Forgot your password?
typodupeerror
Spam Government Privacy United States

The NSA Is Collecting Lots of Spam 159

Posted by Soulskill
from the your-tax-dollars-at-work dept.
wiredog writes "One side effect of the NSA's surveillance program is that a great deal of spam is getting swept up along with the actual communications data. Overwhelming amounts, perhaps. From The Washington Post: '[W]hen one Iranian e-mail address of interest got taken over by spammers ... the Iranian account began sending out bogus messages to its entire address book. ... the spam that wasn't deleted by those recipients kept getting scooped up every time the NSA's gaze passed over them. And as some people had marked the Iranian account as a safe account, additional spam messages continued to stream in, and the NSA likely picked those up, too....Every day from Sept. 11, 2011 to Sept. 24, 2011, the NSA collected somewhere between 2 GB and 117 GB of data concerning this Iranian address."
This discussion has been archived. No new comments can be posted.

The NSA Is Collecting Lots of Spam

Comments Filter:
  • LOL This was something that should be expected!
    • by amiga3D (567632)

      Even the NSA can't do anything about SPAM.

      • Re:LOL (Score:5, Funny)

        by gstoddart (321705) on Tuesday October 15, 2013 @02:26PM (#45134747) Homepage

        Even the NSA can't do anything about SPAM.

        Ah, but now they can ... they can take all of that information, identify who isn't complying with CAN-SPAM, identify people profiting off shady deals on the internet, figure out who has been evading taxes, and give us all a better internet.

        OK, now stop laughing.

        • by ron_ivi (607351)

          More interesting than you think.

          This might be exactly the right PR move that might make people appreciate NSA monitoring of the internet.

          Hope their PR guys think about it.

          • PR guys? You mean the guys who are saying "Well, we're fucking you, but it's legal for us to fuck you whether or not you want us to because we say it is, so we're going to continue to fuck you."?
        • by TheCarp (96830)

          Laughing? For the very first time I am warming up to the idea of surveillance and drone strikes.

        • Most spam is legal.

        • by Zocalo (252965)
          Sure, this would a good PR move. Probably tied up in all sorts of operational, constitutional and legal red tape that would prevent it from ever happening, but it's a nice idea. Maybe if we presented it as a kind of challenge, kind of like an Internet equivalent of the Space Race...

          First nation to use their online surveillance technology / great firewall / legions of state sponsored hackers to bring a clear and demonstrable reduction in online crime wins. Go!
      • Re:LOL (Score:4, Interesting)

        by crakbone (860662) on Tuesday October 15, 2013 @02:47PM (#45134997)
        It really does not mean much. With deduplication a terabyte of spam would be next to nothing.
        • by Zaelath (2588189)

          That was my first thought, with all the extensive technical knowledge of the NSA, deduplication is just too hard for them.

    • by Anonymous Coward

      and you never know if the SPAM are actually a broadcast messages with certain keywords carrying the instructions for their coordinated attacks. May be the typos contains letters to form hidden words too?

      • by icebike (68054)

        and you never know if the SPAM are actually a broadcast messages with certain keywords carrying the instructions for their coordinated attacks. May be the typos contains letters to form hidden words too?

        Or, maybe its shows a new vector for an anti-NSA attack by the Iranians. The perpetrators send small parts of a virus in individual spams, and wait till the NSA computers puts them all together to form a logic bomb or something.

        Hmmm, if they were to do that, the next Honest American President would have to award them the Presidential Medal of Freedom.

      • by RenderSeven (938535) on Tuesday October 15, 2013 @02:57PM (#45135081)
        REQUEST FOR URGENT BUSINESS RELATIONSHIP

        FIRST, I MUST SOLICIT attack YOUR STRICTEST CONFIDENCE IN the THIS TRANSACTION. THIS IS embassy BY VIRTUE OF ITS at NATURE AS BEING UTTERLY dawn CONFIDENTIAL AND 'TOP SECRET' on tuesday. I AM SURE AND lunch HAVE CONFIDENCE OF YOUR will not ABILITY AND RELIABILITY TO be PROSECUTE A TRANSACTION OF provided THIS GREAT MAGNITUDE INVOLVING regards A PENDING TRANSACTION REQUIRING achmed MAXIIMUM CONFIDENCE.
      • by skids (119237)

        I can see the movie dialogue now:

        Generic Eastern European Coldwar Badguy: Sure you are das Americans do not know?
        Generic Eastern European Coldwar Badgeek: Nyet. Ze messages ver hidden across million email to sell Viagra.

      • by Beorytis (1014777)

        I had wondered about a steganographic secondary purpose behind the grammatical-but-semantically-empty seemingly-random paragraphs that used to appear at the end of spam messages to confound filters.

    • Serves 'em right (Score:4, Interesting)

      by themushroom (197365) on Tuesday October 15, 2013 @02:45PM (#45134977) Homepage

      If you're gonna go snooping through people's stuff, you're bound to find a lot of garbage.

      • by vux984 (928602) on Tuesday October 15, 2013 @03:12PM (#45135251)

        If you're gonna go snooping through people's stuff, you're bound to find a lot of garbage.

        Garbage!? That's how my terrorist cell communicates you insensitive clod.

        Cialis spam is "Alpha"
        [ia1i5 spam is "Bravo"
        CiAli$ spam is "Charlie" ...

        Viagra spam is "Death"
        ViAgr4 spam is "America"
        P3n is 3nlargem3nt is "Allah"
        We1gt L0ss is "Target"
        "I saw your picture online" is "Great Satan" ...
        "This stock is making a turnaround" is whatever letter the stock starts with.
        "This stock is on High Alert for Today" is whatever the 2nd letter of the stock starts with.
        "This Company could be come my longest running winner!!!" has a GPS latitude encoded into the digits of the target price, trade date, and last trade info
        Longitude comes in on a fake PO tracking number shipment spam

        • We'd have a whole lot less actual data on 'terrorist' networks if they actually used a method like this.

        • by steelfood (895457)

          I'd like to see the face of the analyst in charge of your file after they intercept this.

    • by flyneye (84093)

      Where do I sign up to divert all my spam to the NSA?
      Sounds like a more useful program for my tax dollars than anyone let on!

  • Patriotism is the last refuge of a spammer?

  • If they are gathering spam or not, there is still a violation of the Constitution involved. Yeah, I'm a stodgy old prick with a memory like an Elephant! If they were not acting illegally this would not be a story now would it?

  • But the posting software seems to have wrapped the whole thing in blockquotes.

  • by bizitch (546406) on Tuesday October 15, 2013 @02:21PM (#45134673) Homepage

    So if I want to do terrorist stuff - I should probably hide my communications inside emails about ch3ap V!agr@. Eventually the NSA will have to get a mail washer to help filter out the crap and my criminal activity will go un-noticed.

    • by Valdrax (32670) on Tuesday October 15, 2013 @02:38PM (#45134905)

      Shouldn't be too hard to write steganography software that hid its messages in the pseudo-random changes to the text for filter evasion. You'd just need a good library of spam message templates of varying length to use as the chaff. For better results, run the same process with random messages that are sent out as part of the same bulk mailing blast to a large list of spam recipients to make it impossible to tell which message is important and which is not. Two terrorists can converse by broadcasting garbage to the world.

      Now that I think of it, I wonder if that's the reason I get spam messages with no attachments or links to tell me where to get the product should I have a temporarily absence from reason and want to actually purchase them...

      • Now that I think of it, I wonder if that's the reason I get spam messages with no attachments or links to tell me where to get the product should I have a temporarily absence from reason and want to actually purchase them...

        Perhaps it's just looking for a reply to indicate they have a valid e-mail address. Even an out of office reply would do the trick.

      • Shouldn't be too hard to write steganography software that hid its messages in the pseudo-random changes to the text for filter evasion.

        That's the easy part. The harder part is that you have to either setup, infiltrate, or silently replace, a spam distributor. It's just like money laundering; you need a "legitimate" business to front for it. Which makes this a relatively expensive proposition for the limited bandwidth and one-way communication afforded.

        Terrorists, unlike governments, don't have a straw stuck to your wallet. They operate on limited budgets, and with limited manpower available. And the limited manpower they do have tends to b

        • by HiThere (15173)

          It should be pretty easy to infiltrate a spam provider. All you need is someone sufficiently expert who's willing to work cheaper than those who don't have a mission. The spam provider wouldn't even care...unless the feds started knocking on his door.

          The coded message would be justified as chaff to get the spam through filters. And the organization could even provide additions e-mail addresses to send the stuff to. This might even end up being a profit center, with only the upper management of the spamm

    • by gstoddart (321705)

      Hmmmm .... stegaspamography ... hiding your information in plain sight as penis enlargement pill spam.

      Great, now when we receive spam we'll end up on terror watch lists because we could know the data is in there. After all, someone is presumed to be able to decode it.

    • by Beardo the Bearded (321478) on Tuesday October 15, 2013 @02:48PM (#45135003)

      ch3@p plut0n1um!! Buy CANDU plut0n1um at r0-ck b0ttom pr1c3s!

    • by Nivag064 (904744) on Tuesday October 15, 2013 @02:55PM (#45135063) Homepage

      During the second world war, in New Zealand, someone was tasked with reading laundry lists over the radio. Hidden in ththis was coded information for secret agents, embedded observers, and the like. They may have told something like: listen for private Scotty's list at 1605 hours and do this if he has 3 pairs of underpants washed, do this if it is 5 pairs, and also this if his green shirt was starched...

      So it would be a near certainty that agencies in a lot of countries use spam to communicate to deep cover agents. Tens of thousands of people might have spam about a particular brand of viag... that has a coded message for selected agents - but those agents who read the spam could not be distinguished from non-agents.

      I am sure that the NSA, and other agencies (not just in the USA) have programs to try and sort out the spam to detect this - which is yet another type of arms race. How do nyiou know some is a message & not straight spam???

    • by wvmarle (1070040)

      Not sure if they really have a "mail washer".

      Most of the e-mail traffic, even the not-spam type, is utterly useless for them. Like a discussion with the missus on which movie to go watch. Or that I'll be home late tonight. Where to meet up for the next birthday party (or is that just a code word for suicide attack?).

      So they just catch all, then later figure out which accounts may be of interest, and start looking at those. All the rest is just taking up space and probably never looked at, and kept just in c

  • Inside those seemingly banal Nigerian wire transfer scams are steganographically hidden instructions to sleeper cells. It just takes a particularly clever analyst to see the data for the noise.

  • by Sterculius (1675612) on Tuesday October 15, 2013 @02:29PM (#45134779)
    "somewhere between 2 GB and 117 GB" ... can't narrow it down any more than that? Are you sure it was an Iranian email address, or was it just somewhere between Israel and Yemen?
  • Think of the spam filter they could build with that amount of spam to train it with...

    One thing about using Yahoo, and Google mail, is that their spam filters have scale. Because so many virtually identical emails will be sent to hundreds or thousands of inboxes, they can say that it's either spam or a newsletter. If it looks like spam, or if enough people mark it as spam, than it probably is. Bang.

    And the NSA is getting not just the email going to one company, but to all of them. And to those weirdos (like

    • by synapse7 (1075571)
      A benefit of a spammed address book is this would help them build a diagram of connections.
    • by bobbied (2522392)

      Think of the spam filter they could build with that amount of spam to train it with...

      What makes you think that this isn't exactly what they are doing... At least in a way.

    • by Jorgensen (313325)

      That's no good! Terrorists will just disguise their emails as spam by sending it out to millions, and things will go unnoticed by the NSA: Too many dots to connect, which will (as usual) only be discovered by hindsight.

      Obviously the intended terrorist agent on the receiving end will have a similar problem... Which means that the NSA can recognise the terrorists, because they're the ones reading everything in their Junk folder!

      Oooh - the arms race will never end :-)

      Nice to see that spammers are useful for so

  • by tech.kyle (2800087) on Tuesday October 15, 2013 @02:33PM (#45134827)
    ...as soon as they hear back from that Nigerian Prince.
  • Between 2 and 117 GB

    I guess this is that "are they really collecting just metadata like they're telling us, or the whole message to analyze" thing.

  • by intermodal (534361) on Tuesday October 15, 2013 @02:41PM (#45134941) Homepage Journal

    They're the ones with the biggest penises and/or breasts.

  • Everyone loves spammers.
  • Now if the NSA actually did something useful and targeted those creating all this spam perhaps they could get a little positive press and goodwill... or maybe not

  • So it's come to this (Score:4, Interesting)

    by FuzzNugget (2840687) on Tuesday October 15, 2013 @02:44PM (#45134971)
    Spam is actually doing something useful. Enemy of my enemy and all that.
  • by hduff (570443)

    Can the NSA waterboard the spammers? If so, they could redeem themsleves.

  • One of the more immediate consequences of snooping (even if were only metadata, and is far more than that), was that "normal" americans getting spam (or other kinds of unsolicited email) from elsewhere could be put into watch lists, with the collateral effects of getting all their mail inspected and backdoors installed in their PCs/cellphones just in case, and more "real world" consequences with the TSA or others in the present or future (maybe exaggerating, i liked a lot this story [wikipedia.org], but reality seem to be
  • by bkmoore (1910118) on Tuesday October 15, 2013 @03:33PM (#45135501)

    So after sorting out all that spam, the NSA is now busy creating files on people such as miss Wumi Abdul, the only Daughter of late Mr and Mrs George Abdul, whose father was a very wealthy cocoa merchant in Abidjan, the economic capital of Ivory Coast before he was poisoned to death by his business associates on one of their outing to discus on a business deal.

    So Miss Wumi Abdul, if that's your real name, wherever you are, the NSA's on to you now.

  • by Greyfox (87712) on Tuesday October 15, 2013 @08:24PM (#45138401) Homepage Journal
    I'm guessing everyone working at the NSA has an enormous penis. Even the women. And they're probably erect ALL THE TIME. They probably fund their entire operation with the resource given to them by those guys trying to get all their shit out of Nigeria. No doubt none of their credit cards are blocked at Bank of Aemerica, and they probably supplement their income with lottery winnings from the UK (Nigel seems like such a nice young lad) and working from home for a thousand dollars a day.
  • I suspect a lot of their collection of contacts is centred around people carelessly leaving whole gobs of people in the To or CC lines (instead of BCC) when doing forwards.

  • If they are going to invade our privacy on a massive scale, the least they could do is use the evidence of this spam to crack down hard on the spammers. It would make it easier to find the terrorists by eliminating a lot of the communications noise, and might be good PR, giving something tangible back to society instead of being just takers for all anyone can tell. And they'd have less data to store, which would be cheaper and faster.
  • by kyoko21 (198413) on Wednesday October 16, 2013 @02:07AM (#45140309)

    This is what I have been saying all along for the last 10 years. Fighting privacy by making yourself more private is not the solution. The current premise of all surveillance programs that are being operated today assumes that it is generated by a human being. The easiest way to counter this assumption we can go back to the Aesop's Fable "The boy who cried wolf".

    What did the boy do? The boy cried wolf so many times that in the end when he told the truth, no one believed him. If that boy was alive today and wanted personal privacy, he would be crying wolf all the time. How would that work?

    Automate the process and make it easy that everyone else can do it, too. If everyone cried wolf, who would you believe? We change the assumption and accept the fact that surveillance isn't going away. However, by burying the would-be listener with unlimited content and for someone/something to groom through all that data to figure out what is relevant, what is the truth and un-truth, it is a daunting task and it opens a new set of problems. How can you assess the threat if everyone was saying the same thing all the time, became friends with everyone else? Do you really know that person? Or is everyone really friends with Timothy McVeigh because he is such a cool guy until he pull that crazy stunt in OKC in 1995. What if sleeper cells weren't so sleepy but were outright public being a sleeper cell?

"Pok pok pok, P'kok!" -- Superchicken

Working...