Suing Spammers for Fun and Profit - PowerPoint PPT Presentation

About This Presentation
Title:

Suing Spammers for Fun and Profit

Description:

Telecommunications Consumer Protection Act. The TCPA (U.S.C 47 227) ... Telecommunications Consumer Protection Act. ErieNet, Inc. v. VelocityNet, Inc. ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 29
Provided by: sergee
Category:
Tags: fun | profit | spammers | suing

less

Transcript and Presenter's Notes

Title: Suing Spammers for Fun and Profit


1
Suing Spammers for Fun and Profit
  • Serge Egelman

2
Two years from now, spam will be solved-Bill
Gates, February 24th, 2004
3
Background
  • Over 80 of all mail
  • 2006 MAAWG report
  • Less than 200 people responsible for 80
  • According to Spamhaus.org

4
Statistics
5
Statistics
6
Background
  • Its cheap!
  • Wider audience
  • Profit guaranteed
  • Little work involved

7
Background
  • Address harvesting
  • Web pages
  • Forums
  • USENET
  • Dictionary attacks
  • Purchased lists
  • No way out

8
Profile of a Spammer
  • Alan Ralsky
  • 20 Computers at home
  • 190 Servers around the world
  • 650,000 messages/hour
  • 250 millions addresses
  • 500 for every million messages
  • Do the math!
  • Convicted Felon
  • 1992 Securities fraud
  • 1994 Insurance fraud
  • 2008 stock fraud indictment

9
Technical Means
  • Text recognition
  • Keywords
  • Statistical modeling
  • Black hole lists
  • Greylisting
  • Cryptography
  • Digital signatures
  • Payment schemes

10
Asymmetric Cryptography Example
11
Digital Signature Example
12
DomainKeys
  • Asymmetric cryptography
  • Verified sender
  • Modified SMTP server
  • Additional DNS records

13
SpamAssassin
  • Multiple tests
  • Around 300
  • Statistical modeling
  • Scoring

14
Example
DomainKey-Signature arsa-sha1 qdns cnofws
sbeta dgmail.comhreceivedmessage-idd
atefromreply- totosubjectmime-versionconten
t-typecontent-transfer-encodingbARByWZ8/yk5cm8E
w/tJZ5UykezQZkm/fZUV6Wkd0RAb46slxGg8TRQ91Dc2yi8ZIh
bVz1TOc94QeRGgHOfvALEtjqeIA1L1z3yVtTa4BJG4oqiTsT
iczbI2hPdGlGFRixbSshslvoyc3FaISIICMx7HlcqCN/wmiG4
Q0uub4 From Matthew Eaton ltmattheweaton_at_gmail.co
mgt Reply-To Matthew Eaton ltmattheweaton_at_gmail.com
gt To serge_at_guanotronic.com Subject test from
gmail X-Spam-Status No, hits-4.9 required5.0
testsBAYES_00 autolearnno
version2.63 X-Spam-Checker-Version SpamAssassin
2.63 (2004-01-11) on jabba.geek.haus
15
Sender Policy Framework
  • Prevents forgery
  • Requires DNS record
  • Recipient confirms sender
  • Open standard

16
Greylisting
  • Whitelist maintained
  • Other mail temporarily rejected
  • Spammers might give up
  • Mail delivery delayed
  • Spammers will adapt

17
The Hunt
  • Contact Info
  • URLs
  • Email Addresses
  • WHOIS/DNS
  • USENET
  • news.admin.net-abuse.email
  • Databases
  • Spews.org
  • Spamhaus.org
  • OpenRBL.org

18
Legal Means
  • Foreign spam, local companies
  • One weak federal law
  • 38 State laws (as of 2006)
  • A few heuristics
  • Forged headers
  • ADV subject line
  • Misleading subject

19
Telecommunications Consumer Protection Act
  • The TCPA (U.S.C 47 227)
  • "equipment which has the capacity to transcribe
    text or images (or both) from an electronic
    signal received over a regular telephone line
    onto paper.
  • 500 or 1500 fine per message
  • Mark Reinertson v. Sears Roebuck
  • Michigan small claims

20
Telecommunications Consumer Protection Act
  • ErieNet, Inc. v. VelocityNet, Inc.
  • US Court of Appeals, 3rd Circuit, No. 97-3562
  • September 25, 1998
  • it is my hope that the States will make it as
    easy as possible for consumers to bring such
    actions, preferably in small claims court.
    Senator Hollings
  • The question, therefore, is whether Congress has
    provided for federal court jurisdiction over
    consumer suits under the TCPA.
  • U.S.C. 28 1331 The district courts shall have
    original jurisdiction of all civil actions
    arising under the Constitution, laws, or treaties
    of the United States

21
The CAN-SPAM Act15 U.S.C. 7702
  • Requirements
  • Deceptive Subjects
  • Falsified Headers
  • Valid Return Address
  • Opt-Out
  • Enforcement
  • FTC
  • States
  • ISPs
  • Do-Not-Email List
  • Bounty Hunters
  • Sender a person who initiates such a message
    and whose product, service, or Internet web site
    is advertised or promoted by the message.
  • Preemption

22
Virginia Laws
  • The VA Computer Crimes Act (18.2-152)
  • Forged headers
  • 10/message or 25,000/day
  • AOL and Verizon
  • Verizon v. Ralsky 37M
  • AOL v. Moore 10M
  • U.S.C. 28 1332 The district courts shall have
    original jurisdiction of all civil actions where
    the matter in controversy exceeds the sum or
    value of 75,000, exclusive of interest and
    costs, and is between citizens of different
    States.

23
Pennsylvania Laws
  • The Unsolicited Telecommunications Advertisement
    Act (73 2250)
  • Illegal activities
  • Forged addresses
  • Misleading information
  • Lack of opt-out
  • Only enforced by AG and ISPs
  • 10/message for ISPs
  • 10 from AG

24
(No Transcript)
25
Small Claims Court
  • Court summons 30-80
  • Maximum claim 8000
  • Winning by default because the spammer didnt
    bother to show up Priceless

26
So youve won a judgment
  • Domesticate the judgment
  • Summons to Answer Interrogatories
  • Writ of Fieri Facias
  • Garnishment Summons

27
Criminal Penalties
  • Youve got jail!
  • 1 year
  • 3 years
  • 5,000 profit
  • gt2,500 in 24 hours
  • gt25,000 in a month
  • gt250,000 in a year
  • 5 years for second offense

28
Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Suing Spammers for Fun and Profit" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!