On Tuesday (November 10) there was a precipitous drop in the amount of Internet spam after a company called McColo had its internet connections severed by its Internet Service Providers (ISPs). Mike Corn is the chief privacy and security officer for the Illinois campus. Corn discussed spam and how it's stopped with News Bureau Director Jeff Unger.
We think of the Internet as generally unregulated. How was this particular company identified as a problem?
Much of what is either troubling or just plain annoying about the Internet is regulated, for example, much of the SPAM sent over the Internet violates the CAN-SPAM Act of 2003 . However the sheer volume of Internet traffic overwhelms any hope of a comprehensive response from Law Enforcement Agencies. From 2000 to 2008 the number of computers on the Internet increased from 70 million to over 570 million and by 2007 the number of SPAM email messages sent per day reached 100 billion. Our campus alone receives 30-60 million spam messages per day. Consequently it is only those organizations that are really large and deeply criminal that receive adequate attention.
In the case of McColo Corporation, their primary Internet service providers (the companies that provided them with their connection to the Internet) were contacted by a private security firm with extensive evidence of illegal activity stemming from McColo controlled networks. The speed with which they responded leads me to believe the full story hasn't yet broken.
What agency has the authority to pull the plug on an Internet Service Provider, and how does an agency do that?
While Internet regulation is murky at best (it involves the Department of Commerce and several corporations that act on behalf of the U.S. Government as well as other global interests) the ISPs servicing McCole apparently decided they didn't want to be associated with them and dropped them as a client. As far as we know no government agency had to intervene.
In the late 1980s the Internet backbone was transitioned from a government run network to private corporations. As these companies now try to 'noodle' with how information is sent over the Internet (to maximize their profits) a slew of important issues come to the surface; many of these issues reside at the intersection of free speech and regulation of the Internet under the rubric of Network Neutrality.
Will this make a perceptible difference to "average" users?
Campus spam rates have dropped by around 70% as the following chart demonstrates.
To give a fuller sense of the cost these spammers bring to the campus, this next graph details the work 'load' of the primary campus mail relays before and after McColo went off-line.
The CITES anti-spam filter works well enough that the typical member of the campus community probably won't notice anything. However we hope this will, at least temporarily, diminish criminal attempts to steal personal information or infect campus computers with computer viruses and spyware.
Are spammers likely to find work-arounds that will quickly return spam traffic to its former level?
Sadly they probably will. We're often asked why we don't block every Internet address from campus that appears to be compromised or sends spam to campus. A primary reason is that these addresses are usually only used for a short period of time. Very quickly after blocking one, the malicious traffic picks up from a new one.
For the last year or so we are finding more problems stemming from web sites that host viruses and other malware than from email. I strongly encourage individuals to use plug-ins for their web browser which tag each link in your browser with a rating of its safety. Particular favorites are Web of Trust (Firefox) and McAfee's SiteAdvisor (Firefox and Internet Explorer). Ultimately we will see malicious Internet-based activity return to earlier levels and this underscores why everyone using a computer on the campus network must recognize that their actions directly contribute to the security of personal information at Illinois.