- check out the stylin' NEW Collusion haxor gear at Jinx Hackwear!!! -
- sign up on the Collusion Syndicate's infotainment discussion lists!!! -

Volume 30
Dec 2001

 HOME

 TechKnow
 Media Hack
 Parallax
 Reviews
 Fiction
 Humor
 Events
 Offsite

 Mission
 Responses
 Discussion
 #Collusion
 NEW!

 Submit a Story
 Collusioneers
 © & TM Info
 Contact Us

SETI@Home

Join the
Collusion
SETI Team!
The Anti-Spam Network
 by Sfear

----------------------------------

Table of Contents

What Has Been Tried in the Past
How the Anti-Spam Network Works
How the ASN Would Help the Problem
Legal Aspects
Project Proposal
Development Issues
Conclusion

----------------------------------

 

What Has Been Tried in the Past

The first line of defense against unwanted marketing email proposed by the industry and legal institutions is the “Remove From List” instructions at the bottom of the email. I’m not sure what kind of utopic world they live in, but in my world this is the most ludicrous response conceivable. Most spam comes from shady organizations that are not apt to respect the law, let alone user rights and wishes. If they respected users, then they wouldn’t be sending spam in the first place. Sending a response email to a spammer legitimizes your email as a valid address and proves that you read the email you receive. Even if the spammer eventually removes you from their list, by the time this happens your email addy has been sold to a dozen other “marketing organizations”.

Even legitimate organizations are getting into the spam game. Take MP3.com as an example. When I submit my email address to them, asking for announcements about a specific band, I begin receiving email about other “special offers” that I certainly did not ask for. It’s not that I can blame them. Spam works. It is effective and costs less than any other form of marketing.

However, the exponential increase in the number of spammers has caused this simple marketing ploy to threaten the usefulness of email for consistent web users and has pissed off even passive web users. Some of the worst offenders have begun to learn from the hacking community and employ increasingly sophisticated techniques. According to a recent article on Security Focus, many spammers are using email addresses that exist in what they term "murky space," which is to say that the email addresses don't really exist at all. They appear shortly before spam messages are sent and disappear shortly after.

It is due to techniques like this that Outlook's Block Sender and Hotmail's Spam Filter are also completely ineffective. Not only does the list of spammers increase far faster than they can be blocked, but each individual spammer uses multiple email addresses and multiple domains.

Blacklist applications, such as the MAPS network, are among the best solutions currently available. In these cases a central organization will maintain a list of known spammers. They then distribute a program that simply removes spam emails from your inbox. This solution has a variety of drawbacks. Since the blacklist is moderated by a central organization, the lead time for response to new spammers is too slow to be useful. Unmonitored spam notifications services, such as SpamCop, require less human intervention and can thus work faster. However, this assumes that your network administrator has the time to respond all the incoming spam notifications, which would require more than one full-time employee in a large organization, and is impossible for unaffiliated individuals.

One must assume that there are other solutions. It is unrealistic to expect internet users to change email addresses every few months; retreating to avoid the onslaught of unwanted advertisements. I would suggest that there has been essentially one flaw to all of the current solutions; one failed assumption that plagues every attempt to help the situation. Each of these solutions could be termed as reactive. They take spam as an unpreventable phenomena and aim to filter it away after the crime has been committed. The Anti-Spam Network (ASN) takes a wholly different approach. The ASN aims at reducing the effectiveness of spam as a whole; nullifying the root cause and reasoning of spam senders.

 

How the Anti-Spam Network Works

The ASN appears to users as a program that they can install on their computers. It would need to run as a TSR agent similar to file sharing applications like Napster. When the user receives a spam message, they could go to their ASN agent and fill out a spam incident report. A spam incident report would contain two pieces of information: the email address the spam message was sent from, and the website address that the spam message was trying to get you to visit. This would be added to a personal database of such reports, such that a second spam message from the same spammer could be recorded by simply clicking on the existing database entry. Each agent would only have access to their own ASN database. This becomes essential to minimizing back and forth chatter between agents and help prevent misuse of the application.

Internally the ASN agent keeps a distributed network listing of other users that are running the ASN in the same manner that Gnutella maintains its network. When a user clicks on a spammer’s name in their ASN agent, the agent sends out a spam warning to the other ASN agents. As this warning finds its way through the ASN, it is only recorded and responded to by other agents that have also noted incidents of spam sent from the same email address or ones that have been directed at the same website.

When an agent receives a spam warning or the host user fills out a spam incident report, a series of response actions follow. First, a single email is sent to all email addresses that are associated with the spammers website. This is a form letter Anti-Spam message. Secondly, and most importantly, all websites associated with that email address receive a port 80 webpage request every minute for the next hour or two.

 

How the ASN Would Help the Problem

The specifics of the ASN operation described above are innovative for a several reasons. Perhaps the most important aspect of the ASN solution is its focus on the associated website. Spamming is essentially about money. While selected occurrences of virus or political message distribution via spam do happen, the huge majority of spam messages are commerce driven. And since there is no such thing as an e-commerce email, the vast majority drive traffic to a website. This becomes a vulnerability that the ASN exploits.

Using a Floodnet or DDOS attack strategy, the ASN targets the spammer's website as the point-of-commerce. Once the spammer reaches a critical number of enemies within the ASN, any unwanted email received by an ASN user will cut off access to that website for hours on end and send their bandwidth usage stats through the roof.

In this way, the ASN becomes a form of consumer activism. As a distributed spam notification system it has the power to enact revenge on both a small and large scale against the point-of-commerce of spammers. This hits them where it really hurts, raising the very real costs of operation and maintenance for businesses that indiscriminately send marketing emails. Since spamming is essentially a business strategy, the ASN would be more effective than anything currently available because it nullifies the core reasoning behind spam by raising the business cost of spam campaigns.

The ASN's website-to-email connection also prevents spammers from escalating their tactics in the same way they have in response to current anti-spam tactics. "Murky" or constantly changing email addresses will still need to link to a website as a point-of-commerce. Similarly, a spammer's email can link together various points-of-commerce that are part of a spammer’s network of websites. Every spam incident report expands the tracking of the spammer's tactics and intensifies the retaliation; essentially reversing the time scale of response.

In solutions like the MAPS network, the more email addresses and domains a spammer uses, the slower the network is able to respond to their actions. While with the ASN, these spam tactics only serve to intensify the response in direct proportion to the aggressiveness of the spammer. The more offensive they are, the more widely they spam, or the more indiscriminately they select their users; the larger ASN's retaliation will be against them.

 

Legal Aspects

The ASN does not use exploits. While exploits might increase its effectiveness, it also introduces a number of technical and legal issues. As described above, the ASN's only significant legal issue is that of wanton web outage. Intentionally spiking traffic and causing a website be unable to respond to legitimate customers is, at this time, illegal. However, unlike current Floodnet websites, there is no central organization that is enacting this response. The legal aspects of the ASN would be similar to the line between Napster and Gnutella. Despite the fact that both applications perform the same function, Gnutella has no central organization, thus there was no way to bring legal action against it.

In addition to there being no organization, there are also no users. The way in which the ASN network scales it's response is done such that a single user could not do any significant damage. This protects the system from being misused and prevents any single user from being charged under DDOS laws.

This leaves only the program developers and distributors as potential victims of legal action. However, if the development guidelines below are followed, then there will be no way of legal response against the developers. If the program is distributed through a network such as Gnutella, anonymous ftp, or other underground software circles, then the distributors will also be safe from any legal action.

 

Project Proposal

My preliminary evaluation of the ASN client application suggests that it would require approximately 6 months for a single programmer to complete the entire project. Since there is no way to pay them for their time, this is justifiably unreasonable. However, I suspect that many parts of this program have already been written and are available from open source libraries.

In any event, the way the ASN could come to fruition is through the establishment of an open source project. A formal software development assessment would need to be done. Then the program could be broken into bite-size chunks that can be built by individual developers. This could be done on a nym-based checkout; such that during and after development, no direct link exists between the developer nym and their actual identity. Nym-based login and segment check out could be done, but as long as logs are destroyed and no identity information is collected, then no one has to worry. The website that hosts the development check-out information shouldn’t hold any liability, since they are not actually doing the development.

 

Development Issues

While the distributed nature of the ASN prevents most forms of misuse, one loophole still exists. If a random person starts sending spam that tries to get the recipient to go to Microsoft.com, then the ASN will retaliate against Microsoft even though Microsoft itself has not been sending out spam. A similar problem is presented by retaliation against an email account that has been hijacked by a spammer. Again, in this case, an innocent web user may be retaliated against. While their innocence might be debated, these sorts of situations must be dealt with by the software development staff.

One solution might be to build in a notification subsystem. Such a subsystem would allow anyone that finds such a false or malicious connection in the database to spread a notice about the inaccuracy of that connection to other users. These notices would not automatically destroy the connection, but would require users to view such notices before completing spam incident reports against those targets.

Another solution might be a more sophisticated ASN Moderator application to be developed for use by advanced users. They could contain copies of the entire collective database, including incident report totals, and could be used to make or break connections and monitor or affect ASN traffic. They could also be seen as ASN outposts. Armed with high-bandwidth connections, Moderator agents could provide a constant low-hum of packet storms against the worst offenders.

DDOS is not a new form of IW attack. Ever since DDOS attacks were used to take down Yahoo, Ebay, and Etrade, several applications have become available to filter out “nefarious” traffic. Since the ASN agents send requests at a very low rate, the majority of these applications should be usable. Nonetheless, the project and development team needs to keep aware of advancements in this field in order to assure the ASN's continued effectiveness. For instance, it may be helpful to expand the ASN's retaliation to ports beyond 80. Such port flooding may increase the effectiveness of a retaliation, but it may also make it easier for packet filtering applications on the webserver to isolate normal traffic from ASN traffic.

Another significant advancement to the ASN systems would be a Relevance vs. Violence rating system. Such a system would allow ASN users to specify the fervency or level of response that is made by their computer against the spammer. This would help to soften the system against spam that the user feels might have been legitimate and quicken harsh retaliation against spammers that send especially offending messages. While this would be valuable it would also increase the application’s development time. Thus the cost-benefit of such additions would need to be weighed by the project and development staff.

 

Conclusion

Everyone hates spam, and in spite of its illegality in many countries, there is nothing that the legal institutions can do to prevent it. The ASN project provides a very real solution that would give a voice to the outrage we all feel on this issue. The internet was supposed to be “the great democratizing force”. While many opinion polls have shown that nearly all internet users would vote to remove it from the web, advertising remains. Where is the democracy in that? Spam is an issue that has enough momentum to propel an application like this into widespread usage. Then, for the first time since the internet's birth, spam would begin to decrease.

In this sense, the ASN could be the mechanism that returns the internet to a state of democracy. The ASN could be our line in the sand. It could be the first of a unique form of consumer advocacy networks that would crystallize around any issue that could garner the support of a large number of netizens. This could be the first internet people’s war that is actually winnable. In short, this will change the face of the internet significantly. The only question is whether you want to help.

 

 

ADDITIONAL LEGAL DISCLAIMER

Now, if I were to say, “I think this is a great idea, and I think we should work towards doing this.” Then that sentence, minus the quotation marks, could land me in jail. So I need to add that I do not advocate anyone doing anything that might be illegal in their country of origin. I think that developers that live in a free country (i.e. one that allows it’s citizens to construct consumer advocacy networks) should do this.