That spammer had some powerful friends...

Post by **Kaylee** » Tue May 23, 2006 9:59 am

http://www.theregister.co.uk/2006/05/17 ... ity_folds/

A service which I've been using to help cut down my spam has been shut down... by spam.

It simply works by members reporting spam messages back to bluesecurity, who then bounce the messages back to their source- i.e. for every spam the spammer sends, it gets reflected back at them multiplied by the number of people they sent it to. They also did a good job of reporting illegal websites to various international bodies such as interpol.

Their service has finally been shut down by a Russian spammer who seems to have some incredibly powerful friends on the Internet- he was not only able to organise with the top-level DNS servers to have Bluesecurity taken down/redirected, he was able to coordinate a huge DDoS attack against their standin website taking down LiveJournal also.

TBH I'm pretty shocked... I get about 10 junk messages a day to my private email and about 40 to both of my hotmail accounts. Bluesecurity's tactics may have been extreme but personally it sounded like a fantastic idea. I guess this proves that, unless they're organising terrorism or child porn rings, nobody really has the power to stop villains on the Internet.

Post by **Denyer** » Tue May 23, 2006 10:23 am

Well, the power's arguably there, but nobody with it cares much... or they're commercial entities selling protection to casinos.

Dunno about the connection out of their home country, but Blue Security themselves redirected DNS to an uninvolved third party (Typepad) -- who promptly buckled, taking down many unrelated sites.

The "clean lists" were extremely short-sighted, as anyone with a clue would come up with the idea of comparing a backup with a "cleaned" copy and thus identify members of the service. I wonder how many of the users knew and understood this when they signed up.

Post by **Kaylee** » Tue May 23, 2006 11:08 am

IDing members I don't think was ever really an issue (especially as by default it advertised your email and bluesecurity status in the emails it bounced back

). I think the original idea was simple brute force spam attacks back against the spammer, the ultimatum being leave people on the white list alone or you get your own spam bounced back at you many times over.

Predabot · Post by **Predabot** » Tue May 23, 2006 11:14 am

This sounded absolutely fantastic. I really hope someone tries a new similar site, since the need and the market for this service is DEFINITELY out there.

And I don't care about sites that get put on this spam-list having only a small amount of spam, if they somehow distribute spam even once, then they deserve it TEN-FOLD back, no matter how small the crime.

Post by **Denyer** » Tue May 23, 2006 11:41 am

Predabot wrote:if they somehow distribute spam even once

Legitimate mailing lists have more problems than most spammers, due to users signing up for things and then hitting the "spam" button rather than the "delete" one in their webmail accounts.

edit:

I think the original idea was simple brute force spam attacks back against the spammer, the ultimatum being leave people on the white list alone or you get your own spam bounced back at you many times over.

How would this work in practice, with the initial source usually being masked?

Metal Vendetta · Post by **Metal Vendetta** » Tue May 23, 2006 11:45 am

I've no sympathy - I've ended up on loads of "legitimate" mailing lists without wanting to, and it's well difficult to get off them sometimes. I don't have a problem sending the millions of mails eBay send me every day to the spam filter, for example. When I signed up I must have missed the option that said "uncheck this box if you don't want to be best friends and penpals with ebay from now until the day your inbox is completely swamped".

Post by **Denyer** » Tue May 23, 2006 12:07 pm

Agree in cases of auto-opt-in-on-registration scams. It's not even remotely fair on a company or band when people deliberately sign up and then can't be bothered / don't understand cancelling a subscription, though.

The trouble with bouncing / targeting sites named in spam mail is that faking details leaves open a clear route to launch DoS attacks against people spammers don't like rather than the spammers themselves.

Post by **Kaylee** » Tue May 23, 2006 12:42 pm

Denyer wrote:
I think the original idea was simple brute force spam attacks back against the spammer, the ultimatum being leave people on the white list alone or you get your own spam bounced back at you many times over.
How would this work in practice, with the initial source usually being masked?

Now that is one thing I did want to know. Bluesecurity never actually divulged the nitty-gritty of how their system worked, moreso how they actually made money considering they were in theory a profit making company. Their website only ever went into a general overview on it. I'm guessing they were probably government or donation funded or somesuch.

Quite how they got around spoofed addresses, IP relays, message bouncing etc. I've no idea; unless they had some high-league help from various huge organisations.

Guest · Post by **Guest** » Tue May 23, 2006 10:21 pm

Karl Lynch wrote:Quite how they got around spoofed addresses, IP relays, message bouncing etc. I've no idea; unless they had some high-league help from various huge organisations.

Working backwards along the X-Apparently-Received-By field entires, interrogating each server for message ID verification until it finds one that either doesn't exist or fails verification.

PharmaMaster would probably have had their own mail servers set up for such an eventuality and when the level of interest reached a certain point, initiated a DDoS attack.