Blue Security Gives up the Fight

bblboy54 writes "According to The Washington Post, Blue Security has closed its doors, which can be confirmed by the Blue Security application failing to work today and their domain no longer resolving. Blue Security's CEO is quoted in the article: "It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing." You have to wonder where it goes from here. It seems an effective method has been found but more than a small private company could handle. Will someone else adapt this concept, or does the internet world give up?"

Too bad.

[grub]

I'm a recent new Blue member. Spam to my work, gmail and home accounts has plummetted thanks to Blue Frog. And to whiners who moan about "vigilantism", blow me. Fight fire with fire.

Dive Into Mark said it best...

[Saint+Aardvark]

If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and youre getting in their way.

[...]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either."

From Dive Into Mark (which doesn't seem to be responding, so try Google's cache.)

Take a page from SETI

[fistfullast33l]

What about a solution like the SETI project? A nice graphical screensaver that uses spare processor cycles to send email spam to known spammers. It could even display something funny like a graph showing how much harassment you're causing.

However, I don't think any kind of attack spam with spam solution is worth it. We need to either redesign the protocol, marginalize the spammers, or make it very illegal and put them in jail. Sure, you might argue that direct marketing through email really isn't illegal (junk snail mail sure isn't), but I think if you don't respect the don't spam lists and requests to stop, or even go so far as to launch a DOS attack as TFA describes, then you definitely belong behind bars or without access to a computer.

Re:When the going gets tough...

[bbernard]

I'd agree with the parent comments but for one issue. The company's clients were directly threatened. The spammers didn't just threaten Blue Security, they threatened Blue Security's customers. As the article stated, Blue Security's customers didn't sign up for a war. They signed up to not get spam. Getting bombarded by viral attacks wasn't part of the deal.

That said, I too am disappointed, but until effective means of finding and holding accountable the people behind the attacks this kind of extortion will continue.

Welcome to the wild-west. Where's Sherrif Bart and the Waco Kid when you need them?

Re:When the going gets tough...

[jacksonj04]

If you read up on Blue Security's actual implementation they never sent more unsubscribe requests than emails recieved. They sent one on behalf of the whole community first, then if that was ignored they sent one unsubscribe request for every email recieved from that spammer to a Blue Security customer.

It's exactly the same amount of traffic as everybody who recieved the email sending their own "Piss off and leave me alone" request.

On the subject of OS DoS, it won't work because the network will be too easily exploitable. However, something which used a supernode system to distribute the load would work quite well.

Personally I'm waiting for Google to step in, collect the pieces of Blue Security, then offer it as an automatic feature built into gMail. Spam gMail (x million accounts), someone checks that it really is spam, and then the spammer effectively gets a message saying "Stop spamming Google customers". Ignore it, and that's x million identical requests sent by one mother of a system.

Re:Solving the Spam Bot problem

[adamfranco]

Check out Privateye.

Privateye is a tool that our network security admin here at Middlebury College, Mike Halsall, wrote to automatically quarentine computers into a VLAN (that stays with their mac address) that only has access to a help page, anti-virus tools, and windows update.

Due to the use of this and campus manager (I believe it's the software that actually manages the VLANs, could be wrong), viruses have gone from taking down the campus network several times a year, to being a non-issue. From the project page:

Privateye came into being to satisfy the tedious task of corrolating event data being gathered from disparate security sensors (Snort, HoneyNet, IPS) and automatically take action on the sources generating the alerts.

Example 1: You have an Intrusion Prevention System (IPS) that is dumping its alerts to a log file. Privateye is reading in this log file, in real time, and watching which alerts are being thrown by which IP addresses. Now, let's also say you have a user registration system, allowing each user's name to be associated wit h their current IP address. One of your users gets a virus that starts doing Bad Things; this virus starts scanning for open shares on your network (which, in and of itself, doesn't necessarily mean something is amiss) AND connects to an IRC server out on the Internet. Privateye's configuration (all done through one powerful configuration file) has a trigger that specifies, "if I see one of 'my users' perform 50 NetBIOS scans in 60 seconds AND connect to an IRC server, I'll run an external script to do something to that user." That "do something" could be shutting down the switch port the computer is connected to, flipping it into a quarantine VLAN, or just sending the user an email letting them know their machine probably has a virus.

Example 2: You have a Snort box that alerts on SSH connections from the Internet to some of your internal hosts. You know that SSH brute-force attacks are prevalent, as every day your logs show thousands of login attempts from many machines on the Net. You configure Privateye such that if any external host (to your network) attempts more than 5 SSH logins in a minute, Privateye will run an external action that blocks the offending host from accessing your network for 2 hours at your firewall. If, when the 2 hours is up, they return, they'll then be blocked from accessing your network for 4 hours. Wash, rinse, repeat.

- Adam

Re:Sigh! Or why spam is unacceptable

[Just+Some+Guy]

Fine, I'm happy for you. You obviously don't own an active domain, or a business. Because otherwise I could guarantee that it gets to be a problem for you.

I do both (well, I work for a guy who owns a business), but neither my home account nor my coworkers' inboxes get nontrivial amounts of spam. I've written instructions on how I did it, and if you follow them, you can probably get rid of your spam problem as well.

It's not easy if you're J. Random Enduser, but any qualified system administrator should be able to take the steps needed to win back control of his servers. You can choose to do this - with today's software - if you're willing to exert a modest amount of effort.