Re: Ethics of Deterrence

Eren Reshef wrote:

>> Some bloggers have recently claimed our fight is morally flawed. > I'll go further and tell you you're a criminal. > It's trivially easy for someone to put an URL of a website I own into > a spam. > And if you attack my website in response, and I had nothing to do with > the original spam, you will have law enforcement knocking on your > door. > You're in California, I'm in California, should be as easy as a phone > call. > Did you mention something about the US Constitution? God, I *hate* > when ignorant people claim that the Constitution gives them rights > with no restriction -- you are welcome to certain rights as long you > don't infringe on others' rights in the process of exercising > yours. People who whine about their First Amendment rights being > impugned often forget that. > Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED > Company website:
formatting link
Personal blog, resume, portfolio:
formatting link
E: snipped-for-privacy@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307 > [TELECOM Digest Editor's Note: Well Steve, you are forgetting a couple > of important factors: although yes, it is 'trivially easy' to put > someone else's URL (for a web page) into spam a third party wants to > send out, if you have a web page, your web page would have to have > one or more 'forms' on it for people to use to fill in their credit > card numbers in order for other folks to come along and deface your > web site, wouldn't it? Wouldn't it be quite a coincidence if you, > the innocent web site owner happened to have forms all over your > web page which related to the product or service being spammed by > some other person, _and_ through some 'human error' your web site > got chosen?

Would it surprise you to learn that an unscrupulous operator might DELIBERATELY spam "on behalf of" a competitor, for the express purpose of getting that competitor knocked off the 'net?

Would it surprise you to learn that that _has_ happened?

*MORE*THAN*ONCE*

Would it surprise you to learn that business *have* gone under, as a result of such actions?

If so, you are *unaware* of events on the Internet, more recent than

*1996*.

The prototypical such actions (from which the name "joe job" for describing such things is derived) occurred in late 1996. Google for "joe job" (with the quotes, for lots of history -- or see (among many others) the page at: for the "jargon files" definition.

Such things are a "not infrequent" event, to this day.

I really have to wonder if you read any of the FAQ on > how the BlueSecurity.com system works ... let's say for example, I > am offended by a piece of spam I recieve; I forward it to BlueSecurity; > someone there who has a modicum of intelligence (about as much > intelligence as the people who write up filtering software) looks at > it, quickly finds mid the HTML crap on the source page an IP address > which _appears to be_ the offender. He (the investigator) goes to > the URL; is it in fact the product or service being spammed? If not, > then he junks it. If it is the product being spammed, and it has > 'forms' around the page for things like credit card numbers, comments > or names/addresses, etc then it gets put somewhere. Now the investi- > gtor finds a thousand more pieces from the same spammer, referring > to the same URL, then acts on it. It is not a willy-nilly process > where 'you' sent me spam so I 'crash your system'. They only release > the 'do not spam me further' notices (which simply goes to that URL > and fills in the aforementioned, already located 'forms') once they > have discovered the _actual offender_, not some innocent bystander.

That is a lie. They *cannot* tell who "really sent" the e-mail message.

All they can tell is that the material on the web-site, and material in the message are 'consistent' with each other.

Which can be explained in _at_least_ two ways: 1) the web-site operator actually sent the message(s). 2) "somebody else" -- *deliberately*and*maliciously* -- posing as the web-site operator sent the message(s) for the express purpose of discrediting the actual web-site operator.

There is *no*way* to tell which of those scenarios is the "real" explanation. Those who act, based on assumption #1, when the reality is assumption #2, can find themselves in legal hot water.

They got a lot of money from somewhere to put investigators to work > tracking down _good_ URLs of spammers. Admittedly they cannot get > anywhere with much of the crap which comes to them, but they do find > some of them. And it is _not_ DDOS since the spammer is first given > ample warning, and assistance as needed in cleaning his list.

You know. There's something really "funny" about their ENTIRE operation. "Blue Security, Inc." according to their website, is located in Menlo Park, California. With a claimed telephone number, at that address, of "972-9-9577736", per the whois entry for the domain.

Yet, according to the California Secretary of State, the *legal*owner* of that _Corporation_Name_, is a locksmith in La Jolla, California, who has had that name since 1997. (That information, and the info in the following 3 paragraphs, *can* be verified by anyone who cares to, on the State of California web-site.)

They can't legally have some other name, and be using "Blue Security, Inc." as a "doing business as" (DBA) -- what California calls a "fictitious name" -- because California *expressly* forbids the use of a corporate ("Inc.", "Corp.", "Corporation", etc.) or LLC indicator as part of a fictitious name.

One *cannot* legally register a corporate name (whether an in-state corporation, or an out-of-state one doing business in California) that is the same name as an existing Calif. corporation. One can register a name that is "similar" only with the *written*consent* of the presently- registered corporation, _and_ the agreement from the Secretary of State that the naming would _not_ be unduly confusing to potential customers.

Operating an unregistered business *is* a violation of California law.

Based on that, alone, Blue Security *does* appear to be a criminal operation.

Blue Security's published INTENT regarding the co-ordinated complaint-bombing of the targeted web-site is to make it 'unusable' by people attempting to do legitimate business with that company.

One doesn't have to assume anything about how they work. One doesn't have to do any interpretation. All one has to do is look at WHAT THEY HAVE SAID THEIR INTENT IS.

Their intent, per their own words, *is* to inflict a "denial of service" on the "guilty" web-site owner.

That *is* a criminal action, under the law.

That isn't the only issue. If they're *not* doing what they say they do, then there are issues of false advertising, and/or wire-fraud. If they _do_ do what they proclaim (a crime, per the above analysis), there are additional possible charges of:

soliciting for participation in a criminal enterprise conspiracy accessory before the fact RICO just to name a few.

Those 'co-conspirators' that get sucked into their scheme could get names on any/all of the latter 3 counts named above.

Incidentally, *IF* the mail-senders must pay for the 'list-washing' service that Blue Security offers, then one can probably add "extortion" to the possible charges. Blue Security _has_ issued a public 'threat' to attempt DDoS on the web-sites of people who send them e-mail without going through the list-washing process. Avoidance of that 'threat' by the payment of money (whether or not a service is provided for that money) is the essence of extortion.

Note: somewhat deeper digging into "Blue Security" indicates that the _actual_ ownership is apparently with a company in Israel. One that many people belive as having a lot of business dealings with the Mossad.

One might speculate that "Blue Security" is a 'front' for testing some actual "information warfare" tools. Emphasis on "warfare".

Oh, and by the way, if
formatting link
'suddenly stops > working' sometime soon, well ... its just ICANN doing their thing, > trying to silence anyone who tells you how naked they and their merry > band of choristers are. Anytime you cannot get through on > telecom-digest.org, remember that snipped-for-privacy@massis.lcs.mit.edu is still > a good address and points to the very same place. PAT]

REALLY??? My web browsers (4 different ones, on 3 different platforms) insist that " snipped-for-privacy@massis.lcs.mit.edu" is not a valid URL.

[TELECOM Digest Editor's Note: As I tried to explain to Robert Bonomi in private email, these two URLS are _identical_ in where they go:

formatting link
(and)
formatting link
These two emails are identical in where they go: snipped-for-privacy@telecom-digest.org (and) snipped-for-privacy@massis.lcs.mit.edu

I tried to explain to Robert Bonomi that a 'valid URL' (as in web site) does not have an 'at sign' @ in the middle of it. PAT]

Reply to
Robert Bonomi
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.