Spammers
hide behind the Great Wall
By Colin Galloway
HONG KONG - China has never been known as the friendly face of the Internet.
Police and government agencies go to great lengths to control how citizens get
online and how they act when they do, actively persecuting dissidents, closing
thousands of Internet cafes, and creating a vast and technically dazzling
cyber-edifice that can scan all the nation's e-mail and web traffic in real
time.
Given this, it comes as some surprise that China has recently emerged as a
global haven for all sorts of nefarious Internet activity. Indeed, in a world
where "Made in China" has become synonymous with the export of low-cost,
mass-produced goods, it is both fitting and ironic that the mainland is today a
key player in an industry that makes the cheapest mass-produced commodity of
all - spam.
There are various reasons for China's sudden emergence as the king of spam.
Most important, governments in the West have finally mustered the political
will to begin cracking down on spam coming from their own backyards. In the
United States, where the majority of spam peddlers still are based, toothless
federal legislation - the aptly named CANSPAM (Controlling
the Assault of Non-Solicited Pornography and Marketing) Act -
has done little but make the overall problem worse. But criminal prosecutions,
often brought by individual states, together with a barrage of civil lawsuits
levied by industry heavyweights such as Microsoft and Verizon, now have
spammers running scared. As the industry is driven progressively underground,
many are seeking anonymity by operating offshore, with China the destination of
choice. As a result, the burgeoning crackdown in the West has done nothing to
ease the barrage of dross that piles up daily in our inboxes. According to
recent estimates by English e-mail security firm MessageLabs, some 73% of all
e-mail in 2004 was spam, up from 40% in 2003.
The spam chain is complex. Basically, though, most people responsible for
sending spam are based in the US, though a growing number are now organized
criminals in Eastern Europe and Russia. China is the location of choice for the
servers that host the spammers' websites and for buying and selling lists of
spam zombies, or personal computers (PCs) deliberately infected with
spam-enabling viruses.
Another reason China has become the world's spam central has to do with the
industry's growing sophistication. The days when most spam was dispatched from
servers in the basement office of some unscrupulous American ex-con are waning.
The modern spam industry now is spread across the globe and has become infested
by technically advanced programmers from Russia and Eastern Europe, often in
league with local organized crime syndicates. Such groups have replaced
traditional spam fare such as Viagra, porn or cheap mortgages with
sophisticated fraudulent schemes involving identity theft, in particular
"phishing" scams that lure individuals to fake websites where they are conned
into divulging bank-account, social-security and credit-card details. The
number of phishing spams detected by MessageLabs mushroomed to 2 million in
September, compared with just 279 for the same period in 2003. For obvious
reasons, these groups prefer to avoid operating in jurisdictions where
authorities are now openly hostile and penalties potentially severe.
In addition, distribution techniques today are light-years ahead of what they
were. According to network management firm Sandvine, about 80% of spam is now
sent via legions of PCs owned by ordinary - and usually oblivious - computer
users around the world. These machines, known as "zombies" or "spam Trojans",
have been infected with various viruses (recent examples include
MyDoom and Bagle) developed specifically to allow the virus writer to
contact them over the Internet and instruct them to spew out, among other
things, vast quantities of spam.
Because of this, it is now meaningless to say that spam itself originates in
any given place - it is truly a cyber-product. However, the important links on
the spam food chain can still be identified, and it is these that today are
found mostly in China. They comprise, first, the spammer's website. Each spam
message invariably contains a link to a site where the tiny minority that
respond (perhaps 0.1% of the total) can complete their transactions. Most of
these sites - some 68% of them, according to a report released by anti-spam
firm Commtouch in October - are to be found on servers based in China. In
addition, according to Steve Linford, president of Spamhaus, a London-based
spam-blocking service, China also dominates the market for buying and selling
lists of zombie PCs, which are peddled by virus writers on Internet forums also
found on Chinese servers. Lists can currently be had for about US$2,000-$3,000
per 20,000 compromised proxies.
Why China? Quite simply, because it is the only major market where spammers can
do just about anything they want. Spamming remains legal, and persuading police
to act against those providing them services has proved next to impossible. As
Linford says: "They choose China because of the website hosting. For proxies
you can use Brazil, Argentina, Russia. But the Internet service providers in
[these places] will kill their websites straight away. This is the crux of the
problem."
In addition, China now enjoys an advanced telecom infrastructure that provides
all the technology spammers need. And then there's the money. Bandwidth is
cheaper in China than in the West and renting enough of it to host the 1.7
million-odd spam uniform resource locators (URLs) now maintained there
generates substantial cash flow. Most providers are more than willing to ignore
complaints - offering so-called "bulletproof hosting" - while the loot rolls
in. ChinaNet Henan is currently the world's top spam Internet service provider
(ISP), according to Internet research company Polarbeach, while ChinaNet
Chongqing and ChinaNet Hainan are in the global top five.
Spamhaus, which opened a China office last May, is one of few services with
first-hand experience of how Chinese service providers accommodate spam
operators. According to Linford, China Telecom subsidiary ChinaNet - by far the
country's largest ISP - has assigned a single staff member to deal with the
millions of spam complaints it now receives. His function, Linford says, was:
"Putting them straight in the bin. He didn't have a clue what was going on. To
him, there was just a huge amount of excess traffic."
Although some mainland ISPs are now adopting measures to secure their systems,
enforcement efforts remain woefully inadequate. Official pronouncements
relating to spam are usually aimed at getting Chinese spam servers removed from
foreign blacklists rather than actually addressing the problem. And while the
Ministry of Information Industry is said to be preparing an anti-spam law,
initial drafts indicate it will be as ineffective as CANSPAM, and is quite
likely to make the situation worse.
The Internet Society of China (ISC), meanwhile, a quasi-official body that
plays a major role in overseeing the Chinese Internet, has taken to issuing
waffling statements encouraging "discussion" and "education" about China's spam
problem. But the only concrete steps taken so far by the ISC amount to
publishing a blacklist of servers (currently, a mere 112 of them) apparently
guilty of sending spam. Beyond that, China takes no steps to block the sites.
What's more, the list has drawn ridicule from technology experts because most
of the specified addresses are outside China and many of those are not even
involved in spam - they point instead to websites owned by anti-spam companies
or individuals that are critical of China's technology policies.
Unfortunately, the future offers little prospect for improvement. As Steve
Linford observes: "They simply don't want to know - China Telecom doesn't care
because they're government-owned and there is no pressure coming from the
government. Meanwhile, our statistics on spam volumes and the number of
spammers setting up in China are going up and up and up." Which means, for now
at least, Chinese spam operations will stay just how the spammers like them -
bulletproof.
