Data Mine Is Latest Tool In Spam Arms Race
Most of the e-mail zipping around the Internet is not actually wanted. Researchers estimate that about 90 percent of e-mail is spam.
Deleting them may be a nuisance, but the messages can spread viruses and lead to identity theft. The common defense against spam is to block it. But researchers in Alabama are developing a tool to go after the spammers themselves.
You may have a folder in your e-mail containing suspicious messages with subject lines like, "Give her hot nights in winter," or "Wanna have fantastic nights?"
If our inboxes are the battleground, a room at the University of Alabama at Birmingham is where the enemy's actions are examined.
Gary Warner, director of research in computer forensics, and a few others are clustered around a white board discussing the UAB Spam Data Mine.
The hastily drawn illustrations look part flow chart, part Pictionary, but it's an effort to understand connections among junk e-mail. University computers take in thousands of messages a day. The computers then store key attributes of the spam, including who sent the e-mail and the sender's Internet protocol address.
From this information, researchers look for patterns and draw conclusions to identify the source of spam. Warner shares what he finds with law enforcement to better track the senders.
He says spammers right now face little chance of being prosecuted.
Computer security consultant Dean Saxe, with Foundstone Professional Services, says: "From my perspective, it seems ... kind of like the arms race of the Cold War era. We built more bombs. They built more bombs. We built bigger bombs. They build bigger bombs."
Because there is money to be made, spammers constantly adapt and develop new tactics, Saxe says. And those in the security community are high-profile targets. Saxe says security professionals' personal passwords and sensitive information are displayed publicly at hacker conventions.
The UAB Spam Data Mine has had some success. It helped track spam from Ukraine that claimed to be from the Ron Paul presidential campaign. That spammer sent 162 million unwanted messages.
But on the big goal — capturing criminals and reducing the amount of spam on the Internet — Warner qualifies his expectations.
"I think we can win the war against domestic spammers. And I think we can do a much better job of cleaning up the American portion of the Internet," he says, but that might just make the problem worse overseas — another battlefront in the war over our inboxes.
Andrew Yeager reports for member station WBHM.
9(MDAyNzUwMDI2MDEyNTA3MTU5NzcyNTQyNA004))
MELISSA BLOCK, host:
This is ALL THINGS CONSIDERED from NPR News. I'm Melissa Block.
MICHELE NORRIS, host:
And I'm Michele Norris with this week's installment of All Tech Considered.
(Soundbite of music)
NORRIS: An Internet staple is starting to come in all kinds of new flavors. It's spam. And for those on the receiving end, it still leaves a bad taste in the mouth. The email nuisance is cropping up in phone text message inboxes, and on social media sites like Facebook. Whether it's pushing little blue pills or get-rich-quick schemes, it's still a major problem, even as filters get better and you see less of it in your personal inbox. Spam costs companies millions of dollars a year to control, and it causes endless headaches for IT departments.
Well, when we have high-tech questions, we turn to Omar Gallaga. He's our regular for our All Tech Considered segment. He covers technology culture for the Austin American-Statesman. Hello, Omar.
OMAR GALLAGA: Hi, Michele.
NORRIS: And as I said, it seems like people are seeing less spam in their personal inboxes these days. Is that because there's less spam, or is it because those filters are actually doing a better job of removing it?
GALLAGA: Well, there is still a lot of spam out there. In fact, Google's anti-spam service, Postini, recently estimated that 94 percent of all email is spam. But when you look your inbox, it really doesn't seem that way. And it is because Internet filters, tougher laws against spammers, and more effective ways of cutting out spam before it gets to your inbox have cut down on the noise. It's a lot less likely now than just a few years ago that you'll see the Viagra or pornography spam.
And especially if you're using email services like gmail or if your company is using good email filtering software. But where you might see more of it now is on social networking sites like, say, Twitter or MySpace, or over cell phones where there's a little bit less security and less sophisticated filters before it gets to you.
NORRIS: So the firewalls are helping, but some of it still gets through. And we'd like to take a listen to a short story here. It comes from Alabama. It's about a group of researchers who are developing a tool to go after spammers. It's from member station WBHM, and Andrew Yeager reports.
YEAGER: When I get to the office in the morning, it's hot water for my tea and then while the tea brews, log in to check my email.
(Soundbite of Windows starting)
YEAGER: Now, you may have this in your email, a folder containing suspicious messages. Okay, three messages in the spam blocker. Subject lines like, give her hot nights in winter. Want to have fantastic nights? Yeah, that's spam. I don't need to see that. So if our inboxes are the battleground, this room at the University of Alabama at Birmingham is where the enemy's actions are examined. Gary Warner is director of research in computer forensics. He and a few others are clustered around a white board, discussing the UAB Spam Data Mine.
Mr. GARY WARNER (Director of Research in Computer Forensics, University of Alabama): Okay, so pills.com was registered at network solutions. We'll contact them; they'll kill the domain name.
YEAGER: The hastily drawn illustrations look part flow chart, part Pictionary, but it's an effort to understand connections among junk email. University computers take in thousands of messages a day, and Warner says they then store key attributes of the spam. Warner shares what he finds with law enforcement to better track those sending spam. He says spammers right now face little chance of being prosecuted. Computer security consultant Dean Saxe is with Foundstone Professional Services.
Mr. DEAN SAXE (Computer Security Consultant, Foundstone Professional Services): From my perspective, it seems like - kind of like the arms race of the Cold War era. We build more bombs, they build more bombs. We build bigger bombs, they build bigger bombs.
YEAGER: He says since there's money to be made, spammers constantly adapt and develop new tactics. And those in the security community? They're high-profile targets, too. Saxe says at hacker conventions, security professionals' personal passwords and sensitive information are shared publicly.
The UAB Spam Data Mine has had some successes. It helped track spam from Ukraine that claimed to be from the Ron Paul presidential campaign. That spammer sent 162 million unwanted messages. But on the big goal, capturing criminals and reducing the amount of spam on the Internet, Warner qualifies his expectations.
Mr. WARNER: I think we can win the war against domestic spammers. And I think we can do a much better job of cleaning up the American portion of the Internet.
YEAGER: Warner says, though, that may just make the problem worse overseas -another battlefront in this war over our inboxes.
NORRIS: That's Andrew Yeager of member station WBHM reporting from Birmingham. We turn now back to our technology expert, Omar Gallaga. Omar, when I listen to that piece I have the "Ghostbusters" soundtrack in my head - who you gonna call? Spambusters.
(Soundbite of laughter)
GALLAGA: Well, you know, filtering software, which deletes and quarantines spam away from your inbox, has gotten a lot more sophisticated. And ISPs and law enforcement have taken a more active role in stopping spam at the source. More recently, one thing I'm really fascinated by is this technology called reputation scoring, which is a different way of combating spam at the corporate level. The idea is that instead of looking at each email and determining if it's spam, you could look at the sender of the message and determine if it's a trusted source.
It might look at the time of day the email was sent or whether the email address lines up with the identity of a real person that's recognized by the system. This is emerging as a very promising way to deal with spam and cut down on the amount of email junk traffic that servers would have to deal with.
NORRIS: Now, do these filters also, though, catch legitimate email - email you might want to receive?
GALLAGA: They do. And that's been kind of an ongoing issue, is the false positives, where legitimate email gets stuck in the spam filter, which still happens.
NORRIS: So you should check your spam filter from time to time.
GALLAGA: Yeah, checking the spam filter is still a good idea. And one kind of thing that blurs the line between spam and legitimate email is what's called Bacn, that's B-A-C-N. And that's email that might be useful to you. It might be something you signed up for, like a newsletter or something from - a notification from a social networking site or something like, say, from Amazon or iTunes. This is not a real person emailing you; this is an automated message, but it's something that you still might want to see and it's not unsolicited.
One promising service that I've seen based out of Austin is called Other Inbox. And what that does is it separates that kind of email, the Bacn from the email from real people. And right now, it works with gmail, and they're expanding that out to include Yahoo! Mail and Outlook, and that organizes and sorts it. So when you're looking at your regular inbox, you're seeing just emails from real people.
NORRIS: So we've got spam; we've got Bacn. What's next, scrapple or sausage?
(Soundbite of laughter)
GALLAGA: Bacon waffles?
NORRIS: Something on that order. Now, spam is generally seen as a nuisance. It's almost the Internet equivalent of a cockroach, but are there good examples of spam, creative examples?
GALLAGA: Yeah, much like the one in "Wall-E," there are good examples of friendly cockroaches.
NORRIS: The film "Wall-E."
GALLAGA: Yeah.
(Soundbite of laughter)
GALLAGA: They're, you know, like we heard in the piece that want to give her hot nights, I mean, sometimes these can be very inadvertently amusing. There's one Web site that I've liked for a really long time called Spamusement! Which was an artist who took spam subject lines and turned it into these very funny, Far Side-like drawings. He stopped doing the drawings, but now he has an active forum of people that are contributing to it.
And, you know, spam subject lines, they have to have that sort of mix of absurdity and naughtiness that not quite over the edge into being offensive, but just tawdry enough to kind of get your attention. And I'm actually going to be posting a link to a couple of articles with some of those risque subject lines, on npr.org/alltech.
NORRIS: And we'll just hope that that doesn't get filtered out for some of you who are (unintelligible)
GALLAGA: You might want to check those back home.
(Soundbite of laughter)
GALLAGA: You don't want to look at these work.
NORRIS: Right. Omar, always good to talk to you. Thank you very much.
GALLAGA: Thank you for having me.
NORRIS: Omar Gallaga covers technology culture for the Austin American-Statesman. Transcript provided by NPR, Copyright National Public Radio.
