Slashdot Mirror
Spam Over Internet Telephony (SPIT) to Come?
grub writes "According to this article on NewScientist.com 'Spam and spim - spam by instant messenger -- are about to be joined by "spit" - spam over internet telephony' Yup, spam via VoIP."
← Back to Stories (view on slashdot.org)
Aptly named SPIT, I see! ;-)
Way to go.
So long as enough people are responding to spam to make it profitable, if you build it they will spam it.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
You know it makes sense.
Personal Telephoney Objectionable Object Immediate Eradication
SPam Eradication Wirelessly
Highly Unwanted Reduction Logic
A feeling of having made the same mistake before: Deja Foobar
Not even blind people are safe from SPAM now....
When a media is used to send spam to other people it is alive and well. When it is used to transport pr0n it will have a prospective future.
A monkey is doing the real work for me.
I'm going to become rich when I invent a way to stab people in the face over the internet.
At least with this one type of spam I know that the spammer is paying big bugs in bandwith to make it work. Just maybe we'll be lucky and it will turn out that voip spam isn't profitable and we will be free of it.
The GeekNights podcast is going strong. Listen!
If telemarketers leaving voice mail becomes a problem, I'm sure that's quickly addressed by the service provider (=store no voice mail from abroad or from unknown numbers).
The owls are not what they seem
So, what's next?
SPam Ethernet Wires?
SPam over Low Amplitude Telephony?
SPam Over Older Generation Ethernets?
Something tells me that this is about to get sillier...
Norman Cook's Ode to Sl
I don't see the same people that respond to spam, as the same people using telephoney. I will predict that the profit margin to people that respond will be too low to make this worthwhile until VOIP becomes more mainstream like email. (I can dream can't I)
Stay tuned for new sig...
Given that corporations are the biggest users of VoIP right now, and given that it takes a burning-bush level miracle to get in touch with a human person at most large corps, I imagine most of this will be computerized voices yammering at each other for minutes on end. "Thank you for calling Bank of America." A: "Free trial of Viagra, no commitments" B: "For information about your account, press one now."
Always a godfather; never a god. -Gore Vidal
Does this mean I will finally get telephone calls?
-
He adds that viruses are also possible with VoIP. A virus sent to phones could be used to launch more spit or to bring together thousands of VoIP systems to launch denial-of-service attacks.
Yeah, right, 'cause we always execute our voice mail messages!
Also, how is spamming voice mail via VoIP any different than just calling everybody up POTS?!? This article sounds more like another company trying to promote their "solution in search of a problem." Here's a hint: if spammers spoof their caller id and figure out how to insert random variations in the outgoing messages, this system isn't going to work anyway!
"Freedom means freedom for everybody" -- Dick Cheney
Are you really that suprised?
Read: telemarkerters.
What do they stop at? Nothing.
One of the biggest problem of spam is the inability to identify the source (and why so many people believe that solutions like SPF will help out).
VoIP is end-to-end, so if someone starts "spitting" the network, he can easily be blocked.
Of course, other solutions would be to have white lists for VoIP, but it is weird to think about white lists to telephony, since the idea is that anyone could reach anyone.
I think dubious character companies will try to do it anyway for some time, but with time blocking will keep the problem to manageable levels.
- First, today's spam has a link that says "http://somelegitsite.com", but the href is "http://1.2.3.4/uniqueID" to make you think you're going to a legit site, but really sending you elsewhere. Hard to do with voice contact, or, rather, audio contact.
- Second, they would never use a toll-free number. That would not only cost them money rather than you, but be easily traceable. For those who don't mind the traceability, it'll be a 900 number.
Besides, it'll all be automated - no human voice at the other endIt may be over the internet, but at least vocal spam already has precedents in 'do not call lists' and such. I figure the more popular VoIP becomes, the faster this crap will get squshed. It won't take the decades phone spam legistlation took to enact. Everybody is taking a good, hard look at how to crush unwanted solicitations in every form these days.
You need a FREE iPod Nano
As for spit, I really don't plan on getting VoIP anytime soon as I'm satisfied by my POTS landline. Do I have to pay taxes on it, yes; so what? We pay taxes on everything, including VoIP indirectly. You might not have taxes on VoIP, yet, but I'll bet there are taxes and surcharges on your Cable/DSL bill. The article itself does not have much content past the rhetorical comments regarding growth and registries. And the moment that I get a virus on my telephone is the moment I dig out an old beige mechanical AT&T phone. Seriously, how many features does your household phone need? Caller ID, sure; Call Waiting, nah, if its important, they'll call back; voicemail, get an answering machine and save $5/mo.; etc.
Take a deep breath people and realize that humans and our respected cultures have existed for thousands of years and by turning your electronic toys, at least for a few minutes, you might find peaceful relaxation or learn something that does not have power requirement.
But what do I know, it seems the Slashdot audience lives behind the glow rather than under the sun, so I may be preaching to the wrong crowd. --Amigori
"The quality of life is determined by its activites."--Aristotle
Spam Hampering Information Technology = SHIT ha!
Fortunately, VoIP is young enough such that they could modify the protocols to nip this in the bud.
Cryptographic solutions would probably be the first place to look. For example, suppose my phone will only look at incoming connections which are begun with some certificate signed by the VoIP service provider (Vonage, Skype, whatever). So, in order to be able to call me, your phone first contacts the provider, requests a certificate to connect to me, and the provider gives that to the phone, and then their phone uses that as credentials to get my phone to not ignore it. Then, all the service provider has to do is watch out for excessive numbers of connections coming from one customer.
I wouldn't be surprised in the least if this isn't already built into the VoIP systems. After all, we've been trying for some time now to move email into the domain of cryptographic authentication (SPF is just an intermediate fix) to stop spam. So, we've known for a while that this is "the way to do it right", and we also know from the way e-mail is going that it's a major pain to try to change the system to use it after the system is already in place. So, I'd expect that they might already have this capability.
Many of these techniques can be adapted to VoIP systems. I am surprised that SER and Asterisk do not already support DNSBLs -- even if there is no call for them yet, we will certainly need published lists of abusive hosts or networks within a few years.
The flexibility with which one can express access restrictions is an important part of any system's security. My workplace is just starting a VoIP deployment. I want to be able to say things like:
I've often wondered what would happen if EVERYONE allocated just 5 minutes per day to "responding" to spam... heck we spend that long deleting the stuff or updating mail filters anyway.
Just pick a couple of spams and:
- View the web site
- If you can find an email address or contact form for the seller, abuse it. (do not use your own email address if possible)
- If you can find a free-call number, ring it - and keep them busy as long as you feel the need to - the company is paying for your call.
- Request free samples, forms to fill out or advertising material (printed form only, email is pointless). Fake the address, or if you like, grab the freebie
- Waste their time - time costs them more than anything else if they have to put on employees to deal with the crap.
- Waste their resources (web server time/bandwidth doesn't count, printer ink & shipping does)
If even 10% of their spam results in time wasters, the economics go right out the window
Unfortunately many spams link to a "insert credit card here, we will send goods" page with no other contact info, but many have links to the companies web site, and even an email to abuse (or better still anonymous contact form to prevent spam).
Any company that suffered such a manual DDOS attack would likely stop spamming - and as the spammers got less, the effect would get worse (well, better actually).
yes, some idiot will send out a spam on behalf of someone else just to get them attacked, but at least using human attakers there will be some basic checking.
As with all wars there will be casualties. At the moment that casualty is email, and EVERY internet user suffers for it.