Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« Police Sting Operation Yields No Mobile Phone Thefts | Main | Liars and Outliers Summed Up in Two Comic Strips »

July 27, 2012

Criminals Using Commercial Spamflooding Services

Cybercriminals are using commercial spamflooding services to distract their victims during key moments of a cyberattack.

Clever, but in retrospect kind of obvious.

Tags: , , spamflooding

Posted on July 27, 2012 at 9:42 AM6 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

JoeJuly 27, 2012 10:02 AM

Another reason to use a disposable email account whenever possible and only use your real one when absolutely necessary. Might not always stop this, but it reduces the number of places they could find your real email.

I use a separate email for my bank and some other important stuff. The rest is a Gmail account that just lets me login to stuff but doesn't expose my everyday one.

CurbyJuly 27, 2012 10:31 AM

Flooding with false positives or red herrings is not new either. It attacks the human element, which is always the weakest. Tools like Mucus, made to flood Snort with misleading, useless traffic, are at least a decade old.

Peter A.July 30, 2012 4:40 AM

@Joe: for my private purposes I construct a new email address (user part) for each new service (web site, online store, forum, etc.) that wants one. I have one DNS domain set aside just for that. It helps a lot in separating spammers - if one of the services starts spamming I can just disable that address.

So far, I have not implemented any quotas for these disposable addresses. Maybe I should - so they won't fill up my mail drop suddenly.

billJuly 30, 2012 5:51 AM

'Chaff, is a radar countermeasure in which aircraft spread a cloud of small, thin pieces of aluminium, which swamps the radar screen with multiple returns.'

-- credit Wikipedia (heavily edited)

Developed in 1942. I wonder how far we could step back through history with this sort of tactic.

billJuly 30, 2012 5:58 AM

@Peter A

With gmail you used to be able to suffix with a + which is received by your main account. Might still be, don't know.

e.g.
my.email@gmail.com is primary mbox, but my.email+shop1@gmail.com is on-the-fly and emails received to it, are put into the primary inbox.

The problem I found with it was many shopping sites required an email address as an identifier (so far so good) they rejected the '+' character.

So I gave it up and use mailinator for disposables.

MeJuly 30, 2012 9:06 AM

"So I gave it up and use mailinator for disposables."

Right tool for the job.

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Subscribe
Atom Feed Facebook Twitter E-Mail Newsletter (Crypto-Gram)
Subscribe via Kindle
Blog Menu

Search

Powered by DuckDuckGo


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Tags

more tags

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier