What Happened to Blue Security

shadowknot writes "Blue Security has published a detailed account of the attack on their servers perpetrated by spammer "PharmaMaster". The attack included a DDoS attack on the Blue Security operational system and a Black Hole filtering attack on the Blue Security website. From the article: "The first attack was to block worldwide access to Blue Security's corporate website (www.bluesecurity.com) by tampering with the Internet backbone using a technique called "Blackhole Filtering". The Second attack was a DDoS attack on Blue Security's operational system."

Re:Yup, this sucks.

[jtogel]

Come on, if you have never used Bluesecurity, then you were obviously not in their database, and your email could not have been leaked to the spammers! Obviously, the spammers just sent out these FUD spam mails to everyone, just like spammers generally do.

Re:Yup, this sucks.

[Rob+T+Firefly]

Isn't the fact that you, a non-user, got the email proof enough that nothing was leaked? Unless the spammer "hacked" your address from a list it wasn't on (which would be a neat trick) he or she was just spamming everyone available, hoping to get Bluesecurity's users along with it.

Re:DNS Vulnerabilities

[Rob+T+Firefly]

imagine the PR campaign that Blue Security is going to have to wage to get any credibility back

Considering who Bluesecurity are and what they do, this whole thing has actually seemed to me to serve as pretty good PR for them. It pisses off lots of people, but once the facts were out there pretty much everyone I know got pissed at the spammer, not Bluesecurity. Everyone hates spam, but now they see a spammer taking things to the next level of evil, which really strengthens the image of the "good guys." People who never heard of Bluesecurity before are becomeing ready to do what they can to work against this spammer.

Tucow bad behavior?

[stry_cat]

Looks like Tucow really behaved badly. They cancled an account of a legimite user instead of defeating the attack. The should never have given into the spammer's demands.

Re:Tucow bad behavior?

[a16]

I have no idea of how Blue Security operate their network, but presuming that Tucows only provide the domain registration and DNS services, they are probably earning what - $20 a year from Blue Security?

I understand that in an ideal world a company should stand by a client suffering a DDoS attack, and there are many companies out there that do (but they advertise the service specially, and you pay thousands for it). But I don't think we can really say that a company providing budget services to the masses has to sustain hundreds of thousands of dollars in losses to sustain one $20 client.

It's not ideal, but that's how the web works - and why DDoS attacks are so nasty, it's easy to end up in a situation where you've done nothing wrong, but nobody will host you.

Look at it this way - if you had a small company, or even a big company, and your entire network was down due to a client who gives you $20 a year - what would you do? Keep the client out of honour, but go out of business anyway?

Of course, if Blue Security pay Tucows for a $5,000/month DoS prevention plan that I'm not aware Tucows offer anway, ignore this post ;)

Re:Tucow bad behavior?

[jmorris42]

> I have no idea of how Blue Security operate their network, but presuming that Tucows only provide the
> domain registration and DNS services, they are probably earning what - $20 a year from Blue Security?

And how much can any of their remaining customers trust Tucows will protect US from the next idiot? So now all this asshat has to do is drop Tucows a note listing who he is pissed at this week and they will drop our domains too? No, millions for defense but never paying tribute is the only winning move. Tucows looked evil in the eye and they blinked. When my domain comes up again it will be going somewhere with just a little more courage. Network Solutions is a bunch of revolving assholes and they charge out the wazoo, but does anyone here think they would have caved? Not to mention they would have almost certainly been able to withstand an assault by one pissed off spammer.

Re:Tier 1 ISP

[btpier]

Yeah, I was wondering the same thing. Which Tier-1 ISP was willing to help this guy out. I do believe that the Blue Security method of whacking spammer's websites probably looks a lot like a DDoS (which in effect it is). But which ISP was foolish enough to take logs from a know major spammer and use them to Blackhole Filter packets going TO a legitimate site (filtering packets from maybe, but to?).

Poor response

[Grand+Facade]

PharmaMaster starts another attack and takes down Tucows's DNS servers which were serving thousands of sites, including Blue Security's. Tucows terminates Blue Security's account in an attempt to stop the attack.
[May 3rd 23:23 GMT]
PharmaMaster Boasts Success

Tucows is a company I will never recommend or use to host any of my domains.
Caving in to a spammer/hacker retaliation will not garner much support.

http://www.joker.com/ serves my needs well

Pharma Master

[jefu]

So, just who is this PharmaMaster guy anyway.

Enquiring minds (and all that) want to know.

Slashdot army unite!

[spyrochaete]

This ferocious attack on Blue Security as well as Typepad and TUCOWS is proof that Blue Security's tactics are working. Spammers are scared to death of Blue Frog because it forces them to comply with the spirit of CANSPAM (since it is worthless in practise). They are so desperate that they are damaging the internet backbone to slightly increase the limited time that spam will be profitable.

Do not listen to FUD-spreading ignoramuses who will no doubt leave many /. comments urging you to stay away from Blue Frog. Spammers do not have Blue Security's member lists - they are simply DIFFing their entire lists with the opt-outs sent by Blue Frog and sharing their filters with the "mailer community". Yes, some members (not me) have been threatened with, and temporarily recieved, more spam. However, this can't last since spammers who do this are simply fighting fire with gasoline! The more spam Blue Frog users get, the more opt-outs the spammer and client recieve which costs them time and money! Plus, regarding threats to leave Blue Frog, does it make sense that a spammer would remove ANY working email address for ANY reason?

Who do you trust to solve your spam problem? Microsoft? Your government? If they really cared, wouldn't the problem have have been solved long before spam encompassed 90% of all email? Blue Security offers a realistic, fair, assertive, and EFFECTIVE means of hitting spammers where it hurts - in the database and in the pocketbook. They need your help to make spam an unprofitable, inconvenient vehicle for advertisers.

I urge each and every /.er to sign up for a Blue Frog account RIGHT NOW (or whenever they're not getting DOSed) and simply forward your spam to yourusername@reports.bluesecurity.com. You can wait a day or two and send many spams as attachments in one email, or you can let the resident client do it for you. It's so easy and the headlines prove that it really does make a difference.

Spammers are childishly thrashing around the internet like a bull in a china shop, having a flailing temper tantrum because people dare to stand up for their privacy. It is the duty of /.ers, as an informed userbase, to stand up for those internet users who don't know how to stand up for themselves.

We have the numbers and the motivation. Aren't you sick and tired of these rich criminals wasting our time, defrauding our elders, and endangering our children day after day? If we stand together, just as the spammers stand together to attack Blue Security, then we WILL win.

Sign up for a Blue Frog account ASAP and encourage your friends and family to do the same, as I have. And if you think it's possible to reason with spammers, check out this CastleCops forum thread that shows inside conversations from a spammer message board.

The only solution to spam...

[Dog-Cow]

Is to kill the spammers. Obviously the death penalty doesn't resolve the issue forever, or we'd not have as much crime as we do in the world, but it will deter most spammers.

We put down rabid dogs because they have the potential to harm human beings despite having no intention to do so. Why is it less humane to remove life that actively and maliciously harms others?

Traffic Is NOT What Spamvertised Sitres Want

[cyberscan]

Most owners of spamvertised sites do NOT want traffic, they want money. They only want the .01% of spam victims who are stupid enough to buy their crap to visit their site to complete the sale. However, in order to get the orders for their profit, they have have a place where users can come to. This place is their website. Website owners have to PAY for bandwidth consumption. Traffic consumes bandwidth. Therefore traffic is an expense. What the website owners really want is orders that bring in money.

When a site receive traffic from those who do not buy, it is the same as a store which has 200 people just looking around (and not buying). These browsers cause wear and tear on the carpet, require the watchful eye of security, require resources to answer questions, and make it more crowded so that it is more difficult for paying customers to find what they are looking for and complete the transaction.

Right now, the ratio of revenue-generating traffic (those who come to a website to buy) verses the non revenue-generating traffic is high enough to justify having the website running and paying the spammers. When there is 8 gigs of traffic (non revenue generating) from spam haters for every byte of revenue producing traffic, then advertising a website via spam will be very UNPROFITABLE. When those who advertise by spam see loss instead of profits, they will quit paying spammers (or stop spamming themselves). This is why spammers hate the likes of Blue Security, SpammerSlapper, SpamFryer, and other retalitory tools.

What the spammers do not realize is that people who are ready to resort to using such antispammer tactics DO NOT like spamvertised websites nor will they buy crap from these websites. Blue Security is actually doing spammers a favor by pointing out the email receipients who do not want the spam and are willing to cause problems. If I were a spammer, I would want to listwash my sucker list and get rid of the email addresses of troublemakers and concentrate on the idiots who buy stuff advertised via spam. That way I would have to send out a lot less spam to get the sales I want. Spammers should go only after the suckers and leave the rest of us alone. When these nooby suckers decide that they are tired of being robbed and spammed into oblivion, they can then add their name and voice to the rest of the angry masses who have HAD ENOUGH.

SUE the advertisers

[HermMunster]

Bottom line the advertisers know how their money is being spent. There's no excuse which allows them to claim ignorance. Once they are sued they'll look into it if they don't already know. The advertisers are funding this type of illegal behavior and so they should be held accountable. Large lawsuits or even criminal prosecution. These spammers and those illegally compromising the backbones are acting as agents of the advertisers, period.

How about the US DoD?

[tddoog]

The Department of Defense uses the internet for a lot of communication. They shoud be interested in how the "backbone" of the internet was corrupted.

Not too mention, the actions of pharmamaster are borderline terrorism. (just in case the NSA is watching ;) Not even freedom fighter terrorism, just good old fashioned fearmongering terrorism.

What nonsense

[tmu]

Bluesecurity (BS) are either confused or misleading people.

There is no way that a single "backbone" provider could have installed a null route to block all traffic to their network. Bluesecurity is served by a Haifa-based provider called Netvision (Autonomous System number 1680). Netvision buys internet transit from four providers:

--UUnet/701 (uunet north america)
--UUnet/702 (uunet europe/middle east)
--btn/3491 (beyond the network)
--telia/1299 (telia sonera international backbone).

what the heck is BS claiming? that *all* of them installed a null route at once. do they even know what a null route is.

i'm getting annoyed enough at this nonsense to think about blogging about it in more detail over at www.renesys.com/blogs . perhaps later today.

foolishness.

Re:Client List NOT Compromised!!!

[makomk]

And what happens when some dodgy company pays spammers to put out spams that appear to be from their competitors in the hope that hordes of spam vigilantes nuke the competition's websites off the face of the Net?

Re:This isn't just between PharmaMaster & Blue

[user24]

*sigh*
way to screw up the batch file...
the ":start" bit should be on a line by itself.

DIY Experiment

[red_flea]

So here's a quick experiment to gauge the impact of the BlueSecurity nospam list. Create two email accounts and sign one of them up for Blue, and don't do anything with the second one including implying its existence. We already get spammed anyway, so what are they going to do to people that don't unsubscribe from Blue? More spam?

Lets call their bluff. Do this experiment yourself. And use Blue Frog.

Tucows are cowards!

[Alascom]

The fact that Tucows would kick one of their customers to the curb in a pathetic attempt to pacify a blackmailer/spammer/terrorist is shameful, short-sighted, and tragic.

While the spammer is clearly worthy or our scorn, I believe Tucows is even more deserving of public shame and disgrace. I expect a spammer to spam, I expect a hacker to hack, but I do not expect a (formerly) respectable business that takes my money to sell me out to criminals! Yes, I know they claim it was to protect their other customers, but tossing your baby to the lion to keep it from from attacking everyone else is reprehensible and I thought civilization had progressed beyond this.

I for one, will NEVER use any of their services or web properties again unless they issue a public apology for their actions. Not just to BlueSecurity, but to all of their customers, because this clearly sends a signal to all would-be DDoS attackers that Tucows customers are for sale for the price of a few million IP packets!