Child Porn Accusation As Online Extortion Tactic 321
Glenn writes "There's a story on silicon.com about a new twist in the tactics used by online extortionists trying to blackmail ecommerce sites with denial of service attacks. Yesterday one blackmailer threatened to send out child pornography emails in UK gambling site Blue Square's name if it didn't pay up 7000 Euros." This sounds even worse than simple DoS threats.
Interesting... (Score:4, Informative)
OT discussion follows: My first reaction was, what a stupid idea -- all it takes is one faked entry on the list to turn it into a great weapon against whoever you hate today. Then I remembered Artists Against 419 [aa419.com] and its many clones. Funny how I'm willing to trust one but not the other...
Re:It's all SMTP's fault! (Score:5, Informative)
For example, using a combination of SPF and SMTP/AUTH you can easily prevent anyone who uses SPF from accepting invalid mail "from" your domain(s) while continuing to use the world's most pervasive mail transfer protocol.
Problem is that people aren't willing to apply the time and effort required to do this globally.
The next step is reputation, and as soon as you can be sure that the person claiming to be joe@example.com is in fact from example.com, you can begin assigning example.com a reputation. You'll see dozens of distributed reputation databases, just like IP-based blacklists, overnight.
Want to move the process along? Add an SPF record for your domain and add an SPF milter (or equivalent for your MTA technology) to your mail server. The sooner forgeries stop, the sooner we can start building reputation and end this.
SPF helps here (Score:4, Informative)
This is somewhat like posting a "no trespassing" sign, and a chain link fence around your property. It doesn't prevent the people from cutting through the fence and getting hurt on your property, but it lets you show to the courts that you took reasonable steps to prevent it.
This is also a good reason to check SPF records. If your company or ISP lets child porn email go through that the domain owner explicitly said should not be allowed, you may have to show why you aren't contributing to the libelling of the domain owner and why you didn't protect your employees/customers from preventable child porn.
Yeah, at this instant, SPF is not enough of a standard to give you strong protection, but in 5-10 years, I think that will change.
Extortion is outdated... do people fall for this? (Score:3, Informative)
2. Let em do what they claim they're gonna do. It won't hurt your company.
Anyone with a brain will be able to realize, "Hey, maybe it isn't them doing this nasty deed."
Do you REALLY think if Best Buy spams some dog sex images that people would think, "Best Buy is sick! What are they doing?!" Nah.
That's like getting those "Arnold Says 'Don't be a girlie man and vote for Bush'" spams and thinking Arnold actually approved it.
C'mon... people know better. Extortion is outdated.
Re:nothing new. (Score:3, Informative)
Sure, you can document the sick twisted case of the totally whacked out career child killer freak all you like, but those are the extreme exceptions to the rule. The rule is that child molestation occurs within the home at the hands of an offender who is either a member or the family or close associate.
But the hype over child pornography literally pays thousands of people's salaries and forms the backbone of political careers and so you won't see it going away soon depite the fact that it has little to do with the real situation regarding the crime that it supposedly is targeting --child molestation.
Re:Huh? (Score:1, Informative)
Other major religions don't fall into that trap so easily because of their structure. For example, any Jewish synagogue that I've seen (which isn't very many, I admit, so I could be mistaken here) has been run by a board of clergymen, with meetings and whatnot. It's harder to keep things quiet when more ears are turned your way. But in Catholicism things happen behind more tightly closed doors (good things as well as bad things) where some of the primary concerns are the privacy of the people involved and the sovereign authority of the one man in charge (priest, bishop, etc.) of that particular setting.
Re:It's all SMTP's fault! (Score:3, Informative)
For that matter, alumni.almamater.edu could check SPF records and let you relay outgoing mail through them as well, if it is authenticated as really coming from the address that your account forwards to. The only reason that forwarding services are asymmetrical this way is that there is no good way of having a relay which is not an open relay.
Re:It's all SMTP's fault! (Score:2, Informative)
Speaking as a sometimes mail admin, THEY ALREADY HAVE. Seriously.
Re:Distribution of child pornodraphy for profit (Score:2, Informative)
http://www.freedomforum.org/templates/document.
So, mere depictions that don't actually involve the underage aren't illegal in the US, no matter what any law says.
"The law [that was struck down by the Supreme Court] barred sexually explicit material that "appear(s) to be a minor" or that is advertised in a way that "conveys the impression" that a minor was involved in its creation."
The Supreme Court did say that if it really did involve someone under 18, even in an indirect sense such as my photoshop example, then it was not protected speech.
Re:This is what happens... (Score:4, Informative)
Yeah that would be a reasonable definition. You'd think the law ended there. There was a case in 2001 where a law (the Child Pornography Prevention Act of 1996) banning "virtual child porn"- i.e. cartoons- was struck down by the Supreme Court in a 6-3 decision on First Amendment grounds. That went close to defining a thought crime. The Child Obscenity and Pornography Prevention Act of 2002 amended the law by adding the words "virtually indistinguishable from" to the statute- creating an exemption for obvious things like cartoons- but still covers "generated images" and "computer generated images" if they're "virtually indistinguishable from" real child porn with real children. That one passed the House but was never considered in the Senate. The Child Obscenity and Pornography Prevention Act of 2003 was included as an amendment to the PROTECT Act (outlawing digitally morphed images, where you paste the kid's head on a naked body). That one doesn't care about whether it's real or fake. It simply outlaws any solicitation to buy or sell child porn advertised as such. See here for details. [washingtonpost.com]
It's a lot like flag burning- where constitutional amendments often sit squarely in the way of a desire to be seen as "doing something".