I was quite busy in last week and I still will be busy in coming weeks. Because of this I missed few things in news and Internet – one of such things, which I think is very important, is fall of Blue Security, Internet company from Israel. I was pointed to this story by my friend Viciu.
So what's the case with Blue Security. Blue Security was company established in Israel, and was delivering services called Blue Frog to protect peoples against spammers. This service was a way for the users to report spam to Blue Frog, which was analyzed by BF employees and then some action were taken. User was able to send automated request to spammer web site to be removed from address list. BF also was claiming fraud spam to proper agencies and was preparing automated scripts to sent user's requests. Detailed description of Blue Frog mechanisms can be found in Enabling the Complaint Department article. Was Blue Frog's service effective? I think that it was very effective, it bothered spammers enough to start them to take actions against Blue Frog. As time showed these actions were so serious that it forces Blue Frog to stop their operation on 17’Th May.
What was nature of these actions? First of all in the beginning of May, BF users started to receive e-mails stating that BF database was stolen. This was fake message and spammer was using in fact his own database to sent these e-mails.
Because it wasn't effective spammers take serious action – they used somebody who worked for large Internet operator to cut off completely from the Internet BF's web site.
After bringing BF operations back on-line, DDoS attack was started using DNS amplification technique, which stopped BF operations, and finally forced BF to stop their operation at all.
Why fall of Blue Frog should bother ordinary people using Internet? Why it is different than other attacks against web sites? In this case single (or maybe not?) person was able to take off from the network whole site by disrupting routing in the main Internet node. So Internet is not immune for disrupting single node as it was designed. And it doesn't have to be terrorist attack, or nuclear strike to break it. It can be done by single individual who has enough money and has enough determination to do this. Should this scary us, should this be considered as a threat to Internet. Are spammers still just annoying? Or are they a little more, powerful and organized force which may break operation in Internet if they want to. They have money, they have time and resources – in many countries they are not punished for their operations, and they are determined to keep ideas like Blue Frog closed deep in wardrobe. They are working in virtual environment (I hate word virtual when it comes to Internet), they have connections with other people, and as Blue Frog's case showed – they know how to use it to strike.
This showed that nature of Internet threat changed, and Internet can't be considered as reliable as it was (was it?) before. This story started discussions on web forums and news about this issue. Should be afraid of such scams that are powerful enough to do such things? Should they be considered as a real threat? Who else can do something like this? I think that some answers have to be developed to protect network community from such in future. If you are interested in more details on Blue Security fall, this store coverage may be found on Security Focus.