TOURBUS: Thursday, October 24, 1996
DRIVER: Patrick Crispin
TODAY'S TOURBUS STOP:
THE AFTERMATH OF THE CHILD PORN SPAM
Hi, kids! "I sent you this letter because your e-mail address was on a list that fit this category." (I'M KIDDING!) :)
Actually, we have a lot to talk about today, so let's pay some bills and get the latest tour of our little bus of Internet happiness underway. I do want thank today's TOURBUS sponsor, not only for making today's post possible, but for also offering some of the lowest clothing prices I have seen in a long time (something that, as a continuously poor college student, I deeply appreciate). :)+--------------------------------------------------------------------+ Authentic apparel from Timberland, Duck Head, Woolrich and Calvin Klein is available from Aardwulf Apparel at +--------------------( http://www.aardwulf.com )---------------------+Let's bring everybody up to date on everything that I know so far about the "child porn spam":
Early on the morning of Monday, October 21st, e-mail letters were distributed to thousands of unsuspecting Internet users around the world, advertising child pornography for sale through "snail mail" from an apartment in New York City. Within minutes of the child porn spam being distributed, THOUSANDS of local, state, and federal police agencies around the world were flooded with complaints from angry Internet users who received the spam. According to a news.com report, a police officer in the New York Police Department reported that their vice squad has "been getting calls from all over the world since [Monday] morning -- from Germany, Norway, Sweden -- everybody."
I recently told you that "I personally believe that the [child porn spam] is a 'spoof,' written by someone who decided it would be funny to exact some sort of revenge on 'Steve Barnard.'" [Steve Barnard's name was listed in the child porn spam as the point of contact]. I recently heard from Steve Barnard -- well, I heard from *a* Steve Barnard ... I'm not sure if he is *the* Steve Barnard in question -- who denies any involvement in this.
The FBI seems to agree with Steve. In a prepared statement, the FBI said that the child porn spam "message is a hoax and the matter is being investigated."
The FBI's statement goes on to say that the child porn spam letters appear to have been sent from two accounts at America Online. Reuters reports that America Online responded by announcing that the accounts had been disconnected Monday morning and the service's legal department was also investigating the matter. [The FBI also reports that hackers have, in the past, established bogus America Online accounts using stolen credit card numbers and the sign-up disks the service widely distributes by mail and in magazines].
According to Bill Rubin in a post he made to the Spam Prevention Discussion List
The FBI also visited the person who owned both of the America Online addresses from which the child porn spam letters were originally distributed. He claims that he did not post the letters, but the FBI confiscated his PC as evidence. According to Bill Rubin in his SPAM-L post, the FBI has found no evidence of the child porn spam mailing on the suspect's system.
That's pretty much all I know right now. I pulled my information from a couple of resources that you may want to visit on your own, including:
U.S. says FBI investigating pornography e-mail
Reuters - Mercury Mail
"Porn spam sparks investigation"
Janet Kornblum - news.com
With that out of the way, let's start answering the questions that everyone REALLY wants to ask ...
Q: What is a "spam?"
A: A spam is the Internet equivalent of junk mail. Spams are usually unsolicited advertisements sent to tens of thousands of Internet users at once. Spams also take the form of totally untrue stories that continue to float around the Net for years. Some of these untrue stories include story of a boy who is dying of a brain tumor and who wants you to send him your business cards, how there is a virus in e-mail letters with the subject line "Good Times," how Neiman Marcus charged someone $250 for a cookie recipe, and how you can "Make Money Fast" by sending a chain letter to 10 of your friends.
Q: Why is an unsolicited advertisement called a spam?
A: I'll warn you up front that you really have to be a Monty Python fan to understand this. The term "spam" comes from the Monty Python diner sketch where the waitress says "well there's egg and bacon; egg, sausage and bacon; egg and spam; bacon and spam; egg, bacon, sausage and spam; spam, bacon, sausage and spam; spam, egg, spam, spam, bacon and spam; spam, spam, spam, egg and spam; spam, spam, spam, spam, spam, spam, baked beans, spam, spam, spam and spam; or lobster thermidor aux crevettes with a mornay sauce garnished with truffle pate', brandy and a fried egg on top of spam." Meanwhile, in the background, a group of Vikings in the sketch randomly sing the "spam" song (you *really* have to have seen the sketch to understand).
Well, when an unsolicited advertisement is sent to a Usenet newsgroup or LISTSERV list, a great many clueless people send their angry replies not to the sender of the advertisement but rather to the newsgroup or list on which the advertisement was originally posted. The real conversation on the newsgroup or list (the "food") is soon smothered by the discussion, and complaints about, the unsolicited advertisement (the "spam").
Q: The child porn spam says that the letter was sent to me because my "e-mail address was on a list that fit this category." How did I get on such a list?
A: You didn't. Folks, I hate to break this to you, but the spammer lied. If you received the child porn spam, the only category that you fit in is that you have an e-mail address. The reason that the spammer said that you fit into a particular "category" was to keep you interested in reading the rest of his spam.
Q: How do spammers get my e-mail address?
A: I honestly don't know. I do know, however, that there are hundreds of files of e-mail addresses that can be found all over the Internet. One TOURBUS reader found a Web page full of e-mail addresses here at the University of Alabama, and Mark Trevino found a 92 Kb file at NCSA that has nothing but e-mail addresses. In short, e-mail addresses are all over the place.
Q: How can I keep my e-mail address private?
A: Outside of never using it, you can't. There are a couple of tricks, however, that will help you keep your e-mail address a little less public:
- "Conceal" your e-mail address on every LISTSERV list that you are subscribed to. This prevents people from reviewing the list and finding your e-mail address [by the way, you don't have to do this if you are subscribed to any of the LISTSERV lists that I own -- my lists are set up so that the only person who can see your subscription address is me]. To conceal your address, just send an e-mail letter to LISTSERV@LISTS.INTERNIC.NET
with the command
SET listname CONCEAL
in the body of your e-mail letter, replacing "listname" with the name of the list to which you are subscribed.
- Your Web browser may be telling the owners of the Web sites that you visit more about you than you may know. Thanks to something called "cookies" (which we won't talk about today) the Web sites that you visit may be able to find out what type of computer you are using, what your name is, and even what your e-mail address is.
You can, however, "hide" your real address from prying Web sites by telling your Web browser that your e-mail address is something like "firstname.lastname@example.org." [Please use a *fake* e-mail address. You make think that changing your e-mail address in your browser to email@example.com is funny, but the Secret Service will probably disagree.] This won't work if you use your Web browser to read your e-mail, though.
Here's how to locate the address and names field that you need to change (remember, if you use your browser to read your e-mail, please do not do this):
Netscape Navigator 1
Options -- Preferences -- Mail and News
Netscape Navigator 2
Options -- Mail and News Preferences -- Identity
Netscape Navigator 3
Options -- Mail & News Preferences -- Identity
Microsoft Internet Explorer 2
Edit -- Options ... -- Mail News
Microsoft Internet Explorer 3
Brother Bill has yet to release a Mac version of IE 3, so I'm not really sure where the name and address fields are located in this version :(
Q: What should I do if I get spammed?
A: Your best bet is to delete the spam and go on with your life. If you don't want to choose this route, however, you have a few options [taken from my Roadmap workshop]:
First, NEVER reply to the group. The spammer won't read it. He is interested in talking, not listening, and he is not a list member or a regular reader. Your angry posting will only annoy the other members of the group and will not affect the spammer in the slightest.
Second, if you have a lot of time on your hands, you may read the responses of members who ignored my first bit of advice.
Third, if you have even more time on your hands, reply to the poster at his own e-mail address. But you may not get satisfaction. Quite often spammers hit and run, and by the time you get back to yell at them, they have closed out their accounts (or if their site administrator is on her toes, they will have had their accounts closed by the administrator).
Fourth, if you are even angrier at the spammer, you can write to the administrator of his site. If the spammer is CLOWN@CIRCUS.COM, his administrator is POSTMASTER@CIRCUS.COM
Q: Who should I contact if I receive a spam that contains "illegal" stuff (like the child porn spam)?
A: Your best bet is to contact your own site's postmaster or network security administrator and let them handle it. Most companies, schools, and large Internet Service Providers have full-time security experts whose job is to work closely with law enforcement agencies on matters of network safety and security.
You may decide to contact an appropriate law enforcement agency. One word of warning though: if you receive an illegal spam at work, make sure to contact your employer's network security administrator *BEFORE* you contact any law enforcement officials! Network security people tend to get a little upset if you go behind their backs and contact the police, and your little act of good net citizenship may get you a reprimand in your personnel file.
If you do decide to contact a law enforcement agency, which one should you contact? It depends on where you live, and where the spam is from. If you live in the United States and you are sure that the illegal spam crossed state lines, contact the FBI (your local FBI office's number can be found in the phone book). Otherwise, contact your local police department and ask for an officer knowledgeable about "computer crimes."
One word of warning, though: don't expect your local police department or local FBI office to know *ANYTHING* about the Internet or computers. As a matter of fact, when I turned in the child porn spammer to the Tuscaloosa FBI office, they had me *fax* a copy of the spammer's e-mail letter to them. :)
That's it for this week! Remember, if you get spammed, you best bet is to just delete it and go on with your life! :)-------------------------------- TODAY'S SOUTHERN WORD OF THE DAY -------------------------------- MODEM (phrase) - to increase in quantity. Usage: "I'm gonna git me modem moon pies!" (Hint: 'modem' is the way Southerners say "more of them") YOU CAN FIND ALL OF THE OLD SOUTHERN WORDS OF THE DAY ON THE SOUTHERN WORD HOMEPAGE AT http://ua1vm.ua.edu/~crispen/word.html