Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Communications IT

The Evil in E-Mail 211

Posted by timothy from the find-what-you-look-for dept.
Frenchy in Ontario writes "An Ontario university researcher is devising ways to help law enforcement agencies better pinpoint likely criminal behavior in e-mails. His theory is that people who are "up to something" are more likely to write differently than people who aren't - either by avoiding using certain words at all that could be flagged for possible criminal context (like "bombed) or to examine patterns that might indicate criminal activity - like several people e-mailing one person but not each other, which is how some criminal networks operate. There's also an interesting paragraph on why Enron's emails aren't as valuable as you might think for this sort of work."
This discussion has been archived. No new comments can be posted.

The Evil in E-Mail More

The Evil in E-Mail

Comments Filter:

  • Dumbest thing I've read all week... (Score:5, Insightful)

    by TripMaster Monkey ( 862126 ) * on Sunday June 12, 2005 @08:09AM (#12794026)


    From TFA:


    Skillicorn doesn't know all the ways suspicious e-mails might read differently from innocent ones. The beauty of his approach is that he doesn't need to know. His software is designed simply to look for messages that are different, based on word frequencies, from the mass of e-mails. It needn't understand the reasons for the differences.

    Super. I'm predicting a whole lot of false positives...especially during the initial phase of this operation...

    Also from TFA:

    One difference might be the complete absence of words someone might possibly think would draw a law enforcement agency's attention to their e-mails, but that most people would occasionally use innocently (as in "my presentation yesterday really bombed.")

    Great...so words like 'bombed' get the email flagged...as well as an absense of the word 'bombed'? So far, Skillicorn's test appears 100% sensitive...too bad it's 0% specific.

    Some more from TFA:

    A related trick, he says, is to examine patterns in who e-mails whom. As an example, in criminal networks it is common to find several people communicating regularly with the same person, but never with each other.

    OMG! This is the pattern of emails in my company! My whole company is a giant terrorist organization! I had no idea!

    /sarcasm

    But here's the kicker...again with the quoting:


    To help with his work, Skillicorn has been working with archives of e-mail from Enron Corp., the company at the heart of one of the most prominent scandals in recent U.S. business history. In some respects, he notes, the Enron e-mails are not a good sample for analysis, because Enron employees seemed to have no compunction about what they were doing. "People should feel some guilt or at least some self-consciousness when they're being deceptive," he says.

    So let me get this straight...if criminals are okay with their criminal activity (like...say...terrorists), they'll 'slip under the radar'??? Great test, Skillicorn...sounds a lot like a standard polygraph test, which experienced criminals can fool at will, while innocent people fail them 50% of the time. That's what the War on Terror really needs...another inaccurate 'test' that does nothing but throw false positives.

    I'm just glad that this method is so obviously stupid that it will never be implemented by our government...
    Oh, wait...one more from TFA:

    Such technology has obvious applications in surveillance by law enforcement and security bodies, but Skillicorn suspects agencies like the U.S. National Security Agency have little need of his help. "I infer from things they say around me that some of this stuff they already do," he says.

    Crap.

    • Agreed (Score:5, Funny)

      by MarkusQ ( 450076 ) on Sunday June 12, 2005 @08:19AM (#12794052) Journal

      This line in the lead jumped out at me:
      like several people e-mailing one person but not each other, which is how some criminal networks operate.
      We have an addresses "techsupport@internaldomain" which matches this pattern to a T.

      --MarkusQ

      P.S. Back when we were on MS-Windows, it would have been OK, because the people asking for TechSupport were often sending each other worms at the same time.

      • Re:Agreed (Score:2, Funny)

        by Anonymous Coward
        Well, everyone knows end-users are terrorists.
      • I see, you don't email each other as well as the tech support email address. Boy you must get a lot of work done.

      • Re:Agreed (Score:5, Insightful)

        by ebuck ( 585470 ) on Sunday June 12, 2005 @11:28AM (#12794990)
        Worse yet, people will be watched and harrased by this technology, but never brought to court over it.

        In a court, you can question the evidence used against you. Considering that the creator of this evidence indicated that he didn't need to know how it works, it's highly likely that you could get this evidence thrown out because it fails the test of provablility.

        So this technology will "flag" people, and they will be watched "just in case". However, there's not going to be a court case, just continued monitoring until the budget to watch this person dries up. And it's very easy to get a bigger budget because you can argue, "We are watching 400,000 people who have been flagged as possible terrorists, we can't keep up. We need more money." Even when your flagging system has worse odds of finding a terrorist than the Lottery.
      • Shoot, I'd fail that test - I email my wife at work, and my sister in a completely different country. They never email each other. Come to that, she emails her mother, and I never do, and her mother is out in a desert country just down the coast from Iraq.
        • Memo to SAIC:

          Suspected terrorist has posted an apparently coded message on Slashdot indicating connections with terrorist supporters in Middle Eastern countries.

          Suspect has possible sexual relations with both his wife and his sister based on frequency of email contacts.

          Suspect is apparently concealing his connections with his wife's mother from his wife. His wife, however, is also in contact with the terrorist leader. Indications are his wife is part of a different cell than the suspect. {See "Mr. and M
      • like several people e-mailing one person but not each other, which is how some criminal networks operate.

        We have an addresses "techsupport@internaldomain" which matches this pattern to a T.

        Yeah, and I'd never realized that all of those geek mailing lists that I'm on are centers of illegal activity.

        After all, it's only the newbies that use "reply to all" and produce messages between subscribers. The experienced list members usually figure out that getting two replies to a message is dumb, and just
      • I guess all forms of commerce will be suspected as criminal since our sales@mydomain email address fits that pattern of use.
      • This line in the lead jumped out at me:

        like several people e-mailing one person but not each other, which is how some criminal networks operate.

        Yeah... And classes?

        We used to have a right to assemble somewhere, now if only I could find where that was written. Ah, there it is. No, wait, that just says, "Some rights are more inalienable than others." Hmm...
    • I say this guy do something useful with his time, and go after the REAL evil in email:

      SPAM.
    • I especially liked the part about:

      Another, Skillicorn says, is that research shows
      people speak and write differently when they feel guilt about a
      subject, for instance using fewer first-person pronouns, like I and we.

      Because people always use first person pronouns in messages. That's just what's done. And alot of them should be used.

      Sounds like a way to track messages with "substance" rather than the "hai h u r? heer are the pictures of my vacation." messages.

      Think about that. This man has just come up with a way to measure the relative interest of what the sender has to say to people in the government.

      Yet another way to cut down on the messages that the government has to read and be bored with. Yet another way to enable the government to read out communications more effectively

      Yet another reason to look into using real encryption.
    • Well, yes, it sounds like a modified spamassassin with bayesian filtering. It should be possible to modify spamassassin to do what the article describes... Now I starts wondering if he's written it in perl...
    • About all I have to add to that excellent analysis is that perhaps it would work after all if only they had Bill Gates fabled email tracking application... plus the $17.50 per email would serve to fund such a waste of resources.
    • So very, very true. I'd support the guy just because he's a fellow Ontarian, but there is nothing in this article of any substance or worth, and it sounds like a giant heap of grant-sucking bullshit. I think the "researcher" caught the season premiere of "Numbers", one in which they caught the criminal based on exclusion of activity (e.g. he committed crimes in the area around his stomping grounds, excluding where he lived and worked), and thought he could rationalize some nonsense about email analysis.

    • Re:Dumbest thing I've read all week... (Score:5, Insightful)

      by Otter ( 3800 ) on Sunday June 12, 2005 @08:43AM (#12794121) Journal
      If I understand correctly, what he's done is this:

      1) Devised a theory

      2) Tested it on a sample set of emails from Enron

      3) Gotten poor results

      4) Blamed the failure on Enron, for being just *too* evil for his theory to work!

      Yawn. Maybe he should save the press release until he's gotten something to work.
    • As soon as some behaviour is classed as "indicative" of criminal activity, won't they will just stop doing it? Well, I would.

    • Re:Dumbest thing I've read all week... (Score:4, Insightful)

      by danharan ( 714822 ) on Sunday June 12, 2005 @09:05AM (#12794172) Journal
      Super. I'm predicting a whole lot of false positives...especially during the initial phase of this operation...
      If using contrived language flags this system, I wouldn't want to be the one having to read all the false positives. I imagine I'd find out about a lot of affairs, rumours and backstabbing plans.
    • "I infer from things they say around me that some of this stuff they already do," he says.

      Crap.

      But of course. It is the nature of the monitoring beast and the very reason such monitoring is offensive to freedom.

      First you monitor. Then you monitor for the people avoiding the monitoring. Then you monitor for the people avoiding the . . .

      Monitoring, if it is to work at all, is an all or nothing sort of deal. Once started it innately progresses toward the end of a secret cop in every pocket. If you know t
    • terrorist bomb al qaeda bin laden firebomb death destruction chaos terror plane WMD nuclear weapons
    • Using a keyword instead of actual investigation is both lazy and useless. Look at how bad the that works in the Help desk industry. How much time do you waste because the person on the other line isn't able to think the problem thru? And we wonder why Ossama walks free and Saddam is in Jail (not that he shouldn't be). It was just took less effort to find him.
    • The whole tone of Grant Buckler's article is "breathless anticipation". Especially glosses about how simple it all is, how we don't need to understand how it works. It's marketing pitch all the way, for privacy invasion, guilt until proven innocence, belligerent government paranoia, singling out the "different" as "criminals". Reporters are valuable for investigating the appearance of government wrongdoing. This article isn't "journalism" - appearing in a Canadian "IT Business" webzine, it's just another
    • Some more from TFA:

      A related trick, he says, is to examine patterns in who e-mails whom. As an example, in criminal networks it is common to find several people communicating regularly with the same person, but never with each other.

      OMG! This is the pattern of emails in my company! My whole company is a giant terrorist organization! I had no idea!

      Not that I agree with all this emphasis on monitoring, but think about the utility of this. This technique isn't useful in mapping out "terrorist organiza

  • What about other languages.? (Score:4, Insightful)

    by guyfromindia ( 812078 ) on Sunday June 12, 2005 @08:11AM (#12794031) Homepage
    This may work well for English,etc.. but may not work with other languages..
    • You don't watch enough TV. Terrorists, just like aliens, always speak English to themselves.
    • Duh, if they're writing in some other language then they are ALREADY at the top of the potential criminal/terrorist lists.

      -
    • If they're using text classification, such as Bayesian, all you have to do is have a good concept of whitespace. Just break your tokens up apropriately, and compare the weightings to your corpus.

      http://www.paulgraham.com/spam.html [paulgraham.com]

      You just need a good corpus for your text classification.
    • I think the point is that it doesn't work well for english, either. As a matter of fact, it doesn't work even when the researcher /knows/ the emails in question have "evil" in them.

      It sounds like the guy...
      a) had a half-assed theory (that should've probably /stayed/ a half-assed theory)
      b) came up with little data to support his theory
      c) explained the lack of supporting data for his theory on the material being studied
      d) used a lot of pretty awful reasoning to shoehorn what little supporting data was left i

  • if you're really up no good.. (Score:5, Insightful)

    by Keruo ( 771880 ) on Sunday June 12, 2005 @08:17AM (#12794043)
    The emails you send would be encrypted instead plaintext.
    Real criminals aren't dumb, only the bad ones who get caught are.

  • The idea isn't new... (Score:4, Insightful)

    by Registered Coward v2 ( 447531 ) on Sunday June 12, 2005 @08:19AM (#12794053)
    Pattern recognition has been around a long time - from analyzing the causes of infection to finding likely cheats on expense reports (and the latter uses the frequencies of certain digits, rather than looking for the text entries).

    I do disagree with his statement about not being useful to fight spam - recognizing patterns ins spam is already in use, applying the idea that the same or significantly numerous occurrences of the same words from either the same person to multiple users at the same sight and different sites, or the same basic message sent to multiple users from different mailers / return addresses might be a good indicator of spam. The challenge is how do you monitor all the traffic?

  • Someone set us up the Bombed (Score:3, Insightful)

    by FidelCatsro ( 861135 ) <fidelcatsro&gmail,com> on Sunday June 12, 2005 @08:20AM (#12794056) Journal
    This will be a total BOMB , Honestly this is not a new field of science at-all , Letters and writing have been examined for years and criminals writing E-mails will be writing the same things they always write .
    • Automated database record generated somewhere deep in the bowels of the NSA...

      Subject: FidelCatsro|861135|Slashdot.org
      Message ID: 12794056|Slashdot.org
      Keyword Trigger: "BOMB"
      Analysis: Subject is likely not a terrorist
      EOM

      -

  • Bad sample? (Score:5, Insightful)

    by No Such Agency ( 136681 ) <abmackay@@@gmail...com> on Sunday June 12, 2005 @08:26AM (#12794074)
    Ah, my alma mater Queen's makes it onto Slashdot!

    I don't know if using the Enron e-mails as his test material is such a good idea. Corporate malfeasance is probably not conducted the same way that every other criminal (or terrorist) network runs. At least their communication might be different due not to a "lack of guilt" but due to the fact that it's probably so easy to make a naughty memo sound like an innocent one without being obvious. After all these memos would be mixed in with a lot of legitimate company business the conspirators are also conducting.

    How does automated analysis separate a memo saying "I think we should go ahead and promote Price out of the mailroom" - which means "Have Price-Waterhouse cook those spreadsheets I sent you", from one which just leads to some dude getting promoted out of the mailroom? Of course if they are not bothering to use code words then the system might work very well.

    A related trick, he says, is to examine patterns in who e-mails whom. As an example, in criminal networks it is common to find several people communicating regularly with the same person, but never with each other. This is meant to ensure that if one lawbreaker is caught, he or she is unlikely to lead authorities to too many others. But it can also be a clue to suspicious activity.

    Traffic analysis is probably more promising, since you can reconstruct relationships between players with it. The traffic pattern could look like a terrorist cell, or it could look like a bunch of guys who know each other - as he says, there's a difference. But this is old news, though automating it would make snoops' lives easier.

    At any rate I find this line of inquiry disturbing for civil rights reasons, but I don't believe we should attack the researcher for working on it. Academic freedom is a very useful concept and ultimately does us more good than harm, IMO.

  • Whatever (Score:2, Insightful)

    by M3rk1n_Muffl3y ( 833866 )
    I am sure this will prove to as productive as searching eBay images for hidden Al-Qaeda messages.
    • I am sure this will prove to as productive as searching eBay images for hidden Al-Qaeda messages.

      Great deal on Hidden Al-Qaeda messages. aff.

      eBay.com

  • Word bombs.... (Score:5, Funny)

    by Invalid Character ( 788952 ) on Sunday June 12, 2005 @08:26AM (#12794077) Journal
    Bomd, jihad, kidnap, extort, terrorize, kill, godless, constitution.

    That should keep me safe for a few days.

  • I can't believe this got funding... (Score:5, Insightful)

    by bobbis.u ( 703273 ) on Sunday June 12, 2005 @08:26AM (#12794078)
    It seems like he is just using Bayesian filtering (the bit about how he doesn't know how it works gives it away), and using Enron emails for the training.

    Personally, I can't see how this would ever work. It is typical of the attitude that "all terrorists are bad, they are all the same and we just have to deal with them all in the same way".

    Isn't it obvious that different terrorists will have different styles, different levels of literacy, different levels of security awareness, different languages, different aims, different approaches - the list goes on and on. Normal emails all have these traits too. I can't imagine there is any way of applying Bayesian filtering to help with this task.

  • GPG (Score:2, Insightful)

    by Nicholas Evans ( 731773 )
    I'm going to go out on a limb here and say that Al Queda probably uses GPG or some other form of strong encryption in their e-mails.
    • I seriously doubt this, for one simple reason: anyone that uses encryption would automagically be on the "list".

      The more likely scenarios would be (1) nonsensical SPAM messages with a hidden message within, (2) a message steganographically embedded within images posted to a public forum, or (3) some pre-arranged and totally innocent message that has been assigned some other meaning.

      The use of encryption for email messages represents such a small proportion of the total number of emails sent that it would

  • Big Brother right here (Score:4, Insightful)

    by m50d ( 797211 ) on Sunday June 12, 2005 @08:27AM (#12794083) Homepage Journal
    He's just using statistics to detect emails that are "different". So, anyone who isn't conforming is flagged up. Organising an anti-war protest? There you are, flagged. Say goodbye to freedom, if you hadn't already. Or encrypt all your emails, and try and persuade everyone you know to. Maybe we can make encryption widespread enough these things are useless.

  • Social Networks = Criminal Networks? (Score:3, Insightful)

    by Anonymous Coward on Sunday June 12, 2005 @08:28AM (#12794087)
    ...or to examine patterns that might indicate criminal activity - like several people e-mailing one person but not each other, which is how some criminal networks operate.

    Not to mention most social networks. Or is everyone you know equally popular?

  • Too narrow (Score:2, Interesting)

    by Anonymous Coward
    This reminds me of a Perl module Text::Gender
    or something which I tried out in a few experiments last year. It is supposed to analyse writing and determine whether its author is female or male.

    It works rather well given the conditions that the authour is also is American, white and middle class. Any samples outside that field and it fails spectacularly actually getting more wrong than right (worse than chance).

    These sort of ideas are cute in their ambitions
    but not science of any kind at all. The tests giv
    • "It works rather well given the conditions that the authour is also is American, white and middle class."

      Well, son, pass it along to homeland security! Those are exactly the sort of terrorists they should be after!

  • They would encrypt there emails.

  • Oh dear (Score:5, Insightful)

    by Anonymous Coward on Sunday June 12, 2005 @08:42AM (#12794115)
    Dr Skillicorn has obviously never done any work with or for a law enforcement or intelligence agency. After spending three years in this area working on data mining of electronic communication, I can say this fella has not done his research properly. He has failed to note that the frequency of grammatical and spelling mistakes, let alone "missing" words, have become so frequent now in the SMS TXT generation that this will cause a major problem when scanning messages on this scale. I really can't be bothered to pick any more holes in this because it is time for a bacon and ketchup sandwich.

  • Bah (Score:3, Funny)

    by shobadobs ( 264600 ) on Sunday June 12, 2005 @08:42AM (#12794119)
    Everytime I hear one of these stories about how they can catch criminals from their email messages, I'm like, "OMG! They made a fast factoring algorithm!" But then I read the article and discover it only works for unencrypted messages. Gee.

  • Hmm (Score:2)

    by mukund ( 163654 )

    ... or to examine patterns that might indicate criminal activity - like several people e-mailing one person but not each other...

    Like <president@whitehouse.gov> for example?

  • you encrypt - you're a terrorist (Score:3, Interesting)

    by l3v1 ( 787564 ) on Sunday June 12, 2005 @08:54AM (#12794144)
    Just remember a not so old story where there was reported the presence of e-mail encryption software was considered as evidence in some child porn case.

    First they start using some very un-smart word-scanning piece of crap filtering system [and god help you if you write foreign language letters, or have a different style than the average], then they will punish the use of mail signing and encryption software [which is something I regularly do], then if the filtering still has a false positive rate above 99% they will ban e-mailing. Then they will find out other forms of efficient communication exist.

    • then they will punish the use of mail signing and encryption software [which is something I regularly do

      If you're innocent, you have nothing to hide and therefore don't need to encrypt things. Only terrorists need to use strong encryption.

      And while I'm at it, why do you hate America, and won't somebody think of the children?

  • Wasted effort (Score:3, Funny)

    by AndroidCat ( 229562 ) on Sunday June 12, 2005 @08:56AM (#12794153) Homepage
    Everyone knows that you just have to check the evil bit [faqs.org]. (Some terrorists may be sophisticated enough to tamper with the evil bit but if they use Windows, the lack of the bit will stick out like a sore thumb.)

  • Do they believe in the effectiveness of this.....? (Score:3, Insightful)

    by David Webb ( 883154 ) on Sunday June 12, 2005 @09:00AM (#12794161)
    So It is now no longer good enough to just have the ability to subpoena your records if your arrested?Now the government wants to activly sort/monitor the emails of an entire nation. HMM I smell more violations of the rights of the people. How much more of this are we willing to accept. How much longer until dissidents start a revolution. That's right I said it a revolution. This sounds like a combo of search/packet sniffing software.Last I heard PGP and RSA encryption was still unbreakable. This will NOT be effective for the worst thieves or tererorists.
    • "HMM I smell more violations of the rights of the people"

      Yes, but just remember, it might not be american law enforcement doing the violating. AFAIK ECHELON (search google for it) exists and is working. If say the british government did the searching through american email it would not actually be the american government spying on their own citizens and vice versa.

      "How much more of this are we willing to accept."

      I'm hoping not a lot more.

      "This will NOT be effective for the worst thieves or tererorists."

  • this research is a wonderful example of... (Score:3, Insightful)

    by cahiha ( 873942 ) on Sunday June 12, 2005 @09:06AM (#12794173)
    Graduate students, take notice. This research is a wonderful example of ... going where the wind is blowing; that gives you media coverage and funding from people who know even less than you ... not doing your background research; doing your background research would just discourage you, and it takes time that isn't required for convincing people who know less than you that your sexy proposal is worth funding
  • th4y 5r4 1n t1 U6.

    P147 1n 5lt.5n1nym1U6 u64 kn1wn crypt1, l23v2 n1 tr5c4. 4m52l != s5f4.

    num=num-1

    Ofcourse I know, if the system is sortof good inwhat it does, the above wont be too effective. But who wants will bypass such a thing. What about PGP?

    I honestly doubt that the system will result in displaying the emails of those who actually are paranoid about their activity and doing things that aren't too legal. It'd be disturbing if they will be successfull with this type of privacy infringement. It's

    • It's ILLEGAL to read one's snailmail. Why is it then legal to scan every email for keywords and having ultimately someone monitoring my emails cause their scanning-engine might, most plausable, flaw?

      Regarding snail-mail vs. email...with snail-mail you seal the message inside an envelope to be opened at the other end, thus a reasonable expectation of privacy. Email, on the other hand, is generally transmitted as plaintext all the way from A to B...more like a postcard than a letter. Thus no expectation
    • It is? I'm a re-enactor, and every year I get a booklet on "The Pennsic War" and every year it comes opened. The post office says there's nothing that can be done about it. My wife also gets one and hers comes opened too, so it doesn't sound like curiosity.
      • Then you should stand up for your rights. I just can base on my own country;

        The Belgian constitution [senate.be], article 29 states that the "Letter secrecy" CANNOT be violated. (this means, noone can open the letter other then the adressed.)
        According to the Belgian MailOffice [www.post.be] they obey this law stating:

        Only a select few DePost employees are allowed to open letters which are undeliverable in very rare conditions to find who the letter is adressed to. (0.02% of the mail would be undeliverable)

        The Belgian const [senate.be]

  • Oh Dear (Score:3, Insightful)

    by taskforce ( 866056 ) on Sunday June 12, 2005 @09:29AM (#12794244) Homepage
    either by avoiding using certain words at all that could be flagged for possible criminal context (like "bombed)

    So if you don't talk about things which a terrorist would talk about, you are a terrorist?

    like several people e-mailing one person but not each other, which is how some criminal networks operate.

    Yes, it's also how every other nuclear network of friends operates. Not all my friends know eachother. Not all a bank's customer's know eachother, not all a mailing list's users know eachother.

  • Government sucks. (Score:5, Interesting)

    by Fantastic Lad ( 198284 ) on Sunday June 12, 2005 @09:32AM (#12794256)
    "The more corrupt the state, the more numerous the laws."

    -Tacitus

    Government is already too invasive. I'm already forced to seek a building permit before I can erect a structure on my own property. The fines for ignoring this, (and say, having the gall to build a solar powered house which is not connected to the AC power grid, or (horrors!) a straw-bale house), are huge and the government's reasons for these laws are utterly ridiculous.

    Any professor who suggests that we should be looking to monitor email content is not thinking clearly. The Government already has their nose in everything, and telling us that, "It's For Our Own Good," is NOT a valid excuse.

    It's MUCH more important that people be able to make mistakes -and even die through their own faults- than live ensnared in the safe-keeping of a bunch of ignorant civil servants who are trying to build a Starfleet future where everybody dresses the same, and nobody is allowed to think or act outside a bunch of pre-set 'safe' boundaries designed for middle-class suburbanites who exist in eternal ignorance of the real world, who actually believe in the Discovery Channel, who drink milk, and live in absolute terror of anything you can't experience beyond the confines of a nice, respectable department store.


    -FL

    • I don't know why you're getting modded 'Funny' - I think you're more or less right.

      Generally, a densely populated society requires straightjacket laws to make sure everyone more or less gets along. The less behaviours permitted, the fewer things will piss off your many neighbours.

      I think the West needs to get a little closer to 'my right to swing my fist ends at your nose' - but keep in mind that if that happened tomorrow, we'd start campaigning for a return to more restrictive laws as the worst 19% of t

  • letter from college home (Score:5, Funny)

    by e**(i pi)-1 ( 462311 ) on Sunday June 12, 2005 @09:36AM (#12794270) Homepage Journal
    Letter from College:

    Hi Mom,

    I blew it and bombed the final exam. The physics
    prof put the gun on my head and told me to work harder.
    I could kill him. I feel like having a knife
    at my throat. The anger feels like poison in my
    blood but I know it is my fault and the all is
    blamed to that virus, I had been laboring with
    for quite a while. I'm working on it mom! I promise
    to make you proud. I can not wait to be on the subway
    home to work on my final project on weapons of
    mass destruction in my political science class. Its
    mental terror.

    Love
    Your son

    P.S. The powder you sent me works well for my
    skin infection. Strong agent.
  • This email doesn't contain the words r0lexx, v!/\gr4 or c14ll4s. It sticks out like a sore thumb from 99% of the email traffic we've intercepted, he must be up to no good!!!!

  • Been There Done That (Score:2, Interesting)

    by anat0010 ( 76128 )
    Statistical analysis of word (token) frequency works great in a closed domain set, such as the Enron corpus. But once you scale up to the ISP level it falls down horribly.
    Why ? The size of the token database increases massively to the point where it becomes un maintainable. Every spelling mistake, word variant, not to mention foreign language, gets included. Eventually you are unable to separate the wood from the trees. Let alone make statistically significant assertions about a single message.
    And lets not
  • First thing they'll do is sniff out anyone with a /. userID, then ignore anything that looks like a sig.

    I don't know if they then pay special attention cuz we think we can bypass their filters, or completly ignore us cuz 99.9999998% of /.'ers are more likely to blow a brown trouser note than to blow up something.

  • Just stupid (Score:3, Insightful)

    by Anonymous Coward on Sunday June 12, 2005 @10:39AM (#12794627)
    How many criminals are going to send plain text emails discussing criminal activities?
    This is clearly just designed to appeal to the government of Police State America, probably to get more funding.
    This whole obsession with 'terrorists' is just becoming tiring. There are very few 'terrorists' in the world that the Americans didn't create through their own acts of terror. If America would stop its interference in the affairs of other countries, there would probably be almost none at all outside of the White House.

    • There are very few 'terrorists' in the world that the Americans didn't create through their own acts of terror. If America would stop its interference in the affairs of other countries, there would probably be almost none at all outside of the White House.

      A naive way of looking at the world at best, extremely dangerous at worst. The canard that "America is to blame" is as tiring as the faux security around terrorism (yes, I agree a lot of the attempts to rein in terrorism are bogus and do little to stem

      • Look at the nubmer of civilian casualty in Irak/Afghanistan (*), oh, sorry,you call them "collateral damage"... Each of those had a familly. Each of those familly might be drowned enough in sadness and anger, and by the desire that this never happen again, that they decide to take in their own hand the "punishment" and even revenge. There you have sown the next terrorist generation


        (*) and I am not even counting the number of country where the good old US of A support a dictatorial govt, or attempt to o

  • I concur (Score:4, Funny)

    by flowerp ( 512865 ) on Sunday June 12, 2005 @11:34AM (#12795032)
    Yes the people who are "up to something" actually write differently. Most of the time they use phrases like "validate your bank account",
    "please verify your credit card information", etc.
  • I was just about to order some extra razors from some proles via email too! I had better go to the ministry of truth and rewrite this post after I am done.

    News: Chocolate rations are up from 200g to 150g this week.
  • If police investigations weren't so costly, invasive, long-lasting, prejudicial, inhibitive of populations, and otherwise nightmarish, we'd do well to investigate everyone, especially anyone "different" (or "too similar"). But they are nightmarish for everyone targetted, while only those actually commiting crimes could possibly "deserve it". Which is why America developed our "due process", and thrived under it, to the extent we get it; other countries are no different. Now that we're abandoning our privacy

    • Re:War is Peace (Score:3, Interesting)

      by tom's a-cold ( 253195 )
      we're doomed to live a nightmare where everyone is guilty.
      More opportunities for bribery and blackmail in a situation where there's a high rate of false positives and ambiguous or secret regulations that anyone could potentially be found guilty of. Then they can cultivate a huge population of informers, with even more shakedown possibilities as a result.

      Then all that will be left is futile, self-destructive petty rebellion.

  • Many of the slashdot comments here were completely predictable and reflect a mental problem of geeks - a near-autism that wants things to be boolean rather than analog. I've seen this tendency on many other stories, and I think it is probably hurting some of you in the workplace or school. One poster worries that so many emails will be flagged that we'll create a huge pool of federal employees to read them. Others think they'll be unjustly accused of crimes due to some "false positive".

    This kind of syst
  • Anyone who's watched the classic documentary "Enemy of the State" knows that the NSA is already eavesdropping on all of us for the words "Allah", "bomb" and "President". That's why I always greet people in cyberspace w/ "Allah bomb President!"
  • I see people saying encryption will become a flag-raising technology if people use it to bypass email scanning, but with all the ways you can send an email, currently the system could probably be bypassed simply by sending a document attachment or a zipped text file with a cover note - the email scanner will see the note and be happy and the real message will be left in the attachment, because the developers are too lazy to scan various attachment formats and will continue to be lazy until its bought up in
  • "like several people e-mailing one person but not each other, which is how some criminal networks operate."

Slashdot Top Deals

To the systems programmer, users and applications serve only to provide a test load.

Close