Slashdot Mirror

← Back to Stories (view on slashdot.org)

Washington Post Blog Shuts Down 75% of Online Spam

Posted by CmdrTaco on from the real-american-hero dept.

ESCquire writes "Apparently, the Washington Post Blog 'Security Fix' managed to shut down McColo, a US-based hosting provider facilitating more than 75 percent of global spam. " Now how long before the void is filled by another ISP?

32 of 335 comments (clear)

  1. Not Just Spam by eldavojohn · · Score: 5, Interesting
    From the article:

    The badness attributed to McColo was not limited to spam. It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide.

    And they operated for how long before they were shut down ... as a United States based hosting provider?

    If they have evidence of these things, I certainly hope that The Washington Post turns any evidence over to the FBI or at the least the local law enforcement where McColo is operating. And I hope a warrant is obtained through the appropriate channels to collect evidence from Hurricane Electric & Global Crossing ... I'm all for user privacy policy from an ISP but obviously these people are criminals.

    --
    My work here is dung.
    1. Re:Not Just Spam by cgenman · · Score: 3, Interesting

      Common carrier laws apply to ISP's because they are providing a neutral gateway, and is no more aware of the details of what is going on their network than the Highway service knows what I'm keeping in the trunk of my car.

      Spam senders, however, is different. It takes a large amount of network resources, spawns repeated complaints, and triggers most network system warning bells. You can't spam on any real scale and not be noticed. No ISP would accidentally allow spammers to operate on their network for any length of time... there must be complicity.

      ISP's generally don't like to talk about it, but the usual arrangement is that you get to spam X amount in exchange for X extra cash per month, or similar. Unless McColo was extraordinarily incompetent, they must have had a similar arrangement. I think it's fair to say that level of interaction (and kickback) takes them out of common carrier status.

      --
      The ______ Agenda
    2. Re:Not Just Spam by billcopc · · Score: 4, Interesting

      Oh boy... field trip!

      The government is not there to enact justice, it is there to provide services to its citizens. Justice is not a service. Justice is a tool, a device to help ensure social stability, and as long as justice is controlled by someone on the payroll, there will be no true justice. There is only loyalty to the payroll.

      Plus, your sig has been bugging me for a while now:

      The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to the lazy.

      ... nor is its purpose to raid lower- and middle-class people's wallets and give it to the rich, but purpose be damned because that's all it's ever been good at!

      --
      -Billco, Fnarg.com
  2. Wow by Reality+Master+101 · · Score: 3, Interesting

    I had ONE spam message last night. I average probably 20 a night.

    --
    Sometimes it's best to just let stupid people be stupid.
  3. Re:good job! by TheLink · · Score: 4, Interesting

    Seems like McD is moving quick:

    http://inventorspot.com/articles/mcdonalds_japan_goes_nobrand_with_quarter_pounder_shops_19505

    --
  4. is it morally right to DDoS spaming ISPs? by petes_PoV · · Score: 4, Interesting

    as the title says. if it gets them "off the air" is this a public service or a criminal act (or both)?

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    1. Re:is it morally right to DDoS spaming ISPs? by inviolet · · Score: 3, Interesting

      Since morality is subjective, only you can decide. However, it is certainly illegal, and could get you sent to federal pound-me-in-the-ass prison.

      Interesting. So it's up to me whether it is good or bad to eat broken glass.

      Look, since your mission is to undermine everyone's certainty, at least do it right. The one part of morality that is completely subjective is the discount rate, which is the time horizon that you set for your outcomes. Most things are good in the short term and bad in the long term, or vice versa, or some mixture. Nobody anywhere has yet figured out any rule for choosing or weighting one's time horizon.

      Indeed, probably most political disagreements are really disagreements over time horizon. E.g., stay in Iraq? It's all about how far into the future you look for justification.

      --
      FATMOUSE + YOU = FATMOUSE
  5. Re:As long as there is money in it... by postbigbang · · Score: 2, Interesting

    Or change the protocol set to something that can still work with anonymous yet non-commercial/legal mail. I can't think of a single person that would mind changing their email address or taking a few steps to eliminate the spam they get.

    --
    ---- Teach Peace. It's Cheaper Than War.
  6. Hosting Child porn? by arkham6 · · Score: 2, Interesting

    According to the article, the provider hosted servers that provided child porn.

    1: Is that really possible for kiddie porn sites to be active in the US?
    2: If its true, would that company be partially responsible legally speaking?

    1. Re:Hosting Child porn? by X0563511 · · Score: 2, Interesting

      That's because child porn is the legal Easy Button, in the same way that 'think of the children' is the legislative "Easy Button.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  7. Better to NOT shut them down? by plsuh · · Score: 5, Interesting

    When it comes to these sorts of things, oft times law enforcement and intelligence agencies who know about a source of major operations DON"T shut them down, so as to build a case against the bigger players or to maintain the ability to track what is going on. Given that this is a US-based corporation with US-based servers, I wonder if this shutdown has seriously compromised on-going monitoring and criminal cases. While this has almost certainly seriously disrupted operations of the various bad guys for now, I would give it only a few days before they're back online based at overseas locations where they're less easily reachable. Except for some script kiddies, the operations are all sophisticated enough to use standard techniques such as multiple hardcoded fallback IPs. DNS redirection, and using fake BGP announcements to hijack IP blocks to get back online.

    --Paul

  8. Re:As long as there is money in it... by postbigbang · · Score: 2, Interesting

    proxy anonymity. someone will think it up and make it work.

    --
    ---- Teach Peace. It's Cheaper Than War.
  9. Re:As long as there is money in it... by I.M.O.G. · · Score: 2, Interesting

    Usually when people make absolute/exclusionary statements, like "the ONLY way", they end up being not entirely correct.

    While going after the advertisers could solve the problem, that assumes you could track them down AND have any control over their actions. Jurisdictional hurdles and similar problems are obvious with this approach.

    Fortunately tho, that's not the ONLY way to address the problem. It'd be good if ISPs had incentives to address the problem - large scale bittorent protocol usage is something that wreaks havoc on the ISPs network and many ISPs are actively trying to come up with solutions to ease their pain. If there were an incentive for ISPs to monitor for abuse over SMTP, then perhaps another solution to the SPAM problem would be possible.

    Theres lots of "answers". Any answer you provide to this problem falls prey to the same general set of problems tho. Theres a standard form slashdotters post in response to suggestions like this, and by checking off the correct options it can shoot down any possible solution you can think of.

    --
    Overclockers
  10. Re:As long as there is money in it... by TheThiefMaster · · Score: 3, Interesting

    I use GMail with email addresses on my own domain (and it's free!)
    The only downside is having only 7GB of mail storage space.
    GMail's spam filtering is indeed second to none, I'm piping one of my old yahoo accounts through to my new address, and yahoo lets a few spams through per day, and then gmail blocks all of those.

  11. BS. Not by volume. by suso · · Score: 3, Interesting

    This couldn't be by volume. Given the amount of spam that everyone receives every day, I don't think a single ISP could possibly generate 75% of it. It would take multiple gigabit connections and I'm sure someone would have already noticed that kind of traffic coming from one place.

    1. Re:BS. Not by volume. by suso · · Score: 3, Interesting

      Ok, I did RTFA that slashdot posted too, but not the link inside the article. The initial article didn't mention anything about botnets and made it sound like it was the source of the spam.

      What I don't like about this is that it gives normal people a false sense of security about the whole issue. The real issue is that governments aren't cracking down on people within their borders causing these problems including the U.S.

      The Washington Post is not a security agency, they are a news agency. And when they do stuff like this they don't really have the right motives. Its just like those investigative reports that your local news channel does.

      Slimy business practices have a way to continuing on despite everything, so in the wake of McColo it won't be long before we have a Colo King.

  12. My personal experience by rwyoder · · Score: 4, Interesting

    I use a procmail filter that sends mail from known addresses into my mailbox, and dumps everything else into a "garbage" file that I check every morning before deleting it, (on the off change that a friend or business has sent mail from a new address). This morning for the first time in *years*, the file was empty.

  13. All well and good, but... by Time+Ed · · Score: 4, Interesting

    ...once the folks who sell spam and porn find a hosting provider who turns a blind eye, they tend to stick with it and consolidate their operations. Paying attention to Spamhaus and the more reliable botnet trackers tells me where these operations are located, and helps me write good gateway filters for my employer, my house, and my friends. Cutting off internet access tends only to disperse the nere-do-wells rather than stop them, and I have to start over again tracking and writing new filters. In other words, I like to know where these guys hang out so I can avoid them, the same way I avoid the riff-raff in the physical city where I live.

    I think its great that someone is doing something about the problem, but I don't think it should be the ISP. We already have laws against spam and certain porn, and it should be up to the government to enforce those laws. Vigilantism is never the answer.

    The tried-and-true way works: if you have evidence, take it to the police. If the police won't do anything, take it to the press. Sure it takes a little longer, but it keeps - in this case your internet connection - safe from the Random Crusader. And the criminals may actually get arrested.

  14. Re:How much spam? by SCHecklerX · · Score: 2, Interesting

    You'd have to ask my greylist, mimedefang, and spamassassin filters, as most of it gets killed before even making it to the 3rd, which kills the rest. Stuff in that small threshold I allow, maybe 1-2 every couple of months gets through, and that's usually from a company I actually had done business with in the past.

    Mimedefang rejections on dumb things at the helo/from stage, and greylisting kill most things without ever having to receive or process it.

  15. Re:How much spam? by argent · · Score: 3, Interesting

    So, how much spam does everyone get each day on average?

    Well, according to my mail logs, my mail server that currently provides mail service for myself in the past 8 hours:

    Has blocked 2879 messages, based simply on the IP address, using RBLs.
    Has blocked 1013 messages, based on some early tests in mail delivery.
    Has passed 176 messages on for further filtering, with my address. I haven't checked how many were to my wife or to invalid addresses. Typically that's several hundred an hour.

    The next level of filtering:

    Dropped 18 messages completely.
    Filed 127 messages in the "probable spam" box, where they will be deleted within a week.
    Delivered 31 messages to my home server.

    Of those messages, about half of those were filed as "spam" by Apple's Mail.app.

    That's pretty low by my standards. Good work.

  16. ISPs are not common carriers by Anonymous Coward · · Score: 1, Interesting

    ...or at least, no judgement or legislation in the US has ever held ISPs to be common carriers in the sense that phone companies are.

  17. You can see the tremendous drop for yourself by kipin · · Score: 3, Interesting

    http://www.spamcop.net/spamgraph.shtml?spamweek

    Look at Tuesday's sharp drop off coinciding with the shut down.

    --
    If I can not smoke in heaven, then I shall not go. -- Mark Twain
  18. Re:As long as there is money in it... by sgtstein · · Score: 3, Interesting

    I also am running all of my domain email address through Google Apps. I run all of my own servers. Because of this, my email server is setup to download all of the email from the Gmail accounts and sort it locally into the users mailboxes. This is difficult to setup and initially though it does allow you to use Google's amazing spam blocking options and still use your own "unlimited" storage. Currently my 50 or so users are sharing a 1TB drive. I'm not certain how much control you have over your servers and such, but just to let you know about my setup.

  19. Re:The spam solution... by maxume · · Score: 2, Interesting

    I prefer to believe that the endless line of morons are the people who think that they can make money by becoming a spammer (or that is, purchasing spam runs from the real spammers).

    Maybe there are hundreds of thousands of people who repeatedly try to purchase drugs and other crap from shady online retailers, but I don't really think so.

    --
    Nerd rage is the funniest rage.
  20. IronPort reports 66 percent drop in spam Tuesday by tsu+doh+nimh · · Score: 4, Interesting

    From their press release: "In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post on Tuesday evening."

    --
    ...because you never know who you're dealing with.
  21. Re:How much spam? by s7uar7 · · Score: 2, Interesting

    Gmail holds spam in a separate folder for 30 days before deleting them. Usually I have around 3000 emails in there, around 100/day, but at the moment I only have 1442; over the last 4 days I've only averaged 30 spam emails a day (900ish a month).

  22. Re:IronPort reports 66 percent drop in spam Tuesda by multipartmixed · · Score: 3, Interesting

    Sounds about right.

    I spent significant time yesterday, concerned that recent firewall and DNS changes had had unintended side effects: my inbound mail volume dropped by about 70% around 16:30 eastern.

    Thank God the washingtonpost.com guys posted to netnews (almost) right away.

    --

    Do daemons dream of electric sleep()?
  23. Re:ISPs are clueless? by NevarMore · · Score: 4, Interesting

    So, I don't mean to be a dick here or anything, but you had those kinds of problems with a vendor you were using as a data centre not just once, but over a timespan measured in YEARS.

    While you anecdotes indicate that HE does have problems, I think the bigger concern is that they have customers who put up with those problems. What golden nugget are we missing? Do they have higher than normal payouts for failing to meet SLAs?

  24. OK, now law enforcement needs to go to work by Animats · · Score: 3, Interesting

    Now it's time for some federal law enforcement action. Over at McColo, there will be records that indicate who's behind the spamming and botnet operations. They'll know who paid for servers. There will be phone records showing who made support phone calls to McColo.

    McColo is in San Jose, and the San Francisco office of the FBI, which covers Silicon Valley, has a Cyber Intrusion Squad. It's their job to start digging and find out who's behind the spam operations.

    Even if the people behind the spamming tried to stay anonymous to McColo, the odds are that they slipped up somewhere.

  25. I am glad by hesaigo999ca · · Score: 2, Interesting

    By doing this, not only does the press shut down a major thorn in internet's side, but also show that the stupid feds/cops are either on the take with this, or just too incompetent.
    Either way, it does not look good for the feds/cops

  26. Re:ISPs are clueless? by Fulcrum+of+Evil · · Score: 3, Interesting

    Maybe if you used fewer parentheses...

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  27. I do see significant reduction by Omeganon · · Score: 2, Interesting

    Down from about 6,000msgs/minute (since forever ago) to about 2,000msgs/minute as of yesterday evening. This one actually seems to have made a difference (unlike the HerbalKing group's 'shutdown).

    --
    Omeganon