CustomerBlast:Loose Wire

Na de CustomerBlastspamwar is er nog een column verschenen in de Wall Street Journal online:

LOOSE WIRE

By JEREMY WAGSTAFF

Spam: Now It Gets Personal

It's now open war in the spamming world. On December 2, a new version of an e-mail virus, called Mimail-L, appeared, apparently the work of a vengeful e-mail marketer trying to disable organizations that track and oppose spam. The virus (or worm, to be exact) will mail itself to everyone in your address book, and will take over your computer as part of a coordinated attack on antispamming Web sites. It's not the first such worm, but it's potentially the nastiest.

This is more proof of the collusion between spammers and virus writers. But it's also part of an accelerating war between spammers and the people who hate them, and who know enough about technology to do something about it. Take the recent case, for example, of three Dutch bloggers called Bas Taart, Retecool and Bumble, a Florida-based spammer called John and a Web site called www.customerblast.com.

It's November 18, and Bas gets an e-mail from the Customer Blast Web site, offering 75 million e-mail addresses for only $1,000, a list that is "clean, deduped, and verified twice." Just another piece of spam, you might think, but for Bas Taart it's the final straw, and he does what many of us nontechies may dream of doing, if only we knew how: He spams back. Visiting the Customer Blast Web site's feedback form, he composes a few lines of computer code (called a script) that will fill up the form with garbage and send it to the Customer Blast Web site -- every second. He then posts this script to his own Web site (www.bastard-inc.com) and invites anyone else to download and use it. Two Dutch bloggers (people who run a Web log, or online journal) pick it up and start publicizing it, leading to about 5,000 people bombarding the Florida-based Customer Blast site.

Then, things got interesting. Customer Blast, instead of complaining or suing, retaliated. According to Bas, the company -- or someone operating on its behalf -- started doing the same thing back to him and the other two bloggers. E-mail addresses listed on their Web site -- including those belonging to dozens of folk who had left comments on their Web sites -- started receiving hundreds of e-mails, causing their e-mail programs to crash. One of the Dutch bloggers was hit so badly his Web site went offline. Cyberwar had broken out.

Bas and the others fought back. They put the original script back online, along with a Web page that was divided into frames, or cells, each of them a reloading copy of Customer Blast's homepage. With thousands of people helping, the traffic to Customer Blast's homepage would have been massive. Customer Blast was blasted off the Net, and at the time of writing, is still offline.

So how did Customer Blast feel about all this? Finding out was not easy. Spammers have learned to cover their tracks these days, as laws against spamming get tougher, as more and more people complain and as folk like Bas and Bumble go postal on them. After a bit of sleuthing (checking the registration of more than 50 Web sites, dialing a dozen or so numbers and having some surreal conversations with strangers, along the lines of "Excuse me, are you a spammer?") I tracked down the guy behind Customer Blast, a 38-year old resident of Florida called John Hites. He's a big fish in the spamming world: The New York Times last month listed him as the world's fourth-most prolific spammer.

At first, John wasn't keen to talk to me, but on the second try he opened up a bit, if only to tell me he was no longer involved with Customer Blast. "That's all been sold, man, that's gone," he said. And while he seemed to know about the attack, he didn't want to talk about it much, saying such blitzes are routine. "Those are pretty easy to beat," he said.

Anyway, John is getting edged out by legislation and a growing backlash by a public who feel abused by spammers. John is disarming about the public's view: "I agree with them, and that's why I sold the company. There used to be a time when it wasn't that big a deal, but now the majority of the public says they don't like it, it's going to go pretty much by the wayside," he said. But the war goes on. A new U.S. law outlawing certain kinds of spam is likely to come into effect on January 1 and it may put people like Mr. Hites out of the game, but my worry is that may just push spammers further offshore, to countries where Internet-service providers are under no pressure to close down spammers. China, Korea, Pakistan and India are becoming popular hosts, or relays, where the e-mail passes through. There will always be folk willing to handle spam and the Internet knows no borders, so it doesn't matter where they are based.

Not that I think vigilantism is the answer either. The First Dutch Cyberwar -- which is still going on -- may have thrown Customer Blast off the Internet, but it has also aggravated the problem by turning both sides into outlaws. Who knows where it will go next? As even Bas, the Dutch blogger, reflecting on his actions, concedes: "I'm 30, I'm married and I work for a living. I never tried to get total anarchy or anything. I never imagined it getting out of hand the way it did."

Jeremy Wagstaff Contributing editor,

The Far Eastern Economic Review Technology columnist,

The Wall Street Journal Europe/Online