This document commemorates Fred Tomlinson and Ray Tomlinson, noting that Fred passed away in 2016 and Ray passed away also in 2016. It discusses the first email ever sent by Ray Tomlinson in 1971 between two computers in Cambridge, MA. It also mentions that spam existed as early as 1871 in the form of telegram spam, which was 100 years before email, and discusses how traditionally the recipient paid for receiving messages.
Good afternoon ladies and gentlemen. As our first order of business I’d like to dedicate today’s presentation to two men name Tomlinson. Fred, who wrote the song Spam, for Monty python many years ago, and to
Ray, who made this all possible, the inventor of email, who also passed away this year.
‘it worked!’ 16 July 1945 Dr. Robert Oppenheimer
This is also, for the keen observer, the first line of text on a computer keyboard.
It is amazing to thing that my phone, or my watch probably have more computing power than these geriatric beasts. That said, the average hosting facility doesn’t look too much different these days …
Would anyone care to guess when the first spam was sent?
Spam has been around a long while
Here’s why spam works from a cost model, and why spammers do it.
If you think about how things normally work, if you wanted to put an ad in the New York Times Sunday Magazine, the ad would cost $100,000 US. Plus, of course, the models, writers, graphic artists, the limo for the models, the photographer and her limo, the catering … you get the point.
Or you could send spam, hit millions of people, with almost no cost to yourself, because you steal the resources of others. Someone else’s graphics, another person’s server, and so on. In the end it is the recipient who pays, because the receiver system has to pay for staff, storage, and network protection, which is a cost passed on to the user, one way or another.
Let’s take a very quick run through some notable points in email history
The very first networked virus was in 1971
This was at a time when everyone knew everyone on the network, so Gary’s boss was immediately contacted. He never spammed again.
Email – note the spelling
RFC 822 describes in technical detail, as a standard, how email works. I should note, that no thought was given to security when it was designed, because you could always call someone’s boss if abuse took place.
Open relays and proxies were the first mechanism used to transmit spam illicitly. It took almost ten years to shut them all down. Of course, open relays were a part of being a good neighbour when the Internet first started.
My organization has been doing this for 20 years.
MAPs was the first commercial spam filtering service. Spam backwards, of course.
Followed soon after by Spamhaus who are still around and arguably the biggest anti-spam service on the net.
Botnets replaced open relays. Very effectively, of course, we are still battling them today.
The first U.S. initiative
I’d like to remind you that M3AAWG works with the I2C Internet Infrastructure Coalition on Hosting & Cloud service provider best practices, and you will find an invitation to the next two MAAWG meetings, in Paris in San Francisco in your delegate bag.
CANSPAM, still a contentious law …
How’d that work out for you Bill?
SURBL was the first DOMAIN blocking list.
Canada’s anti-spam law came into being in 2010. My organization, CAUCE had a direct hand in crafting the law. It has some of the highest penalties for spam (up to $10,000,000 per email) and next year, in 2017, individual citizens will have the right to sue spammers under the law.
M3AAWG, Botfrei (Germany), Japan, and many other countries took a concerted effort against botnets in 2012. It had some very good effect in diminishing infected home computers.
So … the criminals turned to hosting companies to support their activities.
Where are we now?
I’m happy to report that email spam took a great downturn last year, dropping by almost 50%
But not so fast!
This is caused in part by Necurs, a hosting service-based botnet, dealing in ransomeware such as Locky. Necurs evolved from Zeus, and Spyeye, then Gameover Zeus.
“To help keep the botnet hidden, Necurs will only use a subset of infected nodes at one time. An infected host is used for two to three days, and then not again for two to three weeks. This complicates the job of personnel who respond to attacks, because they believe the offending host was found and cleaned up, and suddenly the spam starts again.” - Jaeson Schultz, CISCO
In the top 20 infections country as seen by the CBL, we find India, Vietnam, China, Pakistan, Indonesia, Japan, Taiwan, Thailand. In total volume, Hong Kong and Singapore are also part of that list. For total % of networks infected, add Laos, Cambodia, Myanmar, Nepal. For per-capita infections, Maldives is one of the worst as are the Seychelles.
Rather, it certainly isn’t the marketing golden goose of the 1990s, and it isn’t the primary communications channel between individuals, SMS, direct message and push notifications have surpassed email in popularity, and will continue to do so.
2-33 messages per day, per person totaling over 6 billion text messages in the U.S. each day; Push notifications are in the same volume range. 90% are responded to in under 3 minutes. You can see why criminals would want to leverage these technologies
Where are we headed? A Bruce Schneier piece recently talked about a nationstate that is trying to figure out how to take down the internet. That is a reality that affects us all, they will be using consumer-facing infrastructure, such as hosting companies to do so.
Imagine how little it takes to cause a top-level domain nameserver to cease functioning. We’ve seen DDoS traffic hit 1TB/s, virtually no NS is prepared to withstand such an onslaught
Cloudbots – instead of using a single compromised host, what if I were to create hundreds of thousands of accounts on various distributed cloudservices, and use them to attack in a coordinated fashion?
IoT – we have already seen where security is secondary, if even a consideration for much of the IoT. What if a Toasterbotnet or LightbulbBotnet were deployed to send spam, or …
Security researcher Brian Krebs writes about the criminal areas of the Internet. The criminals reacted last week taking his site offline.
BP38!
Last week’s headline. They attribute this to an un-named state-sponsored actor.