Suresh Ramasubramanian
The Washington Post article Amazon: Hey Spammers, Get Off My Cloud! said
I am accustomed to receiving e-mail from Amazon.com, as I am a fiercely loyal customer who shops there quite frequently. But it took me by surprise this weekend to discover that mounds of porn spam and junk e-mail laced with computer viruses are actively being blasted from digital real estate leased to the e-commerce giant.
I wasn’t the only one who spotted it. Websense Security Labs issued an alert about the spam attacks on Monday, but it didn’t name Amazon as the source. The advisory rightly noted that it had discovered “a substantial number of spam messages utilizing a reliable social engineering trick.” The junk mail claims to have been sent from Microsoft, and urges the recipient to install an attached security update.
But the most interesting aspect of this attack (at least to me) was left out of the Websense advisory: All of the spam came from Amazon’s Elastic Compute Cloud (EC2) servers, which are marketed to companies — mainly small to mid-sized businesses — that want to purchase access to any number of computer applications hosted on the Internet, from data crunching and storage to on-demand computer processing power. These so-called “cloud computing” services potentially put the strength of massive computer arrays in the hands of the average user, and the service is “pay-as-you-go,” so customers only pay for the resources and services they consume.
But to spammers and scammers accustomed to paying for all kinds of Web services with stolen credit cards, Amazon’s service is another place to host their junk, said Suresh Ramasubramanian, head of anti-spam operations at Outblaze, a Hong Kong-based outfit that has listed all of Amazon’s EC2 Internet space on its spam blocklists.
“The [numeric Internet address] for these services can shift within minutes, so if you want to block spam sent from a dynamic address, blocking just one address is not feasible,” Ramasubramanian said. “Right now, if Amazon was able to control or restrict the spam issues, as well as other security incidents on that service, there would be no problems with it.”
Suresh Ramasubramanian is Head, Antispam Operations, Outblaze
Limited. He is also Coordinator at CAUCE Asia Pacific (APCAUCE) and
Director at Asia Pacific Internet Association (APIA).
Suresh heads all anti-spam operations at Outblaze Limited, responsible
for setting up and enforcing spam filtering and blocking decisions for
Outblaze clients and users as well as evaluating new and existing
filtering methodologies used at Outblaze.
He has extensive experience in handling e-mail abuse and postmaster
work, starting with a stint at Juno.com (now United Online) and then
going on to set up the anti-spam operations at BPL Innovision Limited
before joining Outblaze in 2001. He is coordinator of APCAUCE (the Asia
Pacific wing of the Coalition Against Unsolicited Commercial Email), as
well being the vice chair of the management committee for the APRICOT
network operators conference.
Suresh has been actively lobbying for realistic solutions at
technological,
legislative and policy levels to spam since 1998, and has written two
papers on the spam problem, for the OECD and for APDIP/UNDP.
He has given well-received talks and keynote speeches on spam around the
world at conferences organized by the OECD and ITU, as well as industry
events such as MAAWG, APRICOT and InboxEvent and been widely interviewed
by media such as Businessweek, the Wall Street Journal, Wired, PC
Magazine and Salon. Read the
updated list of articles that quote Suresh!
In recognition of his tireless work against the growing spam problem,
BusinessWeek Magazine profiled Suresh as one of 2002’s top 25 e-business
professionals.
Suresh authored
Spam Problems in Developing Economies and coauthored
Governing Internet Use: Spam, Cybercrime, and e-Commerce.
Read
Hackers have poor nations’ PCs in their sights,
Scamming the e-mail scammers,
Jail Threat for Hong Kong Spammers May Not Stem Junk-Mail
Flood,
No Holiday for China’s Spam Fighters,
Exterminating the nuisance of spam,
14 days later, ISPs can’t solve blog ban,
Build a better spam trap and … spam multiplies,
Asia: Spam Factory of the World,
Spam Divide, and
Joy at the Death of a Spammer.