Like most ‘net users I get my fair share of spam. Most of it gets binned automatically by my email system, but of course some still gets through so I am used to hitting the delete button on random email from .ru domains offering me the opportunity to “impress my girl tonight”.
Most such phishing email relies on the recipient being dumb enough, naive enough, or (possibly) drunk enough to actually click through the link to the malicious website. I was therefore more than a little astonished at an email I received today from the open rights group. That email is given below in its entirety (I have obfuscated my email address for obvious reasons).
From: Department of Dirty
Subject: Cleaning up the Internet
Date: Wed, 23 Jul 2014 07:14:18 -0400 (EDT)
Ever thought the internet was just too big? Want to help clean up online filth?
*Welcome to the Department of Dirty*
Watch the Department tackling its work here: www.departmentofdirty.co.uk and share our success, as we stop one man try to get one over us with his ‘spotted dick recipe’:
Department of Dirty Video: https://www.departmentofdirty.co.uk/
The Department of Dirty is working with internet and mobile companies to stop the dirty internet. We are committed to protecting children and adults from online filth such as:
*Talk to Frank: This government website tries to educate young people about drugs. We all know what ‘education’ means, don’t we? Blocked by Three.
*Girl Guides Essex:
They say, ‘guiding is about acquiring skills for life’. We say, why would young girls need skills? Blocked by BT.
*South London Refugee Association:
This charity aims to relieve poverty and distress. Not on our watch they don’t. Blocked by BT, EE, Sky and VirginMedia
This is just the tip of the iceberg.
We need you to help us take a stand against blogs, charities and education websites, all of which are being blocked . It’s time to stop this sick filth. Together, we can clean up the internet.
Your Department of Dirty representative
 You can find out what we’re blocking at this convenient website: https://www.blocked.org.uk/
[DISCLAIMER] This email has come from the Open Rights Group. This email was delivered to: firstname.lastname@example.org If you wish to opt out of future emails, you can do so here.
Now, I’m an ORG supporter (i.e. I am a paying member) and I am sure that someone, somewhere in ORG thought that this email campaign was a great idea. After all, it follows up the ORG’s earlier research on the fairly obvious stupidities arising from the implementation of Dave’s anti-porn campaign, it looks “ironic”, and it uses a snappy domain name which has shades of Monty Python about it. But I’m sorry, in my view this most certainly is not a good idea and I’m sure that ORG will come to regret it.
One of the most fundamental pieces of advice any and every ‘net user is beaten up with is “do not click on links in unsolicited emails”. In particular, the advice normally goes on – “if that email is from an unknown source, or has in any way a supicious from address you should immediately bin it”.
This email comes from an unknown address with a wonderfully prurient domain name. Even if it is successful and gets to the intended email inbox , it then relies on the recipient breaking a fundamental security rule. It does this by encouraging him (this looks to be male targeted) to click on a link which the naive might believe leads to a porn video.
How exactly is that going to help?
( Note. It got to my email inbox because the email system at e-activist.com which sent it is allowed by my filters.)
I agree with you – found your post by Googling “department of dirty” because I was hesitant to even allow any graphics to download – let alone click on any of the links. Even though it says it’s from ORG, that can be faked…
I too initially considered that the ORG link could have been faked and the email was in fact not from them. But the email server used is the same one they normally use and the whois record says that the domain was registered by ORG (on 17 July 2014). The IP address used for blocked.org.uk is 18.104.22.168 and that for departmentofdirty.co.uk is 22.214.171.124 – both on bytemark’s network block of 126.96.36.199 – 188.8.131.52 which is shown as allocated to ORG. So I’m reasonably confident that this is actually an ORG campaign.
I’ve emailed Jim Killock anyway so if this /isn’t/ them I’ll soon find out.
I’ve seen a number come through that use the obvious flaw in Dropbox sharing: a link from what appears to be a relatively known source. The problem I have with Dropbox is that it exactly undoes the sage advice of “do not click on links of unknown email”.
Slight segway: can you recall working on standards (for fairly good reasons)? Looks like it’s back, and mucho dust will fly: https://www.theregister.co.uk/2014/07/23/uk_government_officially_adopts_open_document_format/
I wonder if I can petition GCHQ or NSA for a copy of the conversation between MS UK and Redmond when this became known :).
Don’t you mean “one of the problems I have with Dropbox”……..?
Yes, I read that Reg article and I must applaud the GDS for actually /doing/ something rather than just talking about it. Back in the day (2002) when I wrote the OGC guidance on implementing open source policy (now sadly difficult to locate on the web – but you can get a copy (PDF) here) no-one outside a few mavericks had the cojones to actually /mandate/ anything. I ended up having to write wishy-washy statements such as “we will consider OSS solutions alongside proprietary ones” and “we will seek to avoid lock-in”. (What I /really/ wanted to write was something like Dr Edgar Villanueva’s letter to MS of 8 April 2002.)
For an insight into the way I felt about the policy guidance, take a close look at the front cover. That screenshot of the upper laptop shows it running a game which was widely available in linux distros at the time – a game called “Kill Bill”. I managed to get it past editorial control simply because no-one noticed.
(Oh, and I have taken the liberty of editing your comment to remove the active hyperlink to that Russian domain. Better to be on the safe side eh?)
I can’t get that PDF (it’s not a link as far as I can tell), but I believe you (and I know the kill Bill game :).
As for underhand poking fun, as far as I recall you did find the credits page in the core server fairly quickly (the one with the background of a fairly well known hacker site), but it has taken *years* before they replaced the copy of sendmail with the rather peculiar version number of “biscuit” :).
The “here” /is/ a link (it just may not have been active at the precise moment you looked – I had to check the file location).
Heh. The header it used actually contained the string “biscuit:biscuit” as I recall. What fun we had……
Yup, worked now – I love it that you got away with putting a Linux game on the front of a government document :).
I have actually totally forgotten how on earth I ended up with choosing “biscuit.biscuit” for a version number. I know why I got my guys to replace what was normally there, but “biscuit”? No idea. Oh well, it was fun :)