Blue Frog Breaks 2005 Promise of No Innocent Victims

Someone finally got around busting blue sec’s addresses. BS VCs go byebye.

I don’t understand why this article is so negative about Blue Security. A spammer has mounted a DDOS attack. That’s a crime. The fact that he/she did it to “get at” Blue Security is irrelevant. It doesn’t make Blue Security “responsible” in any way.

Instead of the world refusing to help BS, perhaps they should view this as the same as the war on terror. This is what thos spammers are doing. It is terrorising the net community. In effect they are saying, you will accept our spam, or we will take your net down. I for one will not lie down to them, and neither should any other decent person.

I agree. The problem results from the spammers. Just filtering their junk is not enough. They use up valuable dial up time or broadbandwith. I have RIGHT not to receive unsolicited email especially for pornography or pharmaceuticals. If the received junk had true opt-out facilities, we would not need Blue Frog to act on our behalf.
Spammers ~ stop spamming.
I fully support anything that will stop unsolicited email and I object to being threatened by the spammers. Pity our government and police authotoities are so impotent.

This bend-over philosophy on how to deal with spammers is mystifying. Until someone has a better solution to stop spam, blue frog will run on every workstation in my network. Something has to be done. This is our only means to fight.

Interesting I had to submit my email address to post a comment. I suppose if some spammer was able to crack your database of email addresses, it would be considered the spammer’s fault. Yet with BS (what a great acronym), it is their fault that they were assaulted.

What other company is thinking about serious ways to stop spammers? Until you can personally offer a better solution, then I think maybe you should just stop bashing this company and their goals.

By the way, I’m signed up with BS. And I received like 40x the spam I’d normally receive during this attack. But I’m fine with that kind of short term battle loss, especially if this strategy of BS’s wins the war.

I believe I have the right to not receive unsolicited emails. I’m 26, and I don’t need viagra.

More bull from internet “journalists” who don’t bother to get their facts straight.

Read the timeline here:
http://www.bluesecurity.com/announcements/pm_attack_timeline.asp

More info here:
http://www.informationweek.com/story/showArticle.jhtml?articleID=187200875

Spammers did NOT steal their emails.
They tricked you by “claiming” they stole them, but in reality they simply matched emails that were Already in their spam databases that were also sending Blue Frog complaint form letters.
Do you feel used by the spammers? It’s ok, just think and check some facts before pressing submit next time.

What a twisted world we live in. First, the media says “shame on us” for going after a sick group of people who fly planes into buildings (and who are bent on our destruction). Now, they are saying “shame on Blue Security” for trying their best to fend off a cyber CRIMINIAL who thinks the Internet is his to do as he pleases. How about writing about PharmaMaster and how many laws he’s broken? BTW, Blue’s “Do Not Intrude” registry was NOT hacked. This CRIMINAL is simply using addresses he already had. He simply used this list and DIFFed it with a Blue cleaned list to arrive at a list of suspected Blue members. The mere fact this CRIMINAL is attacking Blue so viciously implies they are having a significant impact on spammers. For me, I’m still running Blue Frog.

This last comment is the most important of all them (though I agree with each of the statements above too). The SPAMMERS ARE *LYING*. Blue Security’s DB HAS *NOT* BEEN COMPROMISED. If this site has any integrity, it will put a correction at the top that apologizes for spreading myths that help spammers intimidate their victims.

If the 10 million sheep, er I mean
innocent victims. Joined us in our
community based efforts, and stood up
for their rights. Criminal SPAM would
be a thing of the past.
It would also be real nice if those
people who make a living off of the
various SPAM filtering (ignoring)
“solutions” would quit working so
hard to undermine our efforts.
Don’t worry boys. After we have
eliminated the money making crooks
from the scene,we will still need
some form of SPAM filtering for
those that SPAM for the hell of it.

BWAA HAA HAA
GO! FROGS! GO!

“Yikes”, would you mind citing what section of what international law Blue Security would be liable under, or are you just shooting off at the mouth? Next time, before you post, do a little research, e.g.
http://www.bluesecurity.com/announcements/pm_attack_timeline.asp
and instead of blaming someone for something they didn’t do, you can either keep your mouth closed, or write the truth. Fools like you do more damage to the anti-spam movement than any DDoS attack every will.

This article is so incredibly biased and one-sided. I would have at first guessed that it was written by the Spammers themselves (except there are not any misspellings and the punctuation is correct).

This article is worst piece of pro-spammer filth I have ever seen. The writer should be ashamed (or at the least highly paid by spamming proceeds).

Your article is just wrong. There was no traffic on the Blue Security servers. The DDoS on the blogs was a separate event. The DDoS on the registrar and others associated with Blue Security was a separate event.

What an incredibly ignorent and myopic point of view!!!

Anyone launching an Internet terror attack is a criminal and a terrorist. The person who launched the attacks is the only villan, along with the author of this article.

No wonder CAUCE is a total waste. Here is the example of the dimwits on the board.

Any persons who suffered should be joining the fight to hunt down and hold the criminals responsible for their actions and not blame the people who finally decided to take some action to stop these pathetic criminals.

Yea BlueSecurity. Boo CAUCE! Everyone who badmouths the heros in this battle should be ashamed.

Blue Security is criminally liable?? What a joke! Lets not forget who the REAL criminals are in this equation - the spammers who flood my inboxes with offers of free sex, penis enlargement and illegal pills. Blue Security deserves nothing but praise for their efforts to neutralize the spammer scum who impose their crap on us day in and day out. GO BLUE FROG!!

I can’t believe you people are condoning - even supporting, the criminal action of the spammers. If they dont want the BS community to respond they only have to do one very simple thing - stop spamming.

You hate spam, I hate spam, everybody hates spam. And everybody roundly agrees that “something ought to be done.” And few would find fault with serving spammers with “a dose of their own medicine.” Blue Security’s approach seems to fit all the above criteria. But the end doesn’t necessarily justify the means when lots of innocents get hurt.

If Blue Security’s methods are so effective and noble, as some commenters here seem to believe, then why isn’t everybody doing it? Why are few experts in the field in their court?

All this discussion and commenting is great — it makes us all feel important.

However, the bottom line is someone has to wake up and actually do something.

We were also contacted by BF and I spent many hours engaged in discussions about their model and how it could be improved to be effective while protecting the innocent — to no avail. Their model was flawed because of its base in self-interest revenue. I do not condone spamming the spammers. Those in the know realize that is a faulty concept and not a solution. However, they seemed to be one of the few with the fortitude to actually do something. (Unlike CAUCE who only provides lip-service to forward their own self-interest agendas.)

Folks, the only real mistake Blue Frog made was to underestimate their adversary — and fail to implement contingencies for the eventuality of such a scenario. Had they not made those two fatal mistakes, this discussion would not be taking place.

WAKE-UP CALL:

As reflected in this series of comments, the grave seriousness of spam and the criminal activities embedded and surrounding it eludes most people. We all need a serious wakd-up call.

Consider the 35-year-old master mind of the ‘02 Bali bombings, Imam Samudra, who wrote a primer to teach Muslim radicals how to commit online credit card fraud. al-Qaeda sees this as a good way to fund their activities. Samudra’s confiscated laptop not only included acts of internet fraud but writings that suggest online card and bank fraud in the United States alone might become a key weapon in terrorist arsenals.

According to Richard A. Clarke, senior advisor to the White House on matters of counterterrorism and cyber security:

QUOTE:
> the fight against spam and phishing
> is also the fight against the use
> and abuse of the Internet by terrorists.

Only three entities in the known world can actually put an end to spam, Phishing, and most other forms of online criminal activities:

#1 ICANN (Who won’t because of the very nature of their organization)

#2 The Top Five ISPs (Who won’t because they’re making too much money off of it.)

#3 The controllers of the infrastructure (Who won’t because they don’t have to.)

If you’re not part of the solution — you’re part of the problem.

One commenter said:
> If Blue Security’s methods are so effective
> and noble, then why isn’t everybody doing it?
> Why are few experts in the field in their court?

Let me answer those questions:

1) “Everybody” isn’t doing it because :

a) too afraid of law suits and reprisals (No balls)
b) too cheap (such a system costs money)
c) no vision (managed by accountants)
d) too slow (will probably catch up five years from now)

2) “Experts” aren’t in their court because:

a) “Experts” are in no one’s court but their own
b) making too much money off the status-quo
c) too afraid of offending potential $$
d) aren’t really “experts” - you only ‘think’ they are

If you actually DEFINE who “experts” are, you’ll discover a BIG difference between the *real* experts and those in the limelight calling themselves experts. In reality, the ones you hear from are “self-marketing” experts who know how to exploit an issue for their own profit motives. If they were real “experts” they wouldn’t be so busy “promoting” and “publishing” their hype to make people believe they are experts — it would be evident through their actions. (Example: Everett Church)

You never hear from the *real* experts because what they have to say is contrary to the self-interests of the drive-by media and issue-profiteers — so the *real* experts are shut up as much as possible. (Consider any of the big anti-spam software players. They have millions to lose if spam goes away. Of course they become “experts” because they’re spending huge piles on money in advertising with those who actually control the information stream. Small blogs like this are great — but they’ll never have any real influence in the overall information stream.)

In reality, the *real* experts have a much, much better plan; but no one will listen — including the FTC. One “expert” spoke up at the FTC Spam Forum with an obvious solution that we all have thought about. The moderator quickly scooted to the next person at the podium in a rather blatant power-move to elude the issue. Later, when asked “why” the spokesman said :
> “That’s a sore subject around here —
> we really have no control over them… “

(Of course, the “them” is ICANN.)

No, sorry. You’ll likely not find anyone doing the “right” thing because of answer #1 above — and the “Experts” will continue to keep a dense fog over the real answers in order to preserve their positions.

I was not going to respond until I read Yikes’ post.

I have seen that Yikes’ first point of criminal liability of Blue Security has been addresses. But it worht mentioning again that the DDOS which hammered Six Apart was an additional attack, not the first one redirected. The attacker specifically targeted the Blue Security blog hosted there.

Now I wish to address Yikes’ second point. Blue Security is not giving spammers a taste of their own medicine, or performing DDOS against spamvertised websites. Blue Security is providing a tool which allows one to have an opt-out request delivered for the spam message received. Only one per message, only for incorrigable non-CAN-SPAM compliant spammers, only after the message had been analyzed for it’s beneficiary website, only after said beneficiary had been requested to cease individually. Not exactly the best model for a DDOS system. Basically, the same effect as if every recipient of spam decided to opt-out directly for every piece of spam received. Logistically, it is just not possible for some receiving hundreds to thousands of spam messages. And frequently it is just not safe to visit spamvertised sites or follow opt-out links, you could confirm your address as a good spam target or pick up some malware.

Can’t you just taste the anti-Blue venom in Yikes and Whammo’s posts? There have been reports of spammers anonymously posting anti-Blue comments whereever they can. Hmmm. I will comment on one thing Yikes said… “the BS “nuke ‘em” strategy means that they are not a good net citizen”. To clarify for those reading this who don’t know, here’s how Blue Security works…

1. Blue member receives spam and forwards it to Blue.
2. A human analyzes the incoming spam trends and then sends a notice to the company mentioned in the spam to stop spamming it’s members by cleaning their mailing list with Blue’s help.
3. If the company mentioned in the spam ignores the request and Blue members receive additional spam, Blue launches a opt-out campaign.
4. In the campaign, the Blue Frog applet running on member’s computers will submit an opt-out request on an available form on the spamming company’s web site. Note, only members who actually received a spam from this company will submit an opt-out request and it is requested only once.

So, Blue does NOT send out its own spam not does it issue DDoS attacks, as people like Yikes would want you to believe. It is simply assisting its members in submitting one opt-out request for one spam received. That’s a fair, reasonable and legal way of saying, “leave our community alone”. Spammers and other anti-Blue people would have you believe otherwise. One more thing… yes it is very unforunate that SixApart was brought down by these attacks, but as mentioned in another comment, Blue was not undergoing an attack when they rerouted their address (their traffic was not getting to them because of a blackhole attack on the backbone). When the spammer saw what Blue had done, he lauched a new attack on SixApart. Just shows that this criminal doesn’t care about who gets hurt in his attacks.

Read a lot of offerings where they’ve read the material but not really understood the context. This is another one of those. BS take the law as their guideline to protect the interests of their membership. Spammers break the law to advance their own interests. Evenhandedness in viewing this situation is a nonsense. Before you can write an article on something, you really need to understand about what you’re writing. Unless, of course, you have a natural sympathy towards the spammers!

I wonder if the writer of this article has a more effective idea on how to fight SPAM. Don’t complain, come up with solutions.

Power to the Frog!
I just jumped in the pond and joined the Blue Security/Blue Frog community. My joining is completely due to the pharmaMaster spam campaign to bring down BlueFrog and terrorize its internet members. Blue is not at fault here. Blue members have been receiving email threats from these criminals. This is outright terrorisim and intimidation.
Any one advocating or supporting these criminals actions against Blue is unaware of the facts or is one of the criminals.
Support the Frog!

BS and the lovely frog are back on line fighting pond scum spammers, everything else is irrelevant…1 spammer down 10,000 more to go.. For all the hurdles and downturn this must feel like a victory for us spam fighters.. Really, why not blame the gullible who buy mispelled and most likely fake Vig0qqrqua and keep these criminals in business..

It’s amazing how net ‘experts’ dislike the blue frog approach, while so many regular users, sick of spam filling their inboxes, think its a magnificent idea.

Obviously the ‘experts’ feel slighted that their worthless toolbox of anti-spam techniques will be made redundant just as soon as the blue frog reaches critical mass.

This latest attack shows that critical mass is pretty close now. For those of us who patiently run the frog, spam could be a thing of the past.

This would be a good time for Mr Gillette to declare that he will stand on principle and never register his email addresses with Blue Frog.

An interesting observation. I signed up for Blue Frog, but never used it due to firewalls issues after they started out.

I have received many spams since this attack commenced.

I am paying to have my link upgraded to a more open one where I will have sunmit EVERY email addie I have to BF.

There are no innocent bystanders anymore …

I see all articles written by ‘experts’ say that Blue Frog is wrong. Yet in all the comments in those articles,forums everywhere, overwhelming public opinion says that Blue Frog is right. Blue Frog changed my life for the better, gives me more time to reply to my family and friends rather than spending time on deleting spam.

I really appreciate what Blue Security is doing with their Blue Frog. There has been a lot of talk going on whether what Blue Security is doing is correct or not. All I want to say is that after installing Blue Fong my spam has reduced 90% and I want to express my gratitude to Blue Security Team. Blue Frog requests spammers to remove us from their spamming list and gives them time to comply to the request. I dont know why these spammers are wasting their efforts in sending us 50 emails a day, we dont even read one of them. it just wastes our time deleting those emails. Spammers are cruel and deserve the Blue Frog treatment.
As everyone knows, Blue Security website was down for some days, but it made me more resolute to post more articles supporting Blue Security. Spammers attacking Blue Security only means that Blue Security was successful in hurting spammers and frustrating them. Also, now im getting spam telling me to quit Blue Security. Believe it or not, i got a lot of such messages, but they are still less than what i used to receive before intalling Blue Frog. Now i receive spam without links! which means Blue Frog cannot harm them because it cannot fill up order forms and return back to spammers. but this is still ok, because without links, spam are useless to spammers, they just end up spending money without getting returns. Besides i feel those who order pills claiming to enlarge ur thing by 4″ are morons.

Cheers Blue Security, you are doing a lot of damage to spammers and you are in the right direction. expect more damages from spammers, but that is because you are successful in hurting them.

Can you get your head around this? I don’t want spam. I will do all I can to rid myself of it, and Blue Frog has been the only successful option thus far. I am sorry bloggers had to leave off flogging dead horses, but there we are.

And now my Frog is back, and when I find a way to deal with the scum who started this War, the purveyors of drugs and their masters, there will be additional blood on the floor.

I intend to set to work to drive illegitimate spammers such as the one who started this quite simply out of business and into the gutter where they belong.

Have a nice day

The starter of this thread is probably a spammer or is being payed by them.
I just had to submit my mail to enter this comment. What about if Mail Battles’s database falls in hands of a spammer and they start attacking us. That will be the spammers’s fault or Email Battle’s fault?
Blue Frog’s database HAS NOT BEEN BREACHED.
Are you nuts or what??!!
We are talking about Cyber Terrorism and you talk about it so slightly??!!
A bunch of CRIMINALS is threatening us ALL that we have to do what they want us to do or they will wipe out the whole internet!!!
DO YOU READ ME!!?? ANYBODY THERE??!!
Blaming Blue Frog for the consequences of the attack THE SPAMMERS DID is like blaming the police for the bad moment you had when your nap was interrupted for the noise when a cop was chasing a burglar.
“Sorry for the inconvenience” but someone had to stop that burglar and put it in jail or perhaps next house stolen could have been yours.
Is the world becomin nuts or what??!!

After being spammed, i went to the spammers website and ASKED for them not to email me anymore .. 24 hrs latter a received 3 times the emails for the same place some A-hole trying to sell me Viagra .. so i went back to the web site and told them do not send me the junk mail .. 24hrs latter i received 10 times the amount of spam as if to provoke me .. so i looked in a search engine and got BF’s web site and joined up i sent them all my Spam mail for over a month and it did not seem to do any good at all as the flow of junk steadily increased to around 5 spam per hr 24/7 .. in the last 2 days i have received threatening letters form these spammers telling me to get off blue frogs list or they will spam me 10 times more then i have been already .. personally i don’t think BF was doing me any good but must be pissing off the spamers .. THESE PPL ARE SCUM i have been sent child porn (which i have reported) Swiss watches, Viagra, everything u could passably imagine.. i would quite happily pay some one to get their home address as i would fly half way around the world just to seek my own revenge .. what ever anti Spam groups do to these ppl is not enough .. DOS THEM, HACK THEIR WEB SITES, SUE THEM, TAKE THEIR HOUSES AND CARS OFF THEM, they have my FULL support, these spammer are total scum .. say what u like but until your business email account is shut down because u are getting flooded full of crap everyday u do not know what u are talking about .. i was not going to bother using BF any more until i got these treating emails from the spammers now i am going to send them every email i get just because i know BF pisses them off as much as there garbage dose to me far is far paybacks a bitch !!!

By the way. I will never be bak to this PRO-SPAMMERS site.
The only sensible people are the 30 people (and probably more coming) whose comments are above, that got really pissed of with this article.

Forget that the BS scheme is problematic for a minute.

BS is criminally laible since they took down the blogging service and associated sites by pointing their site to it. I say - hang the bastards. Is there such a thing as an international class action suit? Let’s see if we can’t get some lawyers to pursue this. Sue BS and its misguided people into the dirt.

Meanwhile, the BS “nuke ‘em” strategy means that they are not a good net citizen. Ask yourself why noe of the other, more estabilished spam-realted players did not do this. Simple answer is that the BS approach is, well, Bull S**t.

I’m about to kill a spammer. I will, for sure. I just need a home adresse and me and my gun will do the rest.

wow, what an ignoramus wrote this.

It’s a revolution against spam. The man will try to hold you down, use scare tactics, but in the end the revolters always win.

I pay for my internet access. If these “advertisers” were operating legitimatly, the reply-to address would work — Don’t ya think? If anybody has any better idea than BlueFrog, I would like to se it. Paying $30 for a lame 3rd party filter doesn’t cut it!!!!!

This article was so biased that I wonder outloud if the write and/or website is in the pocket of PharmaMaster and other evil spammers.

I too have received requests to buy all sorts of products and services… I will never spend a dime buying anything off of spam. I have ever been offered what I assume from the subject lines is child porn and bestiality.

Sick b*stards! Blue Security appears to be working… it’s a tough fight against evil forces, but it’s the Frog all the way for me.

I have been diligently reporting my spam for a month and I haven’t noticed much of a drop off… yet… unlike others here who have… but if this is the reaction it is provoking, it must be beginning to hurt and threaten these evil forces. That they respond with massive criminal attacks is not surprising.

Where are the RUSSIAN authorities in arresting these crooks?

Anyway… to fight evil b*stards like this, I will increase, not decrease, the amount of time I spend reporting spam and contributing to Blue Security in any way I can.

Real email address not used because I think you are compromised, Mr. Brian J. Gillette. What a horrible misleading article.

Now THIS is how an article about spam should be written:

http://www.efytimes.com/fullnews.asp?edid=11693

Will, the EFYTimes article is fantastic, as long as you’re comfortable being spoon-fed press releases disguised as real news.

any of u blue screen tards know how to read? ur heroes knocked 10mil+ off the air cuz they turned scaredy cats.

frak, WHO knocked 10 million off the air. Let me get this striaght, BS started a DDOS attack on someone?

What an idiot. IQs below 60 should be forbidden to use computers.

Todd Underwood, Chief Ops and Security Officer for Renesys, reviewed the entire fiasco and concluded that BS was subject to a plain old SYN flood DoS attack, and was simply cut off by his virtual host to limit damage.

He dismissed Blue Security (BS) explanations of “Internet tampering” and “Blackhole Filtering” as such literal non-sense “that it’s not even wrong yet.”

In following this story, Email Battles has tried to locate credible backers for BS contentions of black hole skullduggery. No luck.

Where, oh where, are the recognized experts who think otherwise?

Instead of insults, perhaps BS true believers could help the rest of us by pointing us to authorities who concur with BS theories, and who agree that, when you are under attack, it’s OK to redirect the attack, and the attendant expenses, to an uninvolved third party.

The rest of Planet Earth is obviously in the dark on this one.

(http://www.trimmail.com/news/elsewhere/data/1147222922.69/)

BS’s attitude is my attitude. The real BS comes with several hundred unsolicited SPAM messages I get in a given month. I have every legal right to submit an opt out request to every one of these messages. I use the Frog to do so. This is my computer, my internet server, and my money and I am fed up with being inundated by junk mail.

Use your bully pulpit to be part of the solution, not to put down the best idea to come along in a long time.

Althought I signed up at BlueSecuiryt, I never install BlueFrog software. I did receive a rather threatening email this week that stated I would soon start receiving at 10 to 20 fold increase in spam because I was part of the criming gang at BlueSecurity. This is scary. It does confirm, however, that the user email list at Blue Secuirty was compromised. This is scary and sad.

>One can only wonder which “innocent third party” Aloni was referencing.

The author of this article seems confused… The DDOS attack that affected Six Apart was the one that Blue Security was getting from an external third party; it didn’t consist of opt-out messages from Blue Security’s software.

rakslice: I think you’re the one that’s confused. The Email Battles article suggests that when you DoS spammers, it’s possible that they’ll retaliate (they’re not nice), and collateral damage might result.

That’s exactly what happened to BS, and that’s exactly why they’ve shuttered the outfit, as their letter-of-surrender clearly states: “We cannot take the responsibility for an ever-escalating cyber war through our continued operations.”

http://www.emailbattles.com/archive/battles/spam_aadghhdfbc_cg/

This story kills me. I think it’s clear your bread is buttered by spammers directly or indirectly. BS failed because they were not big enough. Spammers eat our bandwidth and crap up our inboxes. Suck our bandwidth and threaten us for joining an “opt out” community. Our government lifts not a finger and BS is trying to start a successful, moneymaking, much loved and needed service to the public. You deliberately spin your article negitivly for BS and outright lie about email DB being compromised. I can’t wait for the next DDoS based opt-out program. I will be there and I will fight spammers. And idiots like you.

@Marty.
RE: “I think it’s clear your bread is buttered by spammers … You deliberately spin your article negitivly for BS and outright lie about email DB being compromised.”

Sorry guy. We wrote, “The messages claimed that BS’s user database had been penetrated, and that the email addresses of all BS clients would be released to the web within 2 days, which would result in a giant increase in spam received.”

Admittedly, it’s a rather long sentence, which may be confusing you. Feel free to read the sentence as many times as necessary, till you can understand it.

As to the “bread is buttered by spammers” silliness… We’ll leave that judgement to those who are fully capable of making it.

We frankly don’t care if someone gins up another counter-DDoS crusade… as long as they don’t drag innocent non-combatants into their war.

Marty, if you’re actually inundated with as much spam as you think, you may want to consider moving away from the giant, free email services to better-managed and better-protected waters.

The move will probably be good for your blood pressure, too.