Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Plans Spammer Smackdown

Posted by michael on from the enlarge-your-jail-sentence-now dept.

An anonymous reader writes "ZDNet News reports: '...the FBI told Congress on Thursday that it has 'identified over 100 significant spammers' so far and is targeting 50 of the most noxious for potential prosecution later this year.' and that '...an 'initiative is being projected for later this year in which it is anticipated that criminal and civil actions under the Can-Spam Act of 2003 will be included.'"

32 of 238 comments (clear)

  1. Skeptical by ralphb · · Score: 5, Insightful

    I'll believe that this stupid law is having a positive effect when I start getting less spam. Hasn't happened yet.

    1. Re:Skeptical by Otter · · Score: 5, Insightful
      Geez, and people wonder why the government is prone to grandstanding and empty gestures, or to policies written for them by lobbyists. They pass a sensible, cautious law, monitor violations and prepare to bring legal action against violators. And all they get is complaints that the magic anti-spam fairies haven't been deployed yet.

      Basically, what the crowd here seems to want is that:

      • Spammers should be summarily shot.
      • To accomplish that, Internet anonymity should be eliminated for spammers, while not affecting the rest of us.
      • Any such policy must apply to the entire world. Instantly.
      • Oh, and if anyone can think of a way by which a single spam might slip through, a proposal is obviously worthless and the person who proposed it is a techno-illiterate simpleton.

      And then you wonder why the legislators and regulators don't listen to nerds.

      --
      What I'm listening to now on Pandora...
    2. Re:Skeptical by not_a_product_id · · Score: 4, Insightful

      The most effective option would be if NOBODY EVER BOUGHT ANYTHING OF THESE SCUMBAGS! Sadly that's not going to happen - the government could pass a law against stupidity but enforcement is always the tricky part. ;-)

      --

      ---
      We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience

    3. Re:Skeptical by Daniel+Dvorkin · · Score: 4, Insightful

      Spammers should be summarily shot.

      As satisfying as that might be (public executions, please!) I don't think anyone really wants such a law. However, they should face substantial penalties; I don't think a few years in prison and multimillion-dollar fines and/or lawsuit liability are unreasonable for the worst of the "spam kings."

      To accomplish that, Internet anonymity should be eliminated for spammers, while not affecting the rest of us.

      Spammers, as individuals, have the same right to anonymity as everyone else. But anyone who is trying to sell me something wants me to give them money at some point along the line. That requires that they reveal their identity. And if the spammers are acting as contractors for someone else who is selling something -- type "bulk e-mail service" into Google and see how many hits you get -- then it is not unreasonable to require that they, too, reveal who they are.

      Any such policy must apply to the entire world. Instantly.

      Would that it could be so! But the next best thing would be to make having an effective spam policy a condition of international trade treaties, and again, I don't think that's an unreasonable requirement.

      Oh, and if anyone can think of a way by which a single spam might slip through, a proposal is obviously worthless and the person who proposed it is a techno-illiterate simpleton.

      Many anti-spam proposals are techno-illiterate, and it's fair to point that out when such proposals are made. Others, like CAN-SPAM, are the result of legislative sell-outs to entrenched corporate interests. I don't think anyone realistically expects ever to see a solution that eliminates every single spam. But it would be nice to see one that achieves a 90%, or even 75%, or hell, even 50% reduction in the volume we see now -- and certainly we don't want to see "solutions" that actually give spammers more freedom to spam under certain circumstances, as CAN-SPAM does.

      CAN-SPAM is not a "sensible, cautious law." It is a very nearly toothless law. If it puts one or two spam kings out of business, well, good. But it's not what we need to make a measurable difference in the total amount of spam now clogging the Net.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    4. Re:Skeptical by pyros · · Score: 2, Insightful
      Geez, and people wonder why the government is prone to grandstanding and empty gestures, or to policies written for them by lobbyists. They pass a sensible, cautious law, monitor violations and prepare to bring legal action against violators. And all they get is complaints that the magic anti-spam fairies haven't been deployed yet.

      The CAN-SPAM Act was largely written by the Direct Marketing Association.

    5. Re:Skeptical by Otter · · Score: 2, Insightful
      With all due respect, both you and edp are missing my point. Of course you could draft an anti-spam law that you'd like much better -- I could draft one that I'd like much better. But both of us would wind up getting the same reaction from the geek chorus: "In case this moron doesn't know, there are other countries in the world!" "Oh, like all the spammers are suddenly going to become law-abiding!" "This law has been in effect for a month and there are still spammers!" -- and, needless to say, "What we REALLY need is to replace SMTP with my new protocol, which everybody will simultaneously start using because it's such a good idea!"

      We have the political process we have, laws aren't imposed by angry nerd fiat and I'd much rather see a gradual process of legislation than either hasty crackdowns or sitting on our hands until World Government makes circa 1992 netiquette mandatory.

      And, incidentally -- I'm less concerned about a law that fails to instantly halt spam than I'd be about one that actually did do that!

      --
      What I'm listening to now on Pandora...
    6. Re:Skeptical by JuggleGeek · · Score: 2, Insightful
      Nowhere have I read that it would make spam worse.

      Then let me be the first to tell you. CAN-SPAM is likely to make spam worse. It was written by the DMA, designed to legalize their spam runs. It specifically tells companies "It's OK to spam, as long as you do it this way".

      However, I'm not the first to say this, by a long shot. Using google, I can find numerous articles to that effect. Here are a few.

      http://www.mailutilities.com/news/archive/163/2378 .html
      http://www.dslreports.com/shownews/43363
      http://www.vnunet.com/news/1151902
      http://www.theregister.co.uk/2004/01/09/canspam_me ans_we_can_spam/
      http://www.wordsoup.com/word/archives/001243.html

      There are many more examples.

  2. One can wish by mpost4 · · Score: 3, Insightful

    I wish this would have an inpact on spam. And I hope these spammers get the max sentence the law allows for, but I don't think this will even put a dent in the amount of spam that is slowing the net down.

    1. Re:One can wish by Gill+Bates · · Score: 2, Insightful

      You really think that spammers deserver to be locked up with rapists and murderers?

      Yes. Yes I do.

      am I alone in this view

      I, for one, certainly hope so.

      You think because it's a white-collar crime, they don't deserve to be locked up? They're assholes, and deserve everything they get.

    2. Re:One can wish by Anonymous Coward · · Score: 2, Insightful
      You really think that spammers deserver to be locked up with rapists and murderers?

      Honest spammers like Apple, Wallgreens, and Microsoft? No.

      People sending spam using open relays, open proxies, forged headers, false domain records or fraud belong in jail.

      99% of my spam falls into the second group. It's very bad for our country to tollerate these open violations of the law.

    3. Re:One can wish by MethylPhreak · · Score: 2, Insightful

      Does anyone here see a striking parallel to the international drug trade? Basically, people believed the same b.s. about the tough drug laws stopping the drug trade "because after half of the drug kingpins are sent to prison, the other half will get out of the business immediately to avoid prosecution." Yet, here we are, 2004, and we still have a flourishing drug trade on the black market.

      Spam is no different. As long as there is a way to make EASY MONEY, it does not matter how illegal it is, someone will have the balls to do it.

  3. Great by digitalgimpus · · Score: 4, Insightful

    Spam has made email so rediculus it's amazing.

    The FBI went crazy when someone crashed eTrade, Yahoo, etc. with a DoS attack...

    But the world's email has been under a DoS attack for some time, while they stand idle.

    Strange isn't it? Yahoo's website goes under heavy load, and it's criminal. Yahoo's mail goes under heavy load... and it's not.

    1. Re:Great by StormyMonday · · Score: 2, Insightful

      Yuppers.

      For a long time now, spam has looked less like marketing and more like a denial of service attack.

      The Feds claim to be concerned with "cyberterrorism". It's happening and it's right under their noses.

      --
      Welcome to the Turing Tarpit, where everything is possible but nothing interesting is easy.
  4. Yes but by Roland+Piquepaille · · Score: 4, Insightful

    the FBI told Congress on Thursday that it has 'identified over 100 significant spammers

    That's very nice, but the fact remains that 90% of all spam originates from countries that are out of the FBI's jurisdiction. What are they going to do about it?

    It nothing else, American spammers will just move their operations abroad. The FBI knows this very well, so I reckon they're just making noise and spewing hot air in an effort to look like they're on top of the problem, when really they're not.

    1. Re:Yes but by djeaux · · Score: 2, Insightful
      It nothing else, American spammers will just move their operations abroad.

      How many American spammers are going to move themselves to China? It's one thing to move the criminal operations overseas, but unless the criminal relocates his own worthless carcass, the fibbies can still go after him. The FBI loves to make cases by "following the money."

      It's not just a matter of "outsourcing" the spamming operation overseas. The spammer will have to move to Lower Slobovia, too.

      --
      "Obviously, I'm not an IBM computer any more than I'm an ashtray" (Bob Dylan)
    2. Re:Yes but by meringuoid · · Score: 5, Insightful
      That's very nice, but the fact remains that 90% of all spam originates from countries that are out of the FBI's jurisdiction. What are they going to do about it?

      90% of spam is sent from servers outside the FBI's jurisdiction. That doesn't mean it originated there: it's sent by Americans who are offering products in America to an American market and expecting to be paid in American dollars to an American bank.

      Unless the spammer is prepared personally to move overseas, sooner or later the matter comes into the FBI's jurisdiction.

      And since when does being in a foreign country mean you can flout US law? Dmitri and Jon found that out to their cost. Criminals beware: you can no longer hide behind the figleaf of foreign national sovereignty!

      --
      Real Daleks don't climb stairs - they level the building.
    3. Re:Yes but by rekoil · · Score: 4, Insightful

      Actually, more and more spam is originating from various 0wned Windows boxen sitting on broadband lines right here in the US.

      I think what you meant to say is that 90% of the websites advertised in spam emails today are offshore.

      However, just because the servers are offshore does not mean that the spammers are foreign. If you follow the money like spamhaus.org does, you'll see that the large majority of the world's largest spammers are, in fact, based in the US. They simply host their servers in China.

      In short, most American spammers have already moved their operations abroad. But as long as the spammers themselves are still here, they are very much subject to prosecution. It just takes more work to track them down. :)

  5. Get the Feds out... by WordODD · · Score: 4, Insightful

    Before CANSPAM some states like California were actually making some (little) progess with their own state laws. Now that we have the Federally sponsered CANSPAM act these most of these previous laws have been rendered useless/void and a lot of them were tougher on spammers then CANSPAM is. The Feds have enough to deal with already and, it would be in their best interests to let the states handle it themselves.

    --
    Please do not let scientific accuracy interfere with the intended humourous/interesting/insightful value of this comment
  6. Let me guess... by Kjella · · Score: 2, Insightful

    ...this will be the kind where they round up a little ring of spammers/fraudsters, get big headlines and call this "a devastating blow to spammers everywhere" and that they've "destroyed the backbone of the spam community".

    You certainly see it happen when it comes to warez, kiddie porn, drugs, organized crime etc. (without comparison otherwise). Strangely enough, a year later they have to make another "devastating blow" that'll once again "break them".

    So I wouldn't turn off the spam filters just yet, I'm sure there's dozens of idiots willing and waiting to take their place. Of course it's doubleplusgood that they're trying, just don't expect them to "end" this any more than they end any other problem...

    Kjella

    --
    Live today, because you never know what tomorrow brings
  7. Follow the money by NoSuchGuy · · Score: 2, Insightful

    The FBI should follow the money:

    - Who profits from sale?
    - Who sells products (=pills) to spam outlets?
    - Is the spam send via own mailserver or hijacked proxies, worm infected PCs...

    My Server = my Rules!

    --
    Grundgesetz * 23. Mai 1949 - 30. November 2007 - http://www.vorratsdatenspeicherung.de/
  8. How to filter better - a modest proposal by infolib · · Score: 3, Insightful

    A lot of the spam I get is "We detected a virus in your mail" when in fact the sender of the infected mail just spoofed my address.

    It would probably be better if the AntiVirus companies didn't send such "warnings" at all, but if they want to, they should standardize on including a header such as X-virus-warning-bounce. Then the rest of us could just filter them out. It would save some of my precious mental bandwidth.

    --
    Any sufficiently advanced libertarian utopia is indistinguishable from government.
    1. Re:How to filter better - a modest proposal by DarkFencer · · Score: 2, Insightful

      I run a medium size mail server (>10000 users). My problem isn't the 'your message contained a virus messages'. I can train spam filters to put those in the bit bucket.

      Its the "Your receipient doesn't exist" messages that are also noise from the viruses that are the problems. I can't filter those without filtering out legitimate undeliverable messages.

      I wish more mail servers would do what we do. Check for viruses. If there is a virus discard. THEN check to see if the recipient exists. If you check for the recipient first, you have to bounce the message back if the recipient doesn't exist.

  9. How spam is affecting me. by suso · · Score: 3, Insightful

    Personally, it's not a big problem for me, I filter out most of my spam. Or delete the ones that don't get filtered.

    But as for my internet services business, it makes it hard because all the customers are getting slammed with spam and I'm always trying to do things to rememdy that, instead of working on better stuff like a nicer user control panel, better backup features, adding virtual IMAP accounts, etc.

    We had the same problem at the ISP I used to work at. 50% of the sysadmins jobs where to deal with spam related problems.

    So there is a measurable loss of money and productivity as a result of spam.

  10. Cut it out already by johannesg · · Score: 4, Insightful
    This article invariably gets posted whenever someone proposes a solution to spam. Has it ever occurred to you that a single solution is not going to work, but that it _will_ be possible to reduce the problem by taking a number of (in themselves incomplete) measures? And that it is necessary to take such steps, in order to reach a sufficiently acceptable solution?

    By shooting down everything that looks like a beginning to a solution, you are defending the spammers and postponing the date when our inboxes will once again be _ours_.

    Some comments on the items you selected:

    > (*) No one will be able to find the guy or collect the money

    You won't know until you try, do you?

    > (*) It is defenseless against brute force attacks

    Maybe, but we still get to see the 50 most obnoxious spammers go through a courtcase and hopefully jail time or major fines. That is good enough for me.

    > (*) Requires too much cooperation from spammers

    Eh? Once the FBI figures out where they live, all they need to do is be home when they knock on his door. And then hopefully resist arrest in some extreme manner.

    > (*) Open relays in foreign countries

    Any spammer based in the US is vulnerable, though. Start with those, then think about how to get the rest. I'm sure some method will make itself apparent.

    > (*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical

    That's because people like you shoot them down before they are ever tried.

    1. Re:Cut it out already by FireFury03 · · Score: 2, Insightful

      It is a bad law - not because it won't do any good (infact I think it will do some good), but because it could have done a lot more good. It is also a bad law because it essentially turns some what was a gray area into a completely legal area instead of doing what the rest of the world is doing and outlawing spam entirely.

      The good thing about the law is that it should make it easier to filter the spam, and in an effort to save bandwidth it can be filtered as it is delivered (MTA can detect that it's spam and immediately drop the connection outright. Infact, the MTA can also add a firewall rule for that server's IP to drop all future connections into a tarpit. A large number of mail servers dropping spammer's connections into a tarpit would likely hit the spammer's outbound mail server pretty hard, at least until they rewrote their IP stacks to work around it.

      --
      http://blog.nexusuk.org
    2. Re:Cut it out already by badasscat · · Score: 2, Insightful

      It is a bad law - not because it won't do any good (infact I think it will do some good), but because it could have done a lot more good. It is also a bad law because it essentially turns some what was a gray area into a completely legal area instead of doing what the rest of the world is doing and outlawing spam entirely.

      What "rest of the world"? Please provide us with some specific examples of how "the rest of the world" is outlawing spam. When you use a phrase like that, you'd better mean more than one or two countries, and you'd better really mean "outlawing entirely" rather than "placing restrictions upon" like the EU is doing and pretty much everybody else I can think of (nobody I know of has a law that says "the sending of any unsolicited email is a crime" - think about how draconian such a law would be). And that's what CAN-SPAM does too, albeit in a bit more relaxed fashion than some other laws. We've been over this before and pretty well all agreed it's impossible to "outlaw spam entirely", especially in the USA where we still have some vestiges of free speech (as in, you can now more easily outlaw speech deemed politically dangerous than in years past, but you still can't outlaw speech just because you find it inconvenient to wade through your inbox).

      I'm not a big fan of CAN-SPAM either and feel it could have been a better law. But arguing against it at this point because it doesn't go far enough is like arguing against the assault weapons ban because it doesn't also cover handguns. There's rarely ever an all-or-nothing solution in politics or law; you have to fight for what you can, take what you can get, and then deal with the resulting law when it's done.

      Right now, this is the only federal anti-spam law we have. It's not the best law anyone could have come up with, but it's better than nothing, and the best we could have gotten given the politics involved. And I don't see why you would argue against 100 of the worst spammers being prosecuted under it, just because you don't like the law. If a spammer's being prosecuted, a spammer's being prosecuted and that's all that matters.

      I also don't see why this is filed under "your rights online". What passes for an online right these days on this site? Is it now Slashdot's position that it's a spammer's right to send spam? Are all government prosecutions bad, whatever the circumstances, and whatever the crime involved?

  11. Re:The best way to stop spam... by Anonymous Coward · · Score: 1, Insightful
    Under capitalist principles, the spammers are doing the right thing. We need to make it unprofitable for them.

    Do you feel the same way about hitmen? When someone is commiting a crime to make money you don't just go after the profits, you increase the cost of doing business. You increase it by adding a little jail time. Capitalism is different from anarchy.

  12. us spam by cstream_chris · · Score: 4, Insightful

    You're all silly. Over 55% of the world's spam originates in the US with the closest 2nd being Canada at 6.8%. See Sophos Dirty Dozen at: http://www.sophos.com/spaminfo/articles/dirtydozen .html Additionally, over 90% of the world's spam comes from just 200 well known spammers (w/ Alan Ralsky being #1). See ROKSO (Registry of Known Spam Operations): http://www.spamhaus.org/rokso/index.lasso Anyway, it's good the US is finally going after some of these people since individuals are no longer allowed to sue spammers under the Can Spam Act (aka "You Can Spam Act")

  13. there are more people to go after by medvezhatnik · · Score: 2, Insightful

    FBI should go after those who advertise in the spam. not only spammers.
    Most of them are scam artists anyway. no one would pay Allan Ralsky to send all this $hit.

  14. An alternative plan! by Anonymous Coward · · Score: 1, Insightful

    Just release the names and addresses of the (alleged) spammers.

    Things will be taken care of.

  15. What are they waiting for? by pedantic+bore · · Score: 2, Insightful
    If they have identified these people and have some evidence, why are they waiting to act until "later next year?" The longer they're on the loose, the more chance they will have to move their operations overseas, earn money to hire better lawyers, etc. And, of course, the more spam they will inflict on us and the more it will cost *us*.

    I say arrest them as soon as the prosecuting attorney is happy with the case.a judge will sign a warrant. Why wait?

    --
    Am I part of the core demographic for Swedish Fish?
  16. Don't expect much. - the DMA is involved. by Animats · · Score: 2, Insightful
    The FBI now claims to be "investigating spam". But they've contracted with the Direct Marketing association for support, the project has been going on since at least August 2003, and they're vague about what resources are actually being devoted to the project.

    The "Notable early accomplishments" read very strangely. They seem to have been drafted for maximum deniability. "Developed ten primary subject packets developed and for referral to Law Enforcement" "We are already planning meetings to ensure that this initiative is on track, and to further define the scope and packaging of this activity are being planned." Doesn't sound like a major roundup of criminals is in the works.

    The FBI doesn't actually produce many arrests per hour expended. The FBI's Baltimore-based child porno operation produces about 1.6 arrests per agent year. They have 200 agents on that operation, or about 2% of their agent staff. (The FBI isn't that big. There are only about 12,000 agents. The NYPD is four times as large.) So to shut down 100 spammers per year, they'd probably have to devote about 75 agents to the operation, which is a big bite for them.

    The DMA involvement is part of the problem. The DMA carefully crafted the CAN-SPAM act to make it expensive to enforce. The California law (which CAN-SPAM invalidated) was nice and simple - advertise using spam, go to jail. It's easy to find and arrest the advertisers, who collect the money. CAN-SPAM requires finding the actual spammers, which is much harder. With the DMA working closely with the FBI, they can direct the FBI away from "responsible e-mail marketers", as the DMA puts it. They may also receive FBI cooperation in lobbying against stronger anti-spam legislation in future.