Business Technology: Ends Don't Justify Means, Despite Appeal
Once again, Bob Evans says, we're presented with a sticky moral, ethical, and legal decision: Are we justified in using the spammers' own detestable methods in an effort to stop their malicious behavior?
Today's walking tour will include strolls through the halls of justice (well, maybe not "justice" but at least through the legal system) and through the gutters of spam. The unifying theme across these varied environs will be that, as is so often the case, nothing is quite what it seems.
At our first stop, we see that the litigation factory masquerading as a software company and calling itself SCO Group has been, again, targeted by hackers. This time, the loathsome bastards (that would be the hackers) defaced SCO's Web site by adding such banners as "SCO vs World" and "We Own All of Your Code, pay us all your money." While some of SCO's nutty actions--such as its oh-so-unique strategy of suing its customers--give those defacements a whiff of legitimacy, and while SCO has done a great deal to earn the sincere and justified contempt of many companies in the business-technology world, and while the first reaction of many upon hearing about the hack attacks against SCO might have been, "now THAT is justice," in the final analysis we have to condemn the hackers. Or else we have embraced the thorny devil of having the ends justify the means. No, the hackers who attacked SCO deserve as much legal retribution as the rest of their cowardly and malicious ilk, which is the fullest and stiffest extent of the law.
In a similar way, my day was brightened last week at the sight of stories on our site describing two counterattacks against spammers (who, by the way, hold equal claim with hackers to the label "loathsome bastards"). The first described an aggressive effort by Lycos Europe to fight back against spammers via screen-saver software that floods the spammers' systems with HTTP requests, and in the second case Microsoft filed seven lawsuits against spammers on a variety of claims. This, I thought, is what we need: aggressive counterstrikes to let the LBs know that we're not gonna just sit back and take it anymore. But then, as I holstered my heat and reality set back in, I read the fine print: Although Microsoft is expending significant resources to develop technologies and practices that block spam, one of the company's court documents said that spammers "continue to adopt practices and technological devices to evade Microsoft technologies and to frustrate Microsoft's efforts." And in the Lycos Europe situation, there was a follow-up story, stating that "the enemy, however, has apparently rallied its troops in a counteroffensive" and that the site distributing the screen saver devised by Lycos Europe was down. Rather than spewing denial-of-service attacks, the site last Thursday said merely, "Stay tuned."
As of late last week, it was unclear whether the cause was an attack on the site itself (or would that be a counterattack? or a countercounterattack?) or from legitimate sites feeling queasy about employing denial-of-service tactics even against such deserving targets.
"As security pros protect their applications and networks from today's most common attacks, hackers are preparing to wage new wars. As new technologies such as Web services, radio-frequency identification, and smart phones loaded with complex operating systems become prevalent, new attack techniques against business-technology systems will follow."
-- InformationWeek.com, Nov. 30
Once again, we're presented with a sticky moral, ethical, and legal decision: Are we justified in using the spammers' own detestable methods in an effort to stop their malicious behavior? And once more I must, though not without some emotional regret, have to say that no, we cannot justify such actions on our parts. As frustrating as it no doubt is at times, the right approach is via our legal system and the rule of law. Microsoft has supported more than 115 legal actions worldwide against spammers, including 86 lawsuits here in the United States that it has filed. The company says it's "committed to filing lawsuits against spammers and other cybercriminals until the problems of spam and other cybercrime have abated substantially."
Now someone could say, "Thou dost protest too much," but I would reply that such a person is living in a dream world. We now have a report from an outfit called Postini, which each week processes 2.4 billion messages for 4,000 corporate clients, claiming that 88% of the mail it processed in November was garbage, including such stuff as spam, phishing scams, viruses, and the hottest new disease, directory-harvest attacks (where spammers try to hijack a company's entire E-mail directory). If you think it can't get any worse, think again: In October, illegitimate mail accounted for 86% of the total. And Postini's report says, "The increase of E-mail attacks this month [shows] spammers are getting smarter." The company also said that in the last four weeks--that's *weeks,* not months or years--directory-harvest attacks have spiked more than 25%.
But lest you think it's all hopeless and we're all powerless against a cruel and unjust world bent on grinding us into a passive and submissive pulp that'll accept whatever bilge the bad guys want to cram down our throats, don't despair! For I have information that I'm willing to share with anyone who requests it, and it promises to alleviate a scourge that makes hackers and spammers and harvesters and all the other loathsome bastards pale in comparison. Here's the headline from the press-release source itself: "Employees Behaving Badly: Alcohol And Revelry At Holiday Office Parties Expose Companies To Legal Risk." This timely document notes that holiday parties "can be fertile ground for the kind of bad behavior that leads to employment lawsuits." For, as the attorney who's offering to sanitize your bacchanals points out, "it only takes a single incident to turn a spirited holiday celebration into a legal nightmare." If this type of hygiene falls under your purview, drop me a line and I'll send you the contact info (and yes, I'm looking for a 33% finder's fee).
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.