Anti-Spammers Infiltrate Private Online Spam Clubs 411
Angry_Admin writes " Spammers are now trying to find out which antispammers have infiltrated their ranks and are sharing "sensitive" info with fellow antispammers. According to the story at The Register: 'Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organisations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory the members-only forums of these sites is accessible only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques.' Hopefully the spammers aren't that bright and the antispammers stick around long enough to bring them down."
Not just a tree house club (Score:5, Insightful)
Don't doubt the Spammers IQ (Score:5, Insightful)
Optimists (Score:4, Insightful)
Just because someone does something you don't like, since when did that make them more stupid (or less intelligent) than you?
Sounds like the same tired argument that anti-virus companies and virus writers use.
Re:Not just a tree house club (Score:5, Insightful)
Honor among thieves? (Score:5, Insightful)
If only the people who READ spam weren't so stupid (Score:5, Insightful)
It's a tired old argument but if no one clicked the links in spam and no one bought the products in spam, perhaps we wouldn't have spam. The people spamming aren't stupid, they know a sucker is born every minute and they hope those suckers click their links. If the clickers would grow a brain we might not have this problem.
Re:Not just a tree house club (Score:3, Insightful)
Re:Bundled spamware and spyware (Score:4, Insightful)
Because they're not legitimate software, of course.
Kazaa, for example, makes a dubiously legal P2P app that it distribute(d) for the express purpose of getting a free-to-use grid to run various programs on.
And, unfortuantely, it'll be awhile before the Flynn effect makes all of us smart enough not to use spyware.
The virus/spam connection (Score:4, Insightful)
Spammers not smart? (Score:3, Insightful)
Most spammers arent terribly sophisticated. Let's face it though, a handful are extremely smart and capable, otherwise we'd have gotten rid of them a long time ago.
The Almighty Buch (Score:5, Insightful)
Invitation-only is very easy to get around (Score:4, Insightful)
Re:What now? (Score:2, Insightful)
Re:Bundled spamware and spyware (Score:4, Insightful)
Isn't it obvious why? Because it makes money, and right now. Do spammers care if they kill the medium they use? Nope, because they're making money from it, right now.
Who cares, it works for me, at least for now.
It's shortsighted but unfortunately it fits the general profile of human behaviour. I don't see the way spammers or malware producers behave any differently than the way big companies or governments behave, just on a different level. So, I think it's safe to say that things like this will go on for the forseable future.
Re:Bombs (Score:4, Insightful)
Comment removed (Score:5, Insightful)
Re:Not just a tree house club (Score:3, Insightful)
Re:hmmm On picking nits. (Score:3, Insightful)
Germans are white, and some even immigrated before the nation was the United States (the Pennsylvania Dutch, where Dutch is really Deutsch).
Japanese are "yellow" or whatever. They immigrated only more recently, since around 1850 or whenever Japan's borders were opened to foreigners. (At WWII, that still would have been about three generations or so for those here the longest.)
According to one of my Japanese co-workers, those of Japanese or Asian descent are still discriminated against when it comes to security clearances and government jobs. (I wouldn't know, I'm a white male from a small town, I got my clearance fairly quickly once the paperwork was through.)
Today, it's just those of Arab descent we round up and imprison.
I'm sure you already knew that, though - it just really ought to be said. Racism is hardly dead in America - we've come a long way, but we aren't even near the finish line yet.
Selling Advertising vs. Selling Products vs. Fraud (Score:5, Insightful)
Many spammers make their money by selling advertising service to retailers by promising to deliver eyeballs which can be turned into sales, but don't handle delivery of the product. Sometimes they're getting paid a commission, so they make money if and only if they're successful at attracting suckers to the retailer's products or websites - whether that's pills or pr0n.
But for many other spammers, the sucker is the retailer who's expecting to get high-quality sales leads, rather than the spammees. Retailers who've learned from the experience usually don't provide repeat business, or at least not without changing the price structure to only pay for actual sales.
And many spammers make money from fraud. Besides the currently popular Nigerian 419 and the pump&dump stock scammers, there's the old-fashioned pyramid game in its many guises. That used to be more popular than it is today, but it still seems to work. One variation on this is selling spamware to wannabee spammers.
Re:Don't doubt the Spammers IQ (Score:3, Insightful)
Re:I heard of something like this once... (Score:5, Insightful)
Evidence, please.
Re:James Bond of the Spam world? (Score:2, Insightful)
Scott Richter. Enough said.
Re:Not just a tree house club (Score:2, Insightful)
Just like everyone else (Score:2, Insightful)
This is hopeless wishful thinking. Spammers are just as bright as anyone else. In addition, they generally seem to have a fair share of low cunning. Don't underestimate them.
Re:Not just a tree house club (Score:2, Insightful)
So their having problems in bed, and they decide "what do i have to lose if i try these, the worse that will happen is they wont work." So they buy the enhancement pills, and their confidence rises with expectation that the pills will in fact work. Next thing the guy knows, he's a stallion with the libedo of a young bull.
1+1=2, right? i bought the pills, i can stay up! These pills ARE enhancement pills!
wrong.
If anything out there truely worked, and didnt require a perscription, viagra would NOT cost $15 per pill--or whatever obscene cost it is right now.
Not that I advocate vigilantism... (Score:3, Insightful)
but it would be pretty easy to write a little script that searched for "spam-friendly" and similar search terms on Overture, Google, etc, and clicked through those links.
Pretty soon, ISPs would have to stop advertising those services. They'd have to resort to mis$pelling s+earch Te(rms like in a SP.AM mess(age, thereby cutting down the effectiveness considerably.
Of course, anti-spam services would probably take a lot of collateral damage from an approach like this. Innocents getting caught and torn apart by the mob show the fundamental problem with the vigilante approach.
Re:Not just a tree house club (Score:5, Insightful)
It's the same complex business pyramid cycle that led to the
These are not just turkeys that live down the block and work at the local foundry. These are people who graduated with MBAs and formed the social connections necessary to know where the paperwork goes, who has to sign it, and how it has to be filled out to look legit. The people running these operations don't always know that they're funding spammers. Have you seen the subcontracting breakdown for a federal building or renovation project? It's the same on the stock market. The major houses go to the mid houses. The mid houses go to the major and minor houses. The minor houses service anyone they can, including banks, credit unions, and local investment brokers. The banks, credit unions, and local investment brokers are watching applications for business licenses and applications for business loans. The people monitoring the applications are often feeding info to their cousin/brother/aunt/old roomie working in the major and mid houses. All of these people are working at their own desks, pushing nothing but paper, and no one knows that the guy who walked in the door to give a 15-minute presentation for a legit "desktop advertising clearinghouse" is really using 85% of the business investment to feed his old fraternity brother with enough money to send out spam for three months. Then they'll junk the business and the bank won't care because they had a valid insurance policy before they ever signed the loan.
If spam were as illegal as the CANSPAM Act and all the hype and hoopla makes it seem shouldn't it be easy enough for credit agencies to latch onto these people and refuse to run their funds? Sure, it should, so why don't they? Because no one gives a flying rats bottom. They're all pushing paper, and getting paid, and as long as the business insurance is good then no one cares that the business only lasted three months. I'm sorry
Spammer techniques (Score:3, Insightful)
I know they're not that bright (Nigerian twits, especially), but this should be a no-brainer.
Re:Not just a tree house club (Score:5, Insightful)
That's the least of the problem. The filter-poisoning junk appended to spam messages (which ought to be prosecuted under the computer crime laws as an attack in and of itself... but I digress) is a perfect terrorist comm channel that is effectively immune to traffic analysis (i.e. there's no way to identify the intended recipient).
I was reluctant to mention this when it first occurred to me, but after thinking it through I'm morally certain that terrorists have already figured this out.
Maybe the FBI has also figured it out, and is already planning to scoop up some spammers and use their violations of existing laws to lean on them and anal-probe their business records... and maybe not. If this turns out to be the next failure to "connect the dots"... well, you heard it here first.
Re:Not just a tree house club (Score:3, Insightful)
an agreed-upon set of code words -- could fall into enemy hands.
No, you don't -- all you need is a fairly simple steganography program to hide a few bits in each word (for each string of, say, four bits, randomly generate a word that checksums to that target).
the ability to send spam reliably -- if you test, you risk getting shut down; if you don't test, you risk failure at an important moment.
Put your real recipients fairly early in the queue (but still far enough down that they'll be untraceable; number 27,347 or thereabouts out of millions ought to be good enough). If spammers were being shut down fast enough to cut the flow before that point, spam wouldn't be the problem it is.
And, just in case, have a couple of backup throwaway accounts.
an excuse to send spam -- probably not a major problem, since a ficticious product or some random Web site would presumably suffice.
As you say, this one is trivial.
the ability to receive spam reliably -- if your operatives don't see the encoded message, they can't act on it.
You gotta be kidding me. The difficult thing is not receiving spam.