest news (in Dutch):
http://www.webwereld.nl/nieuws/15564.phtml
"Introduction: 6305 mails in (basically) one day
;-)
We received 5880 bounces and forwards
We received 12 spams for @cyberangels
We received 40 attempts to annoy Cyberangels
We received 371 complaints about Cyberangels
We received 2 business mails"
In other words, they received 12 spams and 413 legitimate emails (not counting the bounces). That can't be right; everyone knows that most inboxes have a ratio of spam/non spam that is more like 413:12 rather than 12:413. Liars!
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I'll be that about 90% of the email is some variation of:
IF I EVER MEET YOU I WILL KICK YOUR ASS
Is how few emails were for business. I assume this category would include responses to spam. Maybe I do not understand the story, and the CyberAngels people were merely responsible for sending the spam (for other people), and if anyone responded to the offers in the mails it would go to an non-CyberAngels address. Or possibly redirected to a website, where they could make a purchase. Yeah, as I type out my thoughts, the reason for the dearth of business emails becomes clearer.
.0003%, and insanely high (compared with other forms of direct marketing), like 5%. People can argue for one side or another, but I need more evidence than conjecture to begin to understand the problem. If the response rate is already very low, then relatively simple technological solutions would probably suffice to drive them low enough to make spam unprofitable. If the response rate is high, it is going to take a lot of effort to fix this problem, possibly involving a redesign of the email system.
I had hoped for some accurate stats on the actual response rates to spam. I have heard rumors flying around that they are insanely low, like
Glad to see these spammers were shut down, but we need more insights into the way they operate in order to shut them all down.
6000 emails in 3 days? That doesn't sound like nearly enough for a serious spammer. I had a web server compromised by a spammer last year and I received more than 6000 bounce-backs in less than three days before I found the hole and patched it up. It seems to me like a professional spammer would have several servers at several IP's and get way more spam than that. Especially when you include complaint email.
Sigs are out of style, so I'm not going to use one...oh wait..
They've done a nice job of analyzing the residual influx of email, while not airing all the dirty laundry. They didn't post a complete session log, so there's no information that may get folks upset. The last business email listed as "1 other" is probably sensitive, and shouldn't be posted on the web (though sending them a "we know who you are" message may make them think twice about using spam in the future.)
Spammers intressts me, I hate them. But I do wounder how much the company buying the spamming service actualy to earn in the end. For ones I contacted a company about there wounderful product, and said I was intressed in buying some. My idea was to get hold of a real life person, to send my "I live in a country where its illegal to spam people, so you guys broken the law!".. But ofcourse I didnt mention that on "intressed in your products" mail I sent them (on there official sales email from there site).. Now whats realy make me confused is that they never wrote anything back.. So..
1. Spam me
2. Ignore me if I want to buy there product
3. ???
4. Profit!
"2 attempts to subscribe ba@cyberangels to a gay magazine;"
Yep, it seems that at least two people on the Net know how to fight back, the old "hey, let's sign up the ripe-contact email address for gay porn magazines" routine. Gets 'em every time.
IGB: More fun than eating oatmeal!
The sheer volume of messages must mean that most spammers are out for only one thing: credit card information. And the best way to get those is to run some scripts to strip out the necessary information. I cannot believe that they can take the time to actually parse out the information by hand, figure out which non-existent product they are selling, and sell anything. 6,000 per day would be 8 seconds per message in a 12-hour day, more or less. I have heard that 40-60 percent of spammers never ship any product, just take a bite out of your credit card and move on. This goes a long way toward confirming that suspicion.
I'm pretty happy about that. According to an article in The Register, One of the board members of spamvrij.nl is Karin Spaink, very likely the same Karin Spaink who has been involved in the battle against $cientology.
Taking on spammers nd $cientologists. Damn. She's got guts.
I think the word we have for that is actually 'sabotage'.
One line blog. I hear that they're called Twitters now.
rtfa:
if in one day ba@cyberangels receive almost 6000 mails from people who are smart enough to figure that they get bounces because their addresses have been abused by a spammer and who then proceed to redirect those bounces, you can begin to image the volume of bounces that spamruns create, of the sheer volume of those spamruns themselves, and of the that traffic spam creates for decent providers.
translated:
This is not from normal bounces, this is from people whose e-mail was abused and set a forward on the bounces to cyber angels, OR (less) from people who had more intelligent bouncers, and bounced to the correct domain.
So this is very very small percentage of the total e-mail sent.
Did Mr. Joseph Otumba from Nigeria get my response?
... like me, you read the following line:
/home directory? Swap space problems?
Somebody believed that a Cyberangels' dick was too small.
as:
Somebody believed that a Cyberangels' disk was too small.
I was like wtf? Disk too small? Not enough space in the
Then, I re-read the line, and I went:
Oh, THAT thing is too small... =)
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Friday morning, when the NL-zonefiles were updated: the MX-records of cyberangels.nl were now pointing to us. (We made a catch-all for all adresses.) The first few hours, literally thousands of mails reached us: 5919 mails, most of them bounces. By now, the avalanche has dwindled to a trickle.
...
... that looks like more than two days and less than four to me!
Until now - 06-07-2003, 23:00 GMT+1
Friday was 04-07-2003, 6305 messages received on the 4th of July, the 5th of July and the 6th of July
Love this part of the analysis:
Both ba@cyberangels and ripe-contact@cyberangels recieved some spam:
1. Mr. RASHEED BELLO sent ba@ six Nigerian scams;
2. @yahoo.com.cn spammed four times with something rather illegible;
3. Mr. Ken Titoh was hoping to assist Mr. ERASHEED BELLO;
4. Somebody believed that a Cyberangels' dick was too small
I have my own home domain which was setup shortly after college and used (then) to just keep communicating with distant friends. Back in the day UUCP was how it was done for $15/mo which gave me 3 hours of transfers before I had to start paying extra.
:). Hundreds of non-existent users to just harvest spam. Any USENET type postings have a good email for about a week (if at all) before harvesting. Hell, I even like to add in users where they attempted "bob@" that didn't exist.
... we have a problem.
BECAUSE of the spammers I did have to pay extra. Long ago went to broadband type connections starting with ISDN (still backup and my only phone lines) to 10Mbit wireless uplink today (sweet). Funny, but I am STILL paying for the bandwidth and SPAM still annoys the hell out of me personally.
So -- to get it under control I baited the spammers (and still do
Me, myself, and my wife -- here's my stats for the entire month of June:
Outbound (work): 60 (1.74%)
Outbound (personal): 49 (1.42%)
Notes to myself: 89 (2.58%)
Inbound to me: 422 (12.24%)
Inbound to the wife: 14 (0.41%)
System messages: 68 (1.97%)
System ERROR codes: 2 (0.06%)
Just TESTING: 7 (0.20%)
SPAM TRAPPED: 2738 (79.39%)
TOTAL EMAILS: 3449
Um, Houston
They didn't hijack the domain.
But receiving and publishing private correspondence that's destined for someone else is not. When you purchase a domain someone els used, it's NOT the same thing as purchasing their business from them.. it doesn't automatically entitle you to anything.. other than the domain.
Pretend you moved into an office, and got mail delivered to the previous occupant... it's still a federal crime for you to open that mail if it's not addressed to you. Now, I'm not saying it's necessarily as clear cut with email, but it's the same general thing, and it is immoral.
I know this guy personally (posting anonymously for obvious reasons). He got the company from his father, as a birthday present.
He is friends with this guy. And I mean, good friends. There was a third guy (American) who brought them together. The Fluffi Bunny guy was into serious fraud (hell, I've seen it happen first hand, stolen credit cards used in night clubs in London, heavy drugs, etc.).
I am not surprised that now Bevelander is under the spotlight. He was a criminal two years ago when I met him. He is a criminal now.
Spamfighter gets holds of spammers inbox. 99% of it is junk. 1 e-mail is of minor passing interest.
If that's not possible, couldn't someone just host a database that users could add the name (+address/phone info), url, and offending spam-message to? That way an organized boycott/reverse spam/snailmail campaign could be lodged against those who pay to clog the internet with their muck? I couldn't have been the first person to think of this...perhaps something like this already exists?
There is no gravity...the earth just sucks.
I have a question. What occurs to credit cards and payments that scammers receive from their customers?
Spammers are by no means stupid. Above all things they MUST get their money, otherwise none of this is worth doing.
So if the scammers are getting their money, the credit card companies pay them. If the credit card companies pay them...
[1] We have a breach of trust between the credit card companies and the customers. CC companies are not doing their due diligence in brokering payments for product/services. CC companies are issueing clearance of charges to unscrupulous people. We are entrusting them with our financials (whether we choose to "fraud-notify" them or not). They have all the information, both the consumers and the scammers.
[2] The customers complain they never got their product. Report fraud. The credit card companies remove the charge, investigate it or not. This increases cost/risk for the CC companies. Higher interest rates? More cooking the books?
Why is nobody investigating the money side (IMHO the lifeblood of this business) of this problem? As long as we concentrate on the technology, we'll always be distracted from the real solution. It's all about the money in the end.
Anonimity
+ Privacy, Sharing, Voice
- Scams, Theft, Hit/Run
We asked for it.
"Last one in is a rotten goblin!" - Kepp
Actually, we had one already - which is analysed at http://www.cyberangels.nl/evidence/mailmartijn.htm l, and only now two news mails arrived. Check the mail analysis page for updates.
I write, therefore I am:
http://www.spaink.net/
Shutting the spammer down took about a month, but ultimately was successful. I got their 24 porno sites, two fake billing sites, and a few other related sites kicked off ISPs from Sao Paulo, Brazil to Brooklyn NY to St. Petersburg, Russia, where they actually were. They've been down for months now, and they are staying down. They don't seem to have come back under a different name; searches for ther subject matter in Google come up empty.
I had the advantage that I own "Downside" as a registered trademark. This gave me some legal leverage.
One useful tactic was to report phony domain registration info to ICANN. Some domain registrars will then lock the domain against changes until the domain owner provides them with valid ID info. If you do that, and you then get them kicked off an ISP, their domain is locked to an ISP that won't host them, and they can't fix it without disclosing their identity to their registrar.
In this case, the spammer had their own DNS server, so they could quickly move their sites from ISP to ISP. But I managed to get all three of the domains that handled their DNS queries locked, then kicked off ISPs, which took down their entire set of sites.
It turned out that the CEO of their ISP's upstream provider in Russia was somebody I knew from the 1980s, so I was able to get even a Russian ISP to cooperate.
You don't have to sit there and put up with this stuff. You can fight back and win.
They list one email as being particularly interesting, as copied below.
For me, the really intriguing bit is that they talk about "hosting" a lot, so much so that it appears to be a codeword for "spamming". Its a fairly obvious thing to do for someone who makes their money off spam - try to keep a low profile and not discuss their business openly.