Add to collection(s) Add to saved
  1. Social Science
  2. Political Science

Suing Spammers for Fun and Profit Serge Egelman C

advertisement 
Suing Spammers for Fun and
Profit
Serge Egelman
CMU Usable Privacy and Security
Laboratory
http://cups.cs.cmu.edu/
“Two years from now, spam will
be solved”
-Bill Gates, February 24th, 2004
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Background

Over 80% of all mail
• 2006 MAAWG report

Less than 200 people responsible for 80%
• According to Spamhaus.org
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Statistics
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Statistics
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Background

It’s cheap!

Wider audience

Profit guaranteed

Little work involved
$2,500
$2,200
$2,000
$1,500
$1,000
$500
$250
$0
Email
USPS
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Background

Address harvesting
• Web pages
• Forums
• USENET

Dictionary attacks

Purchased lists

No way out
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Profile of a Spammer

Alan Ralsky
• 20 Computers at home
 190 Servers around the



world
650,000 messages/hour
250 millions addresses
$500 for every million
messages
Do the math!

• Convicted Felon
 1992 Securities fraud
 1994 Insurance fraud
• 2008 stock fraud
indictment
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Technical Means

Text recognition
• Keywords
• Statistical modeling

Black hole lists

Greylisting

Cryptography
• Digital signatures
• Payment schemes
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Asymmetric Cryptography
Example
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Digital Signature Example
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
DomainKeys

Asymmetric cryptography

Verified sender

Modified SMTP server

Additional DNS records
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
SpamAssassin

Multiple tests
• Around 300

Statistical modeling

Scoring
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Example
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;h=received:message-id:date:from:replyto:to:subject:mime-version:content-type:content-transferencoding;b=ARByWZ8/yk5cm8Ew/tJZ5UykezQZkm/fZUV6Wkd0RAb46slxGg
8TRQ91Dc2yi8ZIhbVz1TOc94QeRGgHOfvALEtjqeIA1L1z3yVtTa+4BJG4+oqi
TsTicz+bI2hPdGlGFRixbSshslvoyc3FaISIICMx7HlcqCN/wmiG4Q0uub4=
From: Matthew Eaton <mattheweaton@gmail.com>
Reply-To: Matthew Eaton <mattheweaton@gmail.com>
To: serge@guanotronic.com
Subject: test from gmail
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no
version=2.63
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on jabba.geek.haus
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Sender Policy Framework

Prevents forgery

Requires DNS record

Recipient confirms sender

Open standard
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Greylisting

Whitelist maintained

Other mail temporarily rejected

Spammers might give up

Mail delivery delayed

Spammers will adapt
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
The Hunt

Contact Info
• URLs
• Email Addresses

WHOIS/DNS

USENET
• news.admin.net-abuse.email

Databases:
• Spews.org
• Spamhaus.org
• OpenRBL.org
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Legal Means

Foreign spam, local companies

One weak federal law

38 State laws (as of 2006)

A few heuristics:
• Forged headers
• “ADV” subject line
• Misleading subject
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Telecommunications Consumer
Protection Act

The TCPA (U.S.C 47 §227):
• "equipment which has the capacity to
transcribe text or images (or both) from an
electronic signal received over a regular
telephone line onto paper.“
• $500 or $1500 fine per message

Mark Reinertson v. Sears Roebuck
• Michigan small claims
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Telecommunications Consumer
Protection Act
ErieNet, Inc. v. VelocityNet, Inc.
• US Court of Appeals, 3rd Circuit, No. 97-3562
• September 25, 1998

“it is my hope that the States will make it as easy as
possible for consumers to bring such actions, preferably
in small claims court.” –Senator Hollings

“The question, therefore, is whether Congress has
provided for federal court jurisdiction over consumer suits
under the TCPA.”

U.S.C. 28 §1331: The district courts shall have original
jurisdiction of all civil actions arising under the
Constitution, laws, or treaties of the United States
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
The CAN-SPAM Act
15 U.S.C. §7702

Requirements:
• Deceptive Subjects
• Falsified Headers
• Valid Return Address
• Opt-Out

Enforcement:
• FTC
• States
• ISPs

Do-Not-Email List

Bounty Hunters

Sender: “a person who initiates such a message and whose product,
service, or Internet web site is advertised or promoted by the
message.”

Preemption
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Virginia Laws

The VA Computer Crimes Act (18.2-§152)
• Forged headers
• $10/message or $25,000/day
• AOL and Verizon

Verizon v. Ralsky: $37M

AOL v. Moore: $10M

U.S.C. 28 §1332: The district courts shall have
original jurisdiction of all civil actions where the
matter in controversy exceeds the sum or value of
$75,000, exclusive of interest and costs, and is
between citizens of different States.
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Pennsylvania Laws

The Unsolicited Telecommunications
Advertisement Act (73 §2250)

Illegal activities:
• Forged addresses
• Misleading information
• Lack of opt-out

Only enforced by AG and ISPs
• $10/message for ISPs
• 10% from AG
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Small Claims Court

Court summons: $30-80

Maximum claim: $8000

Winning by default because the spammer
didn’t bother to show up: Priceless
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
So you’ve won a judgment…

Domesticate the judgment

Summons to Answer Interrogatories

Writ of Fieri Facias

Garnishment Summons
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Criminal Penalties

You’ve got jail!
• 1 year
• 3 years:
 $5,000 profit
 >2,500 in 24 hours
 >25,000 in a month
 >250,000 in a year
• 5 years for second offense
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Questions?
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Related documents
CMU 18-447 Introduction to Computer Architecture, Spring 2015
CMU 18-447 Introduction to Computer Architecture, Spring 2015
CMU 18-447 Introduction to Computer Architecture, Spring 2015
CMU 18-447 Introduction to Computer Architecture, Spring 2015
Document10602156 10602156
Document10602156 10602156
CMU 18-447 Introduction to Computer Architecture, Spring 2014
CMU 18-447 Introduction to Computer Architecture, Spring 2014
CMU 18-447 Introduction to Computer Architecture, Spring 2014
CMU 18-447 Introduction to Computer Architecture, Spring 2014
CMU 18-447 Introduction to Computer Architecture, Spring 2013
CMU 18-447 Introduction to Computer Architecture, Spring 2013
Download
advertisement