|
||
|
||
A common acronym in spam-fighting is FUSSP—Final Ultimate Solution to the Spam Problem. It’s used (usually derisively) to describe the latest proposed scheme to end spam once and for all. Usually these schemes are based on false assumptions or have already been tried with no results.
This time—be still, my beating heart—it looks like some researchers at the University of California might really be on to something.
According to the New York Times, researchers have discovered that 95% of drug and herbal remedy credit card transactions are handled through just three financial companies in Azerbaijan, Denmark and the West Indies. Presumably, if these companies could be persuaded to stop supporting spammers, then the money supply which drives spam would dry up, and the spammers would be forced to close shop.
The UC paper is available here (pdf).
I’ve said before that spam exists because ISPs tolerate it. This seems to hold true for financial institutions as well. If the financial institutions stopped abetting spammers, the theory goes, then spam would be significantly curtailed.
Of course, I don’t have any illusions that this is the final solution to the spam problem. There will always be spam as the spammers find ways around the shut-down of their credit card processing suppliers. But as the shut-downs of major botnet command-and-contol centers in the past have shown, you can fight spam, if you’re just willing to do it.
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byCSC
Sponsored byVerisign
Sponsored byRadix
A World-Renowned Source for Internet Developments. Serving Since 2002.
...other companies or payment techniques would soon rise to fill the vacuum. Yes, you would see a temporary drop in spam, much as you do when C&C;clusters are taken down, and that’s a good thing, but this isn’t a solution to the spam problem, much less a final one. Then again, I suppose you already conclude as much, despite your article’s title and opening remarks.
The spam problem in general will be solved when the costs of the activity exceed its benefits. I don’t think we’re likely to achieve that, but it behoves us to use as many countermeasures as can be applied without causing collateral damage. In that context, I welcome this research, and hope that we can successfully bring negative consequences to bear on those who aid and abet the financial dealings of spammers, and thereby raise the costs of doing business as a spammer.
It remains to be seen whether the finance industry is prepared to “break connections” with spam-complicit services in the way we’ve seen with ISPs and their service agreements. I understand Internet connectivity well enough in this context, but I’m only vaguely familiar with the inner workings of credit card payment processing. Which links in that chain are worth our attention? A few companies have been named and shamed so far, but it remains to be seen whether they can or will shrug it off. There was a lot of shrugging off of the spam problem by ISPs in the early days: it took the consequences of DNSBLs and other tools to pierce that wall of indifference.
http://www.circleid.com/posts/university_of_california_next_hard_target_in_never_ending_war/
I appreciated Savage‘s paper for its detailed description of the spam ecosystem. However, its conclusion that the payment tier is the optimal target for intervention, just because it “is by far the most concentrated and valuable asset”, doesn’t seem to be particularly well founded. I think that customers who decide to buy something and find out that their credit card doesn’t work, would rather consider looking for an alternative credit card company.
Why do people buy spamvertized items?
But the credit card company may or may not have as much incentive to shut down CNP transactions for accounts where there's far less risk of fraud. People do get something on the lines of what they paid for. If the transaction is for illegal or controlled drugs such as narcotics, the case does get altered. Please see the points I made (and the discussion between me and Prof Savage) at http://www.circleid.com/posts/university_of_california_next_hard_target_in_never_ending_war/