After all, says Lycos, it is not a misdemeanour. We are justified. Just look at the harm that spammers do! They're monsters.
To combat them Lycos is raising its own army. You can almost smell the oily smoke from the burning rags as the masses, led by Lycos, advance with burning torches on Boris Karloff. Only this time, the masses are zombie PCs controlled by Lycos' 'Make Love Not Spam' screensaver.
Had Mary Shelley replaced vengeful villagers with randy zombies, the outcome really doesn't bear thinking about. Really it doesn't. Similarly, Lycos' latest wheeze should be dismissed as an absurd publicity stunt at best.
Lycos defends its action by saying that what it is doing is not a denial-of-service attack, but an attack on the bandwidth of the spammers. There may well be some technical truth to this, but the fact is that attacking bandwidth is what, in effect, denial-of-service attacks do.
However bad the crime of the spammers, launching distributed denial-of-service attacks is illegal in many countries. As Steve Linford eloquently pointed out, you can't break into a thief's house just because he breaks into yours. It won't wash in front of the judge.
We're sure that Lycos will have consulted its lawyers before embarking on this adventure, but then the follies of big business never cease to amaze us. This strategy, we have to say, is indeed a folly.
Not only is Lycos in danger of breaking laws, it is in danger of lending credibility to the notion that DDoS attacks are OK if you're the good guy -- which of course you are -- and you're launching it against someone who, well, just deserves it. Regardless of the semantics of whether what Lycos is doing really is a denial-of-service attack, when you attack the bandwidth of one computer on the Internet, you effectively attack the bandwidth of all computers.
The aim of security professionals should be to mitigate denial-of-service attacks, not propagate them. Lycos needs to put its randy zombie army back in its pants and stop being so trigger happy.
Talkback
Complete nonsense. I've no desire to defend Lycos, but didn't they say that their aim is not to take the spammer's web servers down, but only to use up a little bandwidth so that the spammer's have to face a financial cost to their enterprise?
There are orders of magnitude difference between using a little bandwidth and using so much that the server becomes unavailable (which by the way is what is meant by 'denial-of-service'). The former denies service to no one.
It's also complete nonsense to say "because the spammers often use compromised PCs ..., Lycos' ... is likely to miss the real target". As far as I know, spammers are using compromised PCs to send out spam emails, not to run their web servers.
Agreed, anonymous. While the writer may have a point about legality and morality, which we can debate until the cows come home, the technical angles of this piece are just plain wrong.
More discussion at http://richi.co.uk/blog/
Interesting that nobody at ZD was willing to put their name to this piece, eh? ;-)
richi.
Thanks for your comments. We have made one slight alteration to the article in light of these, but we believe that the point about denial of service attacks stands.
Lycos did say one server had lost 85 percent of its bandwidth, which is in anyone's book at least a partial denial of service attack (and we did make the point that we didn't want to get into semantics in the piece). If whatever you call it that Lycos is doing here is only 5 percent effective then what's the point in doing it?
As for the point about not having a name to this, it is a leader. Leaders don't have author names; they represent the opinion of the editorial team rather than the opinion of one individual. We produce one every morning of every working day on a subject that we think is important to our readers, and if we generate some discussion or make a valid point we feel we've done our job.
Of course your feedback is always useful to us, and we even like being corrected on the odd occasion that a technical nuance slips through that is not quite on the spot. Keep 'em coming.
Thanks
Matt
Ahh yes, let's sit on our hands while no one figures out how to fix this problem. How many years must this go on, and how many billions of spam messages need to be sent before taking these drastic measures? Surely there is some threshold... and most internet users will agree that it has been crossed.
I am careful with my address, however I've had it for nearly 10 years. I get well over 250 spams per day. Email has become a chore.
You have been had.
makelovenotspam.com domain is registered to Starring Ltd AB - a Swedish Marketing company. Apparently Starring were contacted by Spray (a Lycos company in Sweden) to get more people to start using Spray’s e-mail service.
Ah yes, Let's return to the days of the Wild West here in the US. I can just see it now... "He needed DOS'ing!" as a valid defense.
writer of this article, what are your vested interests? are you a puppet of the elites? let the masses organize in an uprising, let them fight.
Perhaps instead of bitching about Lycos you could spend your time more constructively by finding ways to get rid of the evil of spam. Perhaps what this has shown is that we are sick to the back teeth of this, I know I am. Ive had to change my e-mail address three times now because of the amount of crap I was getting in my inbox despite all the spam filters etc available. So far, the measures taken to defeat spam have simply been not good enough, not good enough by far.
"The Ends Justify the Means."
This is an old excuse, and I don't think that even Lycos is buying it at the moment. Haven't they just stopped distributing their screensaver?
Regardless of how beneficial this may be to some it doesn't make it legal or right. I agree with the article that Lycos whether they claim there motivation was to "slow down" or to do a true denial of service, the end result was a denial of service for some. Their claims are just using semantics to try and justify a rogue action. Couldn't someone who then doesn't agree with the way Lycos operates make the same attack on Lycos and be justified because Lycos said it was ok for them to do it, so wouldn't it in turn be ok for those who don't believe in what Lycos does?
Maybe we should use SPAMVAMPIRE then?
See: http://www.hillscapital.com/antispam/
The advantages over the screensaver are that it draws a lot more traffic from the attacked websites. Also, you decide what websites to attack.
That seems to be a disadvantage, because the attacks are not centrally coordinated.
However, if every user on a given day enters the spamvertised websites they received that day, then the attacks are effectively coordinated because the same spam message is sent to a huge number of people.
The fact that this works without the need to download targeting information from some server means that this approach is immune to counterattacks (provided a large number of people spread all over the world participate).
I have to say that Lycos is in the right ball park. DDoS is not an issue, since the spammers are NOT legit. NO LEGIT COMPANY SPAMS, so therefore their servers are not legit and should be removed from the internet. And if the law won't do it, the marketplace should. They do NOT have a right to exist and do business. They do NOT have any 'freedom of speech', since what they are 'saying' harms EVERYONE it comes in contact with. They are infringing on MY right to freedom of speech by making it harder for me to maintain an email account.
I see spammers and the companies behind it as nothing better than thieves.
Regardless of the cause or owner of this particular problem, it is always the small businesses that are affected. We host three small business websites and have recommended Lycos to at least 5 other website owners. All of us are now totally down due to these problems, with no updates forthcoming from Lycos as to when normal service will resume, and losing money by the minute.
I fully support stopping the spammers, but not when our own websites are affected. We are now going to have to seek an urgent migration to another host service to restore our business credibility. I bet there will be no compensation forthcoming when blame and ownership are confirmed.