Fighting Spam A recent report by anti-spam specialists Sophos ranks the twelve top spamming countries, and very interesting reading it is too. The USA comes out top - 56.74 per cent of all spam is sent from computers in that country. Even more stunning is the fact that second country on the list, Canada, is only responsible for 6.8 per cent of spam. In other words, spam generated in the US is an order of magnitude greater that generated elsewhere. Sophos point out that quite a lot of this spam is actually originated in Russia (ranked 28 in the survey), but is sent out via unsecured computers in the US. That makes sense, there are more broadband connections, which are always on, in the US. I'm not sure that's the whole story, though. There is a similar level of broadband penetration in Western Europe, but the figures for spam aren't nearly as high. The research from Sophos makes it clear that about 30 per cent of world wide spam is sent through compromised computers. That's an appallingly high figure, but even if all that 30 percent goes through compromised computers in the US, it still leaves a quarter of the world's spam originating in and being sent out through the US. I know it's fashionable to sneer at the ineffectiveness of the anti-spam measures passed in the US and the UK, but to my mind they do represent a start. Yes spam is international, and yes a lot of spam comes out of Russia, but to say that therefore we can't put our own house in order is just a council of despair. And yes, we must also look at the technical issues. However, spam is a social and economic problem, and contrary to the cherished beliefs of Western governments there are no technical fixes for social problems, only social fixes. Part of the problem is that the Internet mail system was designed for co-operating users. It needs redesigning to make it a lot more secure. No two ways about that. But making the mail system more secure will not in itself stop spam. It will merely make it more difficult and be one more step in the arms race between spammers and anti-spammers. What we need to deal with this problems is a combination of technical and political measures. Yes, we must fix the technical problems, but we also need to go after the people who are profiting from spam. And that will require legal measures, financing, and international treaties. Not easy, but it can be done. Even then, though, there still remains the problem of all those unsecured and compromised computers. How do we deal with that side of the problem? The UK government recently announced the formation of a high tech elite police team to deal with organised crime in the age of the Internet. Nothing particularly wrong with that, but it got me to thinking. For a lot of people - not all, but a lot - home computers are an everyday part of their environment, and it's time we stopped treating them as something special. That means that securing your computer should be treated in the same way as securing your home. Nothing special, nothing clever, it's just a different way for criminals to get into your property. The fact that the property concerned is digital is irrelevant. And that means that ordinary police - the ones you see out in the street - have to be taught computer security and crime in exactly the same way are they are given training in preventing and dealing with break-ins to people's homes. Furthermore, computer compromises should be part of the reported crime statistics. It means that police forces have to start treating computer crime - all computer crime - seriously. In the US the FBI won't take a computer case up unless the damage exceeds some arbitrarily large sum (presumably this is because all the FBI's resources are dedicated to tracking down file sharers for the RIAA). Taking such an attitude is self defeating. I'm no fan of 'zero-tolerance' ideologies, but this is one case where it really would work. The MyDoom virus was tracked down to its propagation source - a compromised computer in Seattle, and that's just one high-profile example. Take the issue of compromised computers seriously and the other problems don't go away, but they do become immeasurably easier to handle. http://www.sophos.com/spaminfo/articles/dirtydozen.html
|
If you have any questions or comments about the articles on my web site, click here to send me email. |