Data Mine Is Latest Tool In Spam Arms Race

  • Playlist
  • Download
  • Embed
    <iframe src="" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Read the All Tech Considered blog, where Omar Gallaga, who covers technology culture for the Austin American-Statesman, has more on the pursuit of spammers.

Most of the e-mail zipping around the Internet is not actually wanted. Researchers estimate that about 90 percent of e-mail is spam.

Deleting them may be a nuisance, but the messages can spread viruses and lead to identity theft. The common defense against spam is to block it. But researchers in Alabama are developing a tool to go after the spammers themselves.

You may have a folder in your e-mail containing suspicious messages with subject lines like, "Give her hot nights in winter," or "Wanna have fantastic nights?"

If our inboxes are the battleground, a room at the University of Alabama at Birmingham is where the enemy's actions are examined.

Gary Warner, director of research in computer forensics, and a few others are clustered around a white board discussing the UAB Spam Data Mine.

The hastily drawn illustrations look part flow chart, part Pictionary, but it's an effort to understand connections among junk e-mail. University computers take in thousands of messages a day. The computers then store key attributes of the spam, including who sent the e-mail and the sender's Internet protocol address.

From this information, researchers look for patterns and draw conclusions to identify the source of spam. Warner shares what he finds with law enforcement to better track the senders.

He says spammers right now face little chance of being prosecuted.

Computer security consultant Dean Saxe, with Foundstone Professional Services, says: "From my perspective, it seems ... kind of like the arms race of the Cold War era. We built more bombs. They built more bombs. We built bigger bombs. They build bigger bombs."

Because there is money to be made, spammers constantly adapt and develop new tactics, Saxe says. And those in the security community are high-profile targets. Saxe says security professionals' personal passwords and sensitive information are displayed publicly at hacker conventions.

The UAB Spam Data Mine has had some success. It helped track spam from Ukraine that claimed to be from the Ron Paul presidential campaign. That spammer sent 162 million unwanted messages.

But on the big goal — capturing criminals and reducing the amount of spam on the Internet — Warner qualifies his expectations.

"I think we can win the war against domestic spammers. And I think we can do a much better job of cleaning up the American portion of the Internet," he says, but that might just make the problem worse overseas — another battlefront in the war over our inboxes.

Andrew Yeager reports for member station WBHM.

Related NPR Stories



Please keep your community civil. All comments must follow the Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

NPR thanks our sponsors

Become an NPR sponsor

Support comes from