Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Non-Tech : Auric Goldfinger's Short List -- Ignore unavailable to you. Want to Upgrade?

To: StockDung who wrote (14477)	2/2/2005 5:10:28 PM
From: SEC-ond-chance	Respond to of 19428

(A Rare look inside Jeremy Jaynes' office) Project Honeypot aims to trap spammers A BLOW-BY-BLOW account of how one of the world's most prolific senders of spam email was tracked down and prosecuted had an audience of spam fighters on the edge of their seats last week. After years developing anti-spam technology and drafting legislation to outlaw spammers, the delegates at MIT's annual Spam Conference in Boston were overjoyed to see the culprit nailed. "A successful trial with all the time and resources we're spending on this issue just feels so good," says Jonathan Zdziarsky, an anti-spam software expert. Jeremy Jaynes was found guilty last November by a state court in Leesburg, Virginia, of sending more than 10 million unsolicited emails a day. He was hawking pornography, work-at-home schemes and stock-picking software. The spams are estimated to have earned him around $750,000 a month. He is now on $1 million bail, forbidden from using the internet and will be sentenced this month. The jury has recommended he gets a nine-year jail term. "Everyone in the courtroom understood that this verdict was a precedent-setting, awe-inspiring moment," says lawyer Jon Praed of the Internet Law Group in Washington DC, who was an observer at Jaynes's trial. It was the first time the criminal law had been used to such effect against a spammer, and the case highlights how legislation and technology are combining to beat spam. Jaynes's operation was run from a chaotic office in Raleigh, North Carolina. Cabling to 16 high-speed internet links snaked everywhere and there were CDs packed with spammed email addresses and servers holding spam emails. Even as the police arrived, spamming was in progress. The place was littered with crumpled "to-do" lists, and one of them read simply "Solve spam filters". That "to-do" note provided a rare window into how spammers think, says Paul Graham, author of the first content-based spam filter and organiser of the MIT conference. It shows, he says, that they believe spam filters are easier to beat than they really are. Filters installed by the service provider or email provider are the main line of defence against spam. These scan messages for words typical of unsolicited commercial emails, and discard those that they find. But a percentage always seeps through, partly because spammers are sometimes able to fool the scanners by including large quantities of random text in their messages. Spammers can also improve the chances that at least some of their messages will get through by using viruses that turn infected computers into "zombie" machines that can be used to send more spam (New Scientist, 6 November 2004, p 28). Technology alone is not enough to stem the flood of unsolicited email. "The solution to spam is the marriage of technology and law," Praed says. The European Union and Australia led the way with anti-spam legislation in 2003, and were closely followed by two US states: Virginia and California. Then in January 2004 the US introduced the federal CAN-SPAM Act. Now lawyers are learning how to put this new legislation to work. Project Honeypot, the brainchild of Chicago lawyer Matthew Prince, is taking advantage of a clause in the CAN-SPAM act that makes harvesting email addresses for spamming purposes illegal. Spammers collect email addresses using "crawler" software that trawls websites looking for them. These addresses are the spammers' lifeblood, and Prince hopes to cut off the supply. Webmasters who want to help fight spam can download Project Honeypot's software, which is designed to turn their website into a magnet for harvesters. If the site detects that a crawler is visiting it the software generates a fake email address for the crawler to grab, and records the address of the crawler and the time and date. The fake address then vanishes from the site, but remains valid as a mailbox. Because it is a fake, no one will send it legitimate mail. If any mail arrives it can only have come from the spammer who grabbed it off the Honeypot site, and this fingers the computer that crawled the site as belonging to the spammer. Detectives can then begin building their evidence. Three months into Project Honeypot, Prince is using the data the software returns to plot spamming networks for future busts. One email address harvested by a computer in Nigeria was subsequently spammed by computers in the US, Italy, India and Indonesia. "These are the tools and data we need," Praed says. In the spamming arms race, spammers are likely to begin programming their harvesters to detect honeypots and ignore them. But Prince says he is ready for this with countermeasures of his own. Some are based on spammers' own tricks, he says. So are the spammers beaten? "Although there was a feeling at this conference that we are winning, I am not declaring victory yet," Graham says. The spammers could go out of business, he says, "Or they will just get more clever." newscientist.com