Spam: Now You Know

Brian Wood Blog

SPAMRobots may or may not have composed this post.

Article by Finn Brunton in Counterpunch.

Emphasis in red added by me.

Brian Wood, VP Marketing

——

A Short History of Spam

Objects can talk in cartoons and fairy tales: toys tell their stories. Now our domestic appliances have begun to speak, and they would like to sell us pills and porn, and for us to give them our bank details. Now that there are microchips and network connections in toasters and televisions, many devices have been turned into spam machines — the smart refrigerator broadcasting illicit messages or the kettles imported into Russia with small computers that search for Wifi networks to use as spam channels. Despite some exaggerations, the Internet of Things is, like the regular net, being swiftly adapted to spam.

What do we mean by spam? Spam is a strange language, a baroque profusion of neologisms, jargon and slang. It mixes the lexicons of computer science, security engineering, law enforcement, criminals (professional and amateur) and the polyglot net: Bayesian poisoning (getting around or corrupting anti-spam filters), bots and botnets (networks of zombie machines), spings (spam+ping) and splogs (spam+blog), victim clouds and rally boxes, worms and phishing, lulz and linkbait (links designed to entice users to click on them) and ransomware. Spamming uses the rich phraseology of scam artists and conmen in a 21st-century setting, online — the thieves’ cant of suckers and marks, the come-on.

This problem of language begins with the word “spam”, which we struggle to define precisely. Most email — 85% plus — is spam, and is intercepted by filtering systems that we never see. Spam can include tweets, Facebook posts, text messages, blogs, comments, sites, edits on wikis and still newer forms of online expression. People have been fined and jailed for feeding this colossal machine, companies closed down, websites de-indexed from Google’s search returns, and entire countries (briefly) harmed. Spam has shaped the net and the services, systems, populations and publics that use it in fundamental ways.

In the 1970s — before the web or the formalisation of the Internet, before Minitel and Prestel and America Online — US graduate students sat in basements, typing on terminals that connected to remote machines somewhere. They did it by night, because by day computers were used for big, expensive projects. They wrote programs, created games, traded messages and played pranks and tricks. Being nerds, they shared a love of science fiction and the absurd. Monty Python’s Flying Circus was a favourite and Python lines were volleyed back and forth — the dead parrot sketch and the spam sketch (first broadcast by the BBC in 1970) with Vikings loudly singing “Spam, Spammity Spam, wonderful Spam!” The sketch caught on. The nerds wrote a simple program that, at the right spot, would post “SPAM! SPAM! SPAM! SPAM! SPAM! SPAM! SPAM! SPAM!” without pause, filling the screen, killing the discussion, and often overloading the chat platform, kicking people offline. It was annoying but mischievous rather than malign, like blowing a vuvuzela in the middle of a conversation. This noisy behaviour became known as spamming.

The term came in useful through the 1980s to categorise postings that were indiscriminate, time-wasting, verbose, off-topic, tedious or ranting. Then two lawyers from Arizona posted a message across the discussion system Usenet (forerunner of the Internet), offering their services to thousands of users across the world to improve their chances in the US Green Card lottery that gives residency rights in the US. The Usenet community settled on “spam” as the term for the commercial message. The word had jumped closer to how we understand it now.

Those lawyers were offering an actual service, if bordering on fraud: you could call a real telephone number and make an appointment with them. And with much of the spam that followed you really could buy quack weight-loss pills, deadstock toys or counterfeit watches. This kind of spam was despised was but more or less legitimate, if only by accident. Except for “advance fee fraud” or “Nigerian prince” letters (“Dear Sir, We have one point two million [1,200,000] US DOLLARS on account for you…”), spammers presented themselves as brashly inventive promoters, with postal addresses and registered trademarks, seeking recognition as entrepreneurial hustlers. Many people still think of spam as those enthusiastic pitches full of mangled grammar and implausible photography, selling dubious pleasures from timeshares and self-help books to diets and porn. But their time was quite short, before spam was profoundly transformed into what it is today.

When you receive spam today in your inbox or Twitter account, or see a spam comment on a blog, you are very likely the first human to have laid eyes on it. It is the product of layers of wholly computational work for which humans merely set the parameters, assembled and passed around the world on a chain of mechanical writers and readers. Over the past decade, strong anti-spam legislation was implemented and enforced by many countries — some of the most egregious spammers faced fines and jail time — and effective filtering systems for email were developed and widely adopted. To abide by the law, the spammer had to include mandated text in messages: links to unsubscribe and postal addresses for complaints. This text was perfect for the filtering systems, which looked for suspicious words and phrases to indicate spam messages, to intercept and discard, sparing us the burden of reading it at all. Legitimate spammers were trapped, and the illegitimate faced a challenge.

Zombies and botnets

Beating the filters was difficult, and they successfully stopped many spam messages. It needed a huge apparatus, tens of thousands of computers sending thousands of messages each, all day, from net addresses around the planet, to have enough spam messages get through to make it worthwhile. It needed a global spam machine — and that was what was built.

Spam messages began to contain strange links or attachments, which naïve users would click and download, or execute, unknowingly giving control of their machines to a remote spammer. While the computer’s nominal user filled in a spread sheet or played Solitaire, the computer — now a zombie or bot machine — quietly downloaded instructions, templates and address lists, and began sending out spam messages hundreds of times a minute. Along with all the other compromised computers in the botnet, it was modifying, evolving, and rewriting these messages, testing them against the automated anti-spam filters that were attempting to stop spam.

Today, these botnets have grown so large that they stitch computers in countries around the world into a seamless resource for criminals — a victim cloud, as security analysts put it. (These botnets develop diurnal rhythms: as the Earth rotates and people in different time zones turn off their computers, the botnet shows a circadian pulse.) The spammer’s project is now criminal: it is the business of scrubbing machines for credit card numbers and account passwords, taking over accounts to defraud friends and family with desperate requests for money, and renting out the botnet for projects such as denial-of-service attacks, using the zombified computers to overload servers for a website, to extort money or knock an adversary offline.

We are all embedded in this system. Our legitimate emails help train the filters, making them better at separating mail from spam. The operation of search engines such as Google has been shaped by the fight against the effects of spam. Followers on Twitter are often just spam programs, trying to trick humans into clicking a link (“hey, @you, check out this funny meme”) or feigning humanness so they can be rented out to boost follower numbers; they “work” for those businesses whose ads you see online promising 10,000 followers to give your account an air of influence. (Twitter isn’t revealing how much of its user base is algorithmic, but savvy guesswork suggests that the total number of spambot programs on Twitter could approach a third of all users.) Our insecure computers provide the resources for the global botnet.

The legacy of spam is a negotiation over how the Internet is to be used, and what it is for. To answer that means figuring out what is a legitimate, reasonable, honest expression of the technology. Spam is the net’s shadow history, and the ocean of machine noise around the island on which we live.

http://www.counterpunch.org/2014/03/14/a-short-history-of-spam/