The Famous Brett Wat - Slashdot User

Journal Journal: Their PR guy sent me a Final Notice

Journal by The Famous Brett Wat on Saturday March 22, 2003 @01:57PM

Having resigned myself to the idea of facing the promised attack, and backed up or relocated everything of value on my most exposed systems, I waited to see what peril may come. There's a certain relief in accepting doom, rather than worrying about it.

At 2003-03-22 11:42:45 +1100, my mail server received another note from the PR department. The usual copy-and-paste job follows.

Return-path: <ueffiu99645@yahoo.com> Received: from web13301.mail.yahoo.com ([216.136.175.37]) by         perfect.epsilon.com.au with smtp (Exim 3.35 #1 (Debian)) id         18wX5x-0001gU-00 for <famous@nutters.org>; Sat, 22 Mar 2003 11:42:45 +1100 Message-ID: <20030322004243.46484.qmail@web13301.mail.yahoo.com> Received: from [61.219.36.9] by web13301.mail.yahoo.com via HTTP; Fri, 21         Mar 2003 16:42:43 PST Date: Fri, 21 Mar 2003 16:42:43 -0800 (PST) From: General Kolok <ueffiu99645@yahoo.com> Subject: Your Recent SPAM Problems To: spamfraud-1@epsilon.com.au Cc: famous@nutters.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Evolution-Source: imap://famous@perfect.epsilon.com.au/ Brett It has come to our attention that you may be blocking certain IP's in the chain of proxies we use to communicate, and therefore may have not gotten our previous communications. To recap, I am an intelligence officer with the United Email Freedom Front. You have been targeted for Violations of the UEFF code of ethics and are considered a threat to freedom on the Net. In short, you should have been contacted earlier by commanding officer of the enforcement unit with a list of demands. I have attached the demands at the bottom of this email. The UEFF, and organization of almost 700, has already fired a small warning shot to get your attention...obviously it has, a small outage and blatant Spam apologies have been reported on your site by our intelligence units showing that you "got the message". It is my job to convince you to submit to the General's requests and save you lots of grief. Please consider the changes...YOU NOW HAVE ONLY THREE HOURS to comply. If not a major offensive will begin, ten times that of which you've seen already. The "warning shot" was undertaken by two units for twenty minutes. a real offensive will last eternally and be assigned to twelve units...you get the picture. Nobody (WEBSITE) has ever survived a confrontation with the Unit. Please for all that is good in the world, take my advice and make the changes, life is to short to let your pride get in the way. Once compliance has been verified by intelligence, we will retreat fully (although you will be on our monitoring list forever). Attached is the General's last email. CO Special Intelligence Unit - Gen.Kolok =========================================== Guten Tag, As you may know, you have been targeted by the Enforcement Unit of the UEFF (United Email Freedom Front). you should have been contacted last night by an intelligence officer. You have exactly 24(now 3) hours to effect the following changes or we will consider it an act of engagement. In the event of engagement all units will be mobilized against you, your site, and associated ISP's until the changes are made, or you no longer exist. In the event of a full cooperation, we will withdraw and ceasefire immediately. 1-In Article "Make Money Fast!"  the text " If ever I encounter one that's in my local area, I will seriously try to resist the urge to go and break all their fingers, satisfying myself with reporting them to the police only. What percentage of these would-be millionaires do you suppose are merely underage and insufficiently wise in the ways of the world? And what percentage need a damn good working over with a large clue-stick?" Must be removed. - In violation of violence toward emailers rule 2-In Article "Spam, Email, Innovation" the text "I haven't given up the notion of designing and implementing a new mail protocol that is designed to be rather more hostile to spammers" must be removed. - In violation of violence toward emailers rule 3-The Article "Spam: MonsterHut" must be removed. In violation of Defamatory Remarks rule 4-All Articles referencing Richard Stallman be removed, Or Replaced with "A certain writer we all know" or something like that.  - In violation of Defamatory Remarks rule 5-In the Article "Selling Spam Lists Respectably" The article must be removed, or the company "marketsharerecovery.com" replaced with a generic term like "list reseller" etc. Any links to that firm removed.  - In violation of Defamatory Remarks rule 6-All text regarding "TFBW Advocates Slow Torture For Spammers" must be removed. You may leave you current spammer message. DO NOT MENTION THE UAFF. Our judgment is final, we would expect full cooperation within the deadline. Commanding Officer - Xio-King UEFF __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com

So, the PR guy was obliged to use a genuine Yahoo! webmail account because he thought my spam defences might have blocked him? Well, I'd actually turned off most of my spam defences, since I wanted to receive complaint messages where at all possible, rather than blocking or bouncing them. But that's neither here nor there: I can understand that my silence would be vexing, and I like it that way. I am resolved to make no response to their coercive demands.

The "outage" mentioned in this message was probably when I shut down Zope in order to do a backup of Nutters.org. I forgot to bring it up again for a while after that, and they probably got "proxy not responding" messages as a consequence of this. Sorry guys -- my bad.

My Zope setup allowed me to add a spam disclaimer at the top of every single page by modifying one file, and so I thought it only sensible to do that. I don't want to try to play "chase the link" as they send out new spams with new URLs, so I just blanketed the whole damn lot.

I also note that the size of their organisation has grown from "over 600 members" to "almost 700" since their last press release. I wonder if they're counting the owners of the open relays and proxies that they exploit as de facto members? Still just looks like a couple of script kiddies to me.

But even script kiddies can do big damage.

Journal Journal: I wrestled with how I ought to respond

Journal by The Famous Brett Wat on Saturday March 22, 2003 @07:32AM

Should I capitulate to the extortionate demands of these despicable spammers? I've never had to think about responding to blackmail before, except maybe in a theoretical sense.

It was pretty clear that my Internet setup, being a smallish box on a smallish ADSL link situated at my home, was easy prey. It doesn't take too much knowledge to figure that one out. Withstanding a serious onslaught was out of the question.

So do I prefer to stick to my guns and face the conequences squarely, or wuss out and keep my Internet connection? Bear in mind that I'm not the only user of this connection. I pay for it, but I share it, so it would impact other people I know as well. It would, for example, deprive several people of their personal email, if the link were to go down for one reason or another.

Well, I gave the other users fair warning that the service may go down and stay down, and that they should have their own contingency plans if that happened. So now it was down to me: am I to be pragmatic and back off at least until I have a better chance to fight, or take the attitude that if they want my right to free expression, they're going to have to take it off me by force.

It's popular in cartoons to depict persons facing a moral dilemma as having miniature angel and demon versions of themselves hovering over opposite shoulders and giving "good" and "evil" advice on the subject, respectively. I'm a little stranger than that. If I were to depict my own dilemma, I would have an avatar called "pragma", who looks like a roughly-cut miniature statue of myself, floating on one side, and on the other, an avatar called "princip", who is a non-corporeal mini-me, floating in misty wisps, and radiant with inner light. They argue like so.

Princip: "We must not capitulate to the demands of these extortionists!"
Pragma "I tend to agree. We don't want to encourage that kind of behaviour."
Princip: "Our right to free speech is an intrinsic good. We must not surrender it."
Pragma: "Yeah, but a right to free speech isn't of much practical value when your platform has been denied. Maybe we should try to find a compromise."
Princip: "I will not enter into negotiation with terrorists. I do not consider them rational actors. I would just as soon try to have a reasonable discussion with a rabid Alsatian."
Pragma: "Yeah, well, these guys don't strike me as being on a quest for truth and fairness, so trying to be reasonable with them is probably a waste of time. That wasn't what I meant by a compromise."
Princip: "You want me to compromise on principles?"
Pragma: "Look, a right to free speech isn't of any practical value if you've got no platform on which to use it. I'm suggesting that we modify our speech to the minimum extent which will cause them to withdraw their threat, whilst expressing our damnation of their coercion in the strongest possible terms."
Princip: "We most certainly shall exercise our right of free speech to damn these actions! But I suspect that any sufficiently spirited statement would be objectionable to these censors."
Pragma: "I hate to say it, but you're probably right. We'd just be encouraging them to micromanage the site content. Giving them a mandate to govern us."
Princip: "Need I say more?"
Pragma: "We could take the whole site down and replace it with a black protest page detailing the outrage."
Princip: "Thus demonstrating the effect their actions would have had, more or less, without causing us the inconvenience of an actual attack?"
Pragma: "Exactly. It might encourage feedback. Get people asking about it. We couldn't do that if the site were completely down."
Princip: "I'd still feel like I wasn't sufficiently performing my duty to resist despotism."
Pragma: "But isn't the only alternative to face an attack which you have little or no chance to survive?"
Princip: "I would not be abandoning my duty in any way if I were to face such an attack, but I would be compromising my duty out of cowardly self-interest in your scenario."
Pragma: "Do you really want to be a martyr?"
Princip: "I want to do my duty. If the consequences are martyrdom, then a martyr I shall be."
Pragma: "And what of the consequent inconvenience to the others that use the system?"
Princip: "I refuse to compromise my rights for the sake of convenience; even for the sake of someone else's convenience. We will do our best to minimise the inconvenience to others."
Pragma: "I'm starting to agree with you. If we want people to be sympathetic to our cause, then an outrageous attack against a defenseless target is likely to attract greater condemnation for the attacker and sympathy for the victim. If we were to opt for the 'capitulate under protest' approach, we'd just be a whiner who won't stand up for himself."
Princip: "My goal is not to gain sympathy."
Pragma: "I know. I was just observing that your approach has the side-effect that it is likely to gain the most sympathy. Assuming anyone notices or cares at all, that is. It's not like too many people would notice our departure."
Princip: "Better to vanish in obscurity than to live in oppression."
Pragma: "I don't know about that, but I will agree for now that our best course of action is to defy the extortionists and face whatever attacks may come."
Princip: "Excellent."

Journal Journal: I notified the Australian Federal Police

Journal by The Famous Brett Wat on Saturday March 22, 2003 @01:11AM

It wasn't my idea to contact the police. I wasn't thinking along those lines, because I was trying to determine what action I could take to defend myself, and "contact the police" wasn't even on that list. With all due respect to the fine officers of the Australian Federal Police, I doubt they can do much about it, particularly in the short term. Maybe in the longer term if this nuisance keeps up, and spreads to more victims than just myself.

But several people, having read the threat letters, suggest I contact the feds. I have a close friend with a relative in the AFP, and he was able to provide clear instructions on how to go about it. I think it makes sense to contact the police over a matter like this, even if you don't think they'll help immediately, because it means they have something on record.

And since I think it makes sense to have it on an even wider record than that, I'll reproduce here (by hand, alas, so there may be errors) the body of my first letter to the Australian Federal Police. Enjoy.

Date: Friday, 21st March, 2003
Re: Reporting receipt of extortionate demands via email.
To the Australian Federal Police,
My name is Brett Watson, and I am employed in the field of Internet technology and software engineering. In addition to my professional interests, I also maintain an Internet presence at home as a hobby and means of self-education. This service has recently come under attack.
The incident was first brought to my attention on 16/03/03 when I noted an increase in activity on my system. At first I was unable to determine the cause of the increase, but by early 18/03/03 I determined that an unknown party (or parties) was generating massive amounts of email, forged so as to appear to come from me, inviting people to visit my website.
People generally take rather badly to this form of advertising (spamming), and in the interests of protecting my reputation and preserving my service, I was obliged to take a number of precautionary measures against this attack of unknown motives and origin. Such precautionary measures were to be on-going over the next several days as the attackers adjusted their techniques to suit my shift in defence.
Earlier today (21/03/03) I finally received two email messages which claim responsibility for this attack, and threaten to scale up the attack against me, my site, and my Internet service providers, until I meet their extortionate demands, or I "no longer exist".
I have attached, as attachments #1 and #2, the two emails I received, which claim responsibility for the attack, and which set out the extortionate demands. The demands are for censorship of the site, so that it conforms with their standards, rather than demands for money. As attachment #3, I provide a more detailed report of my experiences detecting and dealing with the initial attack, written on 19/03/03 (prior to receiving the extortionate demands). Attachment #3 also serves as a not-atypical example of the content of the site that they are threatening.
The tone of the letters of demand (attachments #1 and #2) paint a picture of immature teenage boys playing Internet war games, rather than serious, professional extortionists. Even so, if they wish to take hostile action against my site, they will find it ridiculously easy to do so. My site is a hobby, and I cannot afford the employment of full-time staff and high-capacity network connections that would allow a business-oriented site to ride out this kind of storm. I may be obliged to shut down certain services just to avoid the expense associated with an attack.
I request that the police view this matter with the same seriousness that they would were it physical damage to private property and associated extortionate behaviour, and I will be only too happy to assist in your enquiries where requested to do so.
I have not attempted to make contact with the offending parties, nor do I intend to do so.
Regards,
Brett Watson

Journal Journal: They sent me their list of demands

Journal by The Famous Brett Wat on Friday March 21, 2003 @11:04PM

Shortly after the contact from the friendly PR department, I was sent the list of demands. This is much more interesting, since it shows what motivates them. A name like "United Email Freedom Front" hints at a pro-spamming stance, even if they can't decide whether the acronym is "UEFF" or "UAFF". The demands, however, remove all doubt.

This is a copy-and-paste from my mail store. Some headers were generated locally, like the message-ID. (Irony: an "email marketing professional" who doesn't know how to construct a valid Internet mail message.)

Return-path: <CO-XIO-KINGCO-XIO-KING@yahoo.com> Received: from [65.199.174.82] (helo=yahoo.com) by perfect.epsilon.com.au         with smtp (Exim 3.35 #1 (Debian)) id 18wBIo-0000oc-00 for         <spamfraud-1@epsilon.com.au>; Fri, 21 Mar 2003 12:26:35 +1100 From: "CO-XIO-KING" <CO-XIO-KINGCO-XIO-KING@yahoo.com> To: <spamfraud-1@epsilon.com.au> Subject: Your Current Spam Problem Sender: "CO-XIO-KING" <CO-XIO-KINGCO-XIO-KING@yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Date: Thu, 20 Mar 2003 20:29:06 -0500 Reply-To: "CO-XIO-KING" <CO-XIO-KINGCO-XIO-KING@itgo.com> X-Priority: 1 (Highest) Content-Transfer-Encoding: 8bit Message-Id: <E18wBIo-0000oc-00@perfect.epsilon.com.au> X-Evolution-Source: imap://famous@perfect.epsilon.com.au/ Guten Tag, As you may know, you have been targeted by the Enforcement Unit of the UEFF (United Email Freedom Front). you should have been contacted last night by an intelligence officer. You have exactly 24 hours to effect the following changes or we will consider it an act of engagement. In the event of engagement all units will be mobilized against you, your site, and associated ISP's until the changes are made, or you no longer exist. In the event of a full cooperation, we will withdraw and ceasefire immediately. 1-In Article "Make Money Fast!"  the text " If ever I encounter one that's in my local area, I will seriously try to resist the urge to go and break all their fingers, satisfying myself with reporting them to the police only. What percentage of these would-be millionaires do you suppose are merely underage and insufficiently wise in the ways of the world? And what percentage need a damn good working over with a large clue-stick?" Must be removed. - In violation of violence toward emailers rule 2-In Article "Spam, Email, Innovation" the text "I haven't given up the notion of designing and implementing a new mail protocol that is designed to be rather more hostile to spammers" must be removed. - In violation of violence toward emailers rule 3-The Article "Spam: MonsterHut" must be removed. In violation of Defamatory Remarks rule 4-All Articles referencing Richard Stallman be removed, Or Replaced with "A certain writer we all know" or something like that.  - In violation of Defamatory Remarks rule 5-In the Article "Selling Spam Lists Respectably" The article must be removed, or the company "marketsharerecovery.com" replaced with a generic term like "list reseller" etc. Any links to that firm removed.  - In violation of Defamatory Remarks rule 6-All text regarding "TFBW Advocates Slow Torture For Spammers" must be removed. You may leave you current spammer message. DO NOT MENTION THE UAFF. Our judgment is final, we would expect full cooperation within the deadline. Commanding Officer - Xio-King UEFF

Journal Journal: I was contacted by their PR department

Journal by The Famous Brett Wat on Friday March 21, 2003 @10:54PM

On Friday, 2003-03-21 06:39:59 +1100 (as recorded by my mail server), I received my first contact from someone claiming to have knowledge of the cause of this vindictive spamming. I'll let the email speak for itself. I reproduce it here in full, as it appears in my mailstore. This means that some of the headers were added locally by my systems, but the body content is theirs, pure and simple.

Return-path: <forgetabouteventrying@another.com> Received: from host60-39.pool212171.interbusiness.it ([212.171.39.60]         helo=another.com) by perfect.epsilon.com.au with smtp (Exim 3.35 #1         (Debian)) id 18w5tN-0000Vp-00 for <famous@nutters.org>; Fri, 21 Mar 2003         06:39:59 +1100 From: "Special Enforcement Unit - Gen.Xio-King" <forgetabouteventrying@another.com> To: <famous@nutters.org> Subject: Your Recent SPAM Problem Sender: "Special Enforcement Unit - Gen.Xio-King"         <forgetabouteventrying@another.com> Mime-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Date: Thu, 20 Mar 2003 14:29:05 -0500 Reply-To: "Special Enforcement Unit - Gen.Xio-King" <forgetabouteventrying@another.com> Content-Transfer-Encoding: 8bit Message-Id: <E18w5tN-0000Vp-00@perfect.epsilon.com.au> X-Evolution-Source: imap://famous@perfect.epsilon.com.au/ Brett, I am writing you in reference to Your recent spam problem. You have been targeted by a group called the UEFF (United Email Freedom Front), and organization of over 600 members globally. I am a liaison officer, between the organization and it's targets. my job is to try to settle the disputes peacefully and without much damage. The UEFF Has, and will continue to target anyone who: 1-Promotes the use of Blacklists. 2-Names Companies and websites as spammers without identifying proof. 3-Approves of radical action against those who legally engage in direct email marketing. The UEFF is obviously against scams, child porn, etc. But will stop at no lengths to completely cripple those who violate the above rules, and consider it a threat to global freedom. It appears that your site(s) violate those objectives and the UAFF has in essence fired a warning shot at you to get your attention. It was .001% of their capabilities. You will be contacted by a special opps officer within 24 hours with a list of demanded changes. Brett, Life is too short. Do not let your pride get in the way. Every single site that has defied the organization is no longer online. My assumption is that there are a few offensive articles on your site, and that you name a few names. I am your friend. I do not want to see your years of work destroyed, but let's face it...how many complaints, hack attempts, mailbombs etc. will your ISP's allow before they refuse you as a client. The UAFF is absolutely tireless and unlimited in their resources. Once you receive the requests, make the changes unconditionally, and it will all just go away. You can save face by not mentioning our communications and just quietly making the changes. If you wish to contact me directly, place a link entitled Kolok at the bottom of your homepage at Nutters.org linking to a page with your message. Thank you for your understanding in this matter, CO Special Intelligence Unit - Gen.Kolok

Journal Journal: They started by framing me as a spammer

Journal by The Famous Brett Wat on Friday March 21, 2003 @10:40PM

This entry will be brief, folks, because I've documented it all elsewhere before. The full story can be found at my article When Spamming Gets Personal . That's hosted on Nutters.org, which is a target in the threatened attack, so you may have better luck doing a Google search for it, and using the cached copy. I intend to keep Nutters.org up and running, but I'm likely to experience technical difficulties in the short term.

For those who want the short, short version (the article above is nearly 2500 words), I started noting an increase in hits on the Nutters.org home page on 2003-03-16 which looked a lot like email-based click-through. I wasn't sure whether it was spam or a popular mailing list. A couple of days later, I had confirmed that it was spam, dressed up to look like I was sending it. Someone posted a copy to news.admin.net-abuse.sightings, and you should be able to find it with this Google groups search.

Note the use of the signature, "A message from the United Email Freedom Front." We'll be hearing more about that name. It's possible that they change their name from operation to operation, since a Google search for it, at the time I became aware of it, produced zero hits.

Keywords: vindictive spam, vindictive spamming, complaint-bait

Journal Journal: On the use of this journal

Journal by The Famous Brett Wat on Friday March 21, 2003 @10:06PM

Hi. I'm The Famous Brett Watson, not "The Famous Brett Wat". The lack of a "son" on the end of my nick is a product of The Great Username Truncation, which famously left "Ungrounded Lightning Rod" without a "Rod", and me without a "son". No doubt there were other casualties.

Anyhow, enough of the introductions. I'm going to use this journal to document the threats I've received from an organised group of extortionists who engage in what might fairly be called "organised spam terrorism". The phrase "spam terrorism" has been used before, mostly to describe uses of spamming which are aimed at causing distress to a particular target, as opposed to causing (step 3) "profit!" for the spammer. I'm using "organised spam terrorism" to take it to the next level, where the acts of terrorism are carefully planned and premeditated, and probably carried out by several individuals acting in concert.

I'm documenting this because, although I find it hard to believe that I'm the first person so suffer such a fate, I can find no evidence of this happening elsewhere. Hopefully the web-spiders will do their thing and make this information easier to find for the next person.

I'm doing it now because I have absolutely no intention of dealing with these terrorists. If they want to negotiate anything, they can call me on the telephone number I list for myself on my personal home page. Unlike these cowards, I do not hide behind a thick blanket of anonymity. If they want to negotiate, they can do so in a two-way medium.

But they don't want to negotiate. They have writ their code of conduct in stone, in splendid isolation from any society (other than their own) and its norms, and intend to dole out the consequences globally. Or, in the vernacular, they're a bunch of spectacularly arrogant fucks.

So, in a couple of hours I expect my meagre Internet link to be crapflooded, unless they're really, really incompetent. I'm a sitting duck: my services are hosted in my own home at the end of a 64/256K DSL link. One drunk monkey with a cable modem could ruin my day, let alone a gaggle of script-kiddies.

I'll post the information in this journal in the order in which it happened. I intend to leave comments enabled unless there is a special reason not to (which seems unlikely).

Keywords: organised spam terrorism, organised spam terrorists, extortionists, spammers.

Slashdot Top Deals