Sacrificing spam when you can't sacrifice spammers.

28 January 2008

Due to the fact that Rending the Veil hasn't finished restoring older articles from backup since the last server migration, I'm reposting my last article they published on harvesting the energy spent by spammers in trying to get us to buy their crap.

Spam. Junk e-mail. Things you can't say in mixed company.

No matter what you may call it, we're talking about the same thing: E-mail that you didn't ask for and don't want filling up your inbox, sometimes making it impossible to find real e-mail. It's a nuisance that netizens have been fighting for years. In terms of its capacity to annoy, it's right up there with ingrown hairs in tender places and bassmobiles making things fall off of your altar in the middle of a ritual.

But what if you could turn the steady flow of spam to your own ends? How could you possibly transmute all those exhortations to enhance your genetalia (regardless of your physical sex) into something useful?

First, let's take a look at spam from a metaphysical perspective.

There are a few ways by which spam is transmitted. One of the oldest is software that, when given a canned message and a list of addresses to target, sends hundreds of thousands of messages, one to every e-mail address in the list. This is probably the slowest method of spamming because it's limited by the speed of the spammer's connection to the Internet. More often than not when the complaints start flooding the spammer's ISP, their accounts are summarily terminated, assuming that the entire netblock doesn't get dropped into RBLs (realtime blacklists) across the Net first. There are only so many ISPs in a given area, so it's too easy for a spammer to exhaust all of their possibilities in a short period of time. This method is all but obsolete, not only because connectivity is at a premium but because spam filtering technologies can easily pick up and drop spam that doesn't change its content very much. Then there are spammers who spend hours cracking e-mail accounts at other ISPs. Almost all SMTP servers require a user to authenticate with a username and password before they can relay e-mail through the server. Because many people don't choose very strong passwords, it is possible for a spammer out of the reach of law enforcement in an ISP's geographic area to target a few accounts for a brute-force password guessing attack with a specialized utility that throws hundreds of passwords an hour at the account until either the password is guessed or the dictionary runs out. A US statute called the Computer Fraud and Abuse Act of 1986 (18 USC 1030) makes it illegal to crack accounts on systems that aren't yours so most of the time these attacks come from other countries, which makes it neigh impossible to prosecute. Still, it's too slow a technique to be profitable and really isn't used much anymore, to say nothing of ISPs issuing usernames different from the e-mail addresses of their customers.

The most common method of transmitting spam these days is to assemble a collection of PC's scattered around the Net running control software into a botnet. Usually, an enterprising systems cracker keeps an eye on various security-related mailing lists for vulnerabilities that look promising and writes an application that exploits them to turn the host machine into a zombie - a computer that, as far as the user is concerned is perfectly fine (perhaps running a little slowly). The malware agent then connects to a command channel of some kind. At one time, it was common for zombied computers to connect to an IRC server and accept commands like hammering out spam using forged originating e-mail addresses using someone else's bandwidth and time. Usually the bandwidth and time of many thousands of someones. Botnets these days are measured in the tens of thousands of infected machines. To put the future in perspective, the Storm Worm botnet was estimated at a population of between one and ten million infected machines during its heyday.

The one thing that all of these methods have in common is that they are the result of an act of W/will: Someone Out There Somewhere spent a considerable amount of time, energy, and effort bringing these things to fruition. That energy is carried by each and every piece of spam transmitted, and it can be harvested and turned toward the accomplishment of one's personal W/will as a shortcut to raising energy. The best way to harvest all of that energy, of course, is through the time-honored ritual of sacrifice. Unfortunately, it is still politically incorrect to sacrifice spammers for the purpose of magick (regardless of what sysadmins may say while standing around the coffee pot), so the next best thing would be the fruits of the spammers' labor: The unsolicited commercial e-mail that piles up in your inbox every day.

The best way to get at the energy invested in every message is to render it down somehow so that the essential content is still there but the enclosing matrix isn't. While it is possible to use an entire piece of spam in a ritual (for example, by printing it out and shredding or burning it) it can be cumbersome. Carrying around a stack of printouts all exhorting the reader to order a counterfit designer wristwatch lacks elegance, in my humble opinion, to say nothing of a gust of wind taking hold of five or six printed pages and scattering them. The challenge then becomes finding a way of reducing pages of text into smaller passages that are easier to work with and are more portable.

Enter message digest algorithms.

A message digest algorithm (sometimes referred to as a cryptographic hash function) takes an arbitrary stream of input, performs a transformation of some sort on the input, and outputs a fixed size string. The output string is of interest because it acts as a unique signature for the volume of input data, and in fact such outputs are referred to as fingerprints, the idea being that every block of data has a unique fingerprint, just as people do. The message digest produced carries all of the unique qualities of the data set, including the intent that produced the input in the first place. Think of it like using a lock of hair to create a connection to a specific person. Most of the time they are encoded as printable characters, and look something like this:


955b8eb38ca8b0c261a3663154992ff4

The procedure is quite simple: First of all, a collection of spam must be built up. Simply opening a Hotmail account and using it to sign up for a social networking or online commerce site is more than sufficient. Move each of the messages into a separate folder for the sake of organization. Then, for each message so collected, a digital fingerprint must be generated with a hashing utility of some kind. The method used is dependent upon how the messages are stored - if you run your own mail server, it can be as simple as logging into the machine, changing to the appropriate directory, and running through each message. On my personal server, I use a shell script that runs the following commands:

cd ~drwho/Maildir/spam/cur
for i in *; do
sha256sum $i | awk '{print $1}' >> ~/sacrificed_spam.txt
shred -fuz $i
done

What this batch of commands does is change to my spam directory where each message is stored as a separate file. Every message is run through a utility called sha256sum, which implements a cryptographic hash function called SHA-256, and generates a hash of the message which is then slightly reformatted and stored in a text file called sacrificed_spam.txt in the base of my home directory. The file containing the original spam is then securely deleted using a utility called shred. The reason this is done is so that there will be only one instance of a particular data set in existence, the cryptographic hash corresponding to a particular piece of spam, and so the energy and intent invested in that message will also reside in only one place - the hash.

There are other ways of implementing this procedure with different tools on different platforms. If webmail systems (such as Gmail) are more your style, then the simplest way of extracting the energy from spam would be to copy and paste the entire text of the message (with headers if possible) into a locally saved document to run through a hasher or a web application that performs the same function. There are also plugins for web browsers that can generate hashes of text selected with the mouse, such as MD Hash Tool or Fire Encrypter for Mozilla Firefox. It is also possible to use a mail client such as Thunderbird or Microsoft Outlook to save messages as individual files on the local system in .eml format. These files can then be run through a hashing utility and their digital fingerprints can be captured in like fashion.

It would also be possible to write a utility which connects to your webmail provider, opens the spam folder, and for each message scrapes each message (headers, contents, attachments, et cetera), generates a message digest, and then deletes it. I leave implementing this as an exercise to the reader (mostly because I prefer implementing protocols like POP3 over writing screen scrapers). It is my recommendation that you take advantage of POP or IMAP support offered by your e-mail provider because the protocols are designed for operations like this, without having to fumble with stripping unnecessary HTML code out of each message and suchlike.

It goes without saying that there are many methods for accomplishing the same goal, and I encourage you to experiment and find a way that works with not only your particular style, but also what tools you normally have at your disposal.

There are a number of useful utilities available for Windows that are capable of generating message digests of arbitrary files. The easiest to use is called CyoHash and is implemented as a Windows Explorer extension. After installation, the user can right-click on the icon of a file, select a hashing algorithm to run the file through, and generate a digital fingerprint of the file. This utility is ideal if you store pieces of spam in individual files in a directory someplace, but will be of no help if you keep them in a folder in an e-mail account.

The utilities I use are included by default with all of the Linux and UNIX installations that I have access to, and are simply called md5sum, sha256sum, sha1sum, and so on. They are simple command line utilities that take a filename or a stream of data and output a message digest, like so:

drwho@windbringer ~ $ md5sum /usr/bin/md5sum
3352e4a8782dfda849795215966889cd /usr/bin/md5sum

Phil Zimmerman's public key cryptography utility PGP (Pretty Good Privacy) and its open source counterpart GnuPG (Gnu Privacy Guard) may also be used to generate cryptographic hashes of arbitrary files with the following command, where is the name of a message digest algorithm, such as sha256 or md5:

gpg --print-md /path/to/files

There are also online hash generators usable by anyone with a web browser. An arbitrary block of text is cut and pasted into a form and a message digest is output when the 'go' button is clicked. While they do not seem like much, they are ideal for processing messages in a webmail account because the process is as simple as highlighting the message text, clicking 'Edit->Copy' to capture the text, and pasting it into another browser window. Here is a list of a few such sites found with a quick Google search:
You now have a blob of intent stolen from junkmail, but how to do you incorporate it into a working? I find that energy thus derived is best used to jumpstart workings so that less effort is required to achieve the necessary mental focus. Some of the utilities that I use in technomantic rituals can accept as one of their arguments an arbitrary string of text which is converted into a (very large) number that is then used as the maximum number of iterations of a for..next loop implementing a transformation of a data structure. In other words, a message digest that carries raw energy or intent is used to fuel a program that raises energy by doing the same thing over and over again. I also find that message digests carrying energy work well when combined with another ritual implement that I am fond of, namely, flash paper. By writing the message digest onto a physical object that can be destroyed (and deleting the earlier copy of the hash) the energy can be transferred onto the sacrificial focus and used to begin the ritual or fire off a sigil in a hurry.

References:


This work by The Doctor [412/724/301/703] is licensed under a Creative Commons Attribution / Noncommercial / Share Alike 3.0 License.