Lycos, Spammers & Electronic Civil Disobedience



Lycos has just launched a new screensaver that attempts to disrupt, but not disable, websites used by spammers to sell products. The goal is to slow down access to these sites by implementing a bandwidth attack – a client-side denial of service attack (DoS). Client-side DoS attacks differ from server-side DoS attacks because in order to be successful client-side DoS attacks require the participation of many thousands of individuals whereas server-side attacks usually involve a few individuals who break into computers and use them as zombies in order to conduct DoS attacks. Basically, each user that installs the screensaver receives a list from a central database of spam sites then issues a connection to each of the spam sites. If a large number of users begin making requests to the selected sites, the servers will become overloaded. Lycos argues that since these spam sites have to pay for their bandwidth �more requests means higher bills� for the spammers. Lycos has implemented a �health check� to ensure that no server is completely shutdown.

This is precisely the same technique used in past Electronic Civil Disobedience (ECD) campaigns. Though not as slick as the flash GUI that Lycos has the tools used in ECD campaigns ( Disturbance Developer Kit, e-hippie virtual sit-in tools) operate much the same way. Client-side DoS has been criticized by Oxblood Ruffin (of cDc/Hacktivismo) who describes it as “being pecked to death by a duck”.

The theoretical basis for ECD is found in two books by the Critical Art ensemble: The Electronic Disturbance and Electronic Civil Disobedience. The Critical Art Ensemble explains:

ECD is a nonviolent activity by its very nature, since the oppositional forces never physically confront one another. As in CD[civil disobedience], the primary tactics in ECD are trespass and blockage. Exits, entrances, conduits, and other key spaces must be occupied by the contestational force in order to bring pressure on legitimized institutions engaged in unethical or criminal actions. Blocking information conduits is analogous to blocking physical locations; however, electronic blockage can cause financial stress that physical blockage cannot, and it can be used beyond the local level.

The tactic of ECD has been widely deployed most notably in 1998 by the Electronic Disturbance Theater (against the Mexican Government in solidarity with the Zapatistas), in 1999 by the electrohippies (against the WTO in conjunction with the street demonstrations in Seattle) in 1999/2000 by RTMark/eToy (against eToys.com in support of eToy.com), in 2000 by Federation of Random Action (against the Worldbank in conjunction with the street demonstrations in Prague) in 2001 by the electrohippies (against the FTAA in conjunction with the street demonstrations in Quebec City) and in 2002 by the Electronic Disturbance Theater (against the WEF in conjunction with street demonstrations in Davos).

Lycos measures the effectiveness of their campaign by the amount of bandwidth consumed:

The basic operation fo the Lycos screensaver is simple:

After a few requests for xml files to update the flash world map, a request is made to acquire the targets:

GET /xml/[TRUNCATED]/CONFIG_73805892737406.xml HTTP/1.1
Referer: http://backend.makelovenotspam.com/xml/
[TRUNCATED]/CONFIG_73805892737406.xml
x-flash-version: 7,0,19,0
User-Agent: Shockwave Flash
Host: backend.makelovenotspam.com
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 27 Nov 2004 18:44:47 GMT
Server: Apache
Content-Length: 4771
X-Powered-By: Starring
Content-Type: text/xml; charset=UTF-8

<?xml version=”1.0″ encoding=”UTF-8″?>
<mlns>
<targets location=”CA”>
<target id=”TVRBd01EQXdNak16″ domain=”www.getpaid2.com”
url=”http://www.getpaid2.com/paid2shop.htm?hop=grtdls”
bytes=”152462″ hits=”1733″ percentage=”100″
responsetime01=”849″ responsetime02=”0″ location=”US” />

<target id=”TmpBNU1BPT0;” domain=”fine.fineloan.org”
url=”http://fine.fineloan.org/email1/susin_no.asp”
bytes=”4025925324″ hits=”28403679″ percentage=”100″
responsetime01=”951″ responsetime02=”672″ location=”KR” />
</targets>
<conf>
<key name=”source-xml” value=”http://backend.makelovenotspam.com/xml” />
<key name=”interval-diagram” value=”10000″ />
<key name=”post-data-length” value=”30″ />
<key name=”refresh-xml” value=”1200000″ />
<key name=”current-version” value=”1.0″ />
<key name=”spray-filter-count” value=”39″ />
<key name=”url-report” value=”http://backend.makelovenotspam.com/report” />
</conf>
<stats>
<key name=”average-percentage” value=”100.0″ />
<key name=”bytes” value=”105152118177″ />
<key name=”hits” value=”620835843″ />
<key name=”downloads” value=”9720″ />
<key name=”target-count” value=”456″ />
</stats>
</mlns>

Then it sends a request to the spam server (not a properly formatted HTTP request) which generates a HTTP error:

<makeLOVEnotSPAM>
5?l[?ojMlm(Ngjm?_?vp+*xz4l(C5>
</makeLOVEnotSPAM>

<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
<makeLOVEnotSPAM>
5?l[?ojMlm(Ngjm?_?vp+*xz4l(C5&gt;
</makeLOVEnotSPAM> to /index.html not supported.

Invalid method in request <makeLOVEnotSPAM>
5?l[?ojMlm(Ngjm?_?vp+*xz4l(C5&gt;
</makeLOVEnotSPAM>

</BODY></HTML>

9 comments.

  1. Certainly, this is an interesting development. The question now is what happens when hosting providers start bringing lawsuits against those running the screensaver for willing participation in a DDoS attack against their servers. Lycos’s disclaimer on the software makes it very clear that they’re not going to accept any liability for the DDoS, which makes me think that any sued users are on their own. The case law that emerges from this program will be interesting indeed: We may start to see legal standards for the liability of a participant in a DDoS attack.

    Likewise, I strongly suspect that the reason this program hasn’t been released to US markets is concern over the legal liability involved – perhaps Lycos perceives the European courts as more lenient. I also note that this software is not “officially” available for download in any country which contains a targeted spam server, according to the site’s current map of targeted systems. Perhaps Lycos is hoping use the difficulties associated with international legal actions to their best advantage.

    In any case, this will be an experiment worth tracking over the months to come, both for the legal and spam-fighting ramifications.

  2. OK. I want this so bad, but makelovenotspam.com has been DDos…so does anybody have the actual screensaver that they can send me or tell me where to go so i can download it. Or give me a link to a mirror which has it. Thanks.

  3. The legal ramifications of this are indeed going to be interesting but I think this has started a chain of events that cannot be reversed.
    Firstly, unlikely that the targets of the DDOS will successfully litigate individuals who use the Lycos program, there are too many and distributed too widely.
    Legal action against Lycos may stop the distribution of the program, but a large number of copies are already in circulation. In the event of a complete pull-out by Lycos, it seems likely that other parties will produce copy-cat programs which will produce the same effect.

    Power to the people!

    DA

  4. Please post an alternate site where I can download makelovenotspam screensaver I have been searching the net for the last hour. The official site makelovenotspam.com is down and the other alternate spray.se/makelovenotspam is also down.
    Someone somewhere must have got a copy – post it somewhere public and give us the url here
    many thanks in anticipation
    Georgieboy

  5. http://download2.makelovenotspam.com/scree…eensaver_en.exe

    All it says is stay tuned when running… kinda sucks..

  6. http://download2.makelovenotspam.com/screensavers/MLNS_screensaver_en.exe

  7. As I see it, the MLNS screensaver only begins its bandwidth-sucking function after contacting the MLNS server/s. Therefore unless the MLNS server/s are actually running (which they currently are not) I believe the MLNS screensaver does NOT suck any bandwidth.

    I would appreciate a verifiable rebuttal to this assumption.

  8. If you want something good, check out http://www.spamitback.com. Seems lycos took the idea from them.

  9. Three rules for the spam game:

    1) you can not win.
    2) you can not draw.
    3) you can not leave the play.

    Greetings,

    Antonio, from Malaga (Spain)

Post a comment.