Kung-fu Frog, liked that. Yup, apparently it works enough to get that spammer mad at them!

Interesting, but a real over simplification of what’s going on. At least you disclose your brother is an employee and you’re part of the coordinated effort to save them, but really, don’t you think that if someone doesn’t want Blue Security’s email they’d simply packet filter them or RBL them like the rest of us?

Really, it’s that simple. Claims of agreements with spammers are spurious at best, the claim of the Spammer writing to Wired is doubtful, and it seems like a lot of this is simply being created by Blue Security for their own benefit - but is backfiring in quite a large way. If you analyze who they really are, they’re a small company with 3 million in funding in business for a little more than a year and likely in need of another round since they still haven’t found a way to make money.

Sounds “fishy”, not “froggy”.

Best,

Martin

Hi Martin,

Thanks for your comments.Here are a few points to consider:

1.Yes I am the brother but I can assure you that I am in no way part of any coordinated effort. No one contacted me, asked me…etc. If I was I wouldn’t make it so obvious. You will notice that I even suggested to my brother that I wasn’t sure his company’s product actually works “…up until today that Blue Security actually works …sorry brother “

2.Simplification is good – spammers attack me therefore someone needs to remove the gloves and start getting real with them = Blue Security (or any other company) = I am happy. Revenge has its satisfaction and since its cyber and nobody gets hurt, all the better.

3.I do resent the notion of analyzing how much they have in funding etc. For me this is a diversion from the core issue – why should users suffer from spam, why spammers exist and where is the punishment for cluttering the #1 online activity (emailing). There are laws against spam but there is no police…so vigilantism is not a bad option in my opinion

4. Future revenue model - as a Blue Frog member (and not a brother …) I would be interested in how they intend to make money and are they doing it based on my ‘membership’s back’. I trust this will be disclosed and if not they will become the mirror of their enemies, I bet on the former.

Gil,

Of course you can resent anything, that is your perogative, but I think that it’s part of the equation. I’ve not seen your brother making statements, mostly innacurate according to many experts by the way, so I am not calling into question your brothers integrity. I apologize if you felt that I did. I am however calling Blue Security’s integrity into question and have been for over a year. There’s no doubt, I’m not a fan, but I am not a spammer either. I particularly “resent” the collateral damage and vigilantism. I’ve been around for _all_ the spam events and never have we condoned what Blue Security is doing and I think this trend is likely to continue through these dialogues.

So let me recap. Spammers can easily block Blue Security so I doubt their claims of success and I’ve yet to see any of these “agreements”. Spammers don’t like the press. I’m willing to validate Pharmamaster. He knows how to reach me and I know things that only he knows so I’ll be able to know for sure if it really “is” him talking to the press, and as far as all of the collateral damage that BS has caused, yes, you can blame the spammer, but you can also blame BS. Their CEO is a self proclaimed security expert. Any security expert would know what happens when you repoint your DNS at SIXAPART. The BS timeline doesn’t quite jibe with everyone elses as far as attack timeline goes and I’ve yet to see SIXAPART or Tucows offer any support of the so-called facts.

Best,

Martin

Martin it seems you are confused about the facts.

The timeline of the attack is quite complex you may read about it below

Starting Monday, May 1st, the Blue Community has been the target of a criminal spammer. This criminal spammer, PharmaMaster, is attempting to deny our community the right to opt-out from his spam messages.

Aside from blackmail emails sent to community members, there were two separate attacks on Blue Security itself. The first attack was to block worldwide access to Blue Security’s corporate website (www.bluesecurity.com) by tampering with the Internet backbone using a technique called “Blackhole Filtering”. The Second attack was a DDoS attack on Blue Security’s operational system.

When we realized the spammer had blocked access to our website to obstruct members from using our service or access our website to receive more information, we performed a series of tests to determine what had happened. These tests clearly indicated that the corporate site was not subject to a DDoS attack since it was accessible from inside Israel and there was no load on the system. These symptoms were in accordance to what the spammer had indicated he would do (i.e. block all traffic to our site from outside of Israel) in an ICQ session.

In order to inform our community of what had happened, we used a previously-existing blog site for the Blue Community which had been host to our corporate website prior to July 2005. We posted a short blog item to inform our users and other constituents of the situation and how we were working to solve the issue. After the name server had been updated such that traffic to www.bluesecurity.com reached the blog, the blog was active and functioning and many users had posted comments. It was only 40 minutes after the redirection that PharmaMaster decided to launch a DDoS attack on www.bluesecurity.com, now hosted at TypePad.

Blue Security shares the pain of blogs.com’s community that was seriously affected PharmaMaster’s criminal acts. But, those who blame Blue Security for the attack only further the agenda of PharmaMaster to impose his will on all Internet users.

Attack Timeline (All times in GMT)

[May 2nd 13:42 GMT]
PharmaMaster Works to Block Traffic to Blue’s Corporate Web Site
One of world’s largest spammer’s, ‘PharmaMaster’, sends Blue Security an ]ICQ Message stating that he will block traffic to Blue’s corporate website, www.bluesecurity.com.

ICQ Message: “Support b [tier-1 ISP name withheld] says: Yes wont be a problem, i’ll make sure to block all traffic to this domain very soon just get me reports mate” “b [tier-1 ISP name withheld] will block traffic to your websites god i love this war ”

[May 2nd 14:47 GMT]
BlueSecurity.com Can’t be Accessed Outside of Israel
Blue Security receives another ]ICQ Message from PharmaMaster stating that Blue’s corporate Web site cannot be accessed from outside of Israel.

ICQ Message: ” bluesecurity.com cant be open from outside of israel oh i feel sorry for the company really ”

[May 2nd 15:30 GMT]
Blue Security’s Dedicated Servers—NOT Corporate Website—Under Attack
Blue Security’s operational servers—NOT www.blusescurity.com—suffer from DDoS attacks.

[May 2nd 16:30 GMT]
Corporate Website Receives 2 Hits/Min
Blue employees notice that there is not load on the corporate website, www.bluesecurity.com (2 hits per minute) and that most visitors originate from Israel.

[May 2nd 17:07 GMT]
PharmaMaster Sends Message: Website Can’t be Accessed Around World
Blue receives another ]ICQ Message from PharmaMaster stating the company’s corporate Web site can not be accessed around the world.

[May 2nd 20:17 GMT]
Blue Performs Technical Analysis: Confirms Website Cannot be Accessed Abroad
Blue’s technical analysis team determines that its corporate website can still be accessed from Israel, but cannot be accessed abroad.

[May 2nd 21:17 GMT]
Blue Reports More Symptoms: “Blackhole filtering” Confirmed
Blue’s operational team reports on more symptoms supporting PharmaMaster’s claims that the backbone of the Internet was compromised (blackhole filtering at the backbone level). Still, there is no sign that there was a DDoS attack on Blue’s website.

[May 2nd 22:45 GMT]
Blue Security Decides to Update Blue Community
Blue Security decides to update the Blue community about the situation by reverting to Blue’s pre-launch “Blue Zone” Blog, hosted on Typepad.

[May 2nd 23:20 GMT]
BlueSecurity.com Redirected to TypePad
www.bluesecurity.com is redirected to Blue Security’s blog. Many community members can receive real time information about the attack.

[May 2nd 23:27 GMT]
First Comment Posted on the Blue Blog
Blog site at TypePad functional. The first comment is posted on the Blue blog by a user.

[May 2nd 23:57 GMT]
Last comment Posted on the Blue Blog Before DDoS Begins
TypePad blog site still functional. The last comment is posted thirty minutes later on the Blue blog just before the new DDoS attack occurs. (If there had been an initial DDoS attack on Blue’s corporate site, the blog site would have been hit as soon as the DNS was redirected.)

[May 3rd 00:00 GMT]
PharmaMaster Starts Attacking Typepad
A fierce and ruthless DDoS on Typepad begins. Blue is not aware of the DDoS due to the late hour in Israel (2 AM local time). Typepad continues to carry Blue Security’s blog and help Blue keep our community aware of the situation.

[May 3rd 16:43 GMT]
PharmaMaster Strikes Again, Takes Down Tucows
PharmaMaster starts another attack and takes down Tucows’s DNS servers which were serving thousands of sites, including Blue Security’s. Tucows terminates Blue Security’s account in an attempt to stop the attack.

[May 3rd 23:23 GMT]
PharmaMaster Boasts Success
Almost 24 hours later, PharmaMaster boasts success in another ICQ Message:

pharma master: you know i feel sorry for you and all the world 9000 servers are down because of your company pharma master: world cant resolv pharma master: all the biggest isps been emailed that all this of bluesecurity.com and lets see how they would love you to be able to push trafic from them pharma master: good luck anyway

[May 4th 13:00 GMT]
Blue Security partially restores its services
Blue Security’s web site and some of its operational servers are functioning again.

You will see your comments regarding redirecting the DDOS are unfounded.

Secondly, the spamvertised sites can not block Blue as you state. The op out requests come from members’ own PCs via their frog. Op outs are sent on a 1 to 1 basis from various members’ frogs therefore ip filtering is ineffectual.

You seem to miss the point that the frog IS having an effect. Spammers would not bother to launch this attack against Blue if their strategy was not working.

Finally end users have the ability to complain about the junk mail they do not want and to be removed from lists safely. On a personal note my spam is almost zero on my protected addresses, you can’t argue with that.

Perhaps if you looked into it a bit more you might like to join.

A very happy frog user.

John, you seem confused. Your posting ICQ logs. These are not facts. As far as I know, they’re made up for effect.

I’m thinking you got SIXAPART or TUCOWS to make official statements or post time stamped logs.

So far, Todd Underwood is the only person who has presented facts. Have you see those?

The timeline that reports a delay between redirecting the URL and the start of the DDoS on TypePad jives with what the spammers themselves were posting on their message board at SpecialHam.com, ie. that they brought down Blue Security then discovered the message boards were still available, needed to notify each other of the IP numbers, and then started DDoS’ing the message boards. Although these entries are time stamped, I unfortunately don’t know which time zone they are in. “Killthem” is the alias of the spammer who on the first page of the thread invites the others to join him in attacking Blue Security. Fortunately he keeps the profanity to a minimum for this part of the thread:

RE: B l u e S e c u r i t y | READ U… (in reply to bulkaboyx)
———————————————————–
ginsta
Posts: 82
Joined: 4/14/2006

I’ve downloaded the db…. Let me know when to start
Date 5/1/2006 4:15:12 PM
————————————————————-
killthem
Posts: 52
Joined: 4/30/2006

ginsta
Start now.
contact me for texts and more emails
lets rock
Date 5/1/2006 4:23:24 PM
————————————————————-
LCS
Posts: 57
Joined: 8/15/2005

guys, bluesecurity.com is down now. is it just for me or everyone else?
what a happy day
Date 5/2/2006 12:46:37 AM
———————————————————–
ryans
Posts: 238
Joined: 8/13/2004
From: Inbox, USA

Aww what a crying shame
_____________________________
“Screw the Anti-Spammers
They wouldn’t have anything ‘better’ to do
if it wasn’t for us mailers trying to make an honest living”
Date 5/2/2006 1:09:19 AM
——————————————————————-
killthem
Posts: 52
Joined: 4/30/2006

LCS yes it’s been down
our good friend and master of hes job did that.
heh it’s just a beginin.
Date 5/2/2006 2:02:38 AM
————————————————————-
ebulker
Posts: 229
Joined: 7/6/2005

yes down but members.bluesecurity.com still up
need to down www, members, community !

# host members.bluesecurity.com
members.bluesecurity.com has address 206.225.91.229
members.bluesecurity.com has address 66.197.244.214
members.bluesecurity.com has address 72.36.247.10
+ https://members.bluesecurity.com ssl port

need to f*** all aliases
afaik this domain used in bluefrog ?

____________________________
Here is what you’re looking for:
http://bulker.biz
icq# 333192431
Right and easy way to make BIG money!
Date 5/2/2006 2:40:58 AM

Martin,

You seem like a reasonable person (so I truly believe you are not a spammer). Let me offer you a reason why collateral damage is a good strategy. Actually it’s the very reason me and you, and the world at large can carry on and worry about petty issues like spam.

During the cold war the concept of the “second strike” became the strategic doctrine by which America ensured nuclear stability was achieved. The baseline logic was the Russians would not launch an all out nuclear war on America if they know for certain America could launch a rebuttal strike (or second strike). Once this doctrine was adopted by the Russian’s too, the stalemate held for 50 years, eventually leading to peace.

This is what Blue brings to the table. Spammers are not likely to hit me if they know I have the equal capability to return a fight. Maybe one day we will all be friends. I just hope it will take less then 50 years

And by the way – the start up I’m involved with today (Service will launch soon…and I’m not reveling the name yet to keep the spammers away)…will feature a new communication system with ZERO….yes ZERO spam! …More info will follow in time

I am a member of Blue Security, along with a few hundred thousand others. I have no other affiliation with them.

For the record, I can add that when the bluesecurity.com website was unaccessible, I visited the back-up weblog site several times over a period of about half an hour. I read the Blog, read through the responses, and added my comment there as well. I did not experience any delays in accessing that site over that time. I did not access it during the DDOS attack on the site, as I had gone to bed by then. My experience of the site matches the timeline, so I can believe the statement of facts based on my own personal experience.

Logic also dictates that if it was blue sescurity’s intention to redirect a DDOS attack, they would surely have selected the spammers’ own forum as the target. But I think that Blue Security is the party displaying ethics and restraint despite inordinate provocation.

Terry Bowden

Martin wrote…So far, Todd Underwood is the only person who has presented facts. Have you see those?

No I haven’t, if there is proof that the timeline is other than stated I would be very interested in seeing that proof.

Maybe the actual proof could be posted somewhere?

Until then I will believe the version of the facts as they have been presented to me.

What concerns me that we are talking about this as if this was a court case. Trying to establish timelines, bring evidence etc. There is no doubt (in my mind at least) that there is a higher philosophical, sensible issue at hand here.

Fighting over the micro facts in this case will not lead anywhere.

My 2 cents:

Gil, you assume the spammers targetted the world as a whole, and yet, based on an informal survey I carried our with my contacts, the only ones who had received the BS spam were indeed BS users like myself.
Which indicates to me that spammers can with some/no effort reverse engineer the BS user base.
As a member of the anti-spam industry (working for an anti-spam service provider), I’ve been following BS for a while. I can appreciate the “feel good” attitude about “getting back” at spammers and their sponsors, but so far I have not seen a decline in spam and/or any tangible benefits to the actual BS end user.

Yes I assumed and I might be wrong. So what? Like I said this isn’t a court case. The fact is a whole industry is out there trying to protect us from spam but only BS is going on the offensive. Its not about feel good, its about feeling right.
What if 20 other companies did the same..don’t you think spamers would rethink?

I use Gmail which has an incredible spam filter so theoretically I could care less but in the long run that is not deterring spammers from filling in my account with JUNK, using up bandwidth, employing thousand of system admins on handling and configuring mail filters etc. The ripple effect caused by 95% of email traffic originating from spam is huge. Actually you are right – there is a positive side to spamming, many people have a job in one way or another because of them…on second thought, lets leave them to their thing and focus on defense.

You’re subtly missing my point (such as there was ever one). I actually subscribed as a BS user because I was looking forward to seeing an impact on my spam. I think that hurting (in the broad sense) spammers is more effective than spam filtering. At the same time, you and I would not be willing to pay $0.0001 for each email we send or receive, would we?

My point is that if the BS database has been compromised (either through hacking or simply by reverse engineering email bounces or whatever), it makes the whole discussion moot. Instead of providing more security, they are instead leaving me, the subscriber, potentially more at risk. This has nothing to do with specific anti-spam methods, ideology or what have you. If indeed the spam was targetted at their user base, meaning that user base has been exposed, then their entire premise for enhancing security just went out the window.
I don’t want to fight spammers and find out my email address has become collateral damage…

Oren,
I’d like to suggest a different point of view. The BS core user base’s primary motivation at this stage is not necessarily to minimize their spam rate. Their motivation is to kick start what they see as an overdue offensive against spammers. Those who think it’s an easy fight with no setbacks are probably participating in the wrong fight. BS has been pioneering the initiatives and now the spammers initiated their first real counter strike. If you believe the offensive is a good (certainly brave) thing and if you identify with the cause, then your natural inclination should be to support BS even more in their attempt to improve past the first obstable.

I sound a little full of 18th century pathos, I know, but there’s a point. BS will now gain recognition as pioneers in a brave attempt to do something more then just filtering spam. It will do them a lot of good. This doesnt mean the defensive systems are a bit less necessary, they are a must, but the psychological benefit for BS supporters is a flavor of hope for change. It’s not a security product, it’s a goodwill product. That has more value then having your email picked up by one additional spammer.

I’m sure BS will get better as most good companies do when they they hit the first real life fight. I do believe their user base will get a lot of traction by people who share the cause.

Aner,

I’d tend to agree with your take on BS if they were a non-profit or an educational facility, harnessing our computers for SETI-like projects.
Where is gets a little more complicated is when you have a profit minded organization which derives its value from our PCs, and which will ultimately monetize its services by offering spam reduction services to _someone_ (consumer or enterprise) for a fee.
This isn’t about ideology, this is about a company making money for its investors. I completely disagree with you about this being a “goodwill” product.

In other words:
(a) their premise for making money is not “getting back at spammers” but “reducing spam” for paying customers;
(b) we are being coopted into their spam fighting mechanism;
(c) we (you, me, the rest of us) are being put at heightened risk on account of BS’s failure to properly protect and/or implement its technology;
(d) which for me says that they would rather have awsome spam fighting capabilities, for which they could charge $$$, while ignoring or playing down the pain for us little folks who actually carry out those attacks for them, and who perceive no tangible benefit whatsoever.
(e) at the end of the day, the model as I see it calls for end users to assist BS to cut down spam for its paying customers, not to help solve the spam problem. now, if they could show me how participating on the program will ultimately result in less spam for me, that’s an incentive. but events so far have proven just the opposite - the do-not-spam-me list concept can easily backfire.

So while I’m still donating CPU time for SETI@home, i no longer do the same for BS.

Gil,

Believing I am not a spammer is mildly insulting. I’ve never been a spammer and have given no reason to make you even wonder if I’m a spammer. Perhaps looking around the Internet a bit may help you be assured?

“Let me offer you a reason why collateral damage is a good strategy.”

You see Gil? This is why we can never be colleagues in the fight against spam. Collateral damage is unacceptable.

This is my take on what has happened, facts and all, and I think it’s time for me to leave it at this:

- Blue Security announces “we will dos you” to
spammers

- Noted internet anti-spammers reject Blue Security as a very bad idea.

- Big Ego CEO doesn’t pay attention.

- DOS ensues

- Big Ego CEO and security expert knows quite well what’s going to happen when he repoints www at SIXAPART

- Spammers are smart. They turn to attack NS records instead.

- Big Ego CEO moves NS to Tucows. Knocks out 104K
users.

The rest is fodder in my book and I’ll tell you why.

Best,

Martin

Martin,

Let me start by PUBLICALY APOLIGIZING if anything I said offended you. You are right. I didn’t check before, now I did and can only be humbled by your comments to my blog. So hope all is good
:)

I accept your rational and I think Oren made some good points as well. The only issue which bothers me is the fact that the internet is RULED by these bullies and that we have to accept it as a fact. Meaning that the fight against spam will be limited to advanced filtering technologies and more meaningless regulations…but not more (any suggestions?).

BS’s attempts have unleashed some dangerous demons that will not stop at anything and the 104K users are just a prelude. I can only imagine that part of BS employees are not just feeling the heat from this cyber attack but also have a good reason to suspect ‘real life’ foul play (if you know what I mean)

I am open to being convinced and comments on this blog have made me think and understand both sides.

I believe there is more to come and this saga will not just die down. Regardless, BS can be comforted that if they close down the rights to this story can be sold to Hollywood.

[…] I received some interesting feedback arguing that while this might be true, it is not the business of a corporations to create a business model based on vigilantism, that ‘an eye to an eye’ philosophy is not the ‘right way’ to deal with spam, some more personal comments regarding the CEO’s ego and more (see comments to post). […]

incest taboo rape photo…

news…

Phentermine….

Phentermine….

Hello! Good Site! Thanks you! mkrtrgnypvpv

Buy no xanax online prescription all on one site….

Can you buy xanax without a prescription. Buy xanax without a prescription. Buy xanax with no prescription. Buy xanax online without a prescription. Buy cheap xanax without prescription….

Ultram….

Ultram. Ultram addiction. Ultram information from drugs com….

Viagra….

Viagra online. Online viagra….

Seroquel xr….

Seroquel xr….