Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Approach To Reducing Spam: Go After Credit Processors

Posted by timothy on from the now-drag-out-the-list-of-why-it'll-fail dept.

WrongSizeGlass writes "A team of computer scientists at two University of California campuses has been looking deeply into the nature of spam, and they think found a 'choke point' [PDF] that could greatly reduce the flow of spam. It turned out that 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies. If a handful of companies like these refused to authorize online credit card payments to the merchants, 'you'd cut off the money that supports the entire spam enterprise,' said one of the scientists." Frequent Slashdot contributor (and author of a book on Digital Cash) Peter Wayner wonders if "the way to get a business shut down is to send out a couple billion spam messages in its name."

5 of 173 comments (clear)

  1. Hilarious by airfoobar · · Score: 5, Insightful

    This approach is already being used against the "evil pirates", but they haven't even gotten started on the spammers. Getting their priorities straight: they go after the teenagers sharing music first instead of the real criminals sending out phishing emails, viruses and shit like that. FTW.

  2. Re:Fight Fire with Fire by FudRucker · · Score: 5, Interesting

    but not just one fake credit card number, send them billions or trillions of them, just flood their system to the point that the credit companies just throw in the towel and refuse to process products advertized by spammers, spam the spammers, give them a large heaping helping of their own medicine...

    --
    Politics is Treachery, Religion is Brainwashing
  3. Re:Fight Fire with Fire by bleble · · Score: 5, Funny

    That's fine, as long as you filter MY credit card number out of your random number generator, thank you very much.

    Sure! Just post your credit card number here and everyone promises to filter it!

  4. Questions answered in this thread... by nweaver · · Score: 5, Informative

    I'm one of the MANY coauthors of this paper. Myself or others will try to answer questions in this thread.

    --
    Test your net with Netalyzr
  5. Re:Competitors by RobDude · · Score: 5, Insightful

    Laws are entirely theoretical until they are enforced. Until that point there is no difference between a law and a polite suggestion. The posted speed limit only has meaning if and only if there is a system that enforces that law. IE - in many parts of the US, there are many roads where 'everyone speeds'. Because 'everyone knows' cops won't pull you over until you are going some arbitrary speed faster.

    The problem with cyber crimes (including credit card theft and identity theft) is that there is (largely) no enforcement. We don't enforce those laws. Mostly because we can't.

    If we can make another aspect of these crimes both illegal and enforceable, then we could cut down on the crimes. But as it is now - there is no risk to the criminals. This is a true example that just happened to me on Monday....I had a friend whose e-mail was hacked and the hacker sent out e-mails to everyone on his contact list (from his e-mail address) saying he needed money. The IP address originated from Nigeria.

    Call up the police and get them to act on that.
    Go to the FBI website and report that IP address.
    Call the local Nigerian officials and tell them what has happened.

    All of them will laugh at you and say, 'Never send money to someone without verifying their identity'. We blame the victim. We say, '*YOU* need to be smarter and avoid dangerous activities'. Nobody *does* anything. I had a similar experience when my credit card number was used fraudulently....the investigation only went far enough to determine if *I* used the card. They didn't even try to track down the crook who used it.

    Could you imagine if we did this with other crimes? The public outcry that would come from it?

    "Well, most rapes happen at parties with alcohol and young males - it's too bad you got raped, but hey, next time....avoid parties with college guys and alcohol"
    "Well, most hate crime happens to someone who is ethnically or racially different from the local population.....it's too bad you got your house burned down - but you should live with your own kind...."

    But with cyber crime - that's exactly what we do.

    "Well, memorize a different, complex, long, secure password for every site you log into. And change them. Frequently!"

    I'm not against prevention, but it's a shame that we stop at that point. The only international cyber criminals that get caught are the ones who go far beyond scamming regular people. IE - steal my credit card, nothing happens to you. Defraud my wife, nothing happens to you. Hack into a large company and get a LOT of money or a LOT of information - you might get caught.