Spam Warz

[ Site Index] [ Journalism Index] [ Feedback ]

(or: how to crash a hundred thousand computers in three easy steps)

Jokes about ignorant computer users and their damn-fool tricks are a dozen a dime, and have been for years. From the legend about the faxed disk (tech support to user over phone: "okay, why don't you send us the defective disk?"; five minutes later: image of disk rolls out of fax machine) to the classic "any" key (as in "press any key to continue" -- yes, but which is the "any" key?), idiots in charge of computers and the havoc they can wreak are legendary. Maybe these jokes serve a purpose, to remind those of us in the know just how much we take for granted that is not initially obvious -- and maybe they also help us relate to the point of view of those who are frightened by these strange, unfamiliar machines. But they also serve to highlight another point: that most of the damage inflicted by ignorant users is self-directed.

The havoc that results when an ignorant user pulls a howler on the internet is much more widespread. And sometimes it can be catastrophic.

The internet is a huge, berserk, and out-of-control mess of computers. There are a lot of internetworked computers in America. There are about 150,000 in the UK (a figure that's doubling every eight months). There are nodes in Novosibirsk and Ulan Bator and Pretoria. All of these sites exchange electronic mail; most of them exchange network news, a vast distributed bulletin board system that uses a mechanism derived from the internet standard email system. And a lot of the systems can also do more complex things with each other (see Shopper 77, page 509, for an introduction).

Because the internet is so big, virtually nobody knows how big it is; people can only guess. There's no centre, no Great Administrator in the Sky who will tell people at one site or another not to do something that bugs the hell out of people at another site: there's not even a global legal jurisdiction, because the internet is international. Think of it as a great big electronic jellyfish, with tentacles dangling everywhere -- some of them lined with stingers, waiting for the unwary user who makes a Big Mistake in front of an audience of hundreds of thousands, if not millions, of users.

To get on the internet, you used to have to be a university or a US government contractor. You had to get an existing net user to vouch for you. And you probably needed a mainframe, or at least a VAX, to carry the load. It was a game indulged in by multitudes of UNIX geeks, who regarded it as their sovereign territory; a functioning anarchist community in which everyone knew the rules, and anyone who refused to play by them would be taken down a notch by their peers. The ultimate sanction -- withdrawl of net connectivity -- was virtually never needed, because everyone understood the score. After all, everyone was a small world -- maybe a few thousand site administrators, and a few tens of thousands of users who the administrators looked after.

(Okay, so this is a rosy, nostalgic, back-to-the-backwoods view of things. The internet has always been turbulent and argumentative, in a way that frequently offends people with a hangup about order. If we take the irritatingly pervasive "information superhighway" metaphor and mangle it to cover the internet of the eighties, it was more like a network of dirt tracks, driven at top speed by stoned and/or psychotic auto engineers in home-made double-decker busses, without benefit of traffic police, road signs, or ambulances.)

More recently, commercial providers like CompuServe and Prodigy began linking up their networks to the internet, taking advantage of the connectivity it provided. Small outfits like Demon Systems and Unipalm/Pipex (in the UK) or Netcom (in the USA) began offering cheap deals to individual users. For the price of an ancient PC-XT with a hard disk and modem, plus somewhere between one and three hundred pounds a year, you can connect to the net. But with this kind of connectivity comes responsibility; you are your own site administrator, and if you tread on toes nobody is going to come and gently explain to you what you've done wrong -- it's assumed that you know what you're doing, and the rule book is big and inchoate. The net is like the mediaeval common land; anyone can do anything there, and frequently does.

Most people who get on the net lurk in the shadows for a bit, trying to figure it all out and learn what the customs of this bewildering new world are all about. But as the population in the nascent electronic nation increases into the tens of millions, so too does the number of cranks, lunatics, and just plain incompetent people on the net.

News, views, and advertising

From Monty Python, the spam sketch:

---

Man: Morning.
Waitress: Morning.
M: Well, what you got?
W: Well, there's egg and bacon; egg, sausage and bacon; egg and spam;
    egg, bacon and spam; egg, bacon, sausage and spam; spam, bacon,
    sausage and spam; spam, egg, spam, spam, bacon and spam; spam,
    sausage, spam, spam, spam, bacon, spam, tomato and spam; spam, spam,
    spam, egg and spam; (vikings start singing in background) spam, spam,
    spam, spam, spam, spam, baked beans, spam, spam, spam and spam.
Vikings: Spam, spam , spam, spam, lovely spam, lovely spam.
W (cont): or lobster thermador ecrovets with a bournaise sause, served
    in the purple salm manor with chalots and overshies, garnashed with
    truffle pate, brandy, a fried egg on top and spam.
Wife: Have you got anything without spam?
Waitress: Well, there's spam, egg, sausage and spam.  That's not got
much spam in it.
Wi: I don't want any spam!
M: Why can't she have egg, bacon, spam and sausage?
Wi: That's got spam in it.

---

Spam, on the net, does not mean pinkish processed pig meat. It has another, more surreal meaning -- one derived from the famous Monty Python "spam" sketch. "Spamming" is the process of posting (i.e. sending) large amounts of irrelevent drivel to large numbers of mailing lists or news groups, where it will be read by zillions of people. Spam is the same wherever it is -- and a lot of people find it highly offensive.

When reading net news, you typically use a newsreader program that presents you with a list of groups -- topic areas. You select groups, then see discussion threads on specific subjects within each one; you can then dive in and read the messages, send an email reply to one of the authors, or add messages which are then automatically disseminated to every other computer that receives that newsgroup. Spam shows up by virtue of the fact that it's with everything. You take a look in one of the computing newsgroups -- for example comp.sys.ibm.pc.digest -- and there's a message exhorting you to buy "thigh cream" from a post office box in Florida. Then you take a look in a social group -- say, soc.culture.british -- and lo, the British culture junkies are being offered a special deal on thigh cream. So you check out some totally surreal weirdness -- say, alt.culture.electric-midget, or alt.destroy-the-earth -- and lo, the same junk adverts are flooding the erudite discussions of genocide machines or electric midgets.

What has happened is that someone who knows nothing about netiquette -- the social conventions surrounding friendly posting on the net -- has written a program. The program (a spammer) walks through the entire hierarchy of newsgroups (all nine thousand two hundred of them) and posts the same message to each group, regardless of topic.

Now this may sound like harmless fun, or at least a mildly reprehensible prank. But it isn't. On the internet, spamming has much the same effect as throwing a side of beef into a pool of hungry piranhas. And the network storm that results can bring down a large chunk of the internet for hours or days.

Net news is a really useful resource, and lots of people enjoy using it. It comes in handy for everything from recreational diversion with friends in special-interest groups, to urgent requests for help in dealing with a SCSI drive configuration problem. But there is a cost. Every time you "post" a message to a newsgroup, it is sent by your reader to a news server -- a program somewhere (probably on a big workstation) that maintains a database of articles. Servers talk to each other, exchanging new messages, so gradually your posting works its way across the internet. Every server stores a copy for a period of days or weeks, until it "expires" with age and is purged. Because postings eat up server disk resources all over the world, there are convetions for posting (detailed in news.newusers.announce).

For example, it's considered bad form to post a message consisting entirely of the quoted text of an earlier message followed by a one line comment such as "I agree!". It's also bad form to post a compressed encoded copy of your whizzy new word processor, or your scanned self-portrait, to any group (except certain special "binaries" groups that exist for this purpose). And it's bad form to post the same message to different groups. You can post a message that goes to multiple groups at the same time -- cross-posting -- but only one copy is propagated across the net, so it takes up less space. (And you also risk being flamed -- abused, criticized, and vilified -- if it's inappropriate to some of the cross-posted groups.)

Finally, there's the Advertising Taboo.

The news system started off as a bulletin board for academics and government workers in the USA. There was an acceptable use policy that prohibited use for commercial purposes; this is still present insofar as large chunks of the news feeds run via NSFnet, the US government's academic network (now NREN). Plus, it was widely agreed that the addition of advertising could well kill the news system. Posting to news is easy -- avoiding reading posts you don't like is hard. Most newsreader applications support a "killfile", a file of names or string patterns that, if found in an article's header, cause the reader to ignore the article. But the offending piece is still there, clogging up the news spool directories and slowing the system down.

Why spam is bad for you

Lets take a look at a hypothetical spam incident to see why it's so offensive. After all, the contents of a given spam posting might be quite innocuous. What does the damage is simple; the discussion it provokes, and the force-multiplier effect of the internet. Posting spam is a bit like shooting a man who's wearing a waistcoat full of sticks of dynamite -- you get more bang for your buck than you expected.

Firstly, spam eats up server resources. A single posting, 5Kb long, posted to every news group, will eat up 50 Mb of disk space on the news server it's first sent to. It also eats up 50Mb of outgoing bandwidth -- which has to be paid for -- as it propagates from host to host. There are about 100,000 news servers. So the spam posting takes up a staggering 5,000 Gigabytes (that's five _million_ megabytes) as it spreads in a wave across the internet.

But that's not all. A lot of internet users hate spam, for the above reason. They may also dislike the products being advertised. And they're talkative; boy, are they talkative. In any spammed newsgroup it is usual to see a 10% surge in postings over the next 48 hours, as regulars denounce or discuss the spam. (This corresponds to maybe 5 more messages per spammed group.) And for every user who posts a public message, ten users will probably send protest letters to the site that spammed their group, requesting them to desist. Maybe one in ten of such replies will be a mail bomb -- the user will, in a fit of pique at having their usual service disrupted, append a huge file, such as a copy of their UNIX host's dictionary, to their mail (or a large C compiler, or a copy of Word for Windows: typically anything that's guaranteed to make an email system feel sick).

A spam broadcast that takes in all the newsgroups with a single duplicate message can therefore provoke on the order of 50,000 posted responses on the news system, and 500,000 email responses, within 48 hours.

As a rule of thumb, most big internet sites connect at speeds between 64Kbits/sec and T1 (1.4 Mbits/sec). The effect on a site of receiving a traffic surge of 50 Megabytes is not pleasant -- especially if you pay by the kilobyte for your bandwidth. The effect on a site of receiving 500,000 email messages is even less pleasant. (That's a minimum of half a gigabyte, even without the jokers who send you their favourite sanskrit dictionary in return for your jamming up their servers with spam.) Indeed, a real spam incident generates so many flames that it doesn't simply crash the computer that was spammed from -- it crashes everything within a couple of network hops of the offender. Computers feeding mail to the spammer suddenly discover that from a few hundred Kb per day they're fielding tens of megabytes per hour. The last computer before the spammer -- their main internet gateway -- probably falls over and dies, even if it's a mainframe with tens of gigabytes of online disk space. And so, quite probably, does every other computer linked to the gateway.

Because of the possibly apocalyptic consequences of allowing advertising on the internet, the internet gods -- the erudite administrators who agreed the interoperability standards and protocols for the internet -- did two things; firstly, they established the "biz" hierarchy, for business related discussions and press releases (but not advertizing as such). Secondly, they inculcated a taboo. You can talk about drugs, weird sex, drowning kittens, cannibalism, and any other number of gross-out topics, as long as you keep to the appropriate forum (like alt.drugs, alt.sex.bondage, alt.tasteless, and so on) ... but advertising is Out.

Enter the Spam Warriors.

Laurence Canter and Martha Siegel are two lawyers, based in Tennessee. Their smallish law firm, Canter and Siegel, did a special line in green card lottery applications. (A "green card" is an unrestricted work and residential permit for use in the USA, giving most of the privileges of citizenship except for voting rights.) Every year, the US State Department holds a lottery. A number of green cards are made available to citizens of several countries; if you enter the lottery you might win one, thus enabling you to move to the USA without needing to go through the usual rigmarole of visas and work permits. But like most US government forms, the lottery application is fearsomely complicated: so Canter and Siegel specialized in submitting lottery applications in return for a $100 fee. This is not exactly mainstream corporate legal practice, but it's not illegal -- and some people are apparently willing to pay $100 to have a lawyer fill out a lottery ticket for them. (Whether Canter and Siegel's promotional material allegedly inculcated the idea that having a lawyer fill out the form would improve their chances of winning cannot be determined.)

C&S were just another small, indeed marginal, law firm practicing in the backwoods of America until May 1994. Then the spam hit the fan.

Laurence and Martha had known about bulletin boards for some time. As the net expanded, they became aware of it, and took an interest by subscribing to one of the new commercial outfits who offer net access via modem, Internet Direct. The taboo against advertising seemed laughable to them -- "if you cut through all this what you will find is a group of old timers who don't want their private domain invaded," Martha Siegel told reporters. The two lawyers smelled an opportunity; this common area, the news system, was open to everyone ... and _nobody_ had commercialized it yet! Surely advertising in this new medium would be an instant hit! They could reach millions of users for a cost of a few dollars. Sure the small print on the service contract that their provider had sent them said "no advertizing", but Laurence cunningly contrived not to sign the terms before returning them. So of course the acceptable use policy could not legally be interpreted as applying to Canter & Seigel, could it?

And of course, as all lawyers know -- if it's not illegal, you can do it.

Canter & Seigel hired a programmer, Leigh Benson, to write them a simple program that would connect to Internet Direct's news server and automatically post a single message to every newsgroup it could find. Following a disagreement over pay and conditions, the programmer left or was sacked in April 1994 -- accounts vary. However, he left his work behind; and in mid April Laurence Canter pointed his program at the internet and fired off an advert ... five thousand times.

They didn't get any replies. Internet Direct's main server crashed fifteen times in a row beneath the deluge of hate mail, flames, and very occasional responses that came in -- thirty thousand messages in eighteen hours. As the spam propagated across the net it generated a secondary shockwave of angry responses: computer professionals demanding to know what this nonsense was doing in their discussion groups, afficionados of tastelessness flaming over the lack of taste C&S displayed in posting this advert in alt.tasteless, and who-knows-what else.

To say Internet Direct's administrator was annoyed is an understatement. The affair cost him serious money and blocked all the other ID subscribers from the net while he cleaned out his system. So he blocked Canter and Seigel's account on grounds of misuse.

So they sued him for $250,000 for loss of business due to all the pent-up demand for lottery applications that he purged from his system while it was crashing (along with the sanskrit dictionaries, hate mail, and nefarious other flying pigs). The lack of a valid contract was brought into the case: Internet Direct hadn't got Canter's signature on a paper saying that he wouldn't advertize via the net, so it was proposed that there were no grounds for pulling the account.

(In actual fact, the ratio of disapproval to approval expressed on the public newsgroups after the spamming incident was on the order of 100 to 1 ... but what the hell. Spamming isn't illegal, is it?)

Round two occurred rapidly thereafter. Canter and Siegel were now notorious. They posted from other accounts, held with Netcom and PSI, promising more advertisements, This unrepentent response caused even more outrage than the initial spamming. Various net experts began digging; various tidbits came to light. (For example: on October 13, 1988, Laurence Canter petitioned the Florida supreme court for permission to resign from the bar, rather than face charges of "numerous violations of the attorney disciplinary rules, including neglect, misrepresentation, misappropriation of client funds, and perjury". In 1987, Canter and Siegel had been suspended for 90 days for "engaging in deliberate scheme to misrepresent facts to senior mortgagee in order to secure full financing of purchase for law office". Of course neither of these incendents bore any relevence to the spam controversy, but they were siezed upon with glee by various people as evidence of Shyster and Flywheel's shady history.)

Canter and Seigel meanwhile basked in a glow of publicity. Ignorant commercial news commentators seemed to think that they'd done something important in "discovering a new advertising medium"; whereas in fact they had instilled in the vast majority of their readers a violent antipathy to the very idea. Oblivious, C&S ploughed on, promising to write a book about how to advertise over the internet, and stating that they would set up a company to selectively spam newsgroups for money.

Needless to say, the other providers who C&S had accounts with took fright. Some cited clauses in their contracts for denying further service to Canter and Seigel; others leaned hard on C&S to sign acceptable use policy contracts on pain of having their accounts cut off. But the immediate damage was done ...

A plague of Clones

By doing the unthinkable, Canter and Seigel opened the floodgates.

The first copycat was the "Skinny Dip" advert, posted on the 24th of May to about 2000 newsgroups. This posting made extensive use of ANSI graphics (a la IBM PC) -- not a good move in an advert that would be read on everything from Macintoshes to terminals hanging off Cray supercomputers. The author of this post comitted an even worse offense than Canter and Seigel. Anticipating megabytes of hate mail, he configured his mail server to redirect all his mail to Marc Andreisen. (Andreisen was the principle programmer on the Mosaic project -- see Shopper 76 -- and totally unconnected to any advertising operation. As a result of this vindictive dodge, he lost his mailbox, and indeed had to take on a new email account.)

The Skinny Dip spam differed from Green Card in one notable respect: the news robot that posted it took about a minute per group. As a result, people began seeing the posting appear in different places as the robot polled group after group. Some angry administrators used alt.current-events.net-abuse as a forum in which to discuss their response; intemperate souls cobbled together and unleashed anti-spamming agents in a matter of hours.

Because of the way news works, it is possible to cancel a posting -- if you have the message's unique identification string, and are the author. In practice, any halfway competent programmer with administrator-level privileges can write a program that cancels someone else's postings. However, there is a major problem. The "cancel" operation itself sends out a posting, that appears to come from the originator of the original message. The quickly-written anti-spamming robots scanned through the news system and issued cancel messages to every message from the offending user that they detected. But multiple cancel-bots were operational within hours; and they began cancelling each others' cancel messages. The result was a network storm. Although the original spam disappeared from the news groups within hours, swept away by a deluge of cancel messages, the news spool areas kept filling up with spurious cancel messages. In the end, the canceller robots caused almost as much havoc as the original spam.

Spam spreads. The more spam there is, the more boneheads are tempted to post it. And it infests mailbox and spool space. More recent incidents are even more stupid and inexcusable; people who should know better are indulging in it -- not just fly-by-night lawyers and naive students forwarding electronic chain letters, but government agents. On July 24th, for example, Florida law enforcement agents posted a MOST WANTED advertisement. It notified net users all over the world (including the UK) about a dangerous suspected murderer they were pursuing. This man had apparently been using news a lot recently, and they were therefore appealing for anyone who he had contacted to get in touch. This in itself would not have been unforgivable, except for the 200Kbyte colour photograph they included in their posting. Hell hath no fury like a net user in the UK discovering that their modem has sucked up an extra hour, to British Telecom's profit, because an ignorant police officer in Florida doesn't know how to restrict their posting so that it only propagates within the USA. Multiply this by ten thousand, for all the news systems in the UK, and you have quite a problem.

Many users overreact to this unwanted incursion on a common resource -- the open discussion forums of the internet. The overriding fear that these incidents created was that spamming would become commonplace. Programmers fortified their sites with increasingly sophisticated anti-spamming robots: programs to keep vigilant watch for messages posted to several groups at once, or posted to sequentially related groups, or posted by known offenders. And the debate rattled along, with some people calling for Spammers to be barred from net access and other people saying that this would violate the fundamental right of freedom to publish.

Towards the future

Commercialisation of the internet is not a universal taboo. Today, 75% of the sites on the net are commercial; the pressure for advertising is growing, and to some extent it is inevitable.

Furthermore, it is not as wholly unwelcome as a superficial reading of the spam wars would suggest. After all, the big taboo is not advertising per se -- but unsolicited advertising through mail or news, where the recipient has no choice but to pay for and read the unwanted and unwelcome circulars. If advertisers adapt to the new medium, and find appropriate methods of promoting their customers, there is no reason why they cannot coexist with the existing structures and conventions. Indeed, numerous companies have been discreetly advertising on the net for years: mostly via the World Wide Web (see Shopper 76), and Gopher (an earlier, text-based forerunner of the web -- see Shopper ??).

What the spam wars demonstrate, though, is that there is a small but irreducable proportion of people, who will not bother to learn enough about a new tool to use it correctly, and who will ignore the warning signs until it is too late. Furthermore, just one or two such incidents can ruin a common resource cared for and used by hundreds of thousands or millions of other people, if the force- multiplier effect of peer-to-peer networking is not tempered by tolerance and foresight. Finally: you can lead a horse or a net user to water, but you can't make them drink. The festering wound of mistrust created by this misguided attempt to advertise over the net using the wrong medium will take a long time to heal.

[ Site Index] [ Journalism Index] [ Feedback ]