Information Technology Reference
In-Depth Information
PHARMAMASTER
Israeli company Blue Security created a spam deterrence system for people tired of
receiving unwanted email. Blue Security sold the service to businesses, but individuals
could protect their home computers for free. About half a million people signed up
for this free service. Users loaded a bot called Blue Frog on their computers. The bot
integrated with Yahoo! Mail, Gmail, and Hotmail, checking incoming email messages
for spam. When it discovered a spam message, the bot would contact a Blue Security
server to determine the source of the email. Then the bot would send the spammer an
opt-out message [49].
Spammers who indiscriminately sent emails to millions of addresses started receiv-
ing hundreds of thousands of opt-out messages, disrupting their operations. Six of the
world's top ten spammers agreed to use Blue Security's filtering software to remove Blue
Frog users from their email lists [49].
One spammer, nicknamed PharmaMaster, did not back down. He threatened Blue
Frog users with messages such as this one: “Unfortunately, due to the tactics used by
Blue Security, you will end up receiving this message or other nonsensical spams 20-40
times more than you would normally” [40]. He followed through on his threats on May
1, 2006, by sending Blue Frog users 10 to 20 times as much spam as they would normally
receive [49].
The next day PharmaMaster went after Blue Security itself. He launched a massive
DDoS attack from tens of thousands of bots targeting Blue Security's servers. The huge
torrent of incoming messages disabled the Blue Frog service. Later DDoS attacks focused
on other companies providing Internet services to Blue Security. Finally, the spammer
targeted the businesses that paid for Blue Security's services. When Blue Security realized
it could not protect its business customers from DDoS attacks and virus-laced emails,
it reluctantly discontinued its service. “We cannot take the responsibility for an ever-
escalating cyberwar through our continued operations,” wrote Eran Reshef, CEO of
Blue Security. “We are discontinuing all of our anti-spam activities” [49]. Blue Security's
decision to fight bots with bots—always controversial—was ultimately unsuccessful.
ALBERT GONZALEZ
In 2010 Albert Gonzalez was sentenced to 20 years of imprisonment after pleading
guilty to using an SQL injection attack to steal more than 130 million credit and debit
card numbers. Some of the credit and debit card numbers were sold online, leading to
unauthorized purchases and bank withdrawals. The targets of the attacks were Heartland
Payment Systems, 7-Eleven, Hannaford Brothers Supermarkets, TJX, DSW, Barnes &
Noble, OfficeMax, and the Dave & Buster's chain of restaurants. Most of the numbers
were stolen from Heartland Payment Systems, which estimated its losses at $130 million
[50, 51].
AVALANCHE GANG
The Avalanche Gang is the name given to the criminal enterprise responsible for more
phishing attacks than any other organization. The Anti-Phishing Working Group
(APWG) estimated that the Avalanche Gang was responsible for two-thirds of all global
