Stopping Spam

Wes Thompson is no stranger to spam.

“I probably get you know, 200 or 300 spam e-mail a day.”

He and two co-workers are powering down a laptop as they wrap up a lunch meeting at a Homewood cafe. Thompson says he usually just deletes the annoying messages if the sender is unfamiliar. But he works in internet marketing and spam means extra challenges for his business’ legitimate messages.

“You’ve got to just really tip toe around so you don’t put the wrong words in the subject line. You know you don’t use the wrong words in the body of the e-mail…you’ve just got to be really accurate with how you manage your e-mail campaign or you’ll get dumped in a spam box.”

The problems don’t just affect internet marketers. Spam eats up bandwidth, slowing down computer systems. It’s a gateway for viruses and identity theft. The technology firm Ferris Research estimated last year spam had a global economic impact of 100 billion dollars. The way we’ve fought spam, as alluded to a moment ago, is to use software to redirect it to a separate folder or erect thick walls so it doesn’t touch our inboxes. But that doesn’t change the fact those e-mails still clog networks and some messages do get past filters. So Gary Warner says we have to aggressively go after the spammers themselves.

“We would like to see prosecutions on a monthly or even weekly basis on spam.”

Warner is UAB’s Director of Research in Computer Forensics. And the tool he hopes will help in that effort is the university’s Spam Data Mining for Law Enforcement Applications project. Big name, but what’s it do? Well, it starts with bringing down those filters and collecting thousands of pieces of spam. Then examining them closely.

“In an e-mail message there are lots of attributes that we’re storing in our database. So for instance attributes might be who is it from, what IP address, internet protocol address sent the e-mail”

By looking at eleven attributes, Warner and his researchers can group spam with similar qualities or connections. That’s important because of how most spam is sent. It doesn’t come from humans, at least not directly. Meet the botnet. A botnet is a collection of computers, could be your regular desktop model or the large networks of business, government or universities computers. They are broken into remotely and secretly, allowing a criminal to control masses of zombie computers like a master puppeteer.

“One spammer will say, ‘Alright, I’d like these three-thousand computers to all begin sending this message now to everyone in their address books.’ ”

So back to those e-mails UAB researchers are grouping. If they can establish a given cluster of messages is connected, they may be from one source…one botnet. All of the sudden, thousands, even millions of leads become one case. So it’s like having a rash of bank robberies, but the man behind the mask is the same.

The Data Mining project is the kind of tool Warner says can help law enforcement better investigate e-mail forensically. Although actually nabbing spammers still presents major challenges, says FBI special agent Dale Miskell.

“We have to get legal process of subpoenas to get the information. And as you well know, cyber speed is a lot faster than legal speed.”

Spammers also work hard to hide their identity and cover their tracks. Miskell says as researchers develop new investigation methods, the bad guys seem one step ahead. And then there’s one big complicating factor…e-mail zips effortlessly across international borders. Laws don’t.

“Some countries cooperate. Some don’t. And in some countries it’s not even against the law so they don’t even work the case.”

The UAB Data Mining project did have a notable victory last fall. They helped trace e-mail supporting the Ron Paul presidential campaign to a Ukrainian spammer. Three thousand botnets sent 162 million unwanted messages. With numbers that large, it’s easy to see how few people it takes to inflict damage. In fact, research suggests 80% of all spam comes from just 200 sources. But catching those responsible doesn’t happen regularly enough for spam laws to deter. It’s is still profitable with little chance of prosecution. So Gary Warner, can we win this war against spam?

“I think we can win the war against domestic spammers. And I think we can do a much better job of cleaning up the American portion of the internet. Unfortunately the result may be that we just push the problem overseas in a way that is stronger than it is currently.”

Perhaps not the resounding affirmation internet users would hope for. But a step which could mean we hear from that Nigeria prince a little less often.