Share this page!

Alex Elliott Profile picture
Twitter logo
23 Dec 19, 20 tweets, 16 min read
1. So inspired by @AccidentalCISO, @0xfraq, @TinkerSec here is a story about some work I did back in the early 2000's to help fight spam.

It was late 2002. For those of you that don't remember, 9/11 had just happened and the dot com bubble had burst.
@AccidentalCISO @0xfraq @TinkerSec 2. I was fresh out of grad school(MBA) and looking to use my Comp Sci, Econ and MBA to good use.

I ended up at a small(<20 ppl) cybersecurity firm that had spun out of another firm that originally did due diligence background checks for CEOs etc.
@AccidentalCISO @0xfraq @TinkerSec 3. This firm was primarily hired by the law firms of big Fortune 500 companies to do online investigations into fraud and criminal behaviour around their products. e.g. a big satellite TV provider was a big client who wanted to know how people were hacking their smartcards.
@AccidentalCISO @0xfraq @TinkerSec 4. One of the client law firms asked "Hey, Hotmail is one of our clients and they are having a big problem with spam in Korea. Do you guys handle this kind of thing??".

Given that the firm I worked for would say "Yes!" to anything that led to revenue, they said "Of course!"
@AccidentalCISO @0xfraq @TinkerSec 5. At this point you can probably guess that this fell to me.

Key points:
- I didn't (& don't) speak Korean
- I had never dealt with email/SMTP etc
- Had never built a database

Clearly, I was the right guy for the job!
@AccidentalCISO @0xfraq @TinkerSec 6. Thankfully, a buddy of mine from grad school was Korean so we hired him as a temp translator and I got to work trying to figure out how to put 10,000 emails into a Microsoft Access database.
@AccidentalCISO @0xfraq @TinkerSec 7. Surprisingly, it worked! We were able to get some good intel on the spammers and a partner law firm in Korea sent some cease and desist letters and the spam stopped. Smiles and congratulations all around on both sides (us and the client).
@AccidentalCISO @0xfraq @TinkerSec 8. Hotmail was so happy that they said "That was great! We're going to start sending you 100,000 email/day and we're going to start sending them tomorrow. That cool with you guys??"

- The BizDev guy: "Of course!"
- Me: "Wait, what??"
@AccidentalCISO @0xfraq @TinkerSec 9. I said "I'm no DBA but I'm pretty sure we can't handle this in Microsoft Access on a regular desktop!". Thankfully, people agreed with me and a Dell 2600 we had just bought was repurposed for the new project. Time to get my learn on about Perl, MySql and SMTP/Spam.
@AccidentalCISO @0xfraq @TinkerSec 10. On top of learning all of the above on the fly (as in literally having the MySql docs page open as I coded), the Dell 2600s had a nasty bug where they would just restart for no reason. A great feature when you're trying to build a database + email parser.
@AccidentalCISO @0xfraq @TinkerSec 11. For those of you who have never dealt with spam and/or SMTP, the old motto of "be conservative in what you send and liberal in what you accept" was BIG! Spam emails have all kinds of crazy SMTP headers: multiple subject, multiple from fields, totally bogus relay chains etc.
@AccidentalCISO @0xfraq @TinkerSec 12. BUT, it ALL matters because anything could be a signature or point back to a spammer. I started out parsing the headers using my VERY basic Perl regex skills. I quickly realized the bananas that was SMTP headers would need lots of many to many table relationships.
@AccidentalCISO @0xfraq @TinkerSec 13. All in we eventually got to 20 million emails which meant that we 300 million rows of JUST header information. On a single machine. In 2003.

We haven't even gotten to talking about the BODY of the emails which is its own interesting story:
@AccidentalCISO @0xfraq @TinkerSec 14. Because spam email bodies are even crazier than the headers, for a while, the body sat in a BLOB field. As we got better at targeting, clients started asking us to search the email bodies for URLs. Since this was "from email where body like '%url%'", each search took 3 DAYS!
@AccidentalCISO @0xfraq @TinkerSec 15. This was also taking away from parsing time so I said "Hey, if you give me 5 days, I can code a parser and then index the urls so each search takes minutes instead of days." I thought myself pretty smart for proposing this.
@AccidentalCISO @0xfraq @TinkerSec 16. The client comes back and says "That would be uber-awesome but we have a court case where we are presenting the evidence in 4 days so we don't have 5 days to give you." #sadface
@AccidentalCISO @0xfraq @TinkerSec 17. Lo and behold, we ended up having an outage in the database that:
- took 5 days to fix
- SOMEHOW, as part of the fix, we suddenly had parsed email bodies and url searches now took minutes.

Weird huh?
@AccidentalCISO @0xfraq @TinkerSec 18. I should add that no matter how I structured the DB, I couldn't do joins with more than 2 tables b/c they would either take hours or I would get out of memory errors. I had to break every query into 2 table joins that output to a temp table and using that for the next join.
@AccidentalCISO @0xfraq @TinkerSec 19. I learned SO much about: regexes, database indexing, SQL optimization, SMTP, spam, how the legal system and technology intersect and more.

Open to any questions people may have and/or can expand on any of the above. /end
If you liked this thread, here is a meta thread of my other threads: https://t.co/YPFQYrRwAN

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alex Elliott

Alex Elliott Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @alexpotato

Alex Elliott Profile picture
25 Feb
A tale of of the benefits of aligned incentives

aka

"Teaching people to play paintball by taking away their guns.

A thread.
Many years ago, I used to coach college paintball.

If you have no idea what college paintball is, below is a thread I previously put together which you might want to read before you continue.

Back to the story, so there are several very hard parts about coaching college paintball:

1. Paintball is a sport that rewards things that go against human nature
2. Very few people have played organized, well coached paintball prior to playing in college.
Read 17 tweets
Alex Elliott Profile picture
24 Dec 20
How to do a "make vs buy" decision when you have zero data.

aka "What running professional paintball tournaments at Disney World taught me".

A thread.
So back in the mid 2000's, I was the General Manager for a professional paintball league called Paintball Sports Promotions (PSP).

To give people a sense of scale, here is a picture of our biggest event in 2006, the World Cup:
Some other numbers:
- 10 fields
- 200 teams
- 3,000 players
- 200+ referees and part time staff
- Estimated 40,000 spectators over the course of a week
- The parking lot on the right was 1 of 3 of the available lots
- Total budget for the event was north of $600K
Read 20 tweets
Alex Elliott Profile picture
6 Jul 20
How to build an army of top quality people via Amazon Mechanical Turk. Yes, you read correctly, Mechanical Turk (henceforth referred to as MT).

A thread.
Most people think of MT as "that thing Amazon offers where you have a lot of work that you need humans to do where you pay per task and it works out to be below min wage".

Because they have that mental model they automatically equate MT to "low quality" which is wrong...
What most people don't know is that MT gives you the option to save and rank how the people (aka Turkers) performed when doing your tasks (aka HITs).

You can also offer up HITs to your saved Turker lists as well.

Given the above, I'm going to lay out how to build your army...
Read 11 tweets
Alex Elliott Profile picture
9 Jun 20
Back in the early 2000's, I worked for a firm that was responsible for investigating TV Smart Card hacking for a major satellite provider.

Here are some of the highlights of how we tracked and caught some of the hackers.

A thread.
So for those of you not familiar with how satellite TV worked back then here is some background.

- The provider would "beam" a stream of data (e.g. TV channels etc) from a ground station up to a geosynchronous satellite
- Geosynch was important as you target a country/region
- The satellite would then take that data & "beam" it back down to the area below it (b/c geosync)
- Individual subscribers would have both a dish & a decoder box (dbox) since the stream was encrypted
- The decoders would have a Smart Card(SC) that could decrypt the stream
Read 26 tweets
Alex Elliott Profile picture
14 Feb 20
So wanted to do a thread on using #bash on the #linux #cli .

Bash often gets ignored in today's cloud centric world but there is a lot of cool stuff you can do just with basic commands, the switches on those commands and piping things together.

To the command line!
So I'm going to start out with some of the more basic commands and some switches that people aren't familiar with and then rapidly get more advanced in both usage and stringing commands together.

Never done this on Twitter before so should be exciting!
Let's start with: ls

# show files in a single column
ls -1

# show files with detail
ls -l

# show files in reverse time order
ls -ltr

# show all hidden files
ls -a

# show files with human readable size and sorted by size
ls -lSh
Read 19 tweets
Alex Elliott Profile picture
3 Feb 20
How I learned to love writing tech documentation and how you can get other people to love it too (including yourself).

A thread.
I’ll do this by laying out misconception that people have about documentation and talk about why it’s not true and how you can fix it and change people’s attitudes.
Misconception 1: Documentation is so hard to write.
Read 22 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @alexpotato has new unrolls!

Check out other threads from @alexpotato!

Read all threads by @alexpotato

:(