Slashdot Mirror
FBI Plans Spammer Smackdown
An anonymous reader writes "ZDNet News reports: '...the FBI told Congress on Thursday that it has 'identified over 100 significant spammers' so far and is targeting 50 of the most noxious for potential prosecution later this year.' and that '...an 'initiative is being projected for later this year in which it is anticipated that criminal and civil actions under the Can-Spam Act of 2003 will be included.'"
It does outlaw the use of so-called "zombies"--computers running Windows that have been taken over and used as spam-bots--and punishes such an act with up to three to five years in prison.
Bit of selective editing and...
It does outlaw the use of so-called computers running Windows --and punishes such an act with up to three to five years in prison.
According to some sources, there is really just a core group of about 200 people responsible for most of the spam. If even half of those people are thrown in jail, it will have a major effect on spam. And most of the remaining ones will get out of the business, simply out of fear of going to jail. It is true that spam is a money making business for some, but the level of profits would have be a lot higher to make it worthwhile for someone to take on a real increased risk of spending time in a federal prison.
Of course there will be some that set up shop in other countries, but they would have to physically move there to be beyond the reach of authorities here. I am willing to bet, most spammers are not willing to give up the good lifestyle that is provided for them in the US (or other Western developed countries), and will simply get out of the spam business and find other employment. Or maybe spam will simply get outsourced to India..
I would hate to put rapists and murders at the level of the spamers. As noted in the first response visable the punishment is not slow enough or painful enough to suit a large percentage of the population.
Calculation error, spam/ham ratio of 71/100 is a 42% spam volume. a 71% spam volume would be 71/29 spam/ham ratio. Considering the volume of spam I am getting, I would not be at all surprised if you were getting a 71/29 spam/ham ratio, which would support the 71% claim.
As for a punishment, I think that if the convicted spammer has not been counting the total number of messages they have sent (cc/bcc etc. counts as one message per address) then the feds should ask for a minimum of 1 us cent per e-mail address per day from the date of the earliest reported spam, through the date they pay the fine off. Thus if the spamer has a list of 10 million e-mail adresses, they will be fined aproximately $36.5 million per year. That should take care of the "profit" incentive.
-Rusty
You never know...
"When we mail under the new law, the major ISPs focus on our From: addresses, Subject: lines, our company information, and our disclaimers on the bottom of the e-mail as well as our IP address. They use this information to block our e-mails," Scelson said.
That's the whole point - many customers pay for that service.
That is utter rubbish. It is ad hominem and is not consistent with comments I have generally observed in Slashdot.
"Spammers should be summarily shot."
Redress should be quick and effective, like the ability of recipients of unlawful telephone calls to sue in small claims court.
"To accomplish that, Internet anonymity should be eliminated for spammers, while not affecting the rest of us."
Anonymity should be preserved in web browsing, participating in discussion fora where the owners desire that, sending email where the recipients desires to allow sender anonymity, and in other communications where all parties consent to such arrangements. Anonymity should not be allowed in sending email if the recipient does not desire that.
"Oh, and if anyone can think of a way by which a single spam might slip through, a proposal is obviously worthless and the person who proposed it is a techno-illiterate simpleton."
The flaws of the CAN-SPAM act are many orders of magnitude greater than letting a single spam slip through. The CAN-SPAM legitimized spam that was illegal before, by overriding state laws. It provided no effective redress. It did not outlaw much, perhaps most, of the spam that people do not want, even within US jurisdiction.
The appearance of a law does nothing until there is enforcement action backing it up.
This is what I've been waiting for, positive action by a law enforcement agency against the worst criminal spammers. The pathetically few lawsuits by US States Attorneys General against a few spammers hasn't made much of a dent in the levels of spam. But I'm convinced that a handful of US based spammers account for 60% or more of all spam today.
When the NY Attorney General, Elliot Spitzer, launched his attack against Opt-in Real Big, that flow dwindled to almost nothing. Since then, Richter has either sold off his spam lists, or just no longer up front admits to being ORB. The spams against some honeypot accounts that for the last year were exclusively getting ORB spam have started getting spam from a dozen different groups recently, all using chinese, comcast or wanadodo hijacked machines. At least for a few months there was a perceptible decrease in some spam.
Knowing the FBI, they will make a few headline grabbing busts, complete with news agencies being tipped off in advance so camera crews will be on hand to film the heavily armed agents swarming a trailer park in south Florida. With any luck, the spammers will make sudden, hostile moves towards something in their waistbands, resulting in a "lethal and appropriate" response from the LEOs. I would pay for a copy of that video.
The FBI may also be using these busts as a way of seizing computers which may hold leads to virus/worm writers who then sell botnets to spammers. The spammers machines may also hold leads to dozens of other criminal activities, which may impact US national security. Even if the spammers lose all their electronics until after the trial, they will still be offline. Especially if their bail conditions include a ban from using any computer or communication device.
The Federal prosecutors will lump dozens or hundreds of charges against the spammers, knowing they will eventually plea-bargain down to a few charges which will get them only a few years in prison. There will be much press coverage, and many other amateur spammers will decide for less risky fields of criminal enterprise. This action will never eliminate all spam, but it will put a big dent in it.
It will be interesting to see what level of participation the spam hunting community provides to the FBI. Although the FBI may go it alone, there are a lot of us with a strong technical background willing to put in some hours to provide forensic evidence which can hold up in court.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Not everyone who posts on /. is however a geek/nerd. A fairly large amount is just angsty teen boys who think they are leet because they changed the color theme of the windows on their dell.
You can tell the parent post is not a nerd or a geek. Nerd/geeks don't get endless amounts of SPAM. We use disposable email addresses to limit the number of spam lists we are on, don't give out our email address to just every "free porn" site out there and use filters to stop the rest. That does not make us spam free but if you spend more then 1 minute deleting spam you are doing something wrong. Computers work FOR you, not you for the computer.
Please do not make everyone who uses a computer into a nerd/geek. Only those WHO understand our computers and can operate them correctly can possibly qualify.
All those who are diluged under spam fall into the luser group.
This may sound harsh but frankly I am fed up with the whining about spam. It is like virusses. Get some bloody protection and learn how to deal with it. You are the first line of defence. If you are unwilling to act then why do expect anyone else to?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
There is one big difference. There is a lot more money involved in the drug trade. It is one thing to risk jail time, when you can rake in the cash by the billions. But it becomes a different story when you are only able to make a few million. Yes, there will always be somebody, but if you destroy the economic incentive enough for the majority then you will have made a major breakthru in the battle against spam.
When I originally wrote that form months ago it took me several hours. Thinking of all the proposed solutions I've ever seen, and the obvious problems with them, was what took a long time. Typing is easy. But in every thread on spam I would see some joker come up with a nightmare "solution" that obviously wouldn't work. Every message will contain a hash. We keep a list of known valid senders in a central repository, so each email has to be authenticated by someone who knows your key, blah blah blah. I don't see any reason why this wouldn't work!
Anyway, I posted the form 2 or 3 times, then quit, figuring I made my point and it wore out its welcome. But I see the beast lives on! BWAhahaha! Although I wouldn't have filled out the same boxes that were filled out here.
Even if the CAN-SPAM act is a permissive piece of junk, I still like to see people going to jail for spam. It won't solve the problem, any more than putting pickpocketers in jail stops pickpocketing. But it's the least we should be doing. Jail is where these people belong.
and that is a large, non commercial email system. All the members sign up, pay a fee of some sort of adequate folding money for an email account, something high enough to make it practical to have an account, and impractical enough for spammers to use it. It's like a built from scratch giant whitelist. Any infractions, you are out. Something like the proposed google email system, that big I mean, but zero commercial traffic, none, not for any reason. The fees go to pay for the servers and bandwith, etc of the org that runs it. It would be viral in the sense that you as joe emailer tell your friends/whomever you normally conduct non commercial email with "here's my new address, it's restricted. The company doesn't allow commercial email at all, in fact, zero mail gets inside the system from outside the system. the email must orginate and terminate totally inside the system of registered users.. You can email me at this addy,after you register yourself, but don't CC to people outside, no spam or ads are allowed,you have to do your best on keeping your own computer clean, you assume responsbility for that, and this is how you can contact me now if you want to, your choice".
Then stick with it.
The main problem with email is it's so easy to have unlimited emails, so easy to create them. If an email addy was actually worth as much as say your snail mail addy or your phone number, it wouldn't be quite as bad. I don't think it would ever get perfect, but I bet it could eliminate the bulk of the bad stuff. What would an email addy that good be worth per year? I guess that's a variable, perhaps a downpayment, then a bandwith charge over a certain amount of traffic in and out of your box.
And no, I really don't have any technical details of how to go about it, outside my area of expertise. Maybe it's impossible, I don't know, but it seems like it *should* be possible. And there's nothing stopping anyone from keeping their "old" style email in addition, but at least it would be one account you know was mostly rid of spam and viruses and whatnot right from the git-go..
Good grief. No law suddenly causes all violators to stop their behavior. Laws against monopolies didn't make businesses suddenly see the error of their ways and break up. Laws against racism and segregation haven't ended prejudice. The laws are merely tools allowing some authoritative body to take action against the worst offenders (and sometimes the lesser offenders).
Take laws against racism and segregation. Until the military came along and forced some schools to accept non-white students, they would have gone right on ignoring the law. It took 1) someone reporting the violation, 2) someone investigating the violation, 3) someone enforcing the punishment for the violation, and 4) someone making it know through action that violations would not be acceptable.
The FBI is investigating and getting ready to go after spammers. They have not yet enforced the punishments, but they have the authority to confiscate possessions bought with the proceeds or used in spamming (much as the IRS does for tax evaders), so losing homes and cars and computers should begin to make it less profitable to spam. Until enough spammers lose a lot, the word won't spread that spamming doesn't pay. That doesn't make the law useless - it just means it hasn't had time to make much impact yet. The degree of the impact will depend on the continued enforcement (though I believe the ratio of FBI agents to spammers is a lot better than speeders to cops).
Of course, this won't stop all spammers. There will be the diehard group (likely with mafia-style connections) who go so deep underground that they are hard to find.
BTW, spammers by their very business, want to have someone able to find them -- their "customers". (Hey, perhaps we should go after the users instead of the dealers -- slap a $250 fine on any person who buys from spam. Soon, with no one responding to their offers, spammers would go out of business. Yeah, I know this wouldn't really work.)
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)