Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Spam

Security Through Obscurity - Spam Mimic 153

ragnar! writes "Ingenious. Not just strewing spam-speak between the words of your message, actually does some kind of character/word -> phrase conversion. Interesting concept - check out Spam Mimic." I tested it out - looks pretty darn cool.
This discussion has been archived. No new comments can be posted.

Security Through Obscurity - Spam Mimic

Comments Filter:
  • by Anonymous Coward
    Dear E-Commerce professional ; This letter was specially selected to be sent to you . This is a one time mailing there is no need to request removal if you won't want any more ! This mail is being sent in compliance with Senate bill 2216 , Title 6 ; Section 306 . THIS IS NOT MULTI-LEVEL MARKETING ! Why work for somebody else when you can become rich inside 75 MONTHS ! Have you ever noticed most everyone has a cellphone & people love convenience ! Well, now is your chance to capitalize on this ! We will help you use credit cards on your website plus process your orders within seconds . You can begin at absolutely no cost to you ! But don't believe us . Prof Ames of Missouri tried us and says "I've been poor and I've been rich - rich is better" ! This offer is 100% legal . We IMPLORE you - act now ! Sign up a friend and your friend will be rich too . Best regards . Dear Sir or Madam , Especially for you - this hot news ! This is a one time mailing there is no need to request removal if you won't want any more . This mail is being sent in compliance with Senate bill 2216 , Title 1 ; Section 302 . This is not a get rich scheme ! Why work for somebody else when you can become rich as few as 64 days ! Have you ever noticed people will do almost anything to avoid mailing their bills & people love convenience . Well, now is your chance to capitalize on this . We will help you turn your business into an E-BUSINESS & deliver goods right to the customer's doorstep ! You are guaranteed to succeed because we take all the risk . But don't believe us ! Prof Ames who resides in North Dakota tried us and says "Now I'm rich many more things are possible" . We assure you that we operate within all applicable laws ! We beseech you - act now ! Sign up a friend and you'll get a discount of 20% ! Cheers .
  • by Anonymous Coward
    ... you could use anonyomous remailer and fill target's name in the BCC field.

    No way they're gonna be able to tell that you mailed just one person.

    Either way, Spam encoding works.
  • There certainly is a faction of people out there that could find this useful... Many people don't bother with encryption in email simply because they dont regularly need to send anything of importance via email. In fact, I can't think of a single casual email user who uses encryption of any kind. And most of those users share some kind of account with someone-- be it an AOL account with parents or a dialup ISP account with roommates. In these cases-- and trust me, there are many-- having something quick and trivial to distract the wandering eyes of others is nice.

    Not everyone considers their e-mail top secret enough bother with actual encryption. It is for those kind of people that this might be useful every now and then.
  • by DarkClown ( 7673 )
    security though obscurity Does Not McGurk!!! [strangewords.com]
  • No way they're gonna be able to tell that you mailed just one person.

    Not true - presumably they have multiple boxes on multiple networks that can coordiante and see if more than one of the message was received. In fact, this is most likely the way they do spam detection, not by looking at phrasing.

    -Alison

  • Just think...for all those passive/agressive 5up3r-1337 h4x0r5 out there that can never seem to find a girlfriend, this is the perfect answer!!! You can serenade her with spam! Entice her with your smooth and witty turn of phrase..."limited time offer" becomes "I pledge my undying love to you and your fuzzy knee socks!" "Senate bill 1234, title 6" becomes "let me cover you in chocloate syrup and write out the entire source of my new killer r00t k1t on your nether regions in portable ANSI C!"

    The possibilities are almost endless....

  • Actually, really running spam through spammimic shows a major flaw in their description of why people should use it. Their "encryption" is symmetric, so all NSAFBICIA has to do to check whether a message is spam or something encoded by this sysem is run it through the system...if it isn't spammimic encoded spam, it seems to get a "(Sorry cannot decode)" error message. Of course I only tried this with one piece of spam, but it seems like it'd be consistent.
  • Obviously one can try 0xa1a2a3 0x123456 or output of any encryption algorithm with this. Which makes the original encrypted message look like spam. If it's intercepted, it is still encoded. Thus additional security is gained.

    sinan

  • Now, we have SPAMGANOGRAPHY to hide the meaning of life from Echelon....

    --

  • I think you'll find that with 70s technology, it would be pretty much impossible to analyze natural speech well enough to pick up certain words from a conversation. Whatever Echelon is, it's not an automatic eavesdropping machine.

  • by rcp ( 12077 ) <rcp@nOSPAm.sentientmeat.ca> on Monday February 12, 2001 @09:53AM (#437276)

    Can everybody please post examples for how their short message was ballooned into wordy spam? I just got a new mouse with a scroll wheel and I'd like to try it out.

    Oh, you've done that already. Thanks.

  • ...and I got:

    I really like this direct marketing thing. I failed in life as a salesperson, but I belive everyone loves my ideas so they will buy my crappy ideas if I send this stuff out in volume. Come on, send me the cash. I am broke because I invested in all these pyramid schemes that I thought would work, and that penis enlargement? It did not help. Hell when I signed up for those XXX sites all they gave me was a link to goats.cx. Come on buy my crap and help out a poor spammer!
  • Actually, SPAMming coded messages to thousands of people has the benefit of obscuring which one of them is the intended recipient. Analyzing where the data goes and when is an important part of breaking codes, as anyone who's read Cryptonomicon (and who here hasn't?) should know. So encoding messages in junk mail and sending them to thousands of people is an excellent scheme for getting secrets to the people who need them. You can even send a copy to the head of the CIA directly, and he or she will probably throw it out :-)
  • This is a very cool idea, IMHO, but one slight problem is that the site doesn't use SSL. So if you live in a, shall we say, "repressed" country, where authorities might be monitoring Internet traffic, they'll still catch you in the act of visiting the site and decoding your message, which would not be a good thing. :-(

    --

  • by grappler ( 14976 ) on Monday February 12, 2001 @01:41PM (#437280) Homepage
    This is a good method of steganography, but if it pretends to be good encryption by itself, that's bull.

    What would really work well is a random spam generator that takes any random stream of bytes as input. Then you do the following:

    Plaintext -> PGP/GPG -> cyphertext ->SpamMimic -> cyphertext which looks like spam

    Then, it would be secure and would not attract attention. There are some interesting pitfalls tho:

    o It could be deleted by a computer rejecting spam based on a text signature
    o Your friend would have to know ahead of time to expect your message or he'd delete it. Of course, then he could no longer ignore any of his spam. If he automates the process, this could be avoided because normal spam would not decrypt to anything and the checksum would fail and it would be tossed automatically.

    o Somebody could invoke an anti spam law to sue your ass when you were simply sending them a message. Then, you'd have to prove it wasn't spam.
  • by Grond ( 15515 ) on Monday February 12, 2001 @10:04AM (#437281) Homepage
    What if...

    The codec was (re)designed so that most actual spam would decode into a message, even if it was gibberish? Would certainly improve the steganography aspect, I think.LI>

    The codec was (re)designed so as to be irreducibly computationally expensive to decode messages, thus making scanning difficult, but on a modern machine decoding

    Admittedly I'm not an expert on spamming methods, but it seems to me like most spam appears to be addressed to one recipient anyway, so I don't think the 'one recipient therefore fake spam' correlation holds, as some have suggested.

    Honestly, if these ideas were to be implemented (well, the first two, anyway), I don't think they would need to open source the program. That is, one could just as easily be made up with those goals in mind, since a complete rewrite would be necessary anyway.

    To me, this seems like a potential way to produce 'ubiquitous encryption.' If the codec was remade so that it was computationally expensive and regular spam decodes without errors, then it would dramatically improve the percentage of encrypted mail.

    Or, better yet, since regular spam would decrypt to 'gibberish,' why not have the decrypted output be code for use with an actual cypher? Suddenly I imagine a PGP->Spam encoder and decoder...imagine, every spam message is potentially a PGP message! That'd really mess up carnivore/echelon. It'll probably never happen, though. But the possibility is certainly tantalizing...

  • This idea is essentially stenography.

    They're taking your email, and encoding it to look like spam. Hence, evesdroppers will filter it out as junk instead of examining it. (Or evesdroppers will be forced to pay attention to spam.)

    This is very similar to stenography--hiding information in a way that you can't prove that it's there unless you already know how to decrypt it.
  • Even if spammimic only gets 2 hits a day; the fact that it's here might force the snoops to process terabytes of spam -- making them spend a
    little less time on other mails.


    Unless, of course, they can convince the general public that now, not only is spam annoying, it's actually a threat to national security -- nay, an open INVITATION to have a middle eastern terrorist bomb the public library in your home town. This could be the end of legal spam!

    And if it's not, then we get cool steganography! Either way, we win!

    ('course, if they can get the public to buy that, they can get the public to buy pretty much anything, and we might be in big trouble.)



    --
  • Yet again Slashdot is a day late and a buck short. You guys should start reading memepool [memepool.com] more often. They featured this story on January 16th [memepool.com] -- where the hell were you?
  • I've been trying to look at that site since it got mentioned on kuro5hin the other day and every time I've tried it's been down. I don't know if it's a slashdot / kuro5hin effect (does kuro5shin have an effect?) but I'm not entirely certain that that's a real website which actually functions.

    Well, I guess other people have used it otherwise it wouldn't keep showing up. Maybe it's just me. I'll go try again.
  • Ahh, if only you could mirror CGIs more easily :)
  • This is a neat idea. But I would bet that one could come up with a statistical model to detect such an encoded message. A human can easily detect that this is not "typical" spam, so with a little work an algorithm could too.

    But the trouble with such a system is that you have to build a brand new set of rules to have any sort of security. You can't just generate a new set of keys, you have to build a new grammar and phrasebook for the spam text.
  • Dear Friend ; We know you are interested in receiving
    cutting-edge announcement . If you are not interested
    in our publications and wish to be removed from our
    lists, simply do NOT respond and ignore this mail !
    This mail is being sent in compliance with Senate bill
    2116 ; Title 3 ; Section 303 ! This is NOT unsolicited
    bulk mail ! Why work for somebody else when you can
    become rich within 10 weeks ! Have you ever noticed
    nearly every commercial on television has a .com on
    in it plus how long the line-ups are at bank machines
    ! Well, now is your chance to capitalize on this !
    We will help you deliver goods right to the customer's
    doorstep and decrease perceived waiting time by 150%
    . The best thing about our system is that it is absolutely
    risk free for you ! But don't believe us . Mr Simpson
    of Alaska tried us and says "My only problem now is
    where to park all my cars" . We assure you that we
    operate within all applicable laws ! We urge you to
    contact us today for your own future financial well-being
    ! Sign up a friend and you get half off . God Bless
    ! Dear Web surfer , Your email address has been submitted
    to us indicating your interest in our briefing ! This
    is a one time mailing there is no need to request removal
    if you won't want any more . This mail is being sent
    in compliance with Senate bill 2616 , Title 1 ; Section
    305 . This is different than anything else you've seen
    ! Why work for somebody else when you can become rich
    in 92 DAYS . Have you ever noticed how long the line-ups
    are at bank machines plus people love convenience .
    Well, now is your chance to capitalize on this . We
    will help you turn your business into an E-BUSINESS
    plus process your orders within seconds ! The best
    thing about our system is that it is absolutely risk
    free for you . But don't believe us . Ms Ames who resides
    in Montana tried us and says "I was skeptical but it
    worked for me" ! We are licensed to operate in all
    states ! You have no reason not to act now ! Sign up
    a friend and you get half off . Best regards . Dear
    Salaryman ; You made the right decision when you signed
    up for our directory . If you are not interested in
    our publications and wish to be removed from our lists,
    simply do NOT respond and ignore this mail . This mail
    is being sent in compliance with Senate bill 1626 ,
    Title 8 , Section 301 ! This is NOT unsolicited bulk
    mail ! Why work for somebody else when you can become
    rich inside 56 days . Have you ever noticed nearly
    every commercial on television has a .com on in it
    and nearly every commercial on television has a .com
    on in it . Well, now is your chance to capitalize on
    this ! WE will help YOU increase customer response
    by 170% and decrease perceived waiting time by 120%
    . You can begin at absolutely no cost to you . But
    don't believe us . Ms Simpson who resides in Ohio tried
    us and says "I was skeptical but it worked for me"
    . We are licensed to operate in all states . We BESEECH
    you - act now ! Sign up a friend and you'll get a discount
    of 40% . Thanks ! Dear Friend ; This letter was specially
    selected to be sent to you . If you no longer wish
    to receive our publications simply reply with a Subject:
    of "REMOVE" and you will immediately be removed from
    our mailing list . This mail is being sent in compliance
    with Senate bill 1619 ; Title 6 , Section 303 . This
    is NOT unsolicited bulk mail ! Why work for somebody
    else when you can become rich inside 59 WEEKS . Have
    you ever noticed nobody is getting any younger and
    most everyone has a cellphone ! Well, now is your chance
    to capitalize on this ! We will help you sell more
    & process your orders within seconds ! You can begin
    at absolutely no cost to you . But don't believe us
    ! Ms Ames who resides in New Jersey tried us and says
    "My only problem now is where to park all my cars"
    ! This offer is 100% legal . Do not go to sleep without
    ordering . Sign up a friend and you get half off !
    Warmest regards .
  • requires the user to give them the plaintext of every message

    i know, it's actually run by the government. that way they can monitor your email before you even send it..
  • I'd like to see something a little more concise, so larger messages could be transmitted. Obviously then you would not fool a human reader, but then again, neither would this. I encoded the phrase stega-spamma-nography and got this unlikely sentence:


    We will help you turn
    your business into an E-BUSINESS and turn your business
    into an E-BUSINESS .


    Of course, it also runs the risk of your friend discarding the email because he runs a smart spam filter, too. (BTW, John - YHM).

    --
  • The biggest problem I have seen with this is that you must use a website to encode/decode the message. Hey, this is no big deal. Anyone can write a program. The best option though would be to actually encrypt the message with your typical encryption scheme, then use a filter to convert the encrypted text into spam or whatever medium you like. The first stage will protect the message. The second stage will conceal the encryption. If the actual filtering process was key based, then only the reciever would be able to determine if the spam was actually spam or concealing another message.

    -Restil
  • There is a fairly simple and obvious fix. Why not use key-pair methods like PGP, combined with this sort of thing?

    Think about it. PGP just turns a message into "gibberish"; a spamified PGP would turn it into (admittedly rather long) halfway intelligible spam messages, only decodable by the recipient.

    Now THAT would be cool...

    cya

    Ethelred [macnews.de]

  • I don't think I have ever recieved a spam from uu.net (at least, not one that admits it in the header).

    That depends on what you mean by "admits". If you look through the Received: headers, specifically the last non-forged one, it's extremely frequent to find the uu.net IP addrs. For example:

    Return-Path: <jcrand1975@implus.at>
    Delivered-To: no@spam.com
    Received: from ntserver.kvadro.ee (mail.kvadro.ee [213.168.23.75]) by shackman.divisionbyzero.com (Postfix) with SMTP id CEAABB9F48 for ; Sat, 18 Nov 2000 12:12:34 -0800 (PST)
    Received: from bungee5 (unverified [63.24.141.248]) by ntserver.kvadro.ee (EMWAC SMTPRS 0.83) with SMTP id ; Sat, 18 Nov 2000 21:25:45 +0200
    Date: Sat, 18 Nov 2000 21:25:45 +0200
    To: jcrand1975@implus.at
    From: jcrand1975@implus.at
    Comments: Authenticated sender is <jcrand1975@implus.at>
    Reply-To: jcrand1975@implus.at
    Subject: New - 15-Million Fresh E-Mail Addresses
    Message-Id:

    You'll notice the last Received: header points to a 63.* addr. Hello uu.net.

    By "major isp's", I was referring to ISP's that serve a lot of private cutomers... AOL, Juno, Qwest, MSN, etc. etc. not spine providers and business-centered ISP's like uu.net and mr.net

    Plenty of spam can be traced back to AOL dialup IP addrs, and uu.net owns many of the IP addrs that small ISPs use.

    This is not to mention the proliferation of non IP logging relaying SMTP servers from major ISPs, most notably @home. Or all the people running relaying sendmail on their redhat boxen.

  • by kali ( 32955 ) on Monday February 12, 2001 @10:36AM (#437295)
    Since most real spam originates from some ".backwater" national domain

    Huh. Most of my spam comes from uu.net.

    and spoofs the recipient's ID into the From: field,

    What's to stop this software from doing the same?

    it seems to me that the fake spam would be fairly easy to spot.

    It would look just like real spam unless you specifically checked for the type of mangling done by this program (assuming it does leave some kind of fingerprint).

    If it looks like spam, but comes from a major ISP, and is delivered to only one person, it is a fairly good guess that it is really a coded message.

    No, it's not a good guess. Major ISPs (especially uu.net) send out massive amounts of spam. As for delivered to only one person, most spam forges the To: header, so there isn't any clue in the email itself as to how many people are receiving it. Unless the sniffing system kept a queryable database across all it's nodes, it wouldn't be able to detect the multiple connections from the originating mailserver to it's target mailservers.

    Even if there was such a database, the whole point was to make carnivore/echelon apply more logic than just "basic" spam detection. If you make the FBI/NSA have a queryable database of all active tcp connections on the entire internet at all times, then you're achieved your goal.

  • I'll bet Slashdot offers an even better substrate than spam. Carefully chosen variants of comments about how MS/Microsoft/Microsloth sucks/sux/blows/bites could easily be used to encode a message. Ditto for other "hot words" such as Linux, BSD, JonKatz, Natalie Portman, goatsex, etc. With a little creativity we could probably get something like Spam Mimic working, but with a much more favorable compression ratio. What's even better is that you don't even have to use your own storage. Just post the encoded version to Slashdot and your friend can pick it up any time, while it remains totally indistinguishable from all the other random garbage people (including me) post here.

  • by Stavr0 ( 35032 ) on Monday February 12, 2001 @09:53AM (#437297) Homepage Journal
    Hello friend,

    We have an amazing opportunity waiting for you. Because your server has been slashdotted,
    we have a special offer just for you at FBNHOSTING.COM. FlyByNite hosting guarantees
    uninterrupted web hosting with no possibility of DOS/DDOS/SlashDotting attacks.

    Act now! This offer is time limited. Already, your precious users are turning away and surfing
    on to your competitor.

    W.E. Zell, manager
    FBNHOSTING
    ---

  • by Stavr0 ( 35032 ) on Monday February 12, 2001 @10:01AM (#437298) Homepage Journal
    I copy-pasted a spam from my inbox into this thingy and it decoded to this:

    I am a scam artist trying to defraud you of your hard-earned money.
    ---

  • They mention that in the FAQ - it is being considered...
    --
  • by Rader ( 40041 ) on Monday February 12, 2001 @12:59PM (#437300) Homepage
    What I would like to see is that this DID cause a problem for the government snooper/sniffers BUT, to fix the problem they instead made spam illegal.

    THAT would be cool. I'd almost overlook the whole big brother thing if they did that :)

    Rader

  • For anyone wondering, the decoded form of this message is:

    "And Bababooey to you all !! !!"

    Now we don't have to slashdot the site to decode this.
    --
    Patrick Doyle
  • new movement.....in order to preserve the quality of Slashdot feedback, every headline must now look like:

    SDAFLJQ#$RLWEFQ$FSDFDF#$QVQ $#RFclick [spammimic.com] SADFAS!FEQWsk3n1443R$:FEMK #VL#$ VJLF34knc rk4jnc#$ C%$@

    So i hope to get you all signed up pronto.

  • that will propose that all Slashdot headlines make some semblance of sense without having to read the external site to see what its talking about.
  • by darkonc ( 47285 )
    Great! All-you-can-eat spam that I actually have to pay attention to.
    I got 35 spam today. 7 of them were from my co-conspirators describing how we were going to 9^&%o997us78d58t7 Bush.

    --
  • The site left me a little stunned. Taking some simple phrase and translating it to a hundred lines of dreck and then being able reverse translate is amazing, and just might accomplish the desired goal of forcing the watcher to scan nearly everything, making the needles in the hay stack that much harder to find.

    On the other hand: Looks like spam; smells like spam; gets tossed out like spam.... Did you get the message? Not yet -- just 300 spams -- trashed em all. *urk* ;-)
  • This reminds me of how Simon Templar talked to his clients in The Saint.
  • by British ( 51765 ) <british1500@gmail.com> on Monday February 12, 2001 @10:18AM (#437307) Homepage Journal
    You just came up with an amazing idea. Disguise your emails as Jon Katz rants. That way, nobody would WANT to read your intercepted email.
  • Ahh, if only you could mirror CGIs more easily :)

    Google [google.com] does it with ease ....

  • by mjh ( 57755 ) <mark.hornclan@com> on Monday February 12, 2001 @10:16AM (#437309) Homepage Journal
    The problem that I see with this is that it's too easy to intercept in an automated fashion. It doesn't take any secret or anything to be able to determine whether or not the data is there. You simply decode it and you get the hidden message. In fact, if you give it something that isn't an encoded message, it will tell you that it can't decode it. This makes it trivially easy for the carnivore's (et al) to automatically detect this type of obfuscation. They simply have to add a step to their spam filtering code to try deobfuscating before deleting.

    The real value would be if this thing would take any garbage and translate it into something - of about equivalant length garbage. Thus it could be coupled with an encryption format that looked like garbage, to effectively obfuscate your communication.

    PGP/GPG does not do a good job as the encryption format. It's got these nice, easy to read, headers that show you that it's a GPG encrypted message. What you need is something that will take in what looks for all the world like garbage and spit out the clear text if you got the right key.

    This is a great first step, tho.
  • I thought that Steganography was the art of being a dinosaur with big heat-dissipating plates and a spiked tail.
  • I think there's actually a bigger problem than this. Namely, if you want to send a message of any length, you produce a proportionally longer spam. "I think it is time to impliment Operation Stinky-Whistler" translates to about a page of text. When I did a longer passage about the ancient history of the Corbetts (only about two short paragraphs), I got a spam six times as long. Basically, it would only be useful as encryption for things like "GW noon PCInet Sniper Omar."

    But even this is problematic. This sort of encryption wouldn't be too hard to break (the intelligent folk on this subject have already posted), and the Evil Men in Suits [nsa.gov] would just have more types of fish to look for in their net; so Osama bin Laden isn't about to touch it.

    "But isn't the site suggesting that we use this to force the Evil Men in Suits [nsa.gov] to read our spam?" Yes, but this isn't a feasible idea. Once they've broken the code, they'll just look for those search terms (or more likely in this case, phrases); the context in which they occur wouldn't greatly increase the load on their system. Unless we also encrypt things like "Bill Clinton loses SS protection in a few years; wanna start something?" they won't bother looking. And in that case, why not just send it in the clear? Because this method is so transparent, the Evil Men in Suits [nsa.gov] aren't about to spend any extra time on spam, seeing as bin Laden won't transmit using it.

  • if it looks like spam, but comes from a major ISP

    what like getrich@aol.com or printerink@yahoo.com? I think much spam has from headers which specify a 'major' isp or provider, and also route thru them too.

    To work out whether it's sent to more than one person you'd have to keep pretty big logs and compare every mail to every other mail in the logs to see if they're the same. That's increasing the load on a surveillance system even more than just having to process spam.


    ---

  • Funny, you'd mention AOL in a context of "major ISP who doesn't send spam"...
  • Presumably, a good spam-mimic would forge address of sender or domain name too, in order to make it look more like real spam...

    (Well not in the implementation listed in this story, but this implementation sucks anyways: who says the site is not run by the NSA? And it doesn't even use https for its encode/decode pages, making it actually easyer to snoop cleartext of any message shrouded this way!)

  • And, did you use up-to-date maps?
  • This reminds me of a method to foul up wiretapping in the 1970's, when anyone who ever said the phrase "Peace, Love, etc" had their phone tapped.

    Person A, who is being tapped, calls person B, also being tapped. Then person A puts the phone next to a radio with music that would not appeal to the average FBI agent, or a tape loop containing a pro love, anti war message. Then both go away for a weekend, a week etc.

    Pity the poor SOB who has to monitor all the tape recorded during that time.

    This also assumed that you had a flat rate phone service.
  • Actually spam people with the message! Encrypt something, than encrypt it again into spam. Send it out to 200,000 email addresses combed from usenet posts, and the real recipient in the mess, and the governments will never be able to find the real recipient.
  • Or cause them to monitor all traffic to this site and others like it.
  • Come in handy for terrorists. Set up a spam service in libya and not only direct your operatives, you could piss off many americans (And make a few bucks off a few more) in the process.
  • (If you haven't, please see the site!)

    A fun form of security is good and all, but they actually have higher aims than that. They want to keep Big Brother busy by forcing him to read spam that might contain whatever naughtiness they're supposed to be watching for.

    Their site continues, linking to: Jam Echelon Day [wiretapped.net] and Jam Echelon Day descends into spam farce [zdnet.co.uk]

  • No, it's pretty much established fact that they Carnivore and Echelon exist for exactly this purpose. How effective they are is questionable. I don't think that's lunatic fringe in any way.
  • by JoeShmoe ( 90109 ) <askjoeshmoe@hotmail.com> on Monday February 12, 2001 @10:03AM (#437322)
    So what you are telling me is that I now can no longer just delete Spam on site? I now have to run it through this SpamMimic to make sure I'm not missing a top-secret message?

    ARRRRRRRRRRGGGGGGGH!

    - JoeShmoe
  • OK, what will impress me is the analog of those "print_self()" C programs.

    I can see it now: in the future, I'll get encoded spam that won't ever decode.

    Ultimate!

  • by Legion303 ( 97901 ) on Monday February 12, 2001 @10:31AM (#437324) Homepage
    The point is not to use this as a viable means of encrypting messages, but as another way to bog down Echelon, Carnivore et. al. Now the FBI has to sift through tons of spammy garbage if they want to make sure they catch everything.

    Come on, I can't be the only one here who bothered to follow the link and actually read the damn thing.

    -Legion

  • I dont know about that span mimmic enconding voodoo thing, but that e-commerce sound like a good deal! where do I sign up?

    Do they give free t-shirts?

    --

  • First of all, if this actually works, its whats called a "subliminal channel" in cryptography -- and thats not realy that interesting .

    However, since you have to use the same website to send and recieve the message, it would be much eaisier to generates a random spam, and use the hash of that message to store your real text in a database (a dictionary or map) then when you come back with your e-mail to "decrypt" it could rehash the text and retrieve the message you typed in.

    My .02 cents

  • Whoops. Didn't realize that was so long. Accidently hit submit when trying to preview. Yes I'm a dumbass.

    Mordred

  • It's widely believed that Western governments read (and decrypt) a great deal of Internet mail through systems called Echelon, Carnivore and others. Presumably they have filters which discard spam. Possibly, due to the existence of this little website, they can no longer ignore spam. Even if spammimic only gets 2 hits a day; the fact that it's here might force the snoops to process terabytes of spam -- making them spend a little less time on other mails.

    So. They spend their time decypting our "private" mail, but the just send the spam to a killfile? And this is supposed to stop that? Perhaps a better thing to do would be to convince spammers to encrypt all of their spam. Then the government would have to decrypt all of that too.

    (I'm ignoring the obvious jokes about "processing Spam"...)

  • The overall message size didn't increas 100 fold. A simple string:
    Just a test of the encoder
    Turned into:
    Dear Friend , Especially for you - this amazing announcement ! We will comply with all removal requests ! This mail is being sent in compliance with Senate bill 2216 ; Title 3 ; Section 301 ! This is different than anything else you've seen . Why work for somebody else when you can become rich within 57 weeks . Have you ever noticed nobody is getting any younger plus the baby boomers are more demanding than their parents . Well, now is your chance to capitalize on this . WE will help YOU SELL MORE and decrease perceived waiting time by 150% ! You are guaranteed to succeed because we take all the risk . But don't believe us . Mr Ames who resides in New Jersey tried us and says "I was skeptical but it worked for me" . We assure you that we operate within all applicable laws ! If not for you then for your LOVED ONES - act now . Sign up a friend and your friend will be rich too . Warmest regards . Dear E-Commerce professional , Especially for you - this hot intelligence . This is a one time mailing there is no need to request removal if you won't want any more . This mail is being sent in compliance with Senate bill 2616 , Title 1 ; Section 309 ! This is different than anything else you've seen . Why work for somebody else when you can become rich inside 49 weeks ! Have you ever noticed most everyone has a cellphone & more people than ever are surfing the web . Well, now is your chance to capitalize on this . We will help you SELL MORE plus increase customer response by 160% . The best thing about our system is that it is absolutely risk free for you ! But don't believe us . Ms Ames who resides in Florida tried us and says "I was skeptical but it worked for me" . We are a BBB member in good standing ! So make yourself rich now by ordering immediately ! Sign up a friend and you'll get a discount of 60% . Best regards !
    Perhaps a little optimization to this code would be in order, even something simple like a first character replacement???
  • This idea is essentially stenography.
    Close. Stenography is "the art or process of writing in shorthand". You're thinking of steganography [yahoo.com].

    --

  • No you twit. He means Steganography. Go look it up.
  • Yes, this MAY help bog down the Carnivore servers (a big if). It can also be used by security agencies to make this a non-viable communication channel for terrorists. All they have to do is post a message on alt.binaries.pictures.goatse.cx from osamadude@terror.org and about 3 milliseconds later good ol' Osama gets flooded with enough REAL spam that the effort in wading through all his new email rapidly outweighs his ability to use this method effectively.
  • And yes, I have read the site...

    A few months ago when this came out, I was curious as to what it was doing...

    An hour of two of playing with tcl and neowebscript, and I'd started to decode messages from it. I'm not a cryptographer, so I seriously doubt the algorithm involved will upset the likes of Carnivore et. al. It is an excellent concept, don't get me wrong, now if they can only improve their algorithm...

    And, of course, I've no idea where those scripts are, and I'm actually busy these days, so I probably won't reproduce them anytime soon.

    "A goldfish was his muse, eternally amused"

  • He's talking from the context of a Big Brother listening to your e-mail. If you recieve a spam that they don't see anyone else getting, they will run it through just to double check.
  • Dear Friend , Your email address has been submitted to us indicating your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club . This mail is being sent in compliance with Senate bill 2016 , Title 8 , Section 305 . This is NOT unsolicited bulk mail ! Why work for somebody else when you can become rich within 33 days ! Have you ever noticed nearly every commercial on television has a .com on in it plus most everyone has a cellphone . Well, now is your chance to capitalize on this ! WE will help YOU decrease perceived waiting time by 130% and turn your business into an E-BUSINESS . You are guaranteed to succeed because we take all the risk . But don't believe us ! Prof Ames of Massachusetts tried us and says "My only problem now is where to park all my cars" ! We are licensed to operate in all states ! We beseech you - act now . Sign up a friend and your friend will be rich too ! Thank-you for your serious consideration of our offer !
  • How about for every character in your email message, you add 1435 bytes. That way, by the end of the message, it's so large that Carnivore chokes and dies.

    But really folks...what's wrong with PGP?
    --

  • Since most real spam originates from some ".backwater" national domain, and spoofs the recipient's ID into the From: field, it seems to me that the fake spam would be fairly easy to spot.

    Which creates a market opportunity: offshore servers that automatically convert ESMTP input into fake spam. Except that to avoid attracting attention, they'd have to rely on open relays, just like real spamsters. And they'd probably also need to generate some real spam themselves....

    __________________

  • Only someone with the right grammar can decode a message.

    If that's true, this is not a very secure form of encryption. Codebreaking is usually based on searching for the patterns introduced into messages by the linguistic habits of the correspondents. If the encryption key is itself a linguistic pattern, the codebreaker's job is just that much easier. The message is secure only as long as the codebreaker doesn't know which messages are encrypted -- and traffic analysis will tell him that.

    __________________

  • A couple of years ago, the New York Times' Cybertimes section had a similar encoder/decoder. In their case, it encoded to a description of a phoney baseball game. If one's going to really encode and send a message, the phoney spam approach seems much more likely to survive scrutiny than several pages of nonsensical baseball coverage. Very cool.
  • Oh they send plenty-o-spam. But a single message from one AOL user, sent to one recipient... not likely to be spam.

    Try parsing the meaning of what I was saying, instead of making knee-jerk reactions.

  • by Golias ( 176380 ) on Monday February 12, 2001 @09:47AM (#437351)
    Since most real spam originates from some ".backwater" national domain, and spoofs the recipient's ID into the From: field, it seems to me that the fake spam would be fairly easy to spot.

    If it looks like spam, but comes from a major ISP, and is delivered to only one person, it is a fairly good guess that it is really a coded message.

    The only way to avoid your message being parsed out from somebody who is really looking for it would be to actually spam a few thousand people though the usual spam channels... which means we can all expect lots more messages advertizing pyramid schemes and satelite TV systems in the near future, just so Bin Laden can chat with his pen-pals.

    That's just swell.

  • by Fervent ( 178271 ) on Monday February 12, 2001 @11:54AM (#437352)
    I know the primary motivation here is to clog Carnivore with Spam, but let's just say that the CIA knew you were sending information through a service similar to this. It's essentially a substitution cipher, using a sentence = letter/phrase base. Substitution ciphers on a whole are *notoriously* easy to decrypt, whether they be numbers/letters, Caesar, or in this case Spam.

    I would probably continue using PGP (or don't send stuff through email at all you wouldn't want to be known by others).

  • Moderators, ths was cool!

    A troll, using the technology from the article... Amazing that he even *read* the article!

    A host is a host from coast to coast, but no one uses a host that's close
  • by firewort ( 180062 ) on Monday February 12, 2001 @12:14PM (#437354)
    This is only cool until someone builds the encoder/decoder into an email app that gains popularity.

    Then the Spooks this attempts to confound will build its' functionality into their DCS1000's and Echelon apps, putting us right back where we started, except that the spooks will be using a little more processing power and wait a split second longer to see our mail.

    This is a nice toy, but not a long term security measure. That's the problem with obscurity- if it has functionality, it can gain popularity. If it gains popularity, the obscurity quickly fades away, rendering it useless.

    A host is a host from coast to coast, but no one uses a host that's close

  • When you get a message encoded with Spam Mimic, you'll assume it's spam and delete it. Great idea though.

    It's brilliant! With a little refinement to the CGI form (ie., reading decoded text in the Encoding box is inconvenient at best), it's good enough to be a commercial service, IMHO.

    The other problem is that when Carnivore et al. start to see spam coming from legitimate, otherwise in use e-mail addresses, then they can start sniffing.

    I'm sure the algorithm is fairly simple. Maybe ROT13 letters placed as the first character of every third word or something like that. It's terrifyingly effective, too.


  • Oh.. and we are all pretty convinced security through obscurity is not security, but this was about privacy through obscurity :)

    Heh... It's privacy through being forwarded, with an attached nasty note, to abuse@luser's_isp.com.

  • So they've come up with a couple stupid "spammy" sounding messages. They're adding a few random numbers to it, making an MD5 hash out of it, storing that in a database, along with the message you originally entered. Then when you decode it, they're just getting the hash ( or whatever they're using) and do a lookup in the database to retrieve your original message.

    Since when is 3rd-party storage ingenious technology.

    Just what the world needs,
  • Now when we see "Enlarge Your Penis Now" posts on Usenet we won't be fooled - we all know it's anonymous terrorist communications.

    --nick
  • Has anybody tried taking regular spam and running it through this thing? I just tried a message I got this morning and got back:

    ALL THESE WORLDS ARE YOURS EXCEPT EROS. ATTEMPT NO LANDINGS THERE. USE THEM TOGETHER, USE THEM IN PEACE.

    Maybe SETI has been approaching this all wrong?

  • by Riplakish ( 213391 ) on Monday February 12, 2001 @09:46AM (#437372)
    Reading the explanation on their site, there seems to be an awful lot of suppositions:

    It's widely believed that Western governments read (and decrypt) a great deal of Internet mail through systems called Echelon, Carnivore and others. Presumably they have filters which discard spam. Possibly, due to the existence of this little website, they can no longer ignore spam. Even if spammimic only gets 2 hits a day; the fact that it's here might force the snoops to process terabytes of spam -- making them spend a little less time on other mails.

  • I've been cutting-and-pasting the contents of my "SPAM" mail folder into the "decode" page, but haven't gotten anything intelligible yet, except this:

    Don't hurt Jon Katz.

    I'm not really sure what that means. Will report back if I find further information.

  • by l33t j03 ( 222209 ) <l33tj03@hotmail.com> on Monday February 12, 2001 @09:49AM (#437379) Homepage Journal
    Your mom loves it when I send her stuff like that. You'd better not be trying to move in on my action.
  • by Auckerman ( 223266 ) on Monday February 12, 2001 @10:35AM (#437380)
    Anyone who goes to the more shady parts of UseNET would be familiar with those posts that pretty much look like nothing more than random words following some kind of spam looking message. Always totoally pointless, always with faked headers. I've always assumed they were people chatting (with some stupid rot 26 encoding, or whatever) with one another in an already noisy enviroment. With a nice tool like this, now they can spamm YOU and talk to one another at the same time.

    The future is looking bright.

  • Dear Friend , You made the right decision when you signed up for our club . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our mailing list . This mail is being sent in compliance with Senate bill 1625 ; Title 5 , Section 302 ! This is different than anything else you've seen . Why work for somebody else when you can become rich within 37 weeks ! Have you ever noticed most everyone has a cellphone plus how many people you know are on the Internet . Well, now is your chance to capitalize on this . We will help you SELL MORE and SELL MORE . You are guaranteed to succeed because we take all the risk ! But don't believe us . Mr Simpson of Mississippi tried us and says "I was skeptical but it worked for me" . We are a BBB member in good standing ! DO NOT DELAY - order today ! Sign up a friend and your friend will be rich too ! Thank-you for your serious consideration of our offer . Dear Decision maker , Thank-you for your interest in our letter . If you are not interested in our publications and wish to be removed from our lists, simply do NOT respond and ignore this mail ! This mail is being sent in compliance with Senate bill 2716 ; Title 5 , Section 306 . This is different than anything else you've seen ! Why work for somebody else when you can become rich in 34 days ! Have you ever noticed people love convenience and nobody is getting any younger ! Well, now is your chance to capitalize on this . We will help you use credit cards on your website plus decrease perceived waiting time by 150% ! The best thing about our system is that it is absolutely risk free for you . But don't believe us ! Ms Simpson of Maine tried us and says "I've been poor and I've been rich - rich is better" . We are a BBB member in good standing . You will blame yourself forever if you don't order now ! Sign up a friend and you'll get a discount of 30% . Thank-you for your serious consideration of our offer ! Dear Cybercitizen , Especially for you - this cutting-edge intelligence . We will comply with all removal requests ! This mail is being sent in compliance with Senate bill 2116 , Title 8 ; Section 301 . This is a ligitimate business proposal . Why work for somebody else when you can become rich as few as 93 days ! Have you ever noticed how many people you know are on the Internet & society seems to be moving faster and faster . Well, now is your chance to capitalize on this . We will help you process your orders within seconds plus process your orders within seconds . You can begin at absolutely no cost to you . But don't believe us ! Mr Ames who resides in Montana tried us and says "I was skeptical but it worked for me" ! We are a BBB member in good standing ! We beseech you - act now ! Sign up a friend and you'll get a discount of 60% . Warmest regards !
  • The only problem is when you get your email address blacklisted by ORBS for being a spammer... "dude, it's encrypted"
  • As if we couldn't guess...

    Your spam message Dear Friend , Your email address has bee... decodes to:

    First Post
  • Actually, I've seen the site long before it got slashdotted today. My post was a joke.

    Well, kind of a joke, anyway. I really don't think this thing will see wide use, for a variety of reasons, not least of which is that it provides no real security, and requires the user to give them the plaintext of every message.

    OK,
    - B
    --

  • by RareHeintz ( 244414 ) on Monday February 12, 2001 @09:46AM (#437394) Homepage Journal
    I don't think this will ever make it into general use. Am I really going to send my mother this email:

    WORK AT HOME! FREE RED HOT AMATEUR PUSSY! LOSE 50 LBS IN 10 MINUTES! FREE WEB HOSTING! ACNE CURE! HOT STOCK TIPS! EXTREME FISTING HOUSEWIVES! MAKE MONEY FAST! BISEXUAL COED BITCHES! ACHEIVE (sic) FINANCIAL INDEPENDENCE!

    ...and tell her to go to some website to decode it?

    OK,
    - B
    --

  • by RareHeintz ( 244414 ) on Monday February 12, 2001 @09:50AM (#437395) Homepage Journal
    I think you mean "steganography".

    Regardless, I think you've hit on the point - it's not so much the hiding of information, but more like a denial of service attack, raising the resource threshold for effective large-scale eavesdropping. If they have to watch everything, including the spam, it gets that much harder.

    OK,
    - B
    --

  • I have to disagree with the above assumption about Echelon. It is a relatively old system (70's) agreed about by the Western English speaking countries. Based on Cold War paranoia. Echelon is a voicemail tracker, if you use certain keywords (eg. bomb, bioweapon, our glorious purpose and so on) it will start to record the conversation. It doesn't record conversations that don't contain keywords.
    My sister and I amuse ourselves (childish I know) by inserting random probable keywords in phone conversations. Guess it wastes storage space.
  • As usual, I want to let everyone know that the source code for the mimic functions is available if you just ask. Send me some email. You can get it in C, Pascal or Java flavor. Each of these versions reads the same generic grammar file. So you can create your own grammar for encoding messages. I've written one that uses the voice over to a baseball game. The folks at SpamMimic wrote their own using Spam as an inspiration. I would love to see some more. Incidentally, writing and modifying the grammars is one way to "key" the output. Only someone with the right grammar can decode a message. Another way is to use a number of mechanisms to scramble the grammar for each message. These are all explained in Disappearing Cryptography . Please write with questions and comments. -Peter p3@wayner.org
  • by cryptochrome ( 303529 ) on Monday February 12, 2001 @10:57AM (#437406) Journal
    The spies could just as easily closely watch the spammimic site and intercept all incoming messages and outgoing encodes. The ip can be traced to the sender, and the outgoing encodes could be cross-refererenced against intercepted emails to figure out who the sendee. The website isn't even secure. Since people have to go through this website, that's the weak point in the whole scheme.

    A believable stand-alone spammimic encrypter, coupled with a PGP-type encryption scheme, would be the most effective. A PGP encrypted message looks like gibberish (making it easily detected), but could then be SMed into fake spam. If a spy intercepted the message and de-SMed it he would be left with unintelligible encrypted gibberish. More importantly, if a spy tried to de-SM a real spam he would also get unintelligible gibberish. Thus he would have to somehow figure out whether a message was an SMed encryption or not, and even if successful he couldn't decode it.

    Therefore spammimic needs to make their encodes indistinguishable from real spam email to prevent detection. The decoding algorithm should also produce an output for any input (no error messages), and the output for real spams should be indistinguishable from PGPed messages (both look like gibberish, but only one can be decrypted, and only if you have the proper key). The SMed messages also need to be able to accomodate longer messages, and you should be able to use the encrypter on your own machine for privacy.

    Of course, smart spies know most people don't send each other spam, so they could still pick people out that way. There ought to be a "Long-inane-rambling" or "shallow political discussion" mimic ^_^

    cryptochrome
  • In their feedback they explain that spammimic isn't super secure because your foe might just take your message and paste it to spammimic's decode box.

    Well, duh.

    The FBI/CIA/NSA/NRO/HUD can just filter spam into a spammimic pipe and use spammimic's own cpu to circumvent spammimic's value.

    Imagine how useful it will be when a terabyte a minute is being pumped into the decode box. Then they get free help spying on your messages and a DoS against spammimic.

    You could overcome this by changing the selector pads but then you'd have to have sender and receiver sync on the pad in use, which would have to be sent by some other encryption or channel, which brings back the original problem of not having a super-convenient shrouding method.

    --Blair
    "This is not a crypto for money transaction."
  • by jasonk3 ( 313457 ) on Monday February 12, 2001 @09:41AM (#437415)
    When you get a message encoded with Spam Mimic, you'll assume it's spam and delete it. Great idea though.
  • by PureInsanity ( 315351 ) on Monday February 12, 2001 @09:57AM (#437416)
    I tried to send her some email encrypted with this and look what it sent her. -Hi sexy, looking for a good time? I am just one of many available hot males and females seeking fun and enjoyment on the net. The link at the bottom of this email will take you to my own virtual pleasure house.- I don't think she'll ever look at me the same way again.

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...