| | If you came here all hopeful because of the title, I'll have to
disappoint you. Blue Security closed down and I have not heard of any
other organization that decided to take up where they left off and get
back at the spammers.
However, I realized something that might be fairly interesting.
Eran
Reshef said in his message that "large ISPs and governments ... are the
only ones who can shut down these networks." I disagree. The biggest
reason that the spammers had the upper hand was not that they were able
to infiltrate the upper echelons of backbone providers, nor that they
had so much money behind them.
What made Blue Security lose
and PharmaMaster win was that there was no way to get at PharmaMaster.
The Blue Frog model required a centralized organization to sort out the
spam reports, send them on to appropriate channels, program the scripts
and so on. When the central institution got whacked off the net, the
community was shattered. There was no way to register, no way to report
spam; the group was effectively disabled while the website was down.
Why
was there no way to do this to the bot farms that hit Blue Security?
Very simply put, because there was no centralized site they could be
traced back to. Of course the zombie nets were controlled centrally,
but through secure and non-public channels. The spammers did not need a
public face on their business - the only ones that need that are the
grey market sites that are owned by their clients, but these cannot be
legally brought down. It is asynchronous warfare - Blue Frog was
fighting enemies it couldn't see.
The obvious way to solve this problem is to get rid of the need for a "mothership".
Peer
to peer networks have repeatedly proved their power in all kinds of
fields and on both sides of the law. The telephone client Skype and the
sharing program Kazaa - by the same company - are powerful examples.
The
step from centralized management to peer-to-peer is one far easier said
than done, naturally. For starters, it effectively eliminates any
profit that could possibly be made with the program - aside from ads,
but the idea of financing an anti-spam software with advertising (even
targetted advertising) is a bit oxymoronic. At best, it would make up
for a fraction of the cost; donations might cover the rest. It would
certainly not be something to make bucks from unless you can somehow
turn publicity into gold.
The
second problem is that it is not under any kind of control by
definition. There is no way to ensure the software is being used for
its intended purposes - in fact, if you make it open-source (which is
the only way I would be comfortable with installing P2P software on my
PC - Skype is quite enough), it would be very easy to modify or abuse
it. Picture a program that, instead of reporting spam messages and
sending opt-outs to the correct sites, dos's other completely innocent
sites for malicious reasons. Should the perpetrator be able to gain
access to other machines running the program, it would even turn into a
zombie network of its own!
--
But the principles are
simple: Reports are propagated in the form of lists of email addresses
and URLs and user hashes, in a manner similar to Domain Name
resolution. Each program connects to a group of peers and exchanges its
reports with it. The clients cross-reference the spam info and user
hashes of the reporters: If the same addresses are reported
sufficiently often, the corresponding info is propagated further along
the network. Eventually, a group of helpful individuals - possibly
communicating over an inbuilt p2p messaging system - checks out the
website advertised and custom-tailors the script that will send the
opt-out message. When a client then reports a message advertising that
address or coming from that email, in response the client receives the
script, allowing them to automatically send a new opt-out message
whenever they receive another spam of this kind.
Like any p2p
system, the program would take a lot more space than the thin clients
that Blue Security used: Each user would in effect act like their own
server, storing spam reports (reduced to sender addresses and URLs) and
passing out opt-out sending scripts. It would take more computing
power, more system resources and above all, an active involvement from
its community.
But I think it would be worth it.
--
Oh,
and as an afterthought: One thing that would be tricky to do would be
to maintain the Do-not-intrude registry. After all, a network that has
no public hub cannot very well offer a well-publicized list of opt-out
addresses.
But
that is just chrome anyway, which was supposed to make it easier to
spammers. You do not need to be in a do-not-intrude registry to send
opt-out messages. You only need to include your email address, so that
it actually can function as an opt-out. It would be left to the
spammers to spend their time collecting the addresses from these
messages and removing them from their lists - or face continuous
opt-out messages if they continue to spam these addresses.
Frankly, I think they've had their chance to do this the easy way.
(Tagged: Spam, Blue Security, Blue Frog, P2P, Peer-to-Peer) |
| | Posted 5/19/2006 9:45 AM - 4 Views - 0 eProps - 0 comments
- recommend
  - recs0
- share
- email
 - sent0
|
