Patrice Riemens on Thu, 27 Feb 2014 12:34:40 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Finn Brunton: A short history of spam (LMD)

>From Le Monde diplomatique
English edition
original to:

Coming to an inbox near you
A short history of spam

Spam was an in-joke, a wordy waste of time, a hustler?s pitch, and now
it?s an inhuman and superhuman slave of crime.
by Finn Brunton

Objects can talk in cartoons and fairy tales: toys tell their stories. Now
our domestic appliances have begun to speak, and they would like to sell
us pills and porn, and for us to give them our bank details. Now that
there are microchips and network connections in toasters and televisions,
many devices have been turned into spam machines ? the smart refrigerator
broadcasting illicit messages or the kettles imported into Russia with
small computers that search for Wifi networks to use as spam channels.
Despite some exaggerations, the Internet of Things is, like the regular
net, being swiftly adapted to spam.

What do we mean by spam? Spam is a strange language, a baroque profusion
of neologisms, jargon and slang. It mixes the lexicons of computer
science, security engineering, law enforcement, criminals (professional
and amateur) and the polyglot net: Bayesian poisoning (getting around or
corrupting anti-spam filters), bots and botnets (networks of zombie
machines), spings (spam+ping) and splogs (spam+blog), victim clouds and
rally boxes, worms and phishing, lulz and linkbait (links designed to
entice users to click on them) and ransomware. Spamming uses the rich
phraseology of scam artists and conmen in a 21st-century setting, online ?
the thieves? cant of suckers and marks, the come-on.

This problem of language begins with the word ?spam?, which we struggle to
define precisely. Most email ? 85% plus ? is spam, and is intercepted by
filtering systems that we never see. Spam can include tweets, Facebook
posts, text messages, blogs, comments, sites, edits on wikis and still
newer forms of online expression. People have been fined and jailed for
feeding this colossal machine, companies closed down, websites de-indexed
from Google?s search returns, and entire countries (briefly) harmed. Spam
has shaped the net and the services, systems, populations and publics that
use it in fundamental ways.

In the 1970s ? before the web or the formalisation of the Internet, before
Minitel and Prestel and America Online ? US graduate students sat in
basements, typing on terminals that connected to remote machines
somewhere. They did it by night, because by day computers were used for
big, expensive projects. They wrote programs, created games, traded
messages and played pranks and tricks. Being nerds, they shared a love of
science fiction and the absurd. Monty Python?s Flying Circus was a
favourite and Python lines were volleyed back and forth ? the dead parrot
sketch and the spam sketch (first broadcast by the BBC in 1970) with
Vikings loudly singing ?Spam, Spammity Spam, wonderful Spam!? The sketch
caught on. The nerds wrote a simple program that, at the right spot, would
post ?SPAM! SPAM! SPAM! SPAM! SPAM! SPAM! SPAM! SPAM!? without pause,
filling the screen, killing the discussion, and often overloading the chat
platform, kicking people offline. It was annoying but mischievous rather
than malign, like blowing a vuvuzela in the middle of a conversation. This
noisy behaviour became known as spamming.

The term came in useful through the 1980s to categorise postings that were
indiscriminate, time-wasting, verbose, off-topic, tedious or ranting. Then
two lawyers from Arizona posted a message across the discussion system
Usenet (forerunner of the Internet), offering their services to thousands
of users across the world to improve their chances in the US Green Card
lottery that gives residency rights in the US. The Usenet community
settled on ?spam? as the term for the commercial message. The word had
jumped closer to how we understand it now.

Those lawyers were offering an actual service, if bordering on fraud: you
could call a real telephone number and make an appointment with them. And
with much of the spam that followed you really could buy quack weight-loss
pills, deadstock toys or counterfeit watches. This kind of spam was
despised was but more or less legitimate, if only by accident. Except for
?advance fee fraud? or ?Nigerian prince? letters (?Dear Sir, We have one
point two million [1,200,000] US DOLLARS on account for you...?), spammers
presented themselves as brashly inventive promoters, with postal addresses
and registered trademarks, seeking recognition as entrepreneurial
hustlers. Many people still think of spam as those enthusiastic pitches
full of mangled grammar and implausible photography, selling dubious
pleasures from timeshares and self-help books to diets and porn. But their
time was quite short, before spam was profoundly transformed into what it
is today.

When you receive spam today in your inbox or Twitter account, or see a
spam comment on a blog, you are very likely the first human to have laid
eyes on it. It is the product of layers of wholly computational work for
which humans merely set the parameters, assembled and passed around the
world on a chain of mechanical writers and readers. Over the past decade,
strong anti-spam legislation was implemented and enforced by many
countries ? some of the most egregious spammers faced fines and jail time
? and effective filtering systems for email were developed and widely
adopted. To abide by the law, the spammer had to include mandated text in
messages: links to unsubscribe and postal addresses for complaints. This
text was perfect for the filtering systems, which looked for suspicious
words and phrases to indicate spam messages, to intercept and discard,
sparing us the burden of reading it at all. Legitimate spammers were
trapped, and the illegitimate faced a challenge.
Zombies and botnets

Beating the filters was difficult, and they successfully stopped many spam
messages. It needed a huge apparatus, tens of thousands of computers
sending thousands of messages each, all day, from net addresses around the
planet, to have enough spam messages get through to make it worthwhile. It
needed a global spam machine ? and that was what was built.

Spam messages began to contain strange links or attachments, which naïve
users would click and download, or execute, unknowingly giving control of
their machines to a remote spammer. While the computer?s nominal user
filled in a spread sheet or played Solitaire, the computer ? now a zombie
or bot machine ? quietly downloaded instructions, templates and address
lists, and began sending out spam messages hundreds of times a minute.
Along with all the other compromised computers in the botnet, it was
modifying, evolving, and rewriting these messages, testing them against
the automated anti-spam filters that were attempting to stop spam.

Today, these botnets have grown so large that they stitch computers in
countries around the world into a seamless resource for criminals ? a
victim cloud, as security analysts put it. (These botnets develop diurnal
rhythms: as the Earth rotates and people in different time zones turn off
their computers, the botnet shows a circadian pulse.) The spammer?s
project is now criminal: it is the business of scrubbing machines for
credit card numbers and account passwords, taking over accounts to defraud
friends and family with desperate requests for money, and renting out the
botnet for projects such as denial-of-service attacks, using the zombified
computers to overload servers for a website, to extort money or knock an
adversary offline.

We are all embedded in this system. Our legitimate emails help train the
filters, making them better at separating mail from spam. The operation of
search engines such as Google has been shaped by the fight against the
effects of spam. Followers on Twitter are often just spam programs, trying
to trick humans into clicking a link (?hey, @you, check out this funny
meme?) or feigning humanness so they can be rented out to boost follower
numbers; they ?work? for those businesses whose ads you see online
promising 10,000 followers to give your account an air of influence.
(Twitter isn?t revealing how much of its user base is algorithmic, but
savvy guesswork suggests that the total number of spambot programs on
Twitter could approach a third of all users.) Our insecure computers
provide the resources for the global botnet.

The legacy of spam is a negotiation over how the Internet is to be used,
and what it is for. To answer that means figuring out what is a
legitimate, reasonable, honest expression of the technology. Spam is the
net?s shadow history, and the ocean of machine noise around the island on
which we live.

#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info:
#  archive: contact: