Prosecuting Spamming Crackers?

lnixon asks: "As a recent Slashdot article mentioned, the latest trend in spamming is to use cracked Windows machines for sending spam and hosting spamvertised web sites, 'spacking', as Wired terms it. A couple of weeks ago, I started tracking one of these cracker rings down, carefully documenting the trail as I went.Mostly through luck, I actually found the originating server. This information should seriously put a crimp in their activities...if only I could get the law interested. I have tried to get the attention of CERT, of FBI and of my local police authorities, but nobody seems to be interested. Now, what should I do? Organize a posse?"

Alert the media

[splattertrousers]

Give the information to your local newspapers and TV news programs. The spotlight might spur the authorities into action, and the reporters will love you because you saved them from doing any pesky work for themselves.

Re:Here's how to get law enforcement's attention

[m0rph3us0]

Too true, write something like: Cyber Terrorists have gained control of a large number of machines that could be used to attack critical infrastructure and are cracking machines via use of email and web browsers. Then let the news media know.

Congresscritters

[linuxwrangler]

Contact the congresscritters for your local district. They certainly know that any effort to fight spam will look good come re-election and they have the power to "make a couple calls".

Re:Here's how to get law enforcement's attention

[mellon]

This is a funny idea, but filing a false report of a crime is itself a crime. So you really don't want to play this game. However, I agree that using the term "spammer" is a bad idea - you can just call it "for the purposes of distributing fraudulent messages," or some other accurate statement that doesn't mention the word "spammer."

However, getting law enforcement to take you seriously on something like this might be a real challenge anwyay - they don't know you from Jack, and so why should they trust you?

I don't mean you're not trustworthy - I'm just pointing out that there's no trust relationship there, and you're putting yourself forth as an investigator, not a crime victim. It will be very hard for you to get them to think of you as legitimate.

Put it on Paper

[Detritus]

Write up a report, print it out and mail it to the appropriate agencies.

Bureaucrats hate paper trails. It's very easy to blow off a phone call. A written report has to be handled more carefully.

Re:Shoot the Hostage?

[Markus+Registrada]

...we'll have no terrorists taking hostages if we kill all of the potential hostages

I don't recall suggesting to kill anybody. Anyhow, every vulnerable host, sooner or later, will be hijacked by a spammer, or worse. The owners typically neither know nor particularly care if their machines have been hijacked that way, so long as it doesn't interfere too much with their own surfing, e-mailing, or file-sharing. Their ISPs, if they are responsible, do care, but can do little.

There's a legal term for operating a vulnerable host on the 'net: it's an "attractive nuisance". In the absence of possible legal measures, removing such nuisances is the obligation of responsible citizens. Anybody operating a secure host will be unaffected, other than to welcome each incremental decrease in spam.

Nobody has an inherent right to keep a loaded cannon pointed at the town square where anybody might walk up and fire it. Responsible townsmen will pour concrete into any such cannon they find before, not after, the local hooligans come around to fire it. As it is, the local hooligans are firing them again and again, and the owners are generally doing nothing to stop it.

And no, I'm not a sysadmin, but lots of sysadmins agree with me, although they (as I) doubt they could participate in such an action themselves.

Re:Shoot the Hostage?

[Markus+Registrada]

You miss the point. There is no longer any such thing as "innocent and uninformed". Plugging an insecure host into the wide-open internet is, now, itself a hostile act. Your gentle information distribution has already been demonstrated a near-total failure. (Certainly my parents would have no idea what to make of your advice, and would necessarily ignore it.) Insecure hosts are not just vulnerable to misuse themselves, they are weapons for the misuse of all hosts, secure and otherwise.

I don't expect anyone to live the kind of life I want. I do expect the machines they own not to attack mine. If they do not do what is necessary, then it is not only the right, but the responsibility of others to make their machines stop. You like analogies: every vulnerable host is a rabid dog. Surely you will not argue that shooting a rabid dog that is attacking you is somehow immoral? How about a rabid dog that is has not yet begun attacking you and your children, but certainly will -- but you (or they) might not be armed when it does?

The only choices available are (1) to have an internet in which some hosts are able to operate normally (the secure ones) and (2) one in which none can. If no hosts can operate normally, because the insecure hosts have made it impossible, how is failing to take down the insecure hosts doing their owners any favors? The internet they would like to be connected to doesn't exist, because it's being destroyed by them and their like. No one is prevented from setting up a secure host -- that option is open to all. The only effective encouragement possible is for that option to be the only one that actually works for any length of time.