InBoxRevenge KS Forum

Hi all,
I'm back too! As I mentioned to SiL I also have been taking time out, but am slowly easing myself back into spamfighting duty, onwards and upwards!

I've been MIA for the past month

Hello,

Recent public disclosures and positive activity within the Internet security
community have provided encouraging news for long-suffering spam and malware
victims. The demise of Atrivo/Intercage and recent revelations about
EstDomains boost our belief that aggressive policy enforcement, efficient
data collection, and industry cooperation can make a huge difference in
creating a new, safer Internet. However, there is still quite a bit of work
to be done.

KnujOn is calling on all the Domain Name Registrars and other concerned
parties to help develop policy and methods to specifically put a stop to the
fake pharmacy menace. The Directi Group has lead the way by making a
commitment to end the easy flow of counterfeit and hijacked pharmaceuticals
on the Internet. KnujOn invites all companies in the ICANN-Accredited
community to make the same public pledge.

To this end KnujOn will be presenting a plan and series of proposals at
several events in the near future. Our Three-Point plan (Fixing the Broken
Policy Structure, Eradicating Illicit Internet Traffic, and Enfranchising
the Consumer) will be discussed at the Messaging Anti-Abuse Working Group
(MAAWG) General Meeting September 23rd, the Open Web Application Security
Project (OWASP) Conference September 24th, Anti-Phishing Working Group
(APWG) eCrime Researchers Summit October 15th, and the Information Security
Summit October 31st. Details about each event are listed on KnujOn.com. One
of our proposals to the security community could be a <<game-changer>> in
terms of dealing with malware and other security threats. KnujOn looks
forward to the community's support in this endeavor.

Is anyone else getting peeved that Knujon takes credit for every spammed domain that gets shut down?

Hello,

Continuing the positive momentum we have some additional success to report.
The final tallys of HostExploit's and KnujOn's push against illicit sites at
Directi in August. Over 175 thousand domains have been suspended by Directi:
http://www.knujon.com/news.html#10242008

Knujon, in conjunction with LegitScript.com, has also dismantled a large
network of sites dealing Schedule 3 Controlled Substances:
http://mesomorphosis.com/blog/2008/10/18/godaddy-shuts-down-steroid-websites
-under-pressure-from-legitscript/

While not directly involved, KnujOn applauds the takedown of Herbal
King/VPXL: http://www.knujon.com/news.html#10152008

For those who use Gmail there is some new functionality available that will
make reporting easier: http://www.knujon.com/news.html#10252008

We are nearing the end of a set of appearance around the country. First was
the Messaging Anti Abuse Working Group, where attendees thought KnujOn’s
perspective was a breath of fresh air. At the Open Web Application Security
Project conference in New York members were given different view of security
issues, namely the source of them. Critically, in Washington, D.C., KnujOn
spoke on behalf of the Internet consumer at a public ICANN meeting. There
were no other persons or groups at this session speaking for users, just us.
This has been part of the problem, your voice is not being heard, but we
will fight for you. Coming up we are speaking at the Information Security
Summit in Cleveland. At each of these events we push the agenda of fighting
illicit sites and enfranchising the consumer. We will also be proposing a
new collaborative project that could turn the tide against malware and spam.
This proposal will be posted publicly in the near future.

ISS: http://www.informationsecuritysummit.org

Subject: KnujOn, Your Advocate in ICANN

Hello,

We are pleased to announce that KnujOn has been granted ICANN At-Large Advisory Structure status. This allows us participate in the policy development work of ICANN directly and represent the interests of Internet consumers. For the past four years this project has been pressuring and influencing ICANN policies from the outside and now KnujOn will be addressing Internet policy enhancement from an official position. It is our goal to make the accountability successes we have achieved a permanent part of the infrastructure. We will post links and full details on our site for those who want more details on how At-Large Structures work.

Hello,

Summary of ICANN Meeting

Last week was very interesting, frustrating, and productive. KnujOn is now
an At-Large advisor to ICANN which means we can help shape policy and guide
Internet development in ways that benefit the consumer. It also means that
ICANN and the Registrars have to treat us, and those we represent, more
seriously. During this six-day conference we authored recommendations,
presented at e-crime sessions, argued with Registrars, conferred with ICANN
staff, and observed the passage of policy changes we fought hard for.


Working Group on Transparency and Accountability of ICANN
Through the At-Large Summit we participated in the development of a
recommendation document on Transparency and Accountability which generally
requires that ICANN publishes more information, more frequently and in more
languages. KnujOn specifically included this language in the working group
document:

"Policy enforcement and process: In order to provide transparency and
accountability the full lifecycle of complaint procedures compliance
requirements, follow-up, enforcement and appeals must completely documented
and consistent for each case. What is required of the contracted party,
including a timeline for compliance and related correspondence, should be
made available for public review. Additionally, statistics for compliance
and non-compliance should be posted regularly. To address these issues
generally, special metrics should be developed and continuously analyzed for
the purpose ofimproving the compliance system. Regular compliance audits and
improvement goals will help this effort. If ICANN staff is unable to handle
a high volume of complaints, this would be exposed and additional resources
could be allocated."

The point of which is to ensure that the procedure of policy enforcement in
transparent, adequate resources are assigned to policy enforcement, and
metrics are used to measure effectiveness. Full information:
http://www.atlarge.icann.org/summit/wg/ ... ncy-en.htm
***************************************************
Passage of Registrar Location Disclosure Clause
A change to the Registrar contract we began pushing for last year, requiring
Registrars to disclose their location, is now part of the new Registrar
Accreditation Agreement along with dozens of other changes to the main
contract that create new oversight of the Registrar industry:
http://www.knujon.com/news.html#03072009

More information about our confrontation with the Registrars next week.

Hello,

One of the problems thus far with the anti-spam effort is a lack of guiding
principles or philosophy. We have set out, from the beginning, to establish
foundational thinking to address the issues of online abuse and fraud. Below
are our seven core beliefs. There may be more. We hope this helps explain
our project.

1.Spam is not an impossible problem to solve

2.It is possible to collect and process every piece of unwanted email for
examination and enforcement

3.Spam is about who benefits from it, not who sent it

4.Spammers send mass email because someone pays them to

5.The motivation is money, the goal is a transaction

6.Focus efforts on the transaction target or platform not on the
advertisement

7.Eliminating transaction access removes money from the illicit cycle

Next week, the anti-philosophy that holds anti-spam back

Hello,

Last week we posted a series of principles or philosophy that guides us in
our efforts and thought process (listed at the end). This week we are
addressing the other side of the coin: Anti-Philosophy. Anti-Philosophy is a
series of common statements made by detractors and critics of the overall
anti-spam effort. These are dismissive, defeatist statements that are all
wrong and should be refuted at every turn.

"The problem will never be solved"
If one sets out to fail, surely they will. Unless one has tested every
possible solution and not succeeded they are not qualified to make this
statement. It our assertion that the spam problem needs to be managed first
then minimized.

"There is no silver bullet"
Silver bullets are shortcuts and cop outs. The solution to the spam problem
is a cumulative series of fixes to technology and policy. It is a fallacy to
assume one piece of software or legislation is a panacea.

"You need to look at the headers"
If you are tracking botnets or trying to plug security holes, yes you need
to look at the headers. But the headers tell us nothing about the illicit
products offered or the malware distributed. The headers excuse is now
frequently used as spammer denial. ISPs and Registrars reject responsibility
for abuse since all headers are assumed to be forged. Like we say: spam is
about who benefits from it, not who sent it.

"Anti-Spam is like playing Whack-a-Mole"
It’s only Whack-a-Mole if you play the spammer’s game. The first thing I
tell people in responding to this quote is that it is possible to cheat at
Whack-a-Mole. The game board is tilted to confuse the player’s perspective.
If the player crouches down and looks across the plane of the board it is
easy to detect when the moles start to pop out. Many of my colleagues who
tirelessly monitor and shutdown botnets know that this seriously disrupts
the spammer’s business and forces them to expend more resources. Terminating
illicit websites does the same. All of these endeavors yield critical data
that help us improve our tools.

"The definition of insanity is doing the same thing over and over and
expecting different results."
We’ve heard this quote multiple times. The implication is that continuing
anti-spam efforts is fruitless and stupid. The “definition of insanity”
maxim is not a universal truth. If I keep turning a jar lid eventually it
will open. If I keep walking up a mountain eventually I get to the top. The
quote is often misattributed to Benjamin Franklin or Albert Einstein,
neither said it. It is doubtful they would given their own tenacity and
perseverance. While we may not know the time and date of our success, giving
up will guarantee failure.

"You guys are vigilantes"
The definition of vigilante is someone takes the law into their own hands. I
do not know anyone in the anti-spam world who has done this or even could.
Accumulating data, reporting abuse, publishing studies and filing complaints
is not vigilantism.

"Anti-spam takedowns are censorship"
The websites we have had removed are generally engaged in illegal traffic
and illicit transactions. Behavior not words. If an individual wanted to
launch a website supporting the merits of illegal steroids, this is free
speech. Advertize the sale of or sell those substances on a website and you
are committing a crime. Child pornography is not artistic expression; it is
evidence of a crime.


Anti-Spam Philosophy:
1.Spam is not an impossible problem to solve
2.It is possible to collect and process every piece of unwanted email for
examination and enforcement
3.Spam is about who benefits from it, not who sent it
4.Spammers send mass email because someone pays them to
5.The motivation is money, the goal is a transaction
6.Focus efforts on the transaction target or platform not on the
advertisement
7.Eliminating transaction access removes money from the illicit cycle

Hello,

While KnujOn did not have funding to attend the recent ICANN meeting in
Sydney, Australia our presence was still felt. Just in time for a session on
abuse of the DNS, specifically concerning Country-Code Top Level Domains
(ccTLDs). Among other issues, the KnujOn report detailed interesting and
complex relationships in the management of ccTLDs. For example, the tiny
Pacific island nation Niue has farmed out management of .NU to a small
company in the United States (one of dozens). Apparently, unbeknownst to the
government of Niue or the U.S.-based manager, sophisticated prostitution and
sex-traffic rings have set up shop within .NU, which in some languages
means –nude-. .NU has been plagued for some time with illicit pornography
sites, but sex traffic rings in Eastern Europe were using .NU to display
galleries for girls for 10 to 100 thousand Rubbles per hour for various
services. This revelation was the shock of the abuse session and resulted in
outrage, not at the prostitution rings, but at KnujOn for discussing the
issue. The sites, which had been running for years at .NU, were immediately
suspended after KnujOn published this report. This was one of many abuses
found within the ccTLD space that have gone undetected until now. We have
also identified several other at-risk ccTLDs.

The anger at KnujOn over these revelations has resulted in extreme backlash
against us including baseless accusations from Registrars and even threats
of lawsuits. Certain parties have written libelous letters to ICANN about
KnujOn. We are not backing down. One ccTLD manager posted the following
statement on Twitter: "I wish people wouldn't refer to Knujon reports as if
it was the bible." We asked the author to explain this and he replied
stating that "KnujOn reports are highly questionable." Asked to provide
proof backing this up, he did not reply. What followed this was an
accusation from another party affiliated with Registrars that KnujOn had
filed fraudulent complaints against certain websites (which turned out to be
a false accusation in itself) and threat of a lawsuit against KnujOn if we
continued to file complaints against illicit websites and Registrars. All of
these attacks on un only mean we are on the right track!

Unfortunately, it take a lot of time and energy to respond to all these
accusations and threats which pulls us away from our real work, serving YOU
the Internet consumer. We are continuing to upgrade the report interface,
and this week we upgraded our core backend process. We also found a glitch
that left some uploaded and FTP submissions unprocessed, these are being
processed this week and may take a while. We also found that some members
bulk FTP or upload submissions are empty. We will be contacting you directly
about this.

Hello,

The Bing Report

We have just released a report on search engine advertisement spam in conjunction with LegitScript.com which demonstrates how easy it is for illicit pharmacy to post ads on Bing.

Some may wonder what search engine ads have to do with spam email. Everything. First, the same groups sending you spam email are also behind the search engine ads, and one of our goals is to deprive them of all of their resources.

Secondly, illicit pharmaceutical traffic accounts for most of the abusive activity on the Internet. Spam, domain hijackings, registration fraud: So much of it supports fake pill farms.

The full report: http://legitscript.com/BingRxReport.pdf
Brief: http://www.knujon.com/news.html#08042009


Base 64

For those of you with sparse reports attributable to Base 64 Encoding of your submissions, we now have a process for handling them and we are working our way through the backlog.


KnujOn Linux Magazine Article

This article gives you a peek inside our day-to-day operations:
http://www.linuxpromagazine.com/Issues/ ... -THAT-SPAM
The print edition will be available in September.
-------------------------------------------

KnujOn is an all volunteer, un-funded initiative. Our responsibilities have grown exponentially in the last year and our pay is still zero. We are committed to this solution and appreciate your patience while we work our way through the maze of Internet bureaucracy to reduce illicit traffic and spam.

Thank you for your continued support!