Washington Post Blog Shuts Down 75% of Online Spam 335
ESCquire writes "Apparently, the Washington Post Blog 'Security Fix' managed to shut down McColo, a US-based hosting provider facilitating more than 75 percent of global spam. " Now how long before the void is filled by another ISP?
Not Just Spam (Score:5, Interesting)
The badness attributed to McColo was not limited to spam. It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide.
And they operated for how long before they were shut down ... as a United States based hosting provider?
... I'm all for user privacy policy from an ISP but obviously these people are criminals.
If they have evidence of these things, I certainly hope that The Washington Post turns any evidence over to the FBI or at the least the local law enforcement where McColo is operating. And I hope a warrant is obtained through the appropriate channels to collect evidence from Hurricane Electric & Global Crossing
Wow (Score:4, Interesting)
Re:good job! (Score:5, Interesting)
Seems like McD is moving quick:
http://inventorspot.com/articles/mcdonalds_japan_goes_nobrand_with_quarter_pounder_shops_19505 [inventorspot.com]
is it morally right to DDoS spaming ISPs? (Score:5, Interesting)
Re:As long as there is money in it... (Score:3, Interesting)
Or change the protocol set to something that can still work with anonymous yet non-commercial/legal mail. I can't think of a single person that would mind changing their email address or taking a few steps to eliminate the spam they get.
Hosting Child porn? (Score:3, Interesting)
1: Is that really possible for kiddie porn sites to be active in the US?
2: If its true, would that company be partially responsible legally speaking?
Better to NOT shut them down? (Score:5, Interesting)
When it comes to these sorts of things, oft times law enforcement and intelligence agencies who know about a source of major operations DON"T shut them down, so as to build a case against the bigger players or to maintain the ability to track what is going on. Given that this is a US-based corporation with US-based servers, I wonder if this shutdown has seriously compromised on-going monitoring and criminal cases. While this has almost certainly seriously disrupted operations of the various bad guys for now, I would give it only a few days before they're back online based at overseas locations where they're less easily reachable. Except for some script kiddies, the operations are all sophisticated enough to use standard techniques such as multiple hardcoded fallback IPs. DNS redirection, and using fake BGP announcements to hijack IP blocks to get back online.
--Paul
Re:As long as there is money in it... (Score:3, Interesting)
proxy anonymity. someone will think it up and make it work.
Re:As long as there is money in it... (Score:3, Interesting)
Usually when people make absolute/exclusionary statements, like "the ONLY way", they end up being not entirely correct.
While going after the advertisers could solve the problem, that assumes you could track them down AND have any control over their actions. Jurisdictional hurdles and similar problems are obvious with this approach.
Fortunately tho, that's not the ONLY way to address the problem. It'd be good if ISPs had incentives to address the problem - large scale bittorent protocol usage is something that wreaks havoc on the ISPs network and many ISPs are actively trying to come up with solutions to ease their pain. If there were an incentive for ISPs to monitor for abuse over SMTP, then perhaps another solution to the SPAM problem would be possible.
Theres lots of "answers". Any answer you provide to this problem falls prey to the same general set of problems tho. Theres a standard form slashdotters post in response to suggestions like this, and by checking off the correct options it can shoot down any possible solution you can think of.
Re:As long as there is money in it... (Score:4, Interesting)
I use GMail with email addresses on my own domain (and it's free!)
The only downside is having only 7GB of mail storage space.
GMail's spam filtering is indeed second to none, I'm piping one of my old yahoo accounts through to my new address, and yahoo lets a few spams through per day, and then gmail blocks all of those.
BS. Not by volume. (Score:3, Interesting)
This couldn't be by volume. Given the amount of spam that everyone receives every day, I don't think a single ISP could possibly generate 75% of it. It would take multiple gigabit connections and I'm sure someone would have already noticed that kind of traffic coming from one place.
My personal experience (Score:5, Interesting)
All well and good, but... (Score:4, Interesting)
...once the folks who sell spam and porn find a hosting provider who turns a blind eye, they tend to stick with it and consolidate their operations. Paying attention to Spamhaus and the more reliable botnet trackers tells me where these operations are located, and helps me write good gateway filters for my employer, my house, and my friends. Cutting off internet access tends only to disperse the nere-do-wells rather than stop them, and I have to start over again tracking and writing new filters. In other words, I like to know where these guys hang out so I can avoid them, the same way I avoid the riff-raff in the physical city where I live.
I think its great that someone is doing something about the problem, but I don't think it should be the ISP. We already have laws against spam and certain porn, and it should be up to the government to enforce those laws. Vigilantism is never the answer.
The tried-and-true way works: if you have evidence, take it to the police. If the police won't do anything, take it to the press. Sure it takes a little longer, but it keeps - in this case your internet connection - safe from the Random Crusader. And the criminals may actually get arrested.
Re:How much spam? (Score:3, Interesting)
You'd have to ask my greylist, mimedefang, and spamassassin filters, as most of it gets killed before even making it to the 3rd, which kills the rest. Stuff in that small threshold I allow, maybe 1-2 every couple of months gets through, and that's usually from a company I actually had done business with in the past.
Mimedefang rejections on dumb things at the helo/from stage, and greylisting kill most things without ever having to receive or process it.
Re:is it morally right to DDoS spaming ISPs? (Score:4, Interesting)
Interesting. So it's up to me whether it is good or bad to eat broken glass.
Look, since your mission is to undermine everyone's certainty, at least do it right. The one part of morality that is completely subjective is the discount rate, which is the time horizon that you set for your outcomes. Most things are good in the short term and bad in the long term, or vice versa, or some mixture. Nobody anywhere has yet figured out any rule for choosing or weighting one's time horizon.
Indeed, probably most political disagreements are really disagreements over time horizon. E.g., stay in Iraq? It's all about how far into the future you look for justification.
Re:How much spam? (Score:4, Interesting)
So, how much spam does everyone get each day on average?
Well, according to my mail logs, my mail server that currently provides mail service for myself in the past 8 hours:
Has blocked 2879 messages, based simply on the IP address, using RBLs.
Has blocked 1013 messages, based on some early tests in mail delivery.
Has passed 176 messages on for further filtering, with my address. I haven't checked how many were to my wife or to invalid addresses. Typically that's several hundred an hour.
The next level of filtering:
Dropped 18 messages completely.
Filed 127 messages in the "probable spam" box, where they will be deleted within a week.
Delivered 31 messages to my home server.
Of those messages, about half of those were filed as "spam" by Apple's Mail.app.
That's pretty low by my standards. Good work.
Re:BS. Not by volume. (Score:4, Interesting)
Ok, I did RTFA that slashdot posted too, but not the link inside the article. The initial article didn't mention anything about botnets and made it sound like it was the source of the spam.
What I don't like about this is that it gives normal people a false sense of security about the whole issue. The real issue is that governments aren't cracking down on people within their borders causing these problems including the U.S.
The Washington Post is not a security agency, they are a news agency. And when they do stuff like this they don't really have the right motives. Its just like those investigative reports that your local news channel does.
Slimy business practices have a way to continuing on despite everything, so in the wake of McColo it won't be long before we have a Colo King.
ISPs are not common carriers (Score:1, Interesting)
...or at least, no judgement or legislation in the US has ever held ISPs to be common carriers in the sense that phone companies are.
Re:Not Just Spam (Score:4, Interesting)
Common carrier laws apply to ISP's because they are providing a neutral gateway, and is no more aware of the details of what is going on their network than the Highway service knows what I'm keeping in the trunk of my car.
Spam senders, however, is different. It takes a large amount of network resources, spawns repeated complaints, and triggers most network system warning bells. You can't spam on any real scale and not be noticed. No ISP would accidentally allow spammers to operate on their network for any length of time... there must be complicity.
ISP's generally don't like to talk about it, but the usual arrangement is that you get to spam X amount in exchange for X extra cash per month, or similar. Unless McColo was extraordinarily incompetent, they must have had a similar arrangement. I think it's fair to say that level of interaction (and kickback) takes them out of common carrier status.
You can see the tremendous drop for yourself (Score:3, Interesting)
Look at Tuesday's sharp drop off coinciding with the shut down.
Re:As long as there is money in it... (Score:3, Interesting)
Re:The spam solution... (Score:2, Interesting)
I prefer to believe that the endless line of morons are the people who think that they can make money by becoming a spammer (or that is, purchasing spam runs from the real spammers).
Maybe there are hundreds of thousands of people who repeatedly try to purchase drugs and other crap from shady online retailers, but I don't really think so.
IronPort reports 66 percent drop in spam Tuesday (Score:5, Interesting)
Re:How much spam? (Score:3, Interesting)
Re:Hosting Child porn? (Score:3, Interesting)
That's because child porn is the legal Easy Button, in the same way that 'think of the children' is the legislative "Easy Button.
Re:IronPort reports 66 percent drop in spam Tuesda (Score:4, Interesting)
Sounds about right.
I spent significant time yesterday, concerned that recent firewall and DNS changes had had unintended side effects: my inbound mail volume dropped by about 70% around 16:30 eastern.
Thank God the washingtonpost.com guys posted to netnews (almost) right away.
Re:Not Just Spam (Score:4, Interesting)
Oh boy... field trip!
The government is not there to enact justice, it is there to provide services to its citizens. Justice is not a service. Justice is a tool, a device to help ensure social stability, and as long as justice is controlled by someone on the payroll, there will be no true justice. There is only loyalty to the payroll.
Plus, your sig has been bugging me for a while now:
The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to the lazy.
... nor is its purpose to raid lower- and middle-class people's wallets and give it to the rich, but purpose be damned because that's all it's ever been good at!
Re:ISPs are clueless? (Score:5, Interesting)
So, I don't mean to be a dick here or anything, but you had those kinds of problems with a vendor you were using as a data centre not just once, but over a timespan measured in YEARS.
While you anecdotes indicate that HE does have problems, I think the bigger concern is that they have customers who put up with those problems. What golden nugget are we missing? Do they have higher than normal payouts for failing to meet SLAs?
OK, now law enforcement needs to go to work (Score:4, Interesting)
Now it's time for some federal law enforcement action. Over at McColo, there will be records that indicate who's behind the spamming and botnet operations. They'll know who paid for servers. There will be phone records showing who made support phone calls to McColo.
McColo is in San Jose, and the San Francisco office of the FBI, which covers Silicon Valley, has a Cyber Intrusion Squad. [fbi.gov] It's their job to start digging and find out who's behind the spam operations.
Even if the people behind the spamming tried to stay anonymous to McColo, the odds are that they slipped up somewhere.
I am glad (Score:2, Interesting)
By doing this, not only does the press shut down a major thorn in internet's side, but also show that the stupid feds/cops are either on the take with this, or just too incompetent.
Either way, it does not look good for the feds/cops
Re:ISPs are clueless? (Score:4, Interesting)
I do see significant reduction (Score:2, Interesting)
Down from about 6,000msgs/minute (since forever ago) to about 2,000msgs/minute as of yesterday evening. This one actually seems to have made a difference (unlike the HerbalKing group's 'shutdown).