Snowshoeing: small-batch spam that's less targeted than spear-phishing

Snowshoe_(PSF)

Snowshoe spam has a "small footprint" -- it is sent is small, semi-targeted batches intended to sit below the trigger threshold for cloud-email spam filters, which treat floods of identical (or near-identical) messages as a solid indicator of spam. Read the rest

Spam-fighting mail-rule

Spam-Can

If body contains "unsubscribe" and From: is not any of my addressbooks, then move message to folder "Spam." You're welcome. Read the rest

Turns out that "unsubscribing" from spam actually works

2252790326_cc615daf15_o

After my spam hit a point where I couldn't actually download my email faster than it was arriving, I spent a month clicking the unsubscribe links in all the spams in my inbox. Weirdly, it worked. Read the rest

Video perfectly captures CAPTCHA anxiety

yEAZXO
If you've ever stressed out about the new batch of timed CAPTCHAs that involve math equations, games, or inaudable audio, this video on CAPTCHA anxiety by videogamedunkey may feel all too familiar.

Read the rest

FCC takes aim at spam texts and robocalls

spamtextssmall

Telecoms will be given wider latitude to block nuisance messages to their customers, reports the Wall Street Journal. Read the rest

Clinton's sensitive email was passed through a third-party spam filtering service

It's been years since the spam wars were at the front of the debate, but all the salient points from then remain salient today: when you let unaccountable third parties see your mail and decide which messages you can see, the potential for mischief is unlimited. Read the rest

Social graph of mysterious twitterbots

Terence Eden has mined the social graphs of thousands of mysterious, spammy twitterbots, which may or may not be the same larval spambots I wrote about. Read the rest

Brian Krebs's "Spam Nation"

In Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door, Brian Krebs offers a fascinating look at the mass-scale cybercrime that underpins the spam in your inbox and provides an inside peek at a violent fight among its principle players. Cory Doctorow reviews.

Google Maps' enduring security holes put businesses at risk

It's been more than a year since a series of high-profile articles demonstrated that Google Maps' crowdsourcing function can be used create new listings, alter existing business listings, and even create fake Secret Service offices that real-life cops end up calling. Read the rest

Russia's army of paid astroturfers message-bomb western coverage of Ukraine

A set of documents leaked by a group identifying itself as Russian hackers purports to be training materials for Russian psyops agents who were paid to make favorable comments about Russia's position in Ukraine on western media websites. The group of fake commenters, called the Internet Research Agency, is based in Saint Petersburg, and its operatives were ordered to maintain multiple commenter identities based on certain archetypes, and to post a minimum quota of pro-Russia messages every day. Included in the documents are per-site strategy notes for preventing moderators from erasing messages (for example, on Worldnetdaily, do not use "vulgar reactions to the political work of Barack Obama.")

These tactics are familiar ones. Rebecca MacKinnon's indispensable book Consent of the Networked describes the Chinese government's "Fifty Cent Army," each paid 0.5RMB per message pro-government postings. And of course, the 2011 HB Gary leak revealed the existence of a US Air Force RFP seeking "persona management" software that would let US psyops operatives maintain up to 20 fake identities from which to post pro-US messages on Arab-world websites. Read the rest

Comment-spammers threaten to sabotage their victims through Google Disavow if the evidence of their vandalism isn't removed

Tim got an email from someone trying to get rid of comment spams -- ever since Google started punishing sites that left comment spam on blogs, this has been going on a lot. When Tim told the guy to buzz off, he threatened Tim with sabotage by means of Google's "Disavow" tool, growing progressively more abusive as Tim stood his ground. Read the rest

Orange UK plumbs the depths of insulting, stupid marketing, finds a new low

I had the above-reproduced SMS exchange with a bot from my horrible mobile phone carrier, Orange UK (now called "EE" after the high-pitched noise my incipient aneurysm makes whenever I have to deal with them, and because vowels) today. They have "good news" -- I have been subscribed to "special offers" from "great brands" via SMS. And I can opt out. Except, surprise, it takes three weeks to process these opt-outs.

Not sure what I should do apropos of any "great brands" who pay Orange to spam me in the runup to Christmas: maybe just name-and-shame them here? Any other ideas? Read the rest

Rise of predatory, parasitic spambooks

Charlie Stross considers the confluence of bookspam; Turing-complete, Javascript enabled ebooks, and auctorial disappointment and posits a hostile ecosystem of parasitic ebooks who go around devouring the competition. Read the rest

The Internet Police: How Crime Went Online, and the Cops Followed

Nate Anderson is one of my favorite Ars Technica writers -- always thorough and always evenhanded, but never shrinking from venturing an opinion or trying to put individual incidents in the context of the wider Internet. His new book, The Internet Police: How Crime Went Online, and the Cops Followed, is a brisk, eminently readable, and important history of the relationship between law, law enforcement, and the net, and as you'd expect, it's excellent. Read the rest

Where Twitter spam-accounts come from

A pair of researchers -- one a grad student working at Twitter -- bought $5,000 worth of fake Twitter accounts (with Twitter's blessing) and developed a template for identifying spam Twitter accounts. The spammers were using cheap overseas labor to solve Twitter's CAPTCHAs, registering the new accounts with automatically created email boxes from Hotmail and Mail.ru, and spreading the registrations out across a range of IP addresses, courtesy of massive botnets of infected computers. Twitter nuked zillions of spam accounts and prevented new ones from signing up -- for a while. Quickly, the spammers adapted their tactics and went back to registering new accounts. The researchers, Kurt Thomas and Vern Paxson, presented their results today at Usenix Security DC, in a paper called Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse (PDF).

Update: Here's the full research team: "Kurt Thomas is a grad student at UC Berkeley who works at Twitter; Alek Kolz works at Twitter, Damon McCoy is a professor at GMU, Chris Grier is a researcher at ICSI and UC Berkeley and Vern Paxson is a lead researcher at ICSI and a professor at UC Berkeley." Read the rest

Bestiary of unimportant envelopes that look important

The Evil Mad Scientist folks have compiled an annotated bestiary of junk-mail envelopes that are camouflaged to look like important correspondence. It's a fascinating study in meatspace spam.

Often times, these envelopes are quite well done. Above is an example that might cause a genuine double take— with its “FINAL NOTICE ENCLOSED“ — and bank-PIN style tear tabs on the sides...

And then, there’s the fine print, so that you really take it seriously. A $2,000 fine or 5 years imprisonment(!) are threatened under §1702 should you fail to deliver this fine specimen of junk mail letter to its intended victim. (This penalty is true but somewhat misleading; the law refers to obstruction of mail in general, not this “final notice” in particular.)

Envelopes That Claim to be Important Read the rest

Corporations are people, so the city of Seattle can't have an opt-out policy for spammy phonebooks no one wants

Jeff sez,

Seattle will spend $500,000 to settle a lawsuit it lost with phonebook companies over its sensible opt-out program for residents.

Beginning in May 2011, Seattle began allowing residents to opt out of unwanted phonebook deliveries. The program was so popular, the city reports that more than 2 million pounds of paper are saved annually as a result. The phonebook companies sued the city and lost, but won on appeal. The city has chosen not to appeal to the Supreme Court.

The phonebook companies alleged in their complaint that the phonebook ordinance, 'denies [their] rights guaranteed by the First and Fourteenth Amendments to the United States Constitution.'(free speech and due process). If not for the legal concept of 'corporate personhood', the phonebook companies wouldn't be able to sue Seattle to assert Constitutional rights originally written only for people.

Rather than ask the question, 'are the phonebook companies people?'and 'do they have the right to free speech?'the courts have focused largely on whether the content in the phonebooks (advertisements and phone listings) represent free speech which can't be regulated or commercial speech, which can be.

The companies claim, 'The First Amendment to the United States Constitution prohibits government from -- enforcing the desire of citizens to avoid communications [and] from prying into citizens' preferences regarding communications they seek to avoid.'

Corporate Personhood to Cost Seattle $500,000 to Settle Phone Book Lawsuit (Thanks, Jeff!)

(Image: Seattle Phone Book Spam, a Creative Commons Attribution (2.0) image from edkohler's photostream) Read the rest

More posts