Presentation is loading. Please wait.

Presentation is loading. Please wait.

Suing Spammers for Fun and Profit Serge Egelman. Background Over 50% of all mail Less than 200 people responsible for 80%

Published byPamela Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "Suing Spammers for Fun and Profit Serge Egelman. Background Over 50% of all mail Less than 200 people responsible for 80%"— Presentation transcript:

1 Suing Spammers for Fun and Profit Serge Egelman

2 Background Over 50% of all mail Less than 200 people responsible for 80%

3 Statistics

4

5 Background It’s cheap! Wider audience Profit guaranteed Little work involved

6 Background Address harvesting Web pages Forums USENET Dictionary attacks Purchased lists No way out

7 Profile of a Spammer Alan Ralsky 20 Computers 190 Servers 650,000 messages/hour 250 millions addresses $500 for every million messages Convicted Felon 1992 Securities fraud 1994 Insurance fraud

8 Technical Means Text recognition Black hole lists Statistical modeling Neural networks Cryptography Digital signatures Payment schemes

9 Basic Asymmetric Cryptography RSA Pick two large primes, p and q Find N = p * q Let e be a number relatively prime to (p-1)*(q-1) Find d, so that d*e = 1 mod (p-1)*(q-1) The set (e, N) is the public key. The set (d, N) is the private key. Encryption: C = M e mod N Decryption: M = C d mod N

10 Basic Asymmetric Cryptography d = e -1 mod (p-1)(q-1) N = p*q is known! But usually very large (1024 - 2048 bits) RSA 1024 bit challenge: 13506641086599522334960321627880596993888147560 56670275244851438515265106048595338339402871505 71909441798207282164471551373680419703964191743 04649658927425623934102086438320211037295872576 23585096431105640735015081875106765946292055636 85529475213500852879416377328533906109750544334 999811150056977236890927563 309 digits $100,000 prize

11 Asymmetric Cryptography Example

12 Digital Signature Example

13 DomainKeys Asymmetric cryptography Verified sender Modified SMTP server Additional DNS records

14 SpamAssassin Multiple tests Around 300 Statistical modeling Scoring

15 Example DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; +h=received:message-id:date:from:reply-to:to:subject:mime-version:content- type:content-tr +ansfer-encoding; +b=ARByWZ8/yk5cm8Ew/tJZ5UykezQZkm/fZUV6Wkd0RAb46slxGg8TRQ91Dc2yi 8ZIhbVz1TOc94QeRGgHOfvALE +tjqeIA1L1z3yVtTa+4BJG4+oqiTsTicz+bI2hPdGlGFRixbSshslvoyc3FaISIICMx7Hlc qCN/wmiG4Q0uub4= From: Matthew Eaton Reply-To: Matthew Eaton To: serge@guanotronic.com Subject: test from gmail X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on jabba.geek.haus

16 Sender Policy Framework Prevents forgery Requires DNS record Recipient confirms sender Open standard

17 Graylisting Whitelist maintained Other mail temporarily rejected Spammers might give up Mail delivery delayed Spammers will adapt

18 The Hunt Contact Info URLs Email Addresses WHOIS/DNS USENET news.admin.net-abuse.email Databases: Spews.org Spamhaus.org OpenRBL.org

19 Legal Means Foreign spam, local companies One weak federal law 35 State laws (as of 2003) Two types: Forged headers “ADV” subject line

20 Telecommunications Consumer Protection Act The TCPA (U.S.C 47 §227): "equipment which has the capacity to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper.“ $500 or $1500 fine per message Mark Reinertson v. Sears Roebuck Michigan small claims

21 Telecommunications Consumer Protection Act ErieNet, Inc. v. VelocityNet, Inc. US Court of Appeals, 3 rd Circuit, No. 97-3562 September 25, 1998 “it is my hope that the States will make it as easy as possible for consumers to bring such actions, preferably in small claims court.” –Senator Hollings “The question, therefore, is whether Congress has provided for federal court jurisdiction over consumer suits under the TCPA.” U.S.C. 28 §1331: The district courts shall have original jurisdiction of all civil actions arising under the Constitution, laws, or treaties of the United States

22 The CAN-SPAM Act 15 U.S.C. § 7702 Requirements: Deceptive Subjects Falsified Headers Valid Return Address Opt-Out Enforcement: FTC States ISPs Do-Not-Email List Bounty Hunters Sender: “a person who initiates such a message and whose product, service, or Internet web site is advertised or promoted by the message.” Preemption

23 Virginia Laws The VA Computer Crimes Act (18.2-§152) Forged headers $10/message or $25,000/day AOL and Verizon Verizon v. Ralsky: $37M AOL v. Moore: $10M U.S.C. 28 §1332: The district courts shall have original jurisdiction of all civil actions where the matter in controversy exceeds the sum or value of $75,000, exclusive of interest and costs, and is between citizens of different States.

24 Pennsylvania Laws The Unsolicited Telecommunications Advertisement Act (73 §2250) Illegal activities: Forged addresses Misleading information Lack of opt-out Only enforced by AG and ISPs $10/message for ISPs 10% from AG

25

26 Small Claims Court Court summons: $30-80 Maximum claim: $8000 Winning by default because the spammer didn’t bother to show up: Priceless

27 So you’ve won a judgment… Domesticate the judgment Summons to Answer Interrogatories Writ of Fieri Facias Garnishment Summons

28 Criminal Penalties You’ve got jail! 1 year 3 years: $5,000 profit >2,500 in 24 hours >25,000 in a month >250,000 in a year 5 years for second offense

29 Questions?

Download ppt "Suing Spammers for Fun and Profit Serge Egelman. Background Over 50% of all mail Less than 200 people responsible for 80%"

Similar presentations

How Lawsuits Against Spammers Can Aid Spam-Filtering Technology: A Spam Litigators View From the Front Lines Jon Praed Internet Law Group

How Lawsuits Against Spammers Can Aid Spam-Filtering Technology: A Spam Litigators View From the Front Lines Jon Praed Internet Law Group
Basic Communication on the Internet:

Basic Communication on the Internet:
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Spam Edward W. Felten Dept. of Computer Science Princeton University.

Spam Edward W. Felten Dept. of Computer Science Princeton University.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group

An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group
----Presented by Di Xu 17.12.2010.  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
Anonymity and SPAM The Good, the Bad and the Ugly!

Anonymity and SPAM The Good, the Bad and the Ugly!
New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.

New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.
1.3 Control of Information In this section you must be able to: Describe the legal rights and obligations on holders of personal data to permit access.

1.3 Control of Information In this section you must be able to: Describe the legal rights and obligations on holders of personal data to permit access.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
CMU Usable Privacy and Security Laboratory Suing Spammers for Fun and Profit Serge Egelman.

CMU Usable Privacy and Security Laboratory Suing Spammers for Fun and Profit Serge Egelman.
Issue Project - SPAM - EDCI 564 Vaithinathan Vanitha & Sookeun Byun.

Issue Project - SPAM - EDCI 564 Vaithinathan Vanitha & Sookeun Byun.
COS 125 DAY 4. Agenda Questions from last Class?? Today’s topics Communicating on the Internet Assignment #1 due Assignment #2 will be posted next week.

COS 125 DAY 4. Agenda Questions from last Class?? Today’s topics Communicating on the Internet Assignment #1 due Assignment #2 will be posted next week.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CMU Usable Privacy and Security Laboratory Suing Spammers for Fun and Profit Serge Egelman.

CMU Usable Privacy and Security Laboratory Suing Spammers for Fun and Profit Serge Egelman.
Fighting Spam Randy Appleton Northern Michigan University

Fighting Spam Randy Appleton Northern Michigan University
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 1.

Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 1.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.

Similar presentations

Ads by Google