Slashdot Mirror
CastleCops Anti-Malware Site Closes Down
Fortran IV writes "Volunteer-powered anti-malware site CastleCops appears to have closed shop. As of Tuesday, December 23, the CastleCops home page notes: 'You have arrived at the CastleCops website, which is currently offline. . . . Unfortunately, all things come to an end.' It was reported back in June that Paul Laudanski, founder of CastleCops and its parent Computer Cops LLC, was taking a full-time job with Microsoft and was 'looking for new management' for CastleCops. The site has also long had problems with funding and with hostile action from spammers. The actual shutdown seems to have taken the security community by surprise; as late as Tuesday evening Brian Krebs was still recommending CastleCops on his Security Fix blog."
Basic problem:
Castlecops were volunteers. Spammers do what they do for a living. Eventually, the volunteers have to get back to the real world, while the spammers keep going and going because you're hitting them in the pocketbook.
Either we need a lot more volunteers, or we need to start imposing the the death sentence on convicted spammers and get the root problem solved.
If you can read this sig, congratulations, you have your glasses on!
The website looked a lot like all the superwindowsvirussmasher scam websites....You may have trojan.dropper.w32, free scanner here! with all the ads, color, and layout.
It's possible that it just never presented a legit-looking or professional experience. I'm no the only one who thought this...the community let it die too.
THL phish sticks
That'll stop spam about as well as prison terms and (sometimes) death sentences have stopped drug traffickers. What you are dealing with is not a technological problem, which is why spam filters and anti-malware efforts have not ended spam. You're not dealing with a legal problem either because even if new laws to punish spammers somehow worked perfectly, and they won't, that could only change the jurisdiction from which the spam is being sent. Not to mention that if spamming becomes riskier because more spammers are caught and punished, you will actually make it more profitable for the ones that don't get caught (possibly those from other jurisdictions) because you will have removed their competitors.
This is an economic problem. The interesting thing about economic problems is that so long as there is sufficient demand for something, the suppliers will amaze you with both their ingenuity and their willingness to take risks to deliver it. We saw this with alcohol prohibition, we see this now with the War on (Some) Drugs, and we're also seeing it now with spam. The real problem with spam is that the spammers' costs are extremely low and there are enough idiots who buy from them to make it profitable. Punishing spammers amounts to a form of prohibition. Prohibition has never worked (they can't even keep illegal drugs out of prisons) and it's not going to start working now. It really amazes me that so many human beings can understand human nature so poorly that it was ever even tried, let alone that it continues today despite any social costs and that there are still people who would suggest applying this failed idea to more novel problems. When we, collectively, try something and find out that it has never worked and is never going to work, we think the solution to that is to try harder instead of trying something else. It's like a cross between that saying about having only a hammer and perceiving everything as a nail and that saying about the definition of insanity.
If the goal is to catch a tiny percentage of them and feel vindicated while your inbox continues to fill up with spam, the "crime and punishment" approach will do. If your goal is to end spam, then your only real option is to reduce the number of people willing to buy from spammers (the demand) until spamming is no longer profitable. Like many others, I have some ideas but I don't have the solution. At this stage though, I think that what's missing is a sound understanding of the problem.
It is a miracle that curiosity survives formal education. - Einstein
Spamming V1aG4 isn't were the money is at. The big money is in identity theft, espionage and pump & dump schemes. These crimes are committed by using botnets that host phishing sites, send out phishing spam, and use scripts to log into bank accounts and broker accounts.
It is an economic problem, yes. It is *not* analogous to prohibition. This stuff *is* criminal and the crimes committed cost tens billions of dollars each year. The solution is *not* to just toss your hands up and say "we give up", the solution is to lock these fuckers up and toss the key. We, as a society, need to clamp down on these fuckers before they do something that really screws with us. And don't kid yourself either, these people are sitting on top of some of the most powerful distributed computers on the planet.
Chicken Bone Spammers, V1agr4 and R0l3x W4tches is old school 1998 thinking. That crap is the little leagues. The big money is in "professional," massive, highly organized, sometimes government funded crime. This is the big leagues and the assholes playing in it need to be stopped.
But that's exactly why new laws aren't going to work. What you're talking about there is fraud. Fraud is fraud; it's not something new just because the means of communication was a networked computer. Fraud is already universally illegal (everywhere or nearly everywhere) and this hasn't stopped the type of spam that you mention. Why? Because these criminals are finding it to be very profitable.
The laws that imprison or execute people for things like rape and murder have some deterrent effect on would-be criminals because there is generally no enormous economic incentive to rape and murder people and the desire to do those things is widely recognized as aberrant and pathological. Contrast that with spam (any kind) where there is a strong economic incentive (it's only getting worse so it's obviously profitable) and the desire to make money is generally valued and encouraged by our society -- the problem with spam is the destructive method by which that desire is satisfied, not the desire itself. In my mind, that's the difference between enforcable laws and unenforcable laws.
I believe that my previous point was sound and still applies here. The only thing your clarification changes is the application of the term "demand". Whereas before, demand constituted people who purchase items from spammers, now it also describes people who want to connect a computer to a network that is known to be hostile without learning how use it securely (botnets), people who want to make transactions without careful authentication (phishing), and people who want to get rich quick or who think that some random spammer with a stock tip really has their best interests at heart (scams). Whether such people are genuine victims or merely suffering the consequences of poor decision-making makes no difference to the spammer. A large (enough) number of people who keep doing these things despite all of the warnings against them and all of the information available is indistinguishable from the usual sense of the word "demand" as far as spammers are concerned.
What I am telling you is that so long as this is the case, you can make the penalty for this type of fraud as severe as you like and it will make no difference, for all of the reasons I have outlined in my previous post. It is prohibition because there is a large enough demand to make $ACTIVITY profitable and you are trying to eradicate $ACTIVITY by punishing $SUPPLIER in an effort to destroy $AVAILABILITY. It will fail for all of the reasons why more traditional forms of prohibition have failed.
Remember that you don't need perfectly knowledgable users running perfectly secure systems so that online fraud is completely impossible; you just need knowledgable enough users running secure enough systems to make fraud difficult enough that it's no longer profitable. Accomplishing this is merely very difficult; catching, prosecuting, and punishing enough spammers to achieve anything resembling "stopping spam" is utterly impossible.
It is a miracle that curiosity survives formal education. - Einstein