Antisocial Networking: Dealing with Online Abuse

Steven Champeon
SXSW Interactive 2007

Power Session: Antisocial Networking

Dealing with online abuse


  • spam: unsolicited bulk email, now other forms
  • it's about consent, not content
  • medium isn't the important factor
  • blog spam, phishing, spit, spim, etc. etc.
  • not just about "did you ask for this"
  • also about "are you aiding the spammers?"

Why does it matter?

  • just hit delete doesn't scale
  • spam around 90% of all email traffic (10 to 1 spam)
  • spam traffic doubled to some sites in 4Q06 alone
  • splogs rising fast
  • 419/pump&dump/phishing scams have dire financial consequences
  • those pills you bought might poison you
  • unsolicited porn at the workplace? NSFW
  • legit mail gets lost in the "noise"

Who is to blame?

  • ROKSO list of 200 worst spammers
  • criminal gangs and virus writers in cahoots
  • "mainsleaze" commercial mailers, other corporate interests
  • pornographers, legal and illegal
  • "vendors" of illegal pharmaceuticals and software
  • politicians (CAN-SPAM toothless, overrides better state laws)
  • ISPs, for hosting spammers and lack of vigilance
  • you? or your choice of operating system?

Where does all this spam come from?

  • spammers with static netblocks
  • botnets
  • companies with lousy list management practices
  • badly policed affiliate programs
  • your computer? network? web site?
  • open proxies and relays
  • blowback / outscatter from forged spamruns
  • various software security bugs (PHP!)

spammers == virus authors?

  • wasn't the case a few years ago
  • now viruses are designed to be spam proxies (Jeem, late 2002)
  • among other things (DDoS amplifiers, keyloggers, template spam)
  • Sobig, SpamThru, Blackworm, MyDoom, Sasser, Witty, et al
  • literally tens of thousands of variants
  • running on estimated tens of millions of computers at any given time

Financial scams

  • Lotto/Nigerian "419" advance fee fraud
  • "pump and dump" stock fraud scams
  • phishing for your account info
  • and more (identity theft)
  • keyloggers capture login info, call home
  • have been known to launder money/stocks
  • report them to proper authorities

Trackback and Comment spam

  • trying to get their message out
  • piggybacking on your openness
  • constant background noise of abuse
  • can also be malicious, deliver payloads
  • represents barrier to entry for newbies
  • cause of gray hair for grizzled veterans

What can be done?

  • secure your computer!
  • email spam filters (client and server side)
  • DNS-based blacklists (IPs and domains)
  • content filtering (doomed to fail)
  • defensive outbound filtering by ISPs
  • lawsuits, criminal charges against known spammers
  • tactics to defeat bots, web form spam

What shouldn't you do?

  • don't let the spammers use you as a conduit
  • don't shift the cost of abuse onto others:
    • challenge/response, blowback, arcane hoop-jumping
    • sender/address verification (eg, verizon)
  • don't abandon your email address or blog
  • don't allow unfiltered or too-filtered access to comments
  • don't give up

Other issues

  • victim's reputation often at stake
  • financial consequences of identity theft
  • pump and dump ruinous to small businesses
  • blowback and C/R adds to burden of mail servers
  • authenticated senders are a ways out yet
  • again, consent, not content