News
News
5/17/2006
02:10 PM
50%
50%

Blue Security Gives Up, Spammer Wins

The anti-spam venture embroiled in a denial-of-service attack that brought down millions of blogs two weeks ago has closed shop. One observer wonders why Blue Security wasn't better prepared.

The anti-spam venture embroiled in a denial-of-service attack that brought down millions of blogs two weeks ago has thrown in the towel. Wednesday morning, Israeli-based Blue Security posted a message on its site -- now offline -- that it is shutting down operations.

Blue Security, which debuted its spam-fighting service last summerand built up a user base of more than 500,000, decided to wave the white flag after its servers were knocked offline by an aggressive denial-of-service (DoS) attack it claimed was launched by a deep-pocket Russian spammer tagged as "PharmaMaster."

May 3, in an attempt to get out the word about the DoS, Blue Security repointed its domain to an unused blog on Six Apart's TypePad blogging service. Within minutes, PharmaMaster attacked the blog with another DoS, which brought down Six Apart and left millions without access to their blogs. Blue Security's domain name service provider, Tucows, was also hit with a DoS and knocked offline for several hours; Tucows going down took thousands of Web sites it hosts with it.

Wednesday, Blue Security said it had to give up because it couldn't sustain the fight against spammers. "Several leading spammers viewed [us] as a strategic threat to their spam business," Eran Reshef, Blue Security chief executive wrote in the message posted to the company's site.

"After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.

"As much as it saddens us, we believe this is the responsible thing to do," said Reshef, who did not respond to an e-mail requesting additional comment. Later Wednesday, a spokesman said that the company would not be making any additional statements beyond the message on its site.

"I'm not surprised that they shut down," said Todd Underwood, chief of operations and security at Manchester, N.H.-based Renesys, an Internet monitoring and routing analysis firm. "People who go after spammers get attacked by spammers."

Underwood added that although Blue Security was doomed to fail, it should have been able to weather these first rounds of attacks. "It was apparent how ill-prepared they were to deal with a DoS attack. They could have lasted a lot longer if they had been prepared."

Reshef admitted as much after the URL redirection brought down TypePad. "It wasn't the best decision to reroute traffic to TypePad," Reshelf said then.

Blue Security's model -- an automated agent sent an opt-out request in a tit-for-tat whenever a user received a spam message -- could only have worked if it accumulated a base large enough that spammers would find it impossible to strike back, Underwood argued.

Its surrender, though regrettable, was the right decision. "It was always clear that they would subject innocent users to attacks. There's simply no way to directly attack spammers that doesn't risk significant collateral damage," Underwood concluded.

Currently, Blue Security's Web site is offline. It's not clear, however, whether the situation is temporary, or if the company has closed the site for good.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.