Thursday, November 01, 2007

Ron Paul spam and Online Support

Do you ever write something that you think is going to be ignored, like most of the things your write, and suddenly it takes on a life of its own?

At The University of Alabama at Birmingham (UAB), I am the Director of Research in Computer Forensics. What does that mean? It means that I work on three things:

Three Things

I train students who will have CyberCrime related jobs in the future, including Computer Forensics techs, CyberCrime Investigators, Special Agents, and Computer Scientists. Some of my current students are interning with the FBI, the US Secret Service, and the Jefferson County Sheriff just to name a few places.

I do research on CyberCrime related issues, including Phishing, Spam, and Malware. Besides writing about Ron Paul Spam, I've also written about many aspects of the Storm Worm, and have had my research presented at many law enforcement and computer security meetings. My students and I meet with people working in law enforcement and struggling with CyberCrime issues and work on better solutions to these problems. Several students have seen their research projects turned in to active law enforcement investigations.

I do public awareness and training for the public and current professionals. With October being Cyber Security Awareness Month, that was a pretty busy time for me, doing presentations on Spam, Phishing, Botnets, and participating in a Threat Assessment panel for the Congressional Internet Caucus".


With regards to phishing, I'm a member of the CastleCops PIRT Squad where our all volunteer staff works to notify webmasters, banks, and law enforcement when someone has placed a phishing site on the Internet, and to provide them data to help them shut it down, and determine who did the attack. I'm also an active member of the Digital PhishNet where I serve on the Technology Committee, and the AntiPhishing Working Group where I co-chair the Working With Law Enforcement committee.


With regards to spam, I've presented twice at the FBI's "Slam Spam" conference, and have met with more than a hundred law enforcement professionals, security researchers, and lawyers regarding spam and related issues, including the folks who run the Federal Trade Commissions anti-spam lab, which is a fine place to report spam messages -- As soon as UAB is prepared to receive your spam submissions, I'll certainly let you know here!

One of the main research projects we are working on in the Computer Forensics area is our Spam Data Mine for Law Enforcement Applications. We've had a paper accepted for presentation at the Association for Computational Machinery's Symposium on Applied Computing Conference in Brazil, and continue to develop our techniques. My co-authors and co-researchers have developed algorithms that "parse" the interesting parts of incoming spam email messages, and then attempt to "cluster" the messages into groups based on similarities between the parsed attributes. We have really big really fast computers to work on this project, and as our inbound spam volume increases, we have a great team of researchers in the department who specialize in "Grid Computing" who are looking forward to helping us shape our algorithms so they can take advantage of hundreds of processors to allow even more messages to be considered in our clustering and calculations.

In future phases of this research we look forward to having new spam campaigns automatically identified and browsable on a website dedicated to this project.

All of that to make clear to the many dozens of Ron Paul Supporters who have taken their valuable time to send me their thoughts, including a few profane ones, that I am not making this crap up.

How many people do I think were behind the Ron Paul spam? One. And not one that is officially recognized in any capacity by the Ron Paul campaign.

Let me make something very clear. I never said anything that was intended to imply Ron Paul does not have a lot of online support. Is it interesting that others have seen online regularities? Yes. But that doesn't mean that there not truly a large number of online supporters. In fact, I'll go a bit beyond that and give the Paul-ites some ammunition they can use.

One online research site measures vast amounts of Internet traffic, and then makes estimates of how many UNIQUE AMERICAN COMPUTERS visit a given website. Let's look at how some of the candidate websites stack up:

RonPaul2008.com155,000 UNIQUE IPs

Want my source? I'll bet you do. Tell the mad dogs in your midst to stop the obscene phone calls and I'll post it later. haha!

There. Gary Warner of UAB says that Ron Paul's online following is dramatically larger than the offline polls would lead one to believe.

Can we go back to talking about Viagra now?


  1. Thanks for taking the time to offer an honest explanation. I have been trying to track down this story all day. I can't do anything about other Dr. Paul supporters. But I can get the info out there. May I quote your blog ? BTW, I would love to have your on line source for the data you quoted for unique visits. But you already knew that.


  2. This comment has been removed by the author.

  3. Mr. Warner,

    Thanks for the further clarification of the Ron Paul accusations. Lots of folks are trying to make it sound like you said the mails came from the campaign or supporters.

  4. Ron Paul is the most popular candidate on the internet. His website gets the most hits of any '08 presidential campaign. He has more members, more YouTube channel subscribers and more Myspace friends than any other candidate.

    Are you honestly surprised that someone would take it upon themselves to start spamming about him via email? I've recieved spam about Jesus, God, John Kerry, Kevin Mitnick etc.

    Now the media has taken your words and status and twisted it to make it sound like the Ron Paul campaign supporters run their own botnet continually spamming people to gain support.

    I get angry when the so-called "experts" on computer security are so ignorant.

  5. Thank you for taking time to provide an explanation of your findings.

  6. This comment has been removed by the author.

  7. Thank you for clarifying and providing an honest explanation. While I assumed that it was most likely a single person or small group not involved in the Ron Paul campaign, it was disturbing to see the spin the media put in it and what they implied. It didn't take a rocket scientist to figure out the damage caused by the spam messages (the loss of you tube videos that supported the candidate).

    I am sorry that you have had to deal with those supporters who never learned to carry on a civilized conversation. I think some supporters of every party allow themselves be blinded to facts in their zeal to support their candidates. I am grateful for people like you who can present them without bias or spin, even if that information is not something I like to necessarily hear.

    It is interesting to see that other candidates are getting more unique address visits. I would assume that this is partially because there is more name recognition. I look forward to seeing how you gathered this information.

    I do still believe that Ron Paul is the best choice, and I applaud that from what I can discover that he is apparently running his campaign without corporate donations. I sincerely hope we can get a candidate that is actually for the people in office (and not the corporate interests).

  8. Thanks for the clarification of your findings. As usual, the media likes to change the meaning of things to what they think.

    Also, thanks for your last quote.

    It is interesting to see the unique visitors. I have visited every one of those sites myself. Once before I put my full support behind Ron Paul and again for research.

    I will apologize for those few supporters who don't seem to get that what they do does not help. It makes them no better than all those death threats to the Ellen's dog adoption deal.

  9. There is no way those numbers are correct. Please check out the Alexa stats and compare the candidate websites. ronpaul2008 dot com is the leader in hits of any campaign and of any party.

    There is no way to compare unique hits from a country without tracking software or log files.

  10. Dittos, thank you, Gar.

    ComputerWorld credited the following blog comment: "This is either a toxic attack from another campaign -- similar things have happened already -- or it’s a complete imbecile". I also sensed you gave yourself a bit of leeway in the phrase not "officially recognized" by the campaign. Could you please comment on whether the "imbecile" option can be safely ruled out by the sophistication of the attack? And would a Paul supporter reasonably be so sophisticated, and yet unable to comprehend CAN-SPAM law or YouTube policy? We value your opinion even if you should find the lame-stream media turn on you when you don't have any more chow for them.

    I also concur on the interest in comparing your unique hit numbers with those of Alexa, Hitwise, and Technorati (see the Wikipedia article on Paul), and I apologize for any irrationality brought on by the inexperience of the new blood which Paul brings to the political scene. This does not include the spam, which is not irrational IMHO.

  11. "Identity Thieves Contribute To Ron Paul Presidential Fund"

    There is OBVIOUSLY something very, very messed up going on here, folks. So, banks are now going to start rejecting donations to Ron Paul as a result of this?

    And they can't track these people down (because they often run off to another country??? What? What kind of stupid excuse it that?)

  12. Good day Mr. Warner,

    Yes, this story has indeed taken on a life of its own. The results of your quite valid security analysis continue to be misconstrued throughout IT security media a week later. As I just posted to
    Spam the vote: Ron Paul spam surfs into inboxes

    Missing & Inaccurate Information
    Submitted by sfrahm on Thu, 11/08/2007 - 9:36pm.

    Missing information. - The spam is often used to create You Tube Terms Of Service violations backlash that gets legitimate Ron Paul videos pulled off. This part of the spam is an open attack on the campaign.

    The following comment is not accurate. - "That fact may suggest Paul's online supporters are stuffing the virtual ballot by voting early and often at political polling Web sites." Reputable polls use one time cell phone or one time IP Address voting to prevent repeat votes.

  13. Hahaha, I ran into exactly the same phenomenon when I posted some examination of a similar spam:

    BTW your spam data mining sounds _very_ interesting. I'm one of the developers of SpamAssassin, and I've been messing around with an automated mechanism to extract SA rules from trapped spam corpora:

    that's similar in results to the clustering method you guys are using, but I'll bet that's more sophisticated.

    I'd love to get more info on ways we could share data/results...

  14. I found this rather intriguing.
    From all the spambots everywhere. Thank you for the recognition.


Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.