This article is reproduced without the author's permission. It is, however,
reproduced in whole and unmodified. It mentions Shydavid's web site which
covered the on-going sporgery attacks. And yes, the figures are accurate - flr
16sep99
Imagine, if you will, a public forum
where anybody can stand on a
soapbox and speak, and everyone
can listen to any of the speakers
they choose. What you're
imagining is, more or less, Usenet.
Usenet is an enormous collection
of publicly accessible fora where
you can post and read messages
about more or less everything
anyone talks about. Some
postings are brilliant, some are
less brilliant, some are inane,
some are utterly unfathomable. But everyone with Internet access can
have their say.
About fifty gigabytes of data is presently posted to Usenet every day,
a number which seems set to double every ten months or so. About 90
per cent of Usenet content is binary files – programs, pictures, sounds
and so on. The remaining five gigabytes, though, represents something
in the order of nine hundred million words of text. Per day. For
comparison, a really fat paperback spy novel might contain a quarter
of a million words.
(For a regularly updated estimate of Usenet volume, look here.)
The amazing thing, though, is that ordinary users can actually deal with
this incredible torrent of data. It's possible to drink from the firehose,
as it were, because of the thousands and thousands of different
newsgroups between which all of the data is divided, and also because
of newsreader software that lets you easily follow a given "thread" of
conversation. If everybody plays nicely, Usenet works stunningly well.
Unfortunately, everybody doesn't play nicely, and a new and hard to
combat kind of nastiness has recently arisen.
Imagine the metaphorical forum above again, and imagine that in this
forum there are people with the power to create a perfect duplicate of
you, which can stand on one of the aforementioned soapboxes and talk
absolute blathering nonsense. Nonsense like, for example:
"Amidst no lamentation without an extension no shrill
larkspur flogged no trundle pending every household, nor
above each stammered the stanch phrasing reasoning – no
same, the indolence, which you had powered underneath every
orthophosphate of a farm atop every commissioner. Round all
no brow he was the turntable at skin, all tempest plus
all narcotic; nor excluding us he approximately gave a
sufficiently unconscionable microscope down its exorbitant
speedometer, no portico who had redecorated after our
reharmonization."
You get the idea.
And imagine that the people who make these things can make not one,
not ten, but hundreds of them, packing the whole place with gibbering
lunatics that look just like you. Nobody's going to mistake any of
the fakes for the real you once they hear a few words, of course, but
there's no easy way for them to tell which is which without listening
to them all in turn – which means, in all likelihood, that many of
them will never find the real you. If it happens often enough, sooner
or later everyone's going to just give up and go home, and newcomers
will be both mystified and discouraged.
This extraordinary state of affairs is happening right now on Usenet,
and it's called "sporge". Sporge is a neologism coined by German
software developer Tilman Hausherr; it's a contraction of "spammed
forgery". "Spam" is here used in its original meaning; not unsolicited
commercial e-mail, but irrelevant or inappropriate messages posted to
Usenet, which were annoying people long before Amazing Business
Opportunities and come-ons for porn sites started routinely cluttering
up e-mail in-boxes.
Like commercial spam, sporge is not something just any idiot can do –
at least, not for long. Practically every ISP in existence has service
rules which forbid the most common kinds of obnoxious online
behaviour, and most of them are good at cancelling the accounts of
offenders as soon as the complaints start rolling in.
So sporging will lose you your Internet account post haste, but the
actual act of doing it, once, is no harder than serious spamming; you
can do it with a lightly modified version of a Usenet power tool
like HipCrime's somewhat notorious NewsAgent.
NewsAgent was originally created as a power-cancel tool, to let
anybody pretend to be anybody else and spawn lots and lots of
cancel messages, or "cancels". Cancels propagate through the Usenet
network just like regular messages, except that a server that pays
attention to a cancel will delete a message, specified in the
cancel, instead of adding a message to its database.
Cancels can be "first person" – issued by the person who originally
sent the message to be cancelled – "second person" – issued by an
administrator of the system through which the message to be cancelled
was sent – or "third person" – sent by anyone else.
Third person cancels of spam and related over-posted or inappropriate
messages ("inappropriate", in this case, meaning binary files posted
to non-binary newsgroups, for example, not rudeness or irrelevancy,
although some newsgroups have moderators who cancel messages on
content grounds) are common on Usenet. Exactly what kinds of
third-party cancel are, or should be, acceptable is a topic of hot
debate, in which the United States Constitution's First Amendment
is often mentioned.
Those who reckon that anything a system administrator can do, they
should be able to do too, are responsible for software like NewsAgent.
The generic term for software designed to send lots of cancels, with
the ability to cancel messages according to sender and/or content
and/or newsgroup, is a "cancelbot".
Cancelbots are powerful and easy to misconfigure, and a misconfigured
cancelbot can cause havoc. This is a bad thing, for the (very few)
people that are trying to do sanctioned cancelling, but it's a
good thing, for the people that want to cause havoc, and make a
newsgroup whose inhabitants they dislike uninhabitable.
"Sanctioned" cancels generally contain the address of the person
who's sending them – their "sender" field is, of necessity, faked to
be the same as that of the sender of the message to be cancelled, but
their "from" field contains their real address. These "good guy"
cancellers also post notices about their activities to the
news.admin.net-abuse.bulletins newsgroup, and notify the original
poster and their ISP's administrator. The accepted policies for
sanctioned cancels mathematically define what's cancellable, and
apply only to similar or identical messages posted again and again –
no single post is cancellable.
"Bad guy" cancellers, on the other hand, usually just pretend to
be the person that sent the message. Actually tracking down these
"rogue cancellers" requires decoding the headers of their messages,
from which you can usually figure out what ISP they're using, and
with the ISP's co-operation figure out which of their users is
being naughty.
Rogue cancels aren't necessarily posted through the news server of
the rogue's own ISP; they can also be posted through so-called "open
servers", which allow anybody from anywhere to read and post news.
A decent news server is expensive to run, though, and open servers
are now routinely abused, so they're becoming rare.
Various news sites – America Online, Deja News (or just "deja.com",
as they now call themselves), Newsguy (which used to be called Zippo)
and lots of ISPs – do not honour cancels at all. They don't cancel
messages on their own news databases, and they don't necessarily
even pass on cancel messages to other news servers. This makes
malicious cancelling of material in their databases impossible, but
also prevents sanctioned cancelling of spam and sporge. And some
rogue-cancel-prone newsgroups – like, for example, the net-abuse
groups where people talk about this very subject – are watched over
by automatic re-posting programs, the opposite of a cancelbot, which
re-post pretty much everything that's cancelled.
For this reason, rogue cancelling is not a great way to render a
newsgroup uninhabitable. It might be practically empty from the
point of view of anyone using a news server that pays attention to
the rogue cancels, but many users won't even know you're doing it –
and you won't be doing it for long, because someone will figure
out who you are, soon enough.
Sporge is a better way to be obnoxious than rogue cancelling. It
doesn't take much alteration to a cancelbot to turn it into a
"sporgebot"; it just needs a source of text to use for the sporge
(originally, sporges used offensive posts from irrelevant newsgroups,
or meaningless random letters; now, they use algorithmically
generated, grammatically somewhat correct rando-text), and it
emits ordinary messages apparently from the people you want to
sporge, instead of cancel messages.
The good guy cancellers are on the case, of course. Sporge doesn't
look exactly like real messages, because it comes in big blocks from
one ISP. It's thus relatively simple for cancelbots to combat it;
sporge messages are as cancellable as any other. But this only helps
if you're accessing Usenet through a server that allows cancels. A
sporged newsgroup is going to look awful on any news server that
disallows cancels, because the sanctioned attempts to cancel the
sporge won't get through. It's a neat dilemma for news server
administrators; block cancels and you get sporge; let cancels through
and the sporgers can switch back to rogue cancelling.
Deja.com claim that their automatic spam filters keep a large amount
of sporge out of their gigantic Usenet archives in the first place,
but a cursory examination of the archives for sporge-prone groups
reveals that a great deal of it gets in.
The person who receives mail at the e-mail address identified as that
of the sender of any message archived at Deja can "nuke" the message
out of archive by following the instructions here. This lets truly
dedicated people tidy up sporge-floods issued in their name, but
that doesn't make sporged newsgroups any easier to read, or stop
the sporgers from sending more torrents of nonsense.
There's not much you, the user, can do to filter out sporge at your
end. The usual way for newsgroup readers to deal with people whose
posts they'd rather not read is to "killfile" them. A killfile is a
list of people whose posts won't be displayed by the newsreader
software; the posters might as well not exist. Many dedicated Usenet
nuisances deal with killfiling by regularly making up new identities,
but if they don't, anyone with vaguely capable newsreader software
need never be bothered by them. Killfiling doesn't work against
sporge, though, because it appears to come from valid posters.
There is a way to silence the sporgers, though; cut off their Internet
access. Since forging Usenet posts or e-mail is a violation of the
terms of service of pretty much any Internet Service Provider you
care to name, and sending thousands and thousands of nonsense messages
is too, sporgers now have a hard time keeping an account for more than
a few days. This doesn't stop them from doing it, but it does stop
them from doing it for long, unless they're willing to get a new
account every week. Or every day.
Somewhat startlingly, some of them seem willing to do exactly that,
and as a result the lunatic pollution of some newsgroups continues
apace. Thousands of messages per day, generally rather longer than
the average; posts to just one religion group have amounted to
something like a thousandth of Usenet's entire text traffic, if
the figures on David Rice's page here are to be believed.
At present, there seems to be little anyone can do, legally, about
sporge, because free speech legislation doesn't cover it particularly
well – if anything, it supports the spouting of nonsense in public.
Sporge could be described as a rather perverse kind of denial-of-
service attack, but since it's an attack on the users, not on the
systems they're using, there's not really anyone you can call.
A version of Usenet with better user authentication could solve the
problem, but don't expect that to happen any time soon. In the
meantime, it would appear that those with the time and money to
make nuisances of themselves in innovative ways will continue to do so.
And, in closing, let me say this:
He was unless no demander minus every west beyond Hitchcock. Under few
classical shades, it shall be unimpeachably incertain excepting its
paleocortical brucellosis but consign because he has moreover reeled
me. And have they not suck upon quite a thaw? Amidst trillion erasers
we were under every seepage, strengthening in our siren. Verbatim he
doubled off a give.
Related information:
Attack of the Robotic Poets – ZDNet
Net Religious Groups Besieged – Wired News
Daily Nonsense – the friendly face of random text
news.admin.net-abuse.usenet Frequently Asked Questions files (FTP)
Further facts
about this criminal empire may be found at
Operation Clambake and FACTNet.
Return to The Skeptic Tank's main Index page.
Gibbering clones the future of Usenet?
By DANIEL RUTTER
"After other ingratiating marshlands, it can be almost
differential aboard her model replenishment either wrestle
after he has anew catered it. Anywhere each minus
expeditiously that, messing earlier though higher. Back
another but vainly another, conquering deeper plus better.
Click here for some additional truth about the Scientology crime syndicate:
XENU.NET
This web page (and The Skeptic Tank) is in no way connected with
nor part of the Scientology crime syndicate. To review the crime syndicate's
absurdly idiotic web pages, check out www.scientology.org or any one of the
many secret front groups the cult attempts to hide behind.
The views and opinions stated within this web page are those of the
author or authors which wrote them and may not reflect the views and
opinions of the ISP or account user which hosts the web page. The
opinions may or may not be those of the Chairman of The Skeptic Tank.