Tracking the "Crusader Spammer"

Q: What's going on?

A: From 26-30 September 1995 someone sent a long and extremely racist monologue to thousands of email address via the machines, cdsxb6.u-strasbg.fr, mc3.hq.eso.org and asso.nis.garr.it which are in France, Germany and Italy respectively. Needless to say this has upset a lot of people, and the search is on for the culprits.


Q: What's being done to stop them?

A: The admins of the French and German sites have regained control of their machines. The Italian admins seem to have done so at this point. Also, a number of government agencies, including the FBI are said to be investigating this incident.


Q: What can I do to prevent this?

A: Not much, I'm afraid. Because they keep bouncing from site to site, and forging their return address, there really is no way to filter them out. Unfortunately, there is no "NoCeM' for email. (see below for link). Please don't send nasty email to your provider asking why they didn't stop this-- the only way they could prevent such abuse would be to turn off your email.


Q: Are they out to get me?

A: As far as I can see this is a mass mailing to tens of thousands of users -- a number of people are concerned they were specifically targeting for this message, however the evidence would seem to show this is not the case.


Q: How did they get my email address?

A: This is still unclear, however it would seem that they collected userids from Usenet posts for a few months. They emailed an account of mine that had only posted one time in early August, to one newsgroup (misc.test.). Others have suggested they also scanned IRC for usernames or purchased a commerically available list.


Some references to helpful items...

* Tracking Hate Groups on the Net (The Nizkor Project)
* Computer Security Sites (from Yahoo)
* NoCeM (prevent "junk" news postings).
By: lan@panix.com