The web’s oldest dark art: Can spam be canned?


Read my latest for The Independent here in full or by following this link. It has also now been syndicated to papers in South Africa, The Gulf States and India.

There are 100 billion spam emails sent daily. But that number is decreasing. Does this signal the end of the web’s oldest dark art?

There are more than 100 billion spam emails sent every day and most of them seem to end up in my junk email. “Beyoncé Knowles”. “Weight Loss Now”. “Great Buy Opportunity”. Their short titles seem to read like a list of my fantasies.

The Twitter spam that turns up is more like my fears: “Someone is talking about you.” Each one tempts you to open it, download an attachment or click on a link.

Spam, of course, is the internet equivalent of unsolicited junk mail – originally sent by email, but now reaching us via tweets or even e-books as well. Even though there has been an “unprecedented decrease” in the amount of spam emails sent since 2011 – by 8.2 per cent – it still accounts for 71.1 per cent of the 144.8 billion emails sent every day, according to the IT firm Kaspersky Labs.

Some analysts have suggested that up to 40 per cent of half a billion daily tweets are spam. In 2012, 19.5 per cent of the world’s unsolicited emails were sent from China, 15.6 per cent from the US and about 2 per cent from the UK.

Just yesterday, a web war between an anti-spam group and a Dutch web host called Cyberbunker was violent enough to slow down the wider internet in an attack described as the biggest of its kind.

The crimes that spam has been accused of reads like the rap sheet of a fairly common criminal: selling dodgy medicines or fake Louis Vuitton, extorting money through requests for help, and stealing your identity by directing you to a website that asks for your personal details – a practice known as phishing. Malware that is often downloaded without you knowing it can turn your innocent-looking computer into an automated spam factory sending out hundreds of spam mails a minute to your nearest and dearest. The only clue: that it has slowed down.

So while some may see spam just as the background noise of the internet, for the security industries, and indeed for many of us, spam is “another problem to be solved and we have to do the best job we can at solving it,” says Don Blumenthal, senior policy adviser at the Public Interest Registry, which manages the .ORG internet domain.

Yet for others, such as new media theorist Jussi Parikka, “spam messages are also like the unconscious of our cultural fantasies”. Parikka is reader in media and design at Winchester School of Art. “From Viagra to instant riches, spam embodies an exaggerated, hyperbolic version of the things we are taught to dream about.”

And according to Kristopher Gansing, artistic director of Berlin’s Transmediale Festival of Art and Digital Culture, “spam has become the essence of human communication as we live more and more of our social life in a spam-like way.

“For me, the ‘I just bought a Soya Latte’ status update is indeed the ultimate spam, especially since it replicates through your social network without any hackers needing to automate it.”

In the words of Finn Brunton, “spam is one of the complex chaotic unforeseen consequences of the extraordinary open system that we have created”. Brunton is a professor of information at the University of Michigan and author of the forthcoming Spam: A Shadow History of the Internet. (due to eb published by MIT Press in May)

“It is one of the constant double-edged swords of the internet that it is brilliantly easy to build new systems and services for, but at the same brilliantly easy to take advantage of,” he says. “So the changing meaning of spam is a mirror to the changing value of the internet.”

According to Brunton, the first proto-spam message was sent in 1978 by the Digital Equipment Corporation to all 593 members of the Arpanet community announcing the launch of their new Arpanet-enabled computer, whether they were interested or not. Arpanet (Advanced Research Projects Agency Network) was the progenitor of the global internet.

Then in April 1994, Arizona-based law firm Canter and Siegel sent its advertisement “Green Card Message – Final One?” to all the members of 5,500 Usenet discussion groups and created the first commercial spam. Or what we today know as spam.

And for Brunton, this was the moment of transition for spam, as the purpose of spam was “all about money now”.

By 2003–4 a motley crew of spammers that ranged from semi-legitimate business entrepreneurs to outright criminals was increasingly being put under pressure by anti-spam filtering systems that used ever more sophisticated algorithms, and by harsher penalties for “spamming”.

“They were being presented with a kind of devil’s bargain, as either they could either go legit and probably out of business, or start to lie about who their spams were from and what they wanted to get round filtering systems and wait for the law to catch up with them”

Then in 2007 the infamous Storm botnet hit, which at its height may have controlled up to 50 million Windows computers and earned its creator, according to research, an estimated $9,500 a day from purchases of the goods it was flogging.

If anyone was foolish enough to open such emails as “230 dead as storm batters Europe” they would find an article to download or a link to a web page, and clicking on either would lead to malware taking over their computer and sending out 150 messages a minute.

The Storm botnet is an example of how “spam was now about building capacity” to “create vast systems where the spammers no longer even have to pay for the electricity” to make spamming as profitable as possible, Brunton says.

For Blumenthal, whether spam is the product of organised crime or an 18 year old in his parents’ basement it doesn’t matter, “if different protocols had been used years ago there may not have been so much spam now. Our standard email address makes dictionary attacks much easier because with @domain you can keep guessing the address and you will eventually get it right.

“In contrast the X.400 protocol would have made it much harder: compare with s=blumenthal;g=don;c=us;a=telemail;p=gov+ftc;o=wpo;dda. wpmail=HQ01 (dblumenthal).”

Jussi Parikka’s view is that “spam is a good reminder that the internet is a rich cultural sphere of human interaction, and not all sides of it are pleasant. The dark sides of digital culture are insights to the whole cultural logic of our computing technologies such as automation.”

For David Emm, a security researcher at Kaspersky Labs, the future of spam is uncertain because filters can identify 98 per cent of all spam and “the economics of spam are changing – the emergence of Web 2.0 has made it cheaper for them to use legal advertising methods.”

Spam, though, will also take new forms, Kristopher Gansing believes. “With 3D-printing technology becoming more widely available, I can imagine a new kind of physical spam becoming possible – spamming people’s workplaces and private lives with unwanted objects.”

In the future, Brunton thinks that spam will become more personalised and salient. “Personalisation is figuring out how to make a message that is personal enough that filters don’t catch them and that people fall for them, through a kind of lightweight identity theft by building up deep dossiers on individuals and their relationships from what people post online.

“Being salient is about making it almost impossible to tell if someone who is saying ‘I love you’ online is a real person or a bot.”

So it appears that the cat and mouse game goes on.

Leave a Reply