baldysblog.co.uk

When I started this blog back in November 2007, I had in mind two personal priorities: Firstly and along with my photography, it was a ‘tool’ to keep my intellect ‘alive’ by taking the current news topics and writing a personal view upon them.

Secondly and coming from an IT background I wanted to know in personal terms, whilst it is easy to start a ‘blog’ or put up a web site in the first place, the real question is whether or not you can ‘sustain’ it ? Well, coming up for some 600 ‘postings’ less than three years later seems to indicate that I have lots of ‘Hot Air’ yet to expel !

The one thing that I really didn’t care about, both then and now is whether anybody actually read the stuff I published and indeed, few have posted comments, less than 300 but it seems to be read by many, but most popular by far, there has been almost 20,000 spam mails !

Totally Nuts

The way most, probably all ‘blog’ tools are set up is that you have to leave a name and email address when you post a ‘comment’ to an article on the blog, plus of course, your IP address is recorded automatically. Whilst it is possible to allow users to “self register” themselves and then post which is the most common way British broadsheet newspapers worked in the recent past. On a personal blog such as mine, you never do this, any comments that come in, you read first and allow posting or not on an individual basis.

On top of this, there is a highly effective Anti-Spam engine that very rarely lets anything through, it all gets posted to the Spam Module where you can delete it with just one mouse click. In two and a half years, I seriously doubt that the Spam Defence has ‘let through’ more than 50 out of some 20,000 attempts and even then they have been caught by the manual “approve/don’t approve” process.

WordPress which is the Open Source software that this blog uses is very well known and therefore, the way it all works is too so just why any “Spammer” would want to target a blog, I have not the slightest idea, it seems totally potty to me but, as it has been so persistent, there has to be some kind of reasoning behind it.

Spamming

If we go back in time to “computer viruses”, an ‘ancient world’ in computer terms but fairly recent for most human beings, when people got e-mails which when they clicked upon and opened set off a “mail to virus” using the email address book on the receiving PC to ‘mail itself on’ to the first 10 or 20 names, in many ways, it was the “Prankster Days”. Many of these viruses were set off by highly gifted but totally “nerdy” programmers trying to demonstrate their skills and at the same time, telling the World to ‘piss off’.

However, if we stand back for a moment and extract the basic principles, we now see what happened next:

The first thing was the combination of psychology in forming a title to the email to get the “dumb shit user” to open it and in doing so, ‘recruit’ their PC to forward ‘X’ copies on to others and in doing so, create a network of robot PCs or a ‘botnet’. What was really clever about this lay in identifying the “dumb user profile”. Someone who was basically an ignorant PC user who didn’t ‘patch’ the operating system and probably, didn’t have their “Anti-Virus” software up to date or even, didn’t have any installed.

The point being that once their PC had been ‘recruited’ to a botnet, you could own them forever and without them knowing it, keep updating your software so that they could never ‘escape’. The first phase was to sell ‘Porn’ and ‘Very Dodgy’ versions of branded pharmaceuticals such as Viagra. However and somewhere down the line, the ‘criminal element’ got involved….

So you want cheap Viagra Mr Customer ? Take the Credit Card details during the purchasing process, don’t supply the goods and buy stuff on the Card that you can sell cheaply and convert to hard cash. Better still, sell access to ‘your botnet’ and/or, sell Credit Card lists to other criminals…

However…

Just as young ego driven fools led directly to criminal activities using botnets, this in turn has also led to a pure military application and this is far more serious. Instead of concentrating on a numbers game where whilst out of 2 million SPAMs per day you only get 200 ‘Mug Punters’ from whom to make money out of, those 200,000 ‘slave PCs’ that make up your botnet can be used to launch a “Denial of Service Attack”.

Essentially, every Internet Server is set up to ‘service’ it’s particular market in terms of scale and handling “web user requests”. It is obvious that the BBC has a far greater handling capacity than the servers that host this, my blog, they have millions of hits per day, me, a handful. A DOS Attack involves bombarding a web server with thousands of “web requests” per minute so that in effect you “take that server down” and make it useless by overloading the system.

Now suppose that was ‘applied’ to Military systems that controlled Satellites, Nuclear Weapons or even, civilian targets such as telephone, electricity and water supplies, the effect becomes catastrophic…

A Cyber Warfare Treaty

In today’s Economist is a very thoughtful article on all the major countries now sitting down and evolving a “Cyber Treaty” that falls somewhere between the “Geneva Convention” and SALT. It is well worth reading and thinking about so, here is the link: http://www.economist.com/node/16481504?story_id=16481504&source=features_box1

But Back to My Spammers

What are they doing and why ? I don’t bother reading the individual spam messages, they appear in the “Spam Bin” and I just globally delete them and even with the odd one that creeps through, frankly the mail address tells you the answer, gmail being the favourite so I don’t even read them either. However, I have briefly glanced at them in the past and there is something distinctly odd about it all, commonly they ‘respond’ to a graphic rather than an article plus, some can’t even be bothered to attempt English and write in Cyrillic !

Perhaps a ‘School for Scoundrels’ ?