Schneier on Security
A blog covering security and security technology.
« Police Sting Operation Yields No Mobile Phone Thefts |
| Liars and Outliers Summed Up in Two Comic Strips »
July 27, 2012
Criminals Using Commercial Spamflooding Services
Cybercriminals are using commercial spamflooding services to distract their victims during key moments of a cyberattack.
Clever, but in retrospect kind of obvious.
Posted on July 27, 2012 at 9:42 AM
• 6 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Another reason to use a disposable email account whenever possible and only use your real one when absolutely necessary. Might not always stop this, but it reduces the number of places they could find your real email.
I use a separate email for my bank and some other important stuff. The rest is a Gmail account that just lets me login to stuff but doesn't expose my everyday one.
Flooding with false positives or red herrings is not new either. It attacks the human element, which is always the weakest. Tools like Mucus, made to flood Snort with misleading, useless traffic, are at least a decade old.
@Joe: for my private purposes I construct a new email address (user part) for each new service (web site, online store, forum, etc.) that wants one. I have one DNS domain set aside just for that. It helps a lot in separating spammers - if one of the services starts spamming I can just disable that address.
So far, I have not implemented any quotas for these disposable addresses. Maybe I should - so they won't fill up my mail drop suddenly.
'Chaff, is a radar countermeasure in which aircraft spread a cloud of small, thin pieces of aluminium, which swamps the radar screen with multiple returns.'
-- credit Wikipedia (heavily edited)
Developed in 1942. I wonder how far we could step back through history with this sort of tactic.
With gmail you used to be able to suffix with a + which is received by your main account. Might still be, don't know.
email@example.com is primary mbox, but firstname.lastname@example.org is on-the-fly and emails received to it, are put into the primary inbox.
The problem I found with it was many shopping sites required an email address as an identifier (so far so good) they rejected the '+' character.
So I gave it up and use mailinator for disposables.
"So I gave it up and use mailinator for disposables."
Right tool for the job.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.