Welcome to the Church of SQRLS Web
Site!
By the The SQRLSy One
( Email me at SQRLSy_1@ChurchofSQRLS.com )
Sub-Site SASSI@Home; SASSI is Saturation Attacks to Spam the Spammers Infinitely
Last Updated 21 April 2018
Link to main page: www.churchofsqrls.com
The below idea
is submitted to any and all software developers, in hopes that some-one,
somewhere, will implement it. By putting
it up for all to see on this web site here, I am “defensively publishing” it,
so that no one will gum up the works of software development (and the public
good) by excessive “patent trolling”, and by getting patents for vague and
nebulous ideas alone (without great detail and showing a working product). The ideas below, then, are intentionally
being thrown into the public domain.
PROJECT NAME (And Why)
First
off, we need a catchy program name. SASSI
could be Saturation Attacks to Spam the Spammers Infinitely, or SASSSI@Home is
Spamming Against Spam, Spam, Spam Intruders (or Invaders or Infestations or
some such). It is reminiscent of the
well-know “SETI@Home” program, and being “Sassy” (“Sassing” the spammers and
phishers), and a well-known Monty Python skit about “spam”.
WHAT IT WOULD BE, SUMMARY
Obviously,
there are existing lists (maintained by various companies, especially IM
security companies) of know “phishing” web sites. SOME company or individual SOMEWHERE (maybe
YOU!?!) should develop some fairly simple programs, and a web site where an
up-to-date such list of web sites is maintained. Users could hit this web site, download
several thousand offending web-site addresses, and then the user’s PC and
Internet connection can donate their free, spare cycles to conducting “denial
of service”-style attacks on the offending web sites. Inundate the offending web sites with page
requests, that is. Such attacks may or
may not involve having the user’s PC cycling through different IP addresses, to
prevent counter-measures by the targeted web sites. If enough users donate their spare cycles to
these attacks, from a large database of offending web sites, such
IP-address-cycling would not even be needed.
That is, the web-page requests to the offending web sites would look
very “natural” (diffuse, widely spread), so counter-measures (by the offenders)
would be hard to devise.
SUMMARY OF BENEFITS / PLUSSES
This
would simply create a LOT of “positive buzz” and goodwill towards whatever
company paid for it, if such company paid for this, maintained the web site,
and made sure that the software is clearly XYZ branded. I personally have had my home email hijacked
by “phishers” recently, and so I can tell you, there has got to be a LARGE
amount of anger out there towards the spammers and phishers. Customers will be more happy to buy XYZ goods
and services, knowing that XYZ Company is on the fore-front in the battle
against these offenders. And in the long
run, such a strategy will “take the wind out of the sails” of these offenders,
perhaps even to the point where spamming and phishing simply do not pay off, any
more, at all.
SUMMRY OF COSTS / MINUSSES
Internet
users whose businesses depend on spamming and phishing will perhaps be less
likely to buy XYZ Company products, but, with any luck at all, their influence
will be out-weighed by those far more plentiful users who are highly resentful
of spammers and phishers. And yes, XYZ’s
legal department will have to carefully research what is legal, and what is
not, in various jurisdictions, before providing such a service to users. Then of course there will be the costs of
developing the software, and maintaining a web site.
OTHER MISC. INFORMATION,
CONSIDERATIONS, ETC.
See
http://setiathome.berkeley.edu/
for the well-known “SETI@Home” that is similar to the program envisioned here,
or see http://boinc.berkeley.edu/ for
the super-set of such programs, which includes the SETI project. Now, the SASSI@Home project proposed here,
could perhaps involve ONLY web sites that engage in “phishing”, in which case
things are kept fairly simple. We always
have to be aware of unintended consequences, or of users who would abuse the
system which we would provide. XYZ users
could use our program to attack web sites that are NOT offenders, just because
of their personal agendas. The
counter-measure against this is fairly simple:
The XYZ web site that provides the web addresses to be attacked,
provides target web site addresses in a highly encrypted fashion. XYZ software on the user’s PC parses the
encrypted targets seamlessly, allowing no user intervention. Users who want to substitute their own
personal victim addresses, would have to know the encryption password, at the
very least. If each and every individual
with a SASSI@home-type program was allowed to pick his or her own victims, then
we can all imagine some bad possible consequences… Bandwidth saturation by Democrats hitting the
Republican web sites, and vice versa, and so on. So I for one really do hope that this idea
will be used appropriately and responsibly…
With
some amount of extra effort… Perhaps at
most, the full-time workload of a single XYZ Company employee… Users would be allowed to submit the web
sites of offenders, to include not just phishers, but spammers as well. The XYZ employee would then carefully “vet”
the web sites of such offenders (who clutter up many victims’ emails with
“spam”, trying to attract attention to their web sites). XYZ Company would have to be careful here to
now allow politics to cloud the picture…
Adding (or not adding) web sites addresses on any basis other than the
offenses of spamming or phishing, would be dangerous to XYZ’s image.
An
additional desirable feature would be to allow the user to select (or not
select) an option to limit the amount of Internet bandwidth that this program
will use up. Some ISPs (Internet Service
Providers) charge according to how much bandwidth one uses up, of course. Some users will be, and some will not be,
willing to pay extra, for extra bandwidth, just to “fight the good fight”
against spammers. Ideally, what would be
REALLY nice, would be for this application to track just HOW much bandwidth the
user has used up, and fill up un-used bandwidth (Internet access) as the user
pays for, standard, and then, no more.
So the software envisioned here would ideally tie together with the ISP
software, and figure all of this out.
If
no one can be persuaded to develop this idea and provide it for FREE, then I
for one can tell you, I would be HAPPY to pay $5 or $10 per month, to access
the services of an XYZ Company providing the SASSI@Home software, in the name
of charity and doing good for the public!
I cannot STAND the hackers and spammers and phishers who intrude on me,
and (worst case) turn my PC into a spam-bot!
If
the Government Almighty of the USA prohibits such software from being written
in the (supposedly freedom-loving) US of A, despite such Government Almighty
obviously NOT effectively enforcing the laws against phishing and spamming, the
evil here targeted… Then this software
should be written in (and provided from a basis in) an
internet-freedom-friendly nation such as Iceland, see http://en.wikipedia.org/wiki/Internet_in_Iceland
There’s
the idea… Please consider it carefully.
Thanks! -SQRLSY One
SQRLSy_1@ChurchofSQRLS.com
UPDATE AND ADDITIONAL ASSOCIATED
IDEAS
With
special thanks to Arthur Wilkinson at Emsisoft, I now understand the
dynamics of this whole situation a bit better.
It seems that Governments Almighty, world-wide, including certainly the
USA with its toothless and counter-productive “Can-SPAM” act, prevent us
collectively from fighting back against the spammers! Read his email, his provided link, and
contents thereof, below.
Quoting
from the link’s contents, While
spammers cost companies an estimated $20 billion, they only netted roughly $20
million to $30 million in profits in 2003,… .
So the spammers make $1 for every $1,000 they cost us as customers of
legitimate businesses? And lawyers,
governments, courts, and other crooks twist the laws to punish the
anti-spammers rather than the spammers?
If you will read the below, we’ve got public-policy wonks telling us
that using an automated service to allow us to send opt-out email request to
spammers who have, themselves, spammed us, is, itself, spam!!! WHY cannot Governments Almighty
effectively fight for the good guys rather than the bad guys? Well, I have a theory: Think about it. As things are now, more money is spent, by
spammers and anti-spammers fighting each other, AND by their having to pay
many-many lawyers to help them all fight about it. And all of us customers have to spend lots of
money buying anti-spammers and anti-hackers software. LOTS of money moves around, LOTS of taxes get
collected. If Government Almighty
actually found an efficient way to shut the spammers down (or merely allowed us
as private businesses and users, to do it for ourselves, and got out of our
way), then they’d collect less taxes.
Quite simple!
Not a
“smoke-filled room” conspiracy, I am not a follower of such silliness… But unconsciously if not consciously, “we all
know which side our bread is buttered on”.
And that is for SURE true of Governments Almighty, and their employees!
So here are
refinements of the above ideas, in light of the below. Not only should a Blue-Frog (or SASSI@Home)
base itself in Iceland (one of the few places not run by the utter idiocy of
Government Almighty, at least in the Internet freedoms category), such a
company should take further measures:
‘1) All of their paying customers… Yes, I can see that anyone doing this “for
free” cannot collect off of public goodwill towards their brand, since the
hacking evil-doers will retaliate and swamp their websites, and ALL big
businesses today have to have a web site…
Then the paying customers should, once a week (or so), have the
providing company EMAIL them the refreshed list of spammers. These outgoing emails can NOT be directly
responded to; they come from a server that is set up for outgoing traffic only
(cannot be targeted by denial of service attacks).
‘2) For attracting new paying customers, the
providing company relies purely on word of mouth, and on having enthusiastic
customers who will spread their executable program by posting it on (perhaps
literally) on millions of web sites, facebook pages, etc.. Or even passed around on USB key drives… The criminal bot-net operators cannot spam us
ALL to death!
‘3) To enable this system to pay for itself, the
providing company sends out the once-per-week emailed (updated) list of
spammers and phishers, ONLY to paying customers, who pay via check, pay-pal,
etc.
That’s
it! -SQRLSY One
From Arthur Wilkinson:
Hello, and thank you for contacting
Emsisoft Support.
A similar idea was attempted in the anti-spam industry by a company known as
Blue Security. You can read about what happened to them at the link below:
http://www.securityfocus.com/news/11392
Unfortunately, the idea wouldn't be possible for a company to execute, as it
would break too many laws.
Best regards,
Arthur Wilkinson
Customer Support
--
Emsisoft GmbH - www.emsisoft.com
Mamoosweg 14, 5303 Thalgau, Austria
Tel. +49-180-590066-2, Fax. +43-6235-20053
Commercial register: FN238178m, VAT-ID: ATU57263749
_________End imported
email____________
Now
here I, the SQRLSy One, will do something I would normally not do at all… Import an entire section of text from
some-one else’s web site. “The Google”
doesn’t like that sort of thing, you know; they will demote your web site in
their rankings, the more and more that you do that… You have little unique content, and you are
just parroting other people? Demotion
for you! And, I say, good for “the
Google” on that one!
But
the link http://www.securityfocus.com/news/11392 is so extremely
highly relevant here, AND I would sure hate to see that link go dead and
content be lost, that below it is, for your reference and reading pleasure:
Blue Security
folds under spammer's wrath
Robert Lemos, SecurityFocus 2006-05-17
Israeli anti-spam startup Blue Security
decided on Tuesday to shutter its aggressive anti-spam service, citing threats
of further--and more malicious--attacks on its service and users.
The company's service, Blue Frog, enabled
nearly a half million users to automatically opt-out of unsolicited bulk e-mail
messages, or spam, by each sending a single message back to the advertiser.
Collectively, the automated opt-out messages inundated the clients of spammers
forcing six of the top-10 bulk e-mail groups to agree to use the company's
filtering software to cleanse their mass-mailing lists of any Blue Frog users,
according to the firm.
However, one spammer decided to attack back
instead. Starting May 1, the spammers--who Blue Security identified as
PharmaMaster--attacked the company's Web site and spammed Blue Frog users with
even more mass mailings. The attacks not only disrupted Blue Security's
operations but knocked out the Web blog hosting service Six Apart and a
handful of Internet service providers, including Tucows.
While the company had started recovering from
the initial attacks, the spammer promised more to come, said one company
source. Those threats and the collateral damage led the firm to decide to
shutdown its service.
"We cannot take the responsibility for
an ever-escalating cyberwar through our continued operations," Eran
Reshef, CEO and founder of Blue Security, said in an e-mail to SecurityFocus.
"As we cannot build the Blue Security business on the foundation we originally
envisioned, we are discontinuing all of our anti-spam activities and are
exploring other, non spam-related avenues for our technological
developments."
The closure marks a sudden end to a
controversial service and highlights the importance of spam as a source of cash
for the underground Internet economy. In December 2005, spam e-mail message
accounted for half of all e-mail sent, according to security firm Symantec.
(SecurityFocus is owned by Symantec.) While spammers cost companies an
estimated $20 billion, they only netted roughly $20 million to $30 million in
profits in 2003, according to estimates by analyst firm Ferris Research.
The attacks also underscore the power that
criminals can still wield on the Internet, especially through large networks of
compromised computers known as
bot nets. Bots have become the tool of choice for many online criminals to extort
money from legitimate companies by threatening a hard-to-stop denial-of-service
(DoS) attack; other criminals use the controller software to install adware on
the compromised PCs to earn affiliate
fees from the advertising networks.
The success of the attacks also reveals that,
despite e-commerce companies' assertions that the Internet has become safe for
business, the worldwide network has progressed merely from the Wild West to the
equivalent of the 1920s mob-controlled urban centers, said Peter Swire, a law
professor at Ohio State University and a member of the advisory board of Blue
Security. To fight the online gangs of the Digital Age will take concerted
efforts on behalf the U.S. government and other countries, he said.
"This attack was from an organized crime
ring on the Internet," Swire said. "The rising amount of extortion on
the Internet is a symptom of under-enforcement. It takes concentrated effort to
break up any mob, and legitimate companies are at risk of extortion attacks
unless enforcement and other cybersecurity measures improve."
Until the beginning of May, Blue Security's
Reshef believed his company's service looked ready for explosive growth.
The firm's Blue Frog service had gathered
about 450,000 subscribers. Each user, who in general tended to have strong
anti-spam feelings, had downloaded the free software agent to their computer
and subscribed to the service.
The Blue Frog agent, which integrates with
Yahoo! Mail, GMail and Hotmail, uses a central database to check incoming
e-mail messages for known spam. When a match is found, the software selects a
form from the site advertised in the e-mail message, and submits a message
asking to be removed from the spammer's list. Because Blue Security had nearly
a half million user signed up, companies who use spam lists will likely have
their Web sites inundated with tens of thousands of messages.
In a way, Blue Security was following the
money.
"If you look at the spam economy, there
are the people that spam and then there are their clients--the sponsors,"
Reshef said. "We are going after the sponsors."
Some critics have charged the service
with essentially being a denial-of-service (DoS) attack.
"They were causing a large number of
individual packets to be sent with the intent of slowing a spammer's site
down," said Anne Mitchell, president of the Institute for Spam and
Internet Public Policy. "The intention was to take the server down; the
intention was not to cause the user to be opted out."
Reshef denied that the massive submission of
opt-out messages could be legally construed as a denial-of-service attack.
"Under the CAN-SPAM Act, the user has a
right to send an opt out," Reshef said during a recent interview with
SecurityFocus. "We were taking this right and automating it."
The strategy paid off, both for the company
and its users. By the end of April, Blue Security had noticed that six of the
top-10 spammers had used the firm's filtering service to remove any of its
subscribers from the bulk e-mailers' lists, Reshef said.
"In April, we hit this critical
mass," he said. "It was like a snowball. We had spammers responsible
for 25 percent of the spam on the Net complying or starting to comply with our
list."
At least one spammer decided not to comply.
The bulk e-mailer, using the moniker PharmaMaster, used a simple technique to
divine some of the names on Blue Security's opt-out list: The spammer took a
very large list of e-mail addresses, used Blue Security's filter on the list,
and compared the results. Any e-mail address on the first list that was not on
the filtered list belonged to a Blue Frog user.
On Monday, May 1, a subset of the company's
users started getting ten to twenty times the amount of spam they normally
received. The messages contained numerous allegations, claiming that the Blue
Frog client was illegal, that it took control of people's PCs, and that the
subscribers would be criminally prosecuted.
"BlueSecurity was illegally attacking
email marketers, and doing so with your help," read a portion of one
message, replete with typos. "Many websites have been targeted and hit,
including non-spam sites. BlueSecurity's software has been fully analyzed, and
contains an abundance of malicious code... YOU CANNOT PARTICIPATE IN ILLEGAL
ACTIVITIES and expect to get away with it."
PharmaMaster is a well-known purveyor of
generic and fake Viagra and other drugs and herbal remedies, Resehef said,
denying the allegations in the e-mail messages. The company posted a note to
its site warning its users about the attack and trumpeting the turn of events
as a sign of success.
On Tuesday, May 2, however, the company's Web
site suddenly went dark, and with it, the company's future as an anti-spam
service.
In the early afternoon on May 2, the company
received an ICQ message from PharmaMaster, claiming that an administrator for a
top-level Internet service provider would start blocking traffic to the
company's Web site, according to a timeline posted on the company's site. Soon
after, the company verified that its home page became inaccessible to anyone
outside of Israel.
The attack came as a surprise, Reshef said.
"We didn't expect a criminal would be
able to exercise any control over the backbone," he said.
It's uncertain what exactly happened to Blue
Security's site. The IP address for the Web site comes from a block owned by
Alternet, which is a backbone network run by the former UUNet, bought by
telecommunications company MCI Worldcom, and--as of February 2005--a part of
Verizon. However, a representative of the telecommunications company said
that Blue Security is not a customer and none of Verizon's administrators would
filter out traffic--known as blackholing--to a Web site.
The filtered traffic marked only the
beginning. Within a couple of hours, Blue Security's operations--separate from
its Web site--came under denial-of-service attack, flooded with anywhere
between 2 gigabits and 10 gigabits per second of traffic from tens of thousands
of sources.
By then, the company was attempting to get
back online. To workaround the backbone filtering that blocked access to its
home page, Blue Security decided to change its domain name system (DNS) entries
to point to its former blog, hosted by Typepad. A half an hour later, an
attacker leveled a flood of packets at bluesecurity.com, but because of the DNS
change, the flood did not hit Blue Security's servers but the servers of blog
hosting service Six Apart. In what Six Apart called a "sophisticated
attack," the company's two blog services--LiveJournal and TypePad--as well
as several other portals--such as MovableType.com and SixApart.com--became inaccessible
for nearly 8 hours.
"This has affected all of Six Apart's
sites, causing intermittent and limited availability," the company said in a statement posted at the time. "Our network
operations staff is working around the clock with our Internet access providers
to resolve the issue."
Six Apart foiled the attack on its servers
early in the morning on May 3 GMT, and the attacker shifted to Blue Security's
domain name service provider, Tucows. That attack took out various services
offered by the Internet service provider for nearly 12 hours, with its domain
name service hit hardest, said Elliot Noss, CEO for Tucows.
"We deal with attacks on a regular
basis, and this was an order of magnitude larger than what we are used to
seeing," Noss said. "For the first part of the attack, this was seen
as a network problem, because it caused connectivity issues for two of our
three upstream providers."
Tucows final solution was to "duck away
from the problem"--in Noss's words--essentially removing Blue Security's
DNS records from its system. The move essentially made Tucows' DNS servers
disappear for any computer looking up the address for bluesecurity.com,
blunting the attack but also foiling any legitimate user that wanted to find
bluesecurity.com.
Blue Security's Reshef, who praised Six Apart
for keeping his company's Web page online and accessible, had stern words for
Tucows strategy.
"Tucows took us down," he said.
"Rather than standing up with us in the fight, they deserted us. They
didn't even call us."
Last week, Blue Security hired well-known
DoS-defense firm Prolexic to bring its sites back online. While its home page
returned to the Internet, consistent service to the Blue Frog clients remained
elusive. In an e-mail message sent last week, Reshef indicated the company
fully intended to continue to take the fight to spammers.
Then the situation again changed drastically:
PharmaMaster took the battle to the company's paying subscribers.
The online battle between PharmaMaster and
Blue Security had already had a number of casualties: Internet services,
consumer users and the company itself.
The spammer, seeing the success of the
attacks, apparently decided that more threatening attacks could win the war.
Specifically, PharmaMaster used Blue Security's own tactic against it: The
spammer went for the money.
Blue Security built its business model around
providing free service for consumers--whose greater number of computers could
launch a meaningful attack against spammers--but requiring businesses to pay to
protect entire domains.
In a significant shift in the attacks,
PharmaMaster began targeting the paying customers, according to sources
familiar with the attacks. People at the companies supposedly protected by the
Blue Frog system, instead found their systems in greater danger. The spammer
hit their networks with denial-of-service attacks and sent e-mail messages
laced with computer viruses to their addresses.
For the Israeli company, the attack trumped
any of its defenses.
"Blue Security realized that they
weren't helping their customers by continuing the fight with the
spammers," said Keith Laslop, vice president of business development for
Prolexic, the company hired to protect Blue Security's service. "So they
have decided to exit the anti-spam business."
The anti-spam company said that it does not
blame anyone but the spammer for the turn of events. So far, no lawsuits have
been filed by Blue Security or against the company, CEO Reshef said. On
Wednesday, the main Web page for the company, bluesecurity.com, could not be
accessed by SecurityFocus.
Prolexic itself came under attack soon after
taking Blue Security on as a client, according to the company.
"Prolexic Technologies, has been fending
malicious cyber attacks from one or more criminal spammers attempting to
intimidate the firm, subsequent to Prolexic deploying its system to defend a
recent customer," the company stated on its Web site. "These attacks
have included a barrage of defamatory spam emails about Prolexic, multi-gigabit
DDoS attacks, and mail bombs."
Six Apart, the only other U.S. company
substantially affected by the attacks, is currently working with the FBI on an
investigation, but the U.S. law enforcement agency would not comment on the
investigation.
To advisory board member Swire, the incident
represents that the safety of the Internet is only a thin veneer, and that true
threats to businesses, like this one, only get lip service from the Bush
Administration.
"This shows how vulnerable the Internet
infrastructure really is," Swire said. "I'm concerned that
cybersecurity has been downgraded in the U.S. government from a White House
issue to an issue that gets relatively little support in the Department of
Homeland Security."
The outcome of the episode left a bad taste
in the mouths of even some critics of Blue Security's service.
"I find the closure of their business
very sad," said ISIPP's Mitchell. "I would rather they had tightened
up their system and made it legal, than have it closed down."
CORRECTION: The article originally cited the
wrong title for Keith Laslop of Prolexic Technologies. He is the vice president
of business development. In addition, the article was update with the statement
regarding attacks against Prolexic.
Link to main page: www.churchofsqrls.com