Last week it was reported that a Russian spammer had been beaten to death. My views on appropriate penalties for Internet 'crimes' are still ambivalent. Especially as I am sometimes sorely tempted to commit them myself.
The stream of e-mail scams is little more than an irritant, although it seems enough people fall for them to make them financially viable. Usually they can be filtered out quite easily, and one wonders why ISPs do not do more to eliminate them closer to source, freeing up bandwidth for more useful purposes.
But it is attacks on a wiki that have upset me. Part of my website uses the very neat wiki technology to provide documentation as a collaborative venture. Anyone can add to it, correct it or extend it. This is very much in the spirit of open source. Clearly one could use a system that required registration with login and password. The ability to just come along and contribute an improvement without any barriers is part of the appeal, though.
Unfortunately, such an open system is an irresistible attraction to some people. Spammers are no longer an undifferentiated group, and wiki sites attract the 'link spammers'. Their automated bots look for wiki sites and insert large numbers of links, usually to gaming or porn sites. The aim is to improve their search engine rankings.
There are ways to resist this without spoiling the openness of the wiki. The wiki can use HTML to instruct the search engines not to take account of a document for at least 24 hours, by which time the damage has usually been undone. The spammed links are retained on the site as history but the wiki software can nullify the links so that the text remains but no longer points anywhere. Sadly the spammers are not so picky as to worry about their bots wasting effort in this way.
Now the temptation that comes my way is that when the link spammers mess up my wiki, they leave a record of the IP address from which they operated. Often, I block that address from further access to my Web server. It is tempting to go further, and if I had the resources to launch a denial of service attack against the websites promoted by the link spammers, would I be able to resist?
There is little point in attacking the IP addresses from which the attacks come, since they are most likely to be ordinary computers that have been subverted unknown to their users. But in the nature of things, link spammers have to disclose the websites that are being pushed. At least in theory, two can play at that kind of game.
Armies of subverted computers are available through highly dubious sources. Would I be able to use Google to search for 'denial of service attack service' and be put in touch with their controllers? Presumably, I would finish up dealing with someone like the dead Russian spammer. Quite apart from the doubtful company I would be keeping, there is the issue that governments seem keen to make denial of service attacks a criminal offence.
That probably does not concern Russian gangsters too much but it would certainly be a deterrent to me. Yet that makes me wonder if legislation in this area is too much of a blunt instrument. Almost anything can be used for good or ill, and denial of service attacks are no exception. Surely it would only be justice if sites that promote themselves by defacing other people's websites found themselves subjected to attack?
While governments look unlikely to take effective action against spamming, either through emails or web links, it seems unfair to invoke criminal sanctions on the one thing that would be a means of retaliation. After all, it should take only a few counter attacks to force the ISPs to take more action against anti-social behaviour on the Internet. That would be better than any amount of criminal legislation.
Martin Brampton is founder of Black Sheep Research (www.black-sheep-research.com), an independent consultancy providing research, writing and speaking services on a wide range of business and technology issues. Martin was previously a director at Bloor Research, and has worked with IT as a user and analyst for over 20 years. He is a long-term contributor to silicon.com through videoed debates and his weekly column, which tackles a wide range of issues. He can be contacted through his website.
Play video
You want to strike back with a DOS attack against the spammer, but don't you think this would make you a "vigilante"?
From answers.com:
"vigilance committee
n.
A volunteer group of citizens that without authority assumes powers such as pursuing and punishing those suspected of being criminals or offenders."
"vigilante
...
In the modern-day western world, vigilantism often occurs when the local population is frustrated with the complex and seemingly unfair court procedures and rulings that apparently allow felons to walk free or be found not guilty. Vigilante "justice" often takes the form of assault, arson, and possibly even death of the accused person. At times, certain criminals will opt to forgo parole for fear of receiving vigilante justice once they were released."
Sure, it would be great to strike back at spammers. But it would also be great to crowbar a car thief or murder a murderer.
What side of the law you want to walk on is what's at issue.
I suppose of lawmakers didn't officially make DOS'ing illegal you'd be okay, but then spammers could come back at you with "loss of business revenue" or other suits.
Posted by Passerby on Sunday, October 23 2005 04:02 AM