Slashdot Mirror
Washington Post Blog Shuts Down 75% of Online Spam
ESCquire writes "Apparently, the Washington Post Blog 'Security Fix' managed to shut down McColo, a US-based hosting provider facilitating more than 75 percent of global spam. " Now how long before the void is filled by another ISP?
The badness attributed to McColo was not limited to spam. It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide.
And they operated for how long before they were shut down ... as a United States based hosting provider?
... I'm all for user privacy policy from an ISP but obviously these people are criminals.
If they have evidence of these things, I certainly hope that The Washington Post turns any evidence over to the FBI or at the least the local law enforcement where McColo is operating. And I hope a warrant is obtained through the appropriate channels to collect evidence from Hurricane Electric & Global Crossing
My work here is dung.
Just give us an IP address linked in the summary. That's all we ned.
First they shut down McCain, now McColo. Next up: McDonalds?
Do you even lift?
These aren't the 'roids you're looking for.
http://craphound.com/spamsolutions.txt
My turnips listen for the soft cry of your love
the spam will flow. It's the old "balloon dog" effect. Squeeze it in one place and it balloons in another. The ONLY way to attack this problem is to go after the advertisers who are willing to use spam as a medium to sell product.
I had ONE spam message last night. I average probably 20 a night.
Sometimes it's best to just let stupid people be stupid.
Well, I guess now my Nigerian prince will never come.
SJW: Someone who has run out of real oppression, and has to fake it.
as the title says. if it gets them "off the air" is this a public service or a criminal act (or both)?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
According to the article, the provider hosted servers that provided child porn.
1: Is that really possible for kiddie porn sites to be active in the US?
2: If its true, would that company be partially responsible legally speaking?
The comments on the Washington Post site are pretty worthless, but this one was particularly good:
"Brian - Well done, and well reported. For the user who asked about reporting news versus creating news, you misunderstand Krebs's reporting. Like most good reporters who write big stories, he either got tips or analyzed data regarding spam and cyber-security. It probably was a combination of both. If he determined from his research, reporting and analysis that this data was coming from one place, he did not create a story by informing the spam host's business partners. Rather, he sought comment from them about this site, and they took action. What Krebs reported is not a big a story as Watergate, but what do you think Woodward & Bernstein did? Wait for a press release? A regulatory filing? No, they took one news event, worked backwards from it, and determined that something big was going on -- just like a spammer. Then they wrote about it, just like Krebs did. When Henry Blodget on Silicon Alley Insider wrote that The New York Times Co faces several possibilities for survival, he did not tap into a planned news event. He analyzed a balance sheet and made conclusions. Much of the news that comes out is because beat reporters see connections and draw conclusions that are not opinion, but reasoned and accurate viewpoints based on evidence out there that resists coalescing into a larger news event because most of us don't get it. That's why we have journalists, and this is a great example of that. And now for the full disclosure: I'm Robert MacMillan. I am a reporter at Reuters who covers the journalism business, and I worked at washingtonpost.com for many years with Brian. I sat right across from him so I know what he eats for lunch. Posted by: easymac | November 11, 2008 9:45 PM "
When it comes to these sorts of things, oft times law enforcement and intelligence agencies who know about a source of major operations DON"T shut them down, so as to build a case against the bigger players or to maintain the ability to track what is going on. Given that this is a US-based corporation with US-based servers, I wonder if this shutdown has seriously compromised on-going monitoring and criminal cases. While this has almost certainly seriously disrupted operations of the various bad guys for now, I would give it only a few days before they're back online based at overseas locations where they're less easily reachable. Except for some script kiddies, the operations are all sophisticated enough to use standard techniques such as multiple hardcoded fallback IPs. DNS redirection, and using fake BGP announcements to hijack IP blocks to get back online.
--Paul
This is their AUP from 2005 (Mccolo.com)
Acceptable Use Policy (AUP)
All Maxis' Commerce colocation or dedicated server customers are bound by the following Acceptable Use Policy. This document may be updated from time to time. Please consult this site periodically for the most recent revision of this document.
No Maxis' Commerce customer shall:
Do anything illegal or anything that adversely affects Maxis' Commerce legal interests. The following list is non-exclusive, and should not be considered license to commit other illegal activities not specified below. All illegal activity is prohibited, and Maxis Commerce will cooperate fully with any law enforcement officials and/or agencies investigating and/or prosecuting such activities.
Cracking/Hacking - attempts to access accounts or systems other than the userâ(TM)s own accounts or systems or an account or system that the user has been explicitly authorized to access is illegal under federal and state law.
Child pornography - as defined by U.S. law. This is strictly prohibited and dealt with quickly and harshly.
Interstate gambling - because Internet traffic generally ignores state and country boundaries, any Internet based gambling site is restricted by Federal Inter-state gambling regulations.
Pyramid schemes or fraud - are illegal under a number of Federal, State and Local laws.
Theft of services - attempts to utilize services that are not contracted for is considered theft and will be dealt with as such.
Harassment - use of Maxis' Commerce network to harass or threaten (in the legal sense of those terms) any other person is prohibited.
Please consult an attorney if you are unsure of the legal status of your activities.
Do anything that threatens the integrity of Maxis' Commerce network or the utilization there of by other persons.
Denial of Service (DOS) attacks - no customer will commit a DOS attack against any Maxis Commerce customerâ(TM)s host, or any other host on the Internet. Similarly, no Maxis Commerce customer will willfully or negligently allow incitement of others to attack any host on Maxis' Commerce network, or any other host on the Internet.
Blacklists - No customer shall do anything that could get any portion of Maxis' Commerce IP space (or address space announced by Maxis Commerce on behalf of Customer) put on blacklists such the RBL (Realtime Black List) as maintained by MAPS (http://www.mail-abuse.com) or other similar organizations, or perform activities that would cause portions of the Internet to block mail or refuse to route traffic to any portion of Maxis' Commerce IP space (or address space announced by Maxis Commerce on behalf of Customer).
Perform actions that cause unusual load on Maxis' Commerce servers (for example, mail servers, web servers, usenet servers, name servers, etc.), that cause slowness or denial of service to other Maxis Commerce customers.
Do anything that threatens the Internet or any other network.
No customer shall take actions that cause any portion of the Internet, or the Internet as a whole, to become unusable to any other portion of the Internet, or the Internet as a whole.
No customer shall take actions that degrade the usefulness of the Internet, or any portion of the Internet, either through network degradation, flooding of usenet or email or so on.
Spam - No customer shall send unsolicited commercial email, unsolicited mass mailings, spam or flood usenet newsgroups, or anything of that sort. If you have questions about what is allowed and what is not, please email abuse@mccolo.com for clarification.
No spam may originate from Maxis Commerce IP space.
No spam may advertise sites or services located on Maxis Commerce IP space (even if the spam originates elsewhere).
No Maxis Commerce customer shall use third party mail servers to relay spam. This is considered a DOS attack on the third party and will be treated as such.
No customer shall participate in pyramid schemes
----- You know you have ego issues when you register a domain in your name.
So, how much spam does everyone get each day on average? I think I get between 5 and 8, not much by most people's standards I imagine it's still depressing to see.
I'll be interested to see if this number goes down in the next few weeks, but I doubt I'll notice.
Summation 2
MY SITE IS DOWN!! WTF !
Eye for an eye and half of the world will have just one eye!
Also FTA:
'Two hours later, I heard from Benny Ng, director of marketing for Hurricane Electric, the Fremont, Calif., company that was the other major Internet provider for McColo.
Hurricane Electric took a much stronger public stance: "We shut them down," Ng said.
"We looked into it a bit, saw the size and scope of the problem you were reporting and said 'Holy cow! Within the hour we had terminated all of our connections to them."'
So, after much hand-waving here, and elsewhere, about what info the Gov. and your ISP may be collecting about you, they could not spot this, a major spam, child-porn and theft site?
Maybe the honest version would be;
"We were making shitloads of money out of selling bandwidth to these bastards, 'no questions asked', but now you've blown the whistle on them I guess we've gotta look responsible."
Does that mean that I will NOT be getting my millions of dollars from that friendly nigerian prince?
The story, linked to from the story, linked to by slashdot requires registration. Anyone got a handy login?
Give me Classic Slashdot or give me death!
This couldn't be by volume. Given the amount of spam that everyone receives every day, I don't think a single ISP could possibly generate 75% of it. It would take multiple gigabit connections and I'm sure someone would have already noticed that kind of traffic coming from one place.
Enzite is here!
http://www.enzyte-male-enhancement.com/
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
Comment removed based on user account deletion
Or change the protocol set to something that can still work with anonymous yet non-commercial/legal mail.
Sure, that's easy. Here's a few things to think about:
Your post advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Would have been nice if they posted the evidence they sent to the ISPs.
I use a procmail filter that sends mail from known addresses into my mailbox, and dumps everything else into a "garbage" file that I check every morning before deleting it, (on the off change that a friend or business has sent mail from a new address). This morning for the first time in *years*, the file was empty.
...once the folks who sell spam and porn find a hosting provider who turns a blind eye, they tend to stick with it and consolidate their operations. Paying attention to Spamhaus and the more reliable botnet trackers tells me where these operations are located, and helps me write good gateway filters for my employer, my house, and my friends. Cutting off internet access tends only to disperse the nere-do-wells rather than stop them, and I have to start over again tracking and writing new filters. In other words, I like to know where these guys hang out so I can avoid them, the same way I avoid the riff-raff in the physical city where I live.
I think its great that someone is doing something about the problem, but I don't think it should be the ISP. We already have laws against spam and certain porn, and it should be up to the government to enforce those laws. Vigilantism is never the answer.
The tried-and-true way works: if you have evidence, take it to the police. If the police won't do anything, take it to the press. Sure it takes a little longer, but it keeps - in this case your internet connection - safe from the Random Crusader. And the criminals may actually get arrested.
Who's going to email me now?
Most of what I tend to see in my inbox (or SeaMonkey junk folder) are various variants of the "Nigerian Scam". I dont see all that much actual commerical spam for some reason.
I haven't seen so much as a slight dip in spam-per-hour on any of the spam filters I manage.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
...or at least, no judgement or legislation in the US has ever held ISPs to be common carriers in the sense that phone companies are.
For all those who don't believe that a single ISP can be responsible for this amount of spam: take a look at the munin graph from our spam scanner. When I looked at it in the morning I went "huh, did I misconfigure something on our mail server?", didn't find anything, went to Google News and submitted to /. shortly after that.
Seems like every time there is a story about a spammer getting shut down , the amount of spam that I get increases.
The problem with spam isn't that people send out 35 billion emails... it is that SOMEONE out there is clicking on it. They just need one person out there to respond and they have made money...
The correct solution to this spam problem is to keep these places up. Find out who it was that actually responded and either
1) Go educate them about what they're doing
2) Show them how to shop on their own for hair growth and penis enlargement
3) Take away their internet connection
If they weren't making any money, they wouldn't be doing it.
It is like prostitution... Prostitution doesn't exist for the sake of existing. It exists because people will pay for sex. If everyone, everywhere stopped visiting prostitutes then there wouldn't be prostitutes for very much longer. They would have to get other jobs to survive.
I have been retained as the attorney for the Hormel Foods, LLC. I feel that you shutting down 75% of global spam violates free trade. Please cease and desist from shutting down global spam or Hormel will have no other option but to sue for punitive damages.
THIS SPACE FOR RENT!
Use your head, can't you, use your head,
You're on earth, there's no cure for that - S. Beckett
This shows a dramatic reduction in spam as of yesterday 4PM EST.
Will be interesting to watch it climb back up....
A fool throws a stone into a well and a thousand sages can not remove it.
http://www.spamcop.net/spamgraph.shtml?spamweek
Look at Tuesday's sharp drop off coinciding with the shut down.
If I can not smoke in heaven, then I shall not go. -- Mark Twain
The only way to go against spam is to simultaneously pursue every avenue. Yes, each solution is flawed, and can be gotten around. But the real question is, if we pursue all of them, aggressively, what will that do to spammers?
Think of it like disease. Rarely is one disease guaranteed to kill all of a species. But if you can load dozens of serious diseases onto the species, you have a fair chance of wiping it out. Spammers are the species. Anti-spam measures are disease vectors aimed at them.
Holding back on introducing some disease to spammers, on the logic that it alone won't solve our problem (namely, that their species lives), totally defies pragmatic logic. It's yet another instance of holding out for an ideal solution preventing us from advancing on a practical problem in real time, while we wait as members of the cargo cult of perfection.
That checklist of reasons proposed spam measures will "fail" - funny unless you're clueless enough to believe the world works that way.
"with their freedom lost all virtue lose" - Milton
From their press release: "In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post on Tuesday evening."
...because you never know who you're dealing with.
I'm wondering what other people are seeing. I've gotten almost no spam for te last couple days, down from 300 to ~35 day.
Although there was one set of phishing spam supposedly from ftc.gov and irs.gov, the balls on those guys.
Comment removed based on user account deletion
Sounds about right.
I spent significant time yesterday, concerned that recent firewall and DNS changes had had unintended side effects: my inbound mail volume dropped by about 70% around 16:30 eastern.
Thank God the washingtonpost.com guys posted to netnews (almost) right away.
Do daemons dream of electric sleep()?
The inherited wealth yuppies like Teddy Kennedy and Nancy D'Allessandro Pelosi are some of the laziest people known. They're definitely included in his rant.
Now it's time for some federal law enforcement action. Over at McColo, there will be records that indicate who's behind the spamming and botnet operations. They'll know who paid for servers. There will be phone records showing who made support phone calls to McColo.
McColo is in San Jose, and the San Francisco office of the FBI, which covers Silicon Valley, has a Cyber Intrusion Squad. It's their job to start digging and find out who's behind the spam operations.
Even if the people behind the spamming tried to stay anonymous to McColo, the odds are that they slipped up somewhere.
That's not got much spam in it.
If you see a man getting beat by another man, do you just stand by and wait for the police to show-up 30 minutes later to collect the body? Of course not. You and your fellow citizens act to stop the abuse.
How certain are you that you know what is going on? If the man doing the beating is an undercover cop, and the one being beaten is fighting back, it may be that the action is perfectly legal, and your involvement can land you in jail (or worse).
Maybe the one doing the beating is a criminal, and you use force to stop him. The victim whom you protected can then sue you, claiming that he wound up even more injured as a result of your intervention. Of course, no decent person would do such a thing....but you have no idea if the person being beaten is a decent person.
There are other unpleasant potential outcomes as well.
The safest thing to do is walk away and call the cops on your cell. If the victim dies before they show up, send flowers.
By doing this, not only does the press shut down a major thorn in internet's side, but also show that the stupid feds/cops are either on the take with this, or just too incompetent.
Either way, it does not look good for the feds/cops
McDonalds better watch out. These things come in threes, people.
...get a big-name paper to make the problem public.
I have to assume -- and the post seems to indicate -- that the upstreams were given plenty of evidence of this activity; yet they did nothing. It took the light shone on it by the paper to force them to acknowledge the problem and do something about it.
Down from about 6,000msgs/minute (since forever ago) to about 2,000msgs/minute as of yesterday evening. This one actually seems to have made a difference (unlike the HerbalKing group's 'shutdown).
Omeganon
I visited here today because I noticed a 60% reduction (estimate) in spam I received over the last day or so and wondered why.
Thanks again Slashdot for the news and to whoever pulled the plug on those assholes.
I checked out my gmail spam folder -- compared to earlier times when spam averaged from 50 to 70 messages a day, 12th November has 5 messages and 12th November only 3(!).
Kill 'em all.
Officials from McColo did not respond to multiple e-mails, phone calls and instant messages left at the contact points listed on the company's Web site before the site was taken offline.
Well, what the hell do you expect when their ISP dropped all their connections? Sheesh.
Today I saw drop in the spam I'm getting in line with what spamcop is seeing:
http://www.spamcop.net/spamgraph.shtml?spamweek
Normally I get a daily spike of spam around midnight that stay until 2PM then stay low until midnight and cycle starts again. This has been happening to my mail server since February 2008.
I see how long this lull in spam will be and I hope for a long, long time. My mail server needs a break from this crap.
I wish they would find these female donkey anal orifices and send the to some gulag or other torture place for a long, long time. Killing or dying for these people are too good for them.
"Even child molesters have the right to not be beaten to a pulp. For one thing, the *alleged* child molester might be falsely-accused and completely innocent."
How true!
And I believe that false accusers should definitely be beaten to a pulp!
I stupidly married into the middle of a child custody battle, and was accused by the total asshole father several times over several years of molesting my step-son, and the "Child Protective Services" would swoop in unannounced and enter our house uninvited, and interrogate our whole family, freaking out my step-son, because he's sequestered in another room with two unknown adults being grilled about issues he had no idea about.
And not only was the child scared and confused, the CPS Monsters forbade us by law, to tell the child what all the commotion was all about.
I've since heard that estranged/divorced parents often pull this crap, and they should be prosecuted for it too!
And don't get me started on those CPS assholes... it has nothing to do with "the children".
If it don't GO... chrome it. ~ Frank Banks
Why is it that technocratic hair-splitters distinguish every point of law except the difference between law and fear of law?
Packet inspection for the purpose of resource management hardly goes against the spirit of common carrier. Does anyone really think you could pack a dozen shot guns into the back of stage coach, and not have the stage coach driver know what goods you were dealing in? Do you suppose no gold miner ever was told by his local stage coach operator, "we're not too keen on porting your two bundles of dynamite; maybe you should seek transport by other means?"
This might have nothing to do with the actual law concerning common carrier status. I'm just pointing out that it's quite ridiculous to think any common carrier ever has been 100% ignorant of the cargo they convey. Even first class mail is sometimes signed hugs and kisses and botulism.
Fortunately, the judges sometimes manage to make jurisprudence work, despite the text of the law being often stacked against them. Which is not to say that judges are free to interpret legislation they dislike differently than the legislation is written. But they can resort to generic precedent to put forward the view the legislation is too preposterous to enforce in 100% literalness.
A good example of preposterous legislation would be a bill passed in the era of stagecoaches being construed to mean that AOL and their like can be put to the thumbscrews by the powerful political lobby of content owners. If that's what congress wants, they should update the law to unambiguously say as much.
Since we don't know what a judge would actually do, we're not talking so much about law, as fear of law. Deploying deep packet inspection opens an ISP up to the claim, by deeper pockets, that they are no longer operating within the safe confines of common carrier.
Fear of the law is the regime in effect when people reason "we would probably prevail if we could see this through, but we don't have enough money to find out".
Fear of law boils down either to lazy government, or bad government bought and paid for. We shouldn't have to sit around trembling over how some stage-coach era legislation would be construed by a higher courts, if a deep pocket stepped forward to contest the matter.
Really, the legislative and judiciary systems need to get together once in a while for a clean-out-the-fridge party where the dozen eggs from 1850 are finally put to rest. The way it seems to work is that old law just keeps getting pushed further to the back of the fridge, no matter how musty and inedible, it doesn't get thrown out.
The legal profession has done a pretty good job of creating a generalized fear of opening the fridge. Somehow, despite our purported democracy, we allow them to get away with this. It makes no more sense to me than paying a banker $500m to bankrupt the powerful corporation he works for. Part of the problem is that too many among us exult in fear of law and extolling its minutia.
A poem, created by a fictional worm on Brian's notebook, when you worked with him...
worm wating, watching
webcam
reporters all about
silently
patiently
Brian offers share to you
lays potato chips
you cannot eat just one
worm author waiting, watching
hoping instead for interoffice tryst with hot young intern
hoping one day to invade hustler.com or playboy.com
worm has failed its master
If you mod me down, I shall become more powerful than you could possibly imagine.
>>>the "Child Protective Services" would swoop in unannounced and enter our house uninvited, and interrogate our whole family, freaking out my step-son
>>>
They are not allowed to do that without a search warrant. Or probable cause. And no, "We heard a report" is not probable cause. That's just hearsay, which means they need to go see a Judge and get a proper search warrant. Yes it requires more work but they are bound by Constitutional Law same as we are.
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
Castle Rock vs. Gonzales, 2005 - "the police did not have a constitutional duty to protect a person from harm, even a woman who had obtained a court-issued protective order against a violent husband making an arrest mandatory for a violation." (NY Times) A woman sued the police because her husband violated his restraining order, kidnapped their daughters, and killed them, but the police did not respond to repeated calls for help.
Warren vs. District of Columbia, 1981 - "... a government and its agents are under no general duty to provide public services, such as police protection, to any particular individual citizen..." (sorry, this one was DC court of appeals, not USSC). Women sued because the police failed to respond to repeated calls for help after a man broke into their apartment and raped/assaulted/did other things to them.
The meek may inherit the earth, but the strong shall take the stars.
Oh... you actually believe that the law is in force in America?
Hearsay seemed to work for him on three occasions.
No judge, no search warrant.
Move to Mendocino County, CA and find out how wrong you really are.
You're not thinking of the children.
If it don't GO... chrome it. ~ Frank Banks
And that past experience is nothing...
Pity I couldn't find an attorney to document the conspiracy against my now former wife, by her attorney, her ex's attorney's and the judge.
She had a slam dunk child custody case, and they saveged her to the point of nervous breakdown.
It's a long story to do with a previous ex-parte hearing that the county judge screwed up on.
They ALL should be disbarred and in prison for that, but they are free, and fucking over people to this day.
Welcome to Mendoland where Justice is an empty word.
If it don't GO... chrome it. ~ Frank Banks