Power Session: Antisocial Networking
Dealing with online abuse
- spam: unsolicited bulk email, now other forms
- it's about consent, not content
- medium isn't the important factor
- blog spam, phishing, spit, spim, etc. etc.
- not just about "did you ask for this"
- also about "are you aiding the spammers?"
Why does it matter?
- just hit delete doesn't scale
- spam around 90% of all email traffic (10 to 1 spam)
- spam traffic doubled to some sites in 4Q06 alone
- splogs rising fast
- 419/pump&dump/phishing scams have dire financial consequences
- those pills you bought might poison you
- unsolicited porn at the workplace? NSFW
- legit mail gets lost in the "noise"
Who is to blame?
- ROKSO list of 200 worst spammers
- criminal gangs and virus writers in cahoots
- "mainsleaze" commercial mailers, other corporate interests
- pornographers, legal and illegal
- "vendors" of illegal pharmaceuticals and software
- politicians (CAN-SPAM toothless, overrides better state laws)
- ISPs, for hosting spammers and lack of vigilance
- you? or your choice of operating system?
Where does all this spam come from?
- spammers with static netblocks
- companies with lousy list management practices
- badly policed affiliate programs
- your computer? network? web site?
- open proxies and relays
- blowback / outscatter from forged spamruns
- various software security bugs (PHP!)
spammers == virus authors?
- wasn't the case a few years ago
- now viruses are designed to be spam proxies (Jeem, late 2002)
- among other things (DDoS amplifiers, keyloggers, template spam)
- Sobig, SpamThru, Blackworm, MyDoom, Sasser, Witty, et al
- literally tens of thousands of variants
- running on estimated tens of millions of computers at any given time
- Lotto/Nigerian "419" advance fee fraud
- "pump and dump" stock fraud scams
- phishing for your account info
- and more (identity theft)
- keyloggers capture login info, call home
- have been known to launder money/stocks
- report them to proper authorities
Trackback and Comment spam
- trying to get their message out
- piggybacking on your openness
- constant background noise of abuse
- can also be malicious, deliver payloads
- represents barrier to entry for newbies
- cause of gray hair for grizzled veterans
What can be done?
- secure your computer!
- email spam filters (client and server side)
- DNS-based blacklists (IPs and domains)
- content filtering (doomed to fail)
- defensive outbound filtering by ISPs
- lawsuits, criminal charges against known spammers
- tactics to defeat bots, web form spam
What shouldn't you do?
- don't let the spammers use you as a conduit
- don't shift the cost of abuse onto others:
- challenge/response, blowback, arcane hoop-jumping
- sender/address verification (eg, verizon)
- don't abandon your email address or blog
- don't allow unfiltered or too-filtered access to comments
- don't give up
- victim's reputation often at stake
- financial consequences of identity theft
- pump and dump ruinous to small businesses
- blowback and C/R adds to burden of mail servers
- authenticated senders are a ways out yet
- again, consent, not content