Antispam crusade backfires; Blue Security shuts down

By Bill Brenner, Senior News Writer 17 May 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Blue Security Inc.'s unique battle against spam has backfired, leading to the demise of the company itself.

The Menlo Park, Calif.-based antispam company announced it is closing up shop. The decision comes on the heels of a massive denial-of-service attack spammers launched against the company a couple weeks ago, in retaliation for its aggressive spam-fighting tactics.

Blue Security had been having its 522,000 users fight back against the spammers by flooding them with simultaneous return e-mails, leading the spammers to counter-attack with the denial of service that crippled millions of other Web sites, including popular blog-host sites TypePad and LiveJournal.

Security Wire Weekly In our most recent Security Wire Weekly podcast, analyst Mike Rothman breaks down the Blue Security controversy. Download the podcast here or subscribe to Security Wire Weekly here.

"It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," CEO Eran Reshef told The Washington Post. "Our users never signed up for this kind of thing."

Blue Security has said the "sophisticated attacks" were orchestrated by a rogue cracker named PharmaMaster, carrying through on earlier threats to take down the company and the Internet if it didn't allow his spam to get through.

"The attacks started with a strike on the Internet backbone itself, causing the Blue Web site to become inaccessible to visitors outside Israel, while remaining available for Israeli visitors," Reshef said in a statement at the time. The company's research work had been performed in Israel.

The company had claimed PharmaMaster was bent on going after any site associated with it. "This attack caused five top-tier hosting providers in the U.S. and Canada, a major DNS provider and a popular blog site to go down for several hours," Reshef said in the earlier statement.

Also at the time, a security chief for Internet monitoring and routing analysis firm Renesys Corp. of Manchester, N.H., reported that Blue Security changed its DNS record to reroute traffic to its blog, hosted by San Francisco-based Six Apart Ltd.'s TypePad site. But, Renesys said, Blue Security never warned Six Apart about the 1 to 3 million packets per second hitting its servers, causing the sudden spike in bad traffic to overwhelmed the blog host and knock millions of TypePad and LiveJournal blogs offline for several hours.

As of 9 a.m. Wednesday morning, the Blue Security Web site was down. A message about the company's closure is expected to be posted on the site Wednesday.

Tags: Information Security Laws, Investigations and Ethics,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Email and Messaging Threats (spam, phishing, instant messaging) The world's top 5 riskiest domains How to secure a .pdf file Top spammer gets four years in jail for stock fraud scheme New Zeus spam poses as Social Security statements Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary