I am reminded of the old joke about the lawyer hired to defend someone accused of wrecking a borrowed car: "First, we will prove that you never touched this vehicle. Second, we will prove that the vehicle was already damaged when you received it. Third, we will prove that the vehicle was in perfect condition when you returned it."
Spam, which is subtly personalized and includes photos and hyperlinks, could be used as a communications network by terrorists, so definitely falls under the national security bailiwick.
As a few people noted on this thread, the use of spam (specifically, the filter-cracking gibberish routinely appended to spam) as a terrorist comm channel would be an excellent way to evade traffic analysis.
If it isn't illegal, they can't be put out of business
99% of the spam I've ever seen is illegal on its face (fraud, illicit sale of prescription drugs, unauthorized commercial use of trademarks and copyrights, distribution of pornography to minors, etc).
And maybe our antispam net could benefit from time to time by a friendly security officer geek who also gets too much spam on his yahoo account at home and has gotten pissed off!
Suggestion: If you fit this description and are reading this, write a memo describing the use of spam as a comm channel immune to traffic analysis and get it into the record. This will give your agency the choice of 1)investigating spammers using their obvious violations of existing laws as leverage, or 2)potentially becoming the scapegoat it it turns out that terrorists do pull off another attack with the aid of this technique.
What if spam and the spammers software - was actually being used by a third party in a surepticious manner to send/receive messages? Kinda like plaintext stego. Maybe the software used by spammers is backdoored by this third party - he sends instructions to the machine(s), maybe via a virus or something simpler, the spammers send their messages, but "unknown" to them the spams have this garbage at the end. The spammer doesn't really care, maybe he bitches at whatever passes as tech support for the spam software. Most people who recieve the spam see the stuff as garbage, or filter busters. But a certain group of the third party's friends - they have special email software that downloads these spams, and strips the garbage out, decodes it, and reassembles it into the real message. Maybe each spam only contains the equivalent of a couple of characters after decoding (maybe the garbage is actually packets telling order in the sequence, and other info to reconstruct the message) - but over a week or so, an entire message could be sent...
This would be a very useful method for terrorists -- it would not only conceal the message itself, but also would defeat traffic analysis (i.e. nobody would be able to tell who sent or received the message -- it's sent by a spam king and received by everybody).
About the only way to guard against it -- or find out if the terrorists are already using this channel -- is to anal-probe all spammers for their client lists, then anal-probe all the clients. Fortunately, the obvious criminal content of 99.9% of spam provides sufficient probable cause for such action.
I keep praying for that silver bullet that will end spam forever.
What it will take is the enforcement of existing computer-cracking laws. Spammers will then have a choice between 5-10 year sentences or sending spam with no munged words, forged headers, misleading subject lines, etc.
This is an attempt to sabotage computer defenses for the purpose of gaining unauthorized access, and as such should be punished under existing computer-cracking laws (even if it doesn't work: an unsuccessful attempt to commit a crime is still a crime in itself).
To explain in terms such as even a troll such as yourself can understand.
My mail server is my private property. If I program it to reject your e-mail because you have the same IP block as a spammer, that's my prerogative. If I program it to reject your e-mail because you run an open relay (even one that hasn't been abused yet), that's my prerogative. If I program it to reject your e-mail because you don't wear matching socks, that's my prerogative.
Not much can be done about call centers. For jobs requiring tech skill, the government could (and probably should anyway) require companies to prove that they've anal-probed anyone in a position to perpetrate subtle sabotage (there are quite a few Islamists in India who think that Osama is the good guy).
RTFA. Spammers crack their way through the security measures (filters) designed to prevent their unauthorized access to other people's property. The existing computer security laws need to be enforced against this form of cracking.
Picture phones will become pervasive; it'll be unusual not to have one.
However, there is a demand for non-picture phones from people who simply aren't allowed to have a camera at work. Those sorts of jobs ain't burger-flipping, making it likely that somebody will address the demand for a phone with all the hot features execpt a camera.
Calling terms like "metrosexual" or "bling bling" irritating is silly. Language is a living, evolving thing.
Useful language evolution involves creation of more succinct or precise terms for concepts that previously required longer and vaguer labels. Inasmuch as there are already perfectly good and short terms for the concept ("fop", "dandy"), "metrosexual" is indeed silly.
Er, which part of "for the purpose of gaining unauthorized access to somebody else's system" was unclear? What you describe is clearly "for the purpose of correcting a spam filter false positive".
Wow, I thought one couldn't steal things that don't exist in physical form.
Wow, I didn't know that the arts of transmitting data through hyperspace (rather than copper wires or antennae) and storing it in alternate dimensions (rather than on hard drive platters) had been reduced to practice.
meta-monkey's categorical imperitive is "don't do something you wouldn't want your mother to know about."
I don't see how that could apply to Ralsky, though. I'm pretty sure that his origin involves a mad scientist investigating Things Man Was Not Meant To Know.
The law needs to treat circumvention of a spam filter the way it treats circumvention of any other computer security measure -- do it for the purpose of gaining unauthorized access to somebody else's system, do 5-10 years in prison (real don't-drop-the-soap prison, not Club Fed).
But if it's too hard/expesnive to operate legitimately, then what will it do to the SPAM market besidse move it's base to a place where US law doesn't reach?
According to this inane "logic", pressing women into sexual slavery ought to be legal because our attempts to ban it has just moved it to Thailand.
I'm as serious as a heart attack. Spam is theft of services. Thousands of people are in prison for committing thefts of services far less damaging than even a single spam run.
According to the article, Ralsky admitted to "hijacking" other people's computers to send his spam. I could be wrong, but isn't this sort of thing illegal now?
That sort of thing has been illegal for years. I'm frankly surprised that some ambitious prosecutor looking to launch a political career hasn't put a few spammers in jail for it.
Slashdot Mirror
I am reminded of the old joke about the lawyer hired to defend someone accused of wrecking a borrowed car: "First, we will prove that you never touched this vehicle. Second, we will prove that the vehicle was already damaged when you received it. Third, we will prove that the vehicle was in perfect condition when you returned it."
Episode 2 = sucked.
Episode 3 = ?
"What part of this progression eludes you?" --G'Kar
As a few people noted on this thread, the use of spam (specifically, the filter-cracking gibberish routinely appended to spam) as a terrorist comm channel would be an excellent way to evade traffic analysis.
If it isn't illegal, they can't be put out of business
99% of the spam I've ever seen is illegal on its face (fraud, illicit sale of prescription drugs, unauthorized commercial use of trademarks and copyrights, distribution of pornography to minors, etc).
And maybe our antispam net could benefit from time to time by a friendly security officer geek who also gets too much spam on his yahoo account at home and has gotten pissed off!
Suggestion: If you fit this description and are reading this, write a memo describing the use of spam as a comm channel immune to traffic analysis and get it into the record. This will give your agency the choice of 1)investigating spammers using their obvious violations of existing laws as leverage, or 2)potentially becoming the scapegoat it it turns out that terrorists do pull off another attack with the aid of this technique.
Which country gets to be the first to put Darl in jail for fraud?
This would be a very useful method for terrorists -- it would not only conceal the message itself, but also would defeat traffic analysis (i.e. nobody would be able to tell who sent or received the message -- it's sent by a spam king and received by everybody).
About the only way to guard against it -- or find out if the terrorists are already using this channel -- is to anal-probe all spammers for their client lists, then anal-probe all the clients. Fortunately, the obvious criminal content of 99.9% of spam provides sufficient probable cause for such action.
My first choice would be a space launch with empty air tanks, but Gitmo will do.
What it will take is the enforcement of existing computer-cracking laws. Spammers will then have a choice between 5-10 year sentences or sending spam with no munged words, forged headers, misleading subject lines, etc.
This is an attempt to sabotage computer defenses for the purpose of gaining unauthorized access, and as such should be punished under existing computer-cracking laws (even if it doesn't work: an unsuccessful attempt to commit a crime is still a crime in itself).
My mail server is my private property. If I program it to reject your e-mail because you have the same IP block as a spammer, that's my prerogative. If I program it to reject your e-mail because you run an open relay (even one that hasn't been abused yet), that's my prerogative. If I program it to reject your e-mail because you don't wear matching socks, that's my prerogative.
End of discussion.
Not much can be done about call centers. For jobs requiring tech skill, the government could (and probably should anyway) require companies to prove that they've anal-probed anyone in a position to perpetrate subtle sabotage (there are quite a few Islamists in India who think that Osama is the good guy).
Also to protect established insiders from competition from original works by outsiders.
There are only three ways for the more successful to address the envy of the less successful:
1. Forcible suppression.
2a. Appeasement.
2b. Abandonment of one's successes.
Each of these approaches has obvious problems.
My cell phone battery can be replaced by the user in 30 seconds. Not at all like any version of the iPod.
RTFA. Spammers crack their way through the security measures (filters) designed to prevent their unauthorized access to other people's property. The existing computer security laws need to be enforced against this form of cracking.
However, there is a demand for non-picture phones from people who simply aren't allowed to have a camera at work. Those sorts of jobs ain't burger-flipping, making it likely that somebody will address the demand for a phone with all the hot features execpt a camera.
Useful language evolution involves creation of more succinct or precise terms for concepts that previously required longer and vaguer labels. Inasmuch as there are already perfectly good and short terms for the concept ("fop", "dandy"), "metrosexual" is indeed silly.
Er, which part of "for the purpose of gaining unauthorized access to somebody else's system" was unclear? What you describe is clearly "for the purpose of correcting a spam filter false positive".
Wow, I didn't know that the arts of transmitting data through hyperspace (rather than copper wires or antennae) and storing it in alternate dimensions (rather than on hard drive platters) had been reduced to practice.
I don't see how that could apply to Ralsky, though. I'm pretty sure that his origin involves a mad scientist investigating Things Man Was Not Meant To Know.
The law needs to treat circumvention of a spam filter the way it treats circumvention of any other computer security measure -- do it for the purpose of gaining unauthorized access to somebody else's system, do 5-10 years in prison (real don't-drop-the-soap prison, not Club Fed).
According to this inane "logic", pressing women into sexual slavery ought to be legal because our attempts to ban it has just moved it to Thailand.
I'm as serious as a heart attack. Spam is theft of services. Thousands of people are in prison for committing thefts of services far less damaging than even a single spam run.
That sort of thing has been illegal for years. I'm frankly surprised that some ambitious prosecutor looking to launch a political career hasn't put a few spammers in jail for it.
I sit in the smallest room in my house with Ralsky's statement of complaint before me. In a moment, it will be behind me.
Well, then, if they can't even convince people to listen, they need to give up politics and resign themselves to lives of honest toil.