Talk:Lycos launches screensaver to increase spammers' bills
Lycos' press release?
editWhere is the original press release? I could not find it in any of the following.
- Lycos-europe home page: http://www.lycos-europe.com/
- Its Press Centre: http://www.lycos.de/startseite/cce/PC/index.html
- Lycos UK, Press Office for 2004: http://www.lycos.co.uk/pressoffice/2004.html
- Lycos.com (US), Press Room: http://info.lycos.com/pressroom/pressroom.asp
In case someone want's to check, here is Lycos Germany's press room
At the end of Register's report [1] is some remarks of Lycos' spokesperson in Germany.
I've read a slash-dot thread on this, and there was a remark that lycos and lycos-europe are quite different. The web site of Make love, not spam links to lycos-europe. So I suppose the press release would be somewhere in Lycos-europe's site, or Lycos' Germany's.
Tomos 08:39, 30 Nov 2004 (UTC)
Some more facts
editService:
- It is like a SETI@Home, making use of unused computing power to access the target server (well, kind of obvious to some..) (source:1)
- Limit is 3MB per day per person (1)
- The screensaver tells you which is the target server (1), where it is located, how many others are attacking it at that moment (2)
- The screensaver was developed by Starring, a Swedish agency. (4)
- The software was tested for two months in Sweden (16)
- There are about 20mil. visitors using either MacOS or Windows, two operating systems that the screensaver is available for. (5) (Some other sources report that Lycos expect 20 mil. users will use this program, without specifying any reason, so I assume this is where the number comes. And Lycos is probably not expecting all the 20 mil. users to do that.)
- There are 20mil. visitors per month to Lycos Europe's sites. (17)
- It uses blacklists from Spamcom.com and other anti-spam organizations, with Lycos' own verification. (1,3,6,7)
- The screensaver is available for people in France, Germany, Italy, The Netherlands, Spain, Sweden and the UK. (3) Another source (7) says that the screensave is first made available in Germany, then UK, and then other 8 countries in EU where Lycos Europe operates. (7) Official launch was said to be Wednesday, Dec. 1 (9), and the earlier distributions were a beta version. (9)
- There is a central server to coordinate the attack and monitor the target servers' performances. (9)
- The screensaver is downloaded more than 90,000 times. (9)
- The screensaver is downloaded by more than 65,000 people by Tuesday (Nov,30) (17).
- It slows spammers servers to the 5% level, but does not intend to shut down. , according to Malte Pollmann (director of communications services, Lycos Europe) (10,13)
- Substantially the same statement is made by Kay Oberbeck, a spokesperson for Lycos Europe. (17)
Legality:
- There is a disclaimer that the users should use the screensaver at their own risk (1)
- If the attack does not shut down the server but merely slow it down or make it costly, it would not be clearly against German Penal Code, according to Joerg Heidrich, a legal consultant at Heise Zeitschriften Verlag (2) (note that Heise Zeitschriften Verlag is the publisher of this article). The consultant also says that in any case, it is against German Civil Code, but in order for the spammer to sue Lycos over damage based on Civil Code, spammer must reveal its identity. (2) It might be the objective of Lycos' move, some say. (4)
- Wessel van Rensburg (Lycos UK) does not expect any legal trouble. (7)
- Even when the attack does not shut down a server, it could still be construed as a DDoS, according to Anne Mitchell (president of the Institute for Spam and Internet Public Policy, also an anti-spam lawyer). (Note that the tone of the statement is that this service might get Lycos into a trouble, it could be countered that some DDoS is legally okay. This is because Anne Mitchell does not directly use terms like legal, illegal, etc.) (7)
- F-Secure, a Finnish antivirus company suggested people not to participate because of legal uncertainties. (8,13,19 - 19 is the primary source)
- Graham Cluley (a senior technology consultant, Sophos) (9) thinks it is potentially in volation of a law regardig DDoS.
- Malte Pollmann (director of communications services, Lycos Europe) says that it is clearly different from DDoS attack. (10,13)
- Some news coverage, such as ZD Net UK's (14) and Silicon.com's (15), call it a DDoS attack, seemingly without much legal connotation.
Other responses: (Please note that everything is paraphrased to play safe in terms of copyright.)
- Critical: Trevor Hughes, executive director of the E-mail Service Provider Coalition (7)
- Critical: An unsigned InfoWorld article points out that it is not either legal or technological solution that can terminate spam. (11)
- Critical: Michael Osterman (president of Osterman Research, a marketing firm specializing in messaging technology), risk of targeting non-spam site by mistake. This is more of a instant reaction than a thoughtful solution, it is implied. (11)
- Critical: Graham Cluley (a senior technology consultant, Sophos) - Not a thoughtful strategy. Lycos is behaving in "low" manners, like spammers and hackers do (9).
- Critical: Steve Linford (director, Spamhaus, a non-profit anti-spam organisation) not thoughtful because of its retaliatory tactic. Lycos should not give DDoS any legitimacy. (14)
- Critical/neutral: A question is raised about the possibility of other organizations mobilizing people in the same way for a different cause such as Anti-pornography, anti-human right violation, environmental protection, etc. (15)
- Critical: David Farber (former chief technologist at the U.S. Federal Communications Commission) it is not a good behavior to act badly in order to fight back a bad guy.
Development 1: (Lycos being hit, or not)
- The home page of the makelovenotspam.com was said to be replaced with a message. The entire message was quoted in (9,10,13).
- The Lycos spokesman is reported to have said that this is a hoax, someone made a fake screen image and distributed via email. (9, 11, 12, 13, 18 - the source #12 does report that Lycos said the screenshot was fake, but does not report about email part. #13 quotes the spokesperson of Lycos at length. #18 is a primary source)
- As a reason that the email was a hoax, the Locys spokesperson Malte Pollmann says that there is no trace of attack in the server log. (13)
- The message is something that visitors of the web site received (8). Wheather this is a pop-up window, email, or something else is not explained.
- The site could not be accessed on Tuesday and Wednesday. (9) Lycos Europe's spokesperson said that it was because of large volume of traffic/ high demand. (9)
- F-Secure, a Finnish antivirus company, has received an email containing what appears to be a screenshot of the cracked site. (13)
Background/ relevant facts:
- A Symbiot, a US company once devised a system to hit back against DDoS and hackers as a security measure. It was received with criticism among security experts (8).
- Lycos Europe has 40mil. email accounts. (10)
- Lycos Europe expects that it receives DDoS attack from spammers (12,13).
- Spammers often use unused capacities of computers through trojan hourse to send spam emails.
- 60% of email received in UK is considerd spam, according to Office for Fair Trading (16)
Results:
- Some sites are slowed down significantly, according to netcract's report (12).
Sources:
- John Carson. "Take part in your very own DDoS attack" — Silicon Valley North, November 29, 2004
- Craig Morris. "Lycos users are to attack spammers" — Heise Online, November 26, 2004
- "Make Love, not Spam!" — p2pnet.net News, November 29, 2004
- "Lycos App Lets Users Exact Revenge on Spammers" — Marketing Voc News, November 29, 2004
- Steve Malone. "Lycos declares 'make love not spam' - or else" — PC Pro, November 29, 2004
- Jan Libbenga Lycos screensaver to blitz spam servers, The Register, November 26, 2004.
- Kevin Newcomb, Lycos Europe Pushes Limits in Anti-Spam Fight, ClickZ Network, November 30, 2004
- Munir Kotadia Lycos anti-spam site hit by hackers, ZDNet Australia, December 01, 2004
- Scarlet Pruitt (IDG News Service) Lycos Antispam Screensaver Draws Fire, PC World, December 01, 2004
- Dan Ilett Lycos Europe denies attack on zombie army, CNET News.com, December 1, 2004.
- (author unspecified) Lycos' anti-spam screensaver: Fleeting revenge is not the answer, InfoWorld, December 1, 2004.
- richm Spam Sites Crippled by Lycos Screensaver DDoS, netcraft,December 1, 2004
- Dan Ilett Lycos denies attack on zombie army ZDNet UK December 01, 2004
- Dan Ilett Lycos launches anti-spam zombie army, ZDNet UK, November 30, 2004
- Will Sturgeon Will's Web Watch: How to attack spammers in your sleep, Silicon.com, November 30 2004.
- Maija Pesola Spammers get taste of their own medicine Financial Times, December 1 2004.
- Daniel Woolls Spam blocker raises bandwidth concerns Associate Press (via Springfield news-leader) December 1, 2004
- Mikko Makelovenotspam.com defaced? F-Secure weblog Nov 30, 2004
- Mikko Lycos Europe organizing a DDoS attack against spammers F-Secure weblog Nov 30, 2004
- Great research. I tried to incorporate it into the article. 119 23:20, 30 Nov 2004 (UTC)
- Thanks :-). I added another bunch of sources and facts. I hope you or someone can make use of them. Tomos 05:59, 2 Dec 2004 (UTC)
- I think we can split the more recent criticism and follow-up to a separate article, so am publishing this. 119 16:13, 2 Dec 2004 (UTC)
- Sounds good. Tomos 22:22, 2 Dec 2004 (UTC)
The first sentence is very long.
editThe first sentence is very long, and should be broken down into smaller sentences for each idea expressed.
Follow up required?
editAs I understand it, Lycos have now withdrawn the website and screensaver. Some follow up required in the article or perhaps a new article is required? This could be become a recurring problem for wikinews, but if addressed then perhaps one of it's best strengths - with large enough contributory base, all articles could get followed up.
- I think a follow-up article would be nice. I scanned several sources and found the following.
- As reported by AP, the program now seem to be officially terminated, not just temporarily available. [2]
- It was also reported that one of its target servers, www.moretgage.info, redirected all the traffic to Lycos' server, making the users of the screensaver to attack Lycos' own server. [3]
- Some ISPs refused to carry the screensaver-generated traffic [4]. Global Crossing is said to have blocked access to the Lycos Europe altogether [5].
- There is a speculation that the whole thing was a way to attract attention to Lycos' spam-free email service. [6]
- Tomos 00:28, 6 Dec 2004 (UTC)
Okay, since I've read a fair amount of articles on this, and nobody was doing it, I wrote that follow-up article: Lycos Europe ends its anti-spam campaign. Please help. Tomos 12:35, 10 Dec 2004 (UTC)