Cyberwar: Blue Security vs Spammers
Blue Security, a small startup based in Israel made the brave move of declaring war on spammers. They lost impressively and have announced they're closing their operation. Attempting to visit their web site today will result in a "Server not found" error. Whether this is the result of Blue Security pulling their operation, or the massive DDoS attack that's taken place I'm not sure.
Blue Frog
Blue Frog is a spam filter with a twist. Unlike most spam filters that simply delete spam from your in-box, Blue Frog sends a 1-1 reply back to the company that's being advertised in the spam. They send you some spam, you send them some back. If every person had Blue Frog running, this would in effect return as much spam to the companies using spammers, as we receive ourselves.
The Blue Frog product page has a title "A desperate spammer is holding the entire Internet hostage to stop the Blue Community and keep his spam business running" in large text at the top. Although the claim of holding the entire Internet hostage may be a slight exageration, it does show that Blue Security realised they were in trouble; the war has begun.
PharmaMaster vs Blue Security
The attacks on Blue started on May 1st, by a spammer who calls himself PharmaMaster. PharmaMaster started by threatening community members, before blocking worldwide access to bluesecurity.com using a technique called "Blackhole Filtering". The website became accessible only from inside of Israel. The attack continued with a DDoS (Distributed Denial of Service) attack on their operational system.
Blue attempted to update their community on the situation by using a pre-launch blog hosted by Typepad. They re-directed bluesecurity.com to point to the blog.
In retaliation, PharmaMaster then launched a new DDoS attack on Typepad at roughly 2am on May 3rd. As the report says, Typepad survived the DDoS attack, so PharmaMaster launched another attack to target Tucow's DNS servers, which provide name lookups for thousands of sites, including Blue Security's. This attack apparently knocked 9,000 web sites offline.
Tucows terminated Blue Security's account in an attempt to stop the attacks on their servers. PharmaMaster then announced success via ICQ saying:
"you know i feel sorry for you and all the world 9000 servers are down because of your company :)"
"all the biggest isps been emailed that all this of bluesecurity.com and lets see how they would love you to be able to push trafic from them :)"
Apparently Blue Security managed to restore partial access to their web site and operational servers on the 4th May.
Digg vs SpecialHam
The Digg community decided to get involved and launched their own DDoS attack (with the lack of a bot-net) against www.specialham.com who are a bulk e-mail marketting list.
The Digg attack, co-ordinated from the comments section of the post "SPAMmers really pissed off at bluesecurity..." aimed to take down the nameservers. This was apparently achieved on the 8th May. Digg user's came up with a new definition for DDoS, DiggDoSed. The last post in the thread was on the 14th May. Maybe the Digg revolt has stopped.
Casualties of War
Who won the war? I'd say the spammers, since Blue Security has retreated, and the DDoS attacks on specialham.com seem to have ceased. But the war was not without casualties.
Namely the 9,000 web sites that were affected by the DDoS on Tucows. TypePad and Live Journal were also affected. Some blame Blue Security, other's the spammers. One positive effect of this is a demonstration by the computing community that they've had enough of spam, and are willing to fight back, even if this time they did loose.
External Links
