A popular email security company said it would cease trading after being victimised by one of the world’s biggest spammers. The Israeli-based firm Blue Security said it could no longer continue to operate in the face of an escalating threat to the internet from a malicious Russian spammer known only as PharmaMaster.
Recent attacks have crippled websites around the world, with a leading web host saying at the time that one had seemed “to have brought down half of Canada’s network”. The attacks on Blue began after it blocked a large number of spam messages to its users, returning the messages to the source en masse. This has been criticised as a vigilante tactic by some; others have applauded the company for hitting spammers where it hurts.
Sigh….such a sad thing.
We will be watching to see what will come out of the ashes on this one … I understand that it was the responsible thing to do at this point, too many innocents were getting hurt in the process of the fight, but I can’t help but think there may be a Phoenix in the making.
Eran Reshef, good luck in whatever endeavors you do in the future.
EDIT: More at the following links:
A spammer known as PharmaMaster used a massive network of zombie computers to flood Blue Security’s database servers.
Spam Fighter Calls It Quits – Brian Kreb’s SecurityFix – WashtingtonPost prompted after Brian’s article In the Fight Against Spam E-Mail, Goliath Wins Again at the WashingtonPost.
Then, earlier this month, a Russia-based spammer counterattacked, Reshef said. Using tens of thousands of hijacked computers, the spammer flooded Blue Security with so much Internet traffic that it blocked legitimate visitors from going to Bluesecurity.com, as well as to other Web sites. The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
In an interview with Wired News, Blue Security CEO Eran Reshef said the Israel-based company was closing its service Wednesday since he did not want to be responsible for an ever-escalating war that could bring down internet service providers and websites around the world and subject its users to denial-of-service attacks from a well-organized group in control of a massive army of computer drones.
Whatever the case, Blue claims the spammers have beaten it into submission… and that’s not good news for anybody.
So: spammers 1, security 0… where do we go from here?
“It’s clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don’t have the authority to start,” CEO Eran Reshef told The Washington Post. “Our users never signed up for this kind of thing.”
“We didn’t think PharmaMaster would go to extreme of launching a denial of service attack against so many organisations. With 20-20 hindsight we wouldn’t have made these configuration changes, but at the time we didn’t think he’d go so far,” Blue Security CEO Eran Reshef told El Reg at the time. “My mistake was not anticipating he’d go berserk.”
(I hadn’t been able to get to the Register article earlier, I guess they were experiencing the slashdot effect. 😉 )
In other words, you’ve got mail…lots and lots of mail.
“Our community would very much like us to continue on the fight against spam, and our community has grown over the last week,” Reshef said. “But at the end of the day if we continue doing so, within a few days, major websites will go down. I don’t feel that this is something I can be responsible for. I cannot go ahead and rip up the internet to make Blue Security work. This is not the decision a commercial entity can make.”
Blue Security folds under spammer’s wrath – SecurityFocus. EDIT: Addition of this article by Robert Lemos at Security Focus which has probably the most comprehensive history of events.
Tucows final solution was to “duck away from the problem”–in Noss’s words–essentially removing Blue Security’s DNS records from its system. The move essentially made Tucows’ DNS servers disappear for any computer looking up the address for bluesecurity.com, blunting the attack but also foiling any legitimate user that wanted to find bluesecurity.com.
Blue Security’s Reshef, who praised Six Apart for keeping his company’s Web page online and accessible, had stern words for Tucows strategy.
“Tucows took us down,” he said. “Rather than standing up with us in the fight, they deserted us. They didn’t even call us.”
Here’s an interesting suggestion from Slashdot.org here by jacksonj04 in the comment section (just one comment of many really, but intriguing),
Re:When the going gets tough…
If you read up on Blue Security’s actual implementation they never sent more unsubscribe requests than emails recieved. They sent one on behalf of the whole community first, then if that was ignored they sent one unsubscribe request for every email recieved from that spammer to a Blue Security customer.
It’s exactly the same amount of traffic as everybody who recieved the email sending their own “Piss off and leave me alone” request.
On the subject of OS DoS, it won’t work because the network will be too easily exploitable. However, something which used a supernode system to distribute the load would work quite well.
Personally I’m waiting for Google to step in, collect the pieces of Blue Security, then offer it as an automatic feature built into gMail. Spam gMail (x million accounts), someone checks that it really is spam, and then the spammer effectively gets a message saying “Stop spamming Google customers”. Ignore it, and that’s x million identical requests sent by one mother of a system.
Actually, it might be better for them to license a hardened version of the software to ANY email delivery mechanism that wishes to participate — whether it be the likes of Google, Yahoo, MSN/Hotmail, AOL, Earthlink, Cox/Comcast/Verizon/RoadRunner, etc., and while they are at it, why not also make it available to any ISP/Hosting companies too. That way every server (Windows/Linux/UNIX) on the planet has it available? Now that would be distributive power in action! … I know, dreamin’. 😉
Kinda moot really, since they are getting out of the AntiSpam business.
EDIT: On May 18, 2006, Eran posted a message to the Blue Community about the closure on the forums that CastleCops is still sponsoring for the [former] members of the Blue Community. Later that same day, a very fitting epitaph for the valiant effort by Eran and Blue Security was posted by alanstancliff entitied Losers and Winners, a Balance Sheet which was subtitled: The Way Of The Warrior, Strategy and Tactics – A Balance Sheet.