Ronald D. Edge, IS Manager and long-time anti-spam activist, contributes these thoughts about the recent demise of two anti-spam sites:
The past few weeks have seen the deaths of several major anti-spam DNSBL blocklists, of particular note, Joe Jared's osirusoft.com, and Ron Guilmette's monkeys.com open proxy abuse sources lists. In both cases, overwhelming, non-stop Distributed Denial of Service (DDoS) attacks rendered the sites inoperable. What is most disturbing, though, is the news reported by participants within the anti-spam community who have spoken with both Jared and Guilmette that, when contacted, not only have legal authorities failed to respond and take action, but in Guilmette's case, he could apparently not even get the authorities to understand what the problem was and take a report when he first contacted them.
Note that in both cases, Jared and Guilmette earn their livelihood through their ability to connect to and have an Internet presence. Their efforts on behalf of the anti-spam community were purely voluntary and a pro-bono donation of their time. Yet the DDoS attacks of course did not distinguish, and were of such magnitude that in order to save their businesses and livelihoods, both had to throw in the towel, and admit defeat.
Guilmette had obviously brought the wrath of the hardcore spammers down on himself by exposing the open proxy spam gangs' true locations, from which they were seeking out open proxies elsewhere and relaying their spam runs through them, and by naming the ISPs and providing detailed statistics on the abuse of open proxies by spam being committed from the home ISPs of the spammers. For about two months he had been publishing a more or less weekly 'Top 40' list of ISPs that were, after being informed by him of their presence, knowingly harboring nests of open proxy abusing spammers. Reportedly quite a few major spam gangs suddenly found themselves outed and ousted from the comfort of their home ISP. So he was clearly due an attack by these Internet criminals, and he got it.
What is appalling and inexplicable is the apparent failure of legal authorities to act and track down criminals who have clearly 'owned' literally 1,000's of machines across the Internet, and are using them in well-planned, coordinated, constant, and devastating attacks on the business web sites of American citizens. And the authorities seem simply not to care.
If similar actions were taken against traditional storefronts of brick and mortar, the authorities would be all over it in an instant. Is this just an extension of the fact that the legal system and the police structure have been incredibly slow to catch up with the pace of technology over the past decade? If ever there was a truism, that is one. There are repeated statements floating in the press and in online forums discussing these issues that the F.B.I. won't even show interest unless you can show $50,000.00 in damages up front. Does being basically forced off the Internet and thus unable to conduct business not count for something? Apparently not.
A very bright light needs to be shined on this abject failure of the legal authorities here in the United States to respond to legitimate complaints of criminal activity that has caused the individuals connectivity to the Net to be destroyed. There needs to be some explanation why Jared and Guilmette have been reportedly pretty much told to whistle Dixie, rather than action taken to pursue, identify, and prosecute what is obviously a large, coordinated, and well planned gang of perpetrators of criminal activity, willing to commit massive DDoS attacks targeting specific individuals and sites that go on not just for hours or days, but in the cases sited here, for MONTHS of unrelenting, 24 hour a day attack. Something is clearly not right in this picture.
Let me add one observation to Edge’s comments. A lot of attention has been paid to Congressional attempts to draft "tough" anti-spam laws, but this situation makes it clear just how futile such legislative efforts are likely to be. Laws already exist making denial-of-service attacks a crime, here and in most other countries. If law enforcement can’t be bothered in cases of concentrated criminal activity like this, what chance is there they will go after spammers for not honoring a do-not-spam list?
2:59:01 PM 
|
|
