BlackFrog to Take up BlueFrog's Flag

Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."

Link

[Anonymous Coward]

Link to the project website. [okopipi.org]

Once you go black, you never go back.

[DigDuality]

Just as a correction folks, it's not called "Black Frog" this is a mix up. There was two projects. Black Frog and Okopipi aiming for the same goal. Black Frog stopped and the people joined Okopipi.

Re:source from bluefrog?

[DigDuality]

BlueFrog was open sourced and under the mozilla license, and yes they have the source code.

SpamCannibal

[Anonymous Coward]

I think one of the most genial spamtools is SpamCannibal
http://www.spamcannibal.org/cannibal.cgi [spamcannibal.org]

Re:Poisonous frogs?

[lhorn]

That's the whole point of an analysis before sending opt-out messages from all members. I am not familiar with Black Frog intended function, but if a certain percentage of their members gets similar messages it's a fair bet it is spam. A FrogHerder must look at the message to ensure it is sufficently spammy, before action - this may even be legal somewhere in the world.

Blue Security's reason for shutting down

[Paran]

I thought the reason Blue Security closed shop was because the spammers had diff'd their user database, identified quite a large amount of the participants, and then threatened virus attacks directed at them. Not because of the DDoS.

Blue Security Gives up the Fight [slashdot.org]
The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
...
"It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."

I'm guessing the only real difference is that users will know this time around.

Re:Spamming the spammers?

[forghy]

The goal is to spam the spammer *sponsors*, not the spammers themselves. This is the exact reason why the blue frog was so successfull.
Once you receive a mail advertizing pills or wrist ornaments , the Blue/Black frog client sends an opt-out message to the advertized mailbox.
Let say this online shop sends a million spam messages by means of a spammer, he (the shop owner) receveives 1 million opt-out messages back !


Days are counted for the spammers ! MUahAhahAHhaHAh

Re:Automatically clicks Unsubscribe links in Spam?

[dnixon112]

A legitimate concern, but with the Blue Frog system at least, the way this was handled was that the system did not identify which email address was clicking the links. All the "clicking" was done by the Blue Security servers, it just added up to one opt-out/unsubscribe click per spam message sent.

Re:Never trust the users

[Anonymous Coward]

> I think one method for this to work is for each suggested target be evaluated by each member. The member has to agree that this is a valid target before his account participates in the attack.

Sounds ... unwieldy.

Anyway, Blue Frog maintained a number of spamtraps on its "do not spam" list as well as normal users. If there was any question about a mail's legitimacy, it could usually be resolved by determining how many spamtraps it also hit. I don't think the "do not spam" list was really the best idea (it's what dragged bluefrog users into the escalation), but it really is an integral part of the model, to give fair warning to anyone who actually might just be mistaken, or at least to tell the targets of their complaint storm, "you had the ability to prevent this".

Blue Frog was never about DDOS'ing spammers bandwidth, only their ordering infrastructure with real opt-out mechanisms. It's naive to think spammers consider it anything more than a technical speedbump, but advertisers linked with spammers are also contacted, and they may actually take notice at the negative publicity.

Re:Once you go black, you never go back.

[DigDuality]

an Okopipi is a poisonous blue frog.

It's not DDoS.

[blueZ3]

The service fills in forms on spammers websites and submits it. This "corrupts" the data that the spammers are collecting by inserting hundreds of "opt out" submissions which makes finding the "valid" submissions (where stupid people responded to the spam looking to buy v1agr@) more difficult. There's nothing illegal (as far as I know) in using your own computer to fill out forms with bogus data.

The few hundred frog subscribers don't have the horsepower to shut down a Web server anyway. They just make the results of spamming much more difficult to sort through.

Re:Once you go black, you never go back.

[Infoport]

A little more info: Dendrobates azureus is the blue poison arrow frog of Suriname
http://www.atlantabotanicalgarden.org/conservation /amphibian_research.html [atlantabot...garden.org]

One interesting note from the WikiPedia article (couldn't find it elsewhere right now), is that the frog does not make any poison of its own but instead gets poison from insects which it eats. Seemed like an interesting tie-in for a P2P project.
http://en.wikipedia.org/wiki/Dendrobates_azureus [wikipedia.org]

How to prevent DDOS on the servers.

[Spy der Mann]

We're (yes, I'm part of the team - hello slashdot!) currently discussing using the main servers thru various proxys to anonymize the IP address. On a DDOS attack, the servers would just disconnect and then reconnect to another proxy and voila.

Also, the servers are the ones with the Central PGP authority. The network can still operate without servers, they're just needed for login (for now).

For the Nth time, we're NOT GOING TO DDOS!!!

[Spy der Mann]

Disclaimer: This is my personal opinion and does not reflect the viewpoints of other members of the Okopipi project.
--

Sheesh people! I hate to have to respond to 1,000 comments made by kneejerks who don't even RTFA, saying how terrible it's to DDOS and how the system could be abused.

Do you think we're idiots to let something like this happen?

1. The "attacks" on websites will be moderated. We want to make sure that the force is non-lethal to websites. We haven't discussed the implementations, but the decision has been taken: We will use throttling to PREVENT denial-of-service attacks.

2. The P2P network does *NOT* control the clients, it'll only distribute opt-out scripts for websites. Also, the customer can log out ANY TIME they want. So, NO, it's NOT a botnet.

3. Spammers Don't need P2P networks to initiate an attack. They already have their effective botnets in infected WinXP machines.

4. There will be a reputation system AND a hierarchy system (so not everyone can mod someone down), people will have to earn their trust to classify scripts, those who report wrong sites will be modded down, and the usernames and reputations are permanent. The hierarchy system we're studying requires at least two people acting as an individual before taking any action, to prevent infiltrations.

5. We're already considering infiltration of spammers in our model, we're researching papers written by experts in graph theory and computer science for this. A spammer could at most try to disable the network, but with the currently planned infrastructure, i doubt they can do it.

6. We haven't started to code. We're still discussing (and will continue to discuss) the possible consequences, abuses, attacks and how to prevent them or at least minimize them. We cannot afford to have ANY point of failure.

7. If any wants to cooperate, the google group is open to ideas.

8. And I repeat: we will *NOT* DDOS websites. It's a decision the commitee has taken, and it's a final decision. There have been people who have proposed to DDOS the spammers to death, and we're already shutting them up.

Re:Poisonous frogs?

[mybootorg]

I think it might be helpful for you to go back and read up on what Blue Frog was initially about. Their FAQ is undoubtedly cached somewhere. Many of the people posting here -- and nearly all of the media in past weeks -- have missed the point entirely. Because of the deliciously newsworthy "angle" of using spam vs. spam, most reporters have molded Frog to fit that news story, but not to represent what it actually was.

Blue Frog didn't automatically focus on every Spam that was submitted. It focused on the ones where it could do the most good. To be specfic, the developers would identify Spam that had been submitted to the most Frog members and originating from Spam networks that were not in compliance with the Blue Frog opt-out list.

Then the developers would visit the page and develop a script/bot that would submit opt-out requests using the E-Commerce or "For More Information" forms on the website.

Give this, I think it's pretty unlikely that someone would get hit by accident, dont you agree? Frog was never a completely automatic process. It required intervention and that's a good thing.

Blue Frog won because it was systematically beating the big spammers into submission, one spammer at a time.

IMPORTANT ANNOUNCEMENT FROM BLACK FROG

[Spy der Mann]

Due to TradeMark conflict, I have closed the Black Frog project. Actually the project was just a nameholder, since Okopipi was a separate project which I joined later.

So the official name of the P2P antispam software is now "Okopipi". Please stop naming it "Black Frog" or we could get sued for Trademark Infringement.

Thank you.

(More info on my journal) [slashdot.org]