Slashdot Mirror

← Back to Stories (view on slashdot.org)

SpamSlayer - should we DDOS spammers?

Posted by ryuzaki0 on from the what-lines-to-cross dept.

pointbeing writes "Just read this article about a company called Blue Security that essentially floods a spammer's website with requests to unsubscribe members - we're talking thousands of requests per day - the company's CEO says that fighting back by "inducing loss" against spammers is the only way to eventually stop them. Although I hate spam as much as the next guy, is participating in a DDOS attack the way to bring spammers to their knees? If it's okay in this instance, it it okay to DDOS the next guy who does something we don't like? "

10 of 587 comments (clear)

  1. Sophistry at its finest... by TripMaster+Monkey · · Score: 5, Insightful

    From TFA:
    The influx of tens of thousands of requests exactly at the same time floods the spammers' Web site, causing it to become inoperable.
    Sounds a lot like a DDOS attack...in fact, it sounds exactly like a DDOS attack. But aren't they illegal?

    Also from TFA:
    Launching a distributed denial of service attack is illegal in the U.S. and in most European countries.
    That's what I thought...what does Blue Security have to say in their defense?

    Again from TFA:
    Blue Security's Reshef bristles at the notion that his firm is involved with any type of DDoS attack. "We aren't trying to shut down any Web sites. We are just trying to slow these sites down so much the spammers can't earn money"
    Sorry, Reshef, but what you are describing is a textbook example of a DDOS attack. Whether the site in question is actully shut down, or merely incapacitated, is beside the point.

    This whole caper is a non-starter, especially so since a precedent for this sort of thing has already been established by Lycos Europe.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:Sophistry at its finest... by Tinik · · Score: 5, Insightful

      Vigilatism may seem like a good idea at the time, but always leads to problems in the long run. It's better to work through proper channels to resolve these problems. If the proper channels can't resolve the problem, then work to fix them.

      Doing things properly results in a more permanent fix. Vigilantism just gets innocent bystanders hurt and only works until the next guy comes along.

    2. Re:Sophistry at its finest... by Technician · · Score: 5, Insightful

      Sounds a lot like a DDOS attack...in fact, it sounds exactly like a DDOS attack. But aren't they illegal?

      Rule #1 Spammers lie
      Rule #2 see rule #1

      If an e-mail has false headers, what makes you think the reply-to or un-suscribe belong to the spammer. A DDOS against a third party (Joe Job) is not the way to shut down a spammer. You may be helping him shut down his legit competition. An obfuscated URL may point to amazon.com for example.

      I liked the other aproach of repeatedly reloading the page used to buy the spammer's product. That's a way to have them melt or have the hosting company become less friendly to hosting spam product order websites.

      --
      The truth shall set you free!
    3. Re:Sophistry at its finest... by ArsenneLupin · · Score: 5, Insightful

      Personnally, I prefer to submit only one single unsubscribe request. My email address just happend to be ...:
      'or'test@yahoo.com'like'%
      If the spammer uses sequel sewer or access rather than a real database, this will wipe their address list squeaky clean!

    4. Re:Sophistry at its finest... by chromaphobic · · Score: 4, Insightful

      While it's certainly true that DDoS attacks are illegal, and that there is a precedence that sets these types of things firmly in the illegal category, I personally think that we should reexamine them. Set a statute that allows DDoS attacks against known spam hosts and the like.

      That's one knot that I think would be best left untied. It may start out as an anti-spam tool, but it'll only be a matter of time before all manner of other uses are okayed. How long before the RIAA gets permission to DDoS file-sharers, or entire P2P networks? How long before Microsoft gets permission to DDoS servers hosting cracks for their software?

      Legalized DDoS attacks as a tool for fighting spam just reeks of a Pandora's Box solution to the problem. Once we make it an acceptable method for netcrime fighting in one instance, it's only a matter of time before all manner of major corporations and organizations tug the leash they have around US lawmaker's necks and get the right to DDoS anything they don't like.

  2. No, no no no no... by gmknobl · · Score: 5, Insightful

    I'm sorry, acting just like a criminal for revenge purposes, no matter how satisfying, is wrong. It just brings you down to their level.

  3. Menace to the Internet by dfn5 · · Score: 4, Insightful
    This is just another form of spamming. Anyone who generates unnecessary network traffic is a menace to the Internet.

    --
    -- Thou hast strayed far from the path of the Avatar.
  4. DDoSing spammers by farnz · · Score: 5, Insightful
    If you're sending an unsubscribe request to a spammer in response to a spam you've received, that's not intended as a DDoS; the spammer invited you to contact them and unsubscribe, and should have taken care to limit their list to avoid accidentally DDoSing their servers. In the same vein, I see nothing wrong with browsing a site advertised to you in a spam, despite intending to merely use up bandwidth, rather than make a purchase; again, if the spammer isn't happy, they shouldn't invite you to browse their site (in other words, they shouldn't send spam if they don't want to be visited).

    When you start trusting someone else to tell you who's spamming and who isn't, you invite them to abuse that power; what guarantees do you have that Blue Security will never go to a legitimate site owner, and threaten to tell SpamSlayer users that the legitimate site is spamvertised unless Blue Security receive enough money?

    --
    I appear to have a blog. Odd.
  5. Re:I remember when this debate started by Have+Blue · · Score: 4, Insightful

    And when the "necessary evil" is more than half the email traffic on the net and starting to drown out the things we are supposed to be gaining by putting up with this necessary evil? The moral of the tragedy of the commons is that nobody wins.

  6. The danger of vigilantism by ezraekman · · Score: 4, Insightful

    There's another name for this sort of activity: "Lynching" There's a good reason why one isn't supposed to take the law into one's own hands. It's because, however noble your intentions, there are no checks or balances on your actions; no safeties or limits.

    I HATE spammers. When I'm bored, I shut them down by tracking relevant data about them, and reporting them to their hosts and domain registrars. But who decides who the next "spammer" is? When I get spammed, even that isn't strong enough evidence for me. My next step is to ensure that it isn't an isolated incident, and so I go search the web to see if they've been added to a database/blacklist, or are on any of a number of spammer watchlists. Once I've got enough evidence to be able to convince a host/registrar, as well as myself, THEN I take action. But... how many vigilantes would take these extra steps? How many would simply go along with the crowd? "Hey! It's a spammer! GET HIM!!!"

    As much as I hate what spammers do, I simply can't condone this kind of action, without some kind of safety net for false positives. We're seeing something of a double standard here. What if, instead of discussing actions against "spammers", we were discussing actions against "terrorists"? Biometric tracking? Millimeter wave scanners? RealID? We've all seen how many people get strip-searched, end up on no-fly lists, get arrested for not having the right paperwork or IDs, and have any number of other civil rights violated. We're constantly demanding that we have some sort of guarantee that we're not going to end up flagging the wrong individuals. I agree wholeheartedly; we'd damn well better ensure we're flagging the right people, or the system is pointless, and the "terrorists" will end up laughing all the way back to the compound. So... where's our safety net here, folks?

    If we could legitimately do something like this, there wouldn't be a need for it, because it would mean the authorities would already be doing so. What happens on the day someone decides that Bob's Direct Mail service is "close enough" to spam, and we should start targeting them? How about Bob's Direct Mail Order? Bob's Direct Shipping? Bob's Joint? Who decides the next target? What if it's just a personal vendetta, and isn't even accurate? What happens when 20,000 people take that person's word for it, without doing any of their own research?

    Yes, something needs to be done about the spammers, but this sets a dangerous precident. What's the solution? Hell if I know, though I suspect it's a combination of legislation and education. I just know that this has enough problems to have been condemned by almost everyone here, if it had come from the opposite direction.