Harnessing spam bots for cyber warfare

Disclaimer

I have not researched internet criminal law and I won't speculate on the legality of this idea. I'm not advocating any type of internet warfare or vandalism. Don't implement this idea unless you determine that it is completely legal.

Summary

With that disclaimer out of the way, I'd like to explain one of my most ambitious and long-planned idea: redirect spam bots to launch a DDoS attack on a website. Even small websites have to guard their forms against bot spam. Why shouldn't this enormous source of resource-wasting power be put to good use?

Background

Spam bots work on the economics of scale. Unscrupulous companies and criminal organizations pay spammers to use their servers to crawl the internet, looking for comment forms and public email addresses. When a spam server (or bot) finds a web form, it fills it out with a mix of garbage and spam links and moves on. If the data is posted on the website in some way (blog comment, forum posting, wiki entry), the bot has succeeded in exposing the link to more people. If even a minute percentage of the people who see the link click on it, the hiring organization can make money by infecting the unwary user's computer with malware and selling his personal information.

However, if the spam is detected by any part of the system, it is blocked and the bot has failed. Unfortunately, it has still consumed the bandwidth and computing power of the victim web server. In addition, the victim server's organization has to use its resources to harden its website against spam bots. On a low-traffic website, the spam bot traffic is negligible, but on larger sites, the cost of spam bots is significant. One only needs to examine the measures taken against bot spam to realize its power: reCaptcha, image rotation tests, and a few more esoteric schemes. Despite all these barriers, spammers can make money with spam bots.

Plan of action

Why should all those spam bot processing cycles be used for nefarious purposes? Right now, when a website detects a spam bot, it has several options: it can block the IP address of the bot, preventing the bot from coming back; it can simply reroute the bot to a dead-end page; or it can attempt to waste the spam bot's processing cycles by rerouting the bot to a bot trap. Typically, bot traps work by enticing the bot to fill out a never-ending line of forms or follow a web of garbage links.

What if this stream of spam bots was instead pointed at link farms or phishing sites? Web forms could reroute the spam bots they detect to a spam bot portal site that would reroute the spam bots to known nefarious sites. If a significant number of websites used the portal as a bot trap, the effect on the nefarious sites could be devastating. The spurious sites would be crushed by the traffic from their own advertising bots.

Eventually, the portal site could be automated to find and destroy targets on its own. It could pick its targets from the list of sites ejected from Google's index for phishing or link farming. Once it had chosen a site, it would redirect its traffic to that site, checking each minute to see if the site was still functioning. Perhaps it could crush multiple sites simultaneously by evaluating their stability and pointing just enough traffic at each to overwhelm it.

Obviously, this idea would be far more difficult to implement than to describe. How would the portal handle the massive amounts of traffic? Who would want to shoulder the cost of this plan? How would the predator portal get the list of sites rejected from Google's index?

Do you think this plan is viable?

Scribblenauts: Accomplishment and potential

Although Scribblenauts is a terrifically fun and shockingly innovative game, its concept is even more compelling than its gameplay. Scribblenauts is a new game for the Nintendo DS in which you solve puzzles by summoning and using items. If your goal is encased in a block of ice, you could break the ice with a hammer, melt it with a flamethrower, or detonate it with a grenade. The game's hook is that you can summon almost any item imaginable.

Hidden machinery

Of course, the game is phenomenal, but the technology behind it is even more impressive. 5th Cell, the developers of Scribblenauts, managed to cram tens of thousands of interactive, animated characters and items on a tiny DS cartridge. On top of the actual pictures, they programmed in complex interactions between the items. For example, a toaster will turn bread into toast; monsters scare and attack people; cops shoot criminals and chase donuts; and beavers gnaw down trees. This game's backend is completely unprecedented.

Unlimited Possibilities

Imagine if the contents of the Scribblenauts asset database were accessible to all game developers. Designing a traditional game would be a breeze: lay out a level, populate it with items and characters, and show the player an objective. However, giving developers (and players) instantaneous access to a massive library of items would create entirely new gaming possibilities. An RPG could allow players to equip their teams with typical household items with different strengths and weaknesses. A point-and-click adventure could use the sprites and interactions to let the player pick up literally any item in a room and use it in the game. A platformer could use the vast selection of items and characters to make each level a unique experience. A universal resource database could fundamentally change process of creating and playing games.

Making the concept a reality

Thinking about the possibilities if the Scribblenauts database was open is entertaining but unproductive. In order to give developers and users the power of instant item creation, steps must be taken.

1. A lightweight format for interactively animated sprites must be established. Whether it's a particular arrangement of sprites on a sheet or an XML dialect for defining how a character's parts fit together and interact, there must be a standard for people to follow.
2. A central database must be created to systematically store and retrieve the standardized sprites. It must be easy for people to contribute, but impossible for someone to damage or corrupt. The sprites and their interactions must be version-controlled.
3. Developers must have access to the database from their games. Web-based technologies could access the database directly, but pc-based games should be able to use a copy of the database. It could be optimized and compressed, or developers could simply "check out" the portion of the database they intend to use. Perhaps, when a game using the entire database is started, it could check to see if any new items have been added to the database.

Conclusion

The game Scribblenauts is an enormous accomplishment, but it could be so much more. The technology behind Scribblenauts could revolutionize the resource management of game development, tearing down barriers for both designers and developers to create experiences. Nevertheless, in order for that to happen, 5th Cell must release the Scribblenauts' resource database for non-commercial use, or the independent developer community must unite to create their own asset database.

If you'd like to support the developers of Scribblenauts (and me), you can buy Scribblenauts for yourself.

Suggested reading for elected officials

Despite the politically charged name of this post, Welcome to Obscurity will remain a non-partisan blog. It just happens that my most recent idea relates to my elected officials.

How many times have you shared an article with your friends or followers? If you're like me, you've probably forwarded plenty of interesting stuff to your social network. On the other hand, how many times have you contacted one of your congressman? I've sent less than ten messages to my elected officials, and I consider myself relatively politically active.

Despite the massive improvement in communications technology, few people bother to communicate with their elected officials. And why should they? One person's suggestion is unlikely even to be considered. It takes a coordinated effort to make an impact on a powerful politician, and few people have the time or resources to gather support.

To solve this problem, I propose a website for people to suggest articles for their elected officials to read. A worried elector could use a website, bookmarklet, or browser extension to mark articles they believe should be read by their elected officials. He could send the article to a specific politician or to every politician responsible to the elector.

The first time an article is suggested to a politician, a page is created for him that contains a link to the article. As more and more articles are suggested, the system sorts the articles by their popularity and specificity. An article's popularity will be based on the number of people who have suggested it. An article's specificity, on the other hand, will be determined by the number of other people to whom the article has been suggested. If a voter suggests an article to every one of his politicians, that article will have a lower specificity than one that he forwarded to a specific politician.

A politician will be able to confirm his identity with the service and respond directly to the suggested articles or subscribe anonymously to the RSS feed of his reading material. The politician could set his suggestions to expire quickly if he has a large volume of them or stay on his page until he responds. Normal people could also subscribe to the RSS feeds of politicians to learn which political articles are popular.

What do you think? Is this idea a potential world-changer or an insignificant pebble thrown against a Mack truck?

Universal scholarship application

It's hard to get money for college. I thought I had avoided the grab for cash by qualifying for Florida's comprehensive Bright Futures scholarship, but I recently discovered that my scholarship's funding was cut and I'm now liable for more than just the cost of my books. Now I have to devote some of my scarce and precious time to finding and applying to scholarships.

First, I have to find scholarships, sifting through pages of Google results to look for scholarships for which I'm eligible and capable of winning. Once I find some promising scholarships, I have to jump through their hoops, either filling out online forms or printing them out and faxing them in. Each essay prompt is slightly different, so each application requires a few modifications to my standard essay. When I'm done, I've lost several hours of my day to a few scholarships I'm not even sure I'll receive!

I've registered on FastWeb.com, but half of the scholarships are restricted to high school students. The rest are large, national scholarships with big prizes and even bigger requirements. Whether the scholarship requires me to write a detailed essay on a long book or create a high-quality Youtube video, I'll be competing against thousands of students across the country. Unless I'm a genius writer or videographer, I would only be wasting my time and effort on a 1-in-100 shot.

To ease the scholarship application process for students, I propose a government-funded academic-achievement matching system. The network would be a universal platform for all students to get scholarships. The network would be linked to each state's educational database, and each student would claim his information when he became interested in applying for scholarships. Most vital info would be visible from the start, but the student would be able to block certain pieces of information. However, the network would emphasize the positive aspects of students' records over the negative.

If I was a student in this system, all my major info would appear automatically: homeschooled from fourth grade, standardized testing every year, 4.0 college GPA, etc. In addition, I could list my community service hours by simply sending my service acknowledgement letter to the scholarship network office for confirmation. Of course, the office would also confirm things like my family history and SAT and ACT scores.

When an organization wished to offer a scholarship, it would simply set the eligibility requirements and offer the scholarship to whichever students met the requirements best. If a scholarship required a specialized essay or test, the organizations could wait for interested students to apply (each student could see the scholarships available to him) or ask specific groups of students to apply. For example, a company asking for an artsy Youtube drama could invite students who listed "videography" as one of their interests. Any student could apply to any scholarship he was eligible for, but he would have to take the initiative.

Of course, there are a number of pitfalls a project would need to avoid: government bureaucracy, spamming, application padding, and privacy issues. The network would have to be private to protect the students, but it would also need to be accessible to interested organizations without too much red tape. It would be a difficult project, but it could actually save government money. Students who would be eligible for government aid would instead finance their education with private money.

I know there are a hundred problems with this plan, so please point them out in the comments section. Anybody want to check this one out?

Idea Library: Spread Linux by revitalizing slow computers

I create lots of ideas. I'll think up a plan to accomplish a goal or start a business, ponder it for a couple of days, think of a problem with the idea, and move on to the next idea. However, I occasionally develop an idea that stands up to my scrutiny.

Until now, I've summarized these ideas in a Remember the Milk to-do list, planning to implement them myself "after this assignment" or "once I finish this project". However, I've now realized I simply don't have time to work on all of them, so I'm sharing them with you.

I'll publish the ideas here with the tag "idea library" so that you can easily find them. My idea posts won't have the same quality as the rest of my posts, and it's possible that my ideas will be full of glaring oversights or obvious flaws. Nonetheless, I think that some of my ideas have real potential, even if I don't have the time or resources to implement them.

That's why I chose the tag "idea library": I wanted to give other people the chance to use my ideas. If you'd like to implement one, please contact me at E.Kroske@Gmail.com so that we can discuss terms. Because I won't publish ideas I can execute myself, I will probably give you any published idea you ask for. I'm publishing these ideas not to entertain you but to give you a chance to use them.

My first idea addresses a problem for the open source community: Windows has a stranglehold on the OS market. Far too many people have no idea that they can leave Windows without buying a new computer, and most of the people who are aware of Linux don't have the skill or incentive to install it.

I propose that the Linux community should offer to speed up people's slow, obsolete, or damaged Windows computers by installing Ubuntu (or another desktop-focused Linux distro). People will agree to risk their computers if the computers aren't usable.

A flyer on a bulletin board could promise to redeem old computers by dramatically reducing start-up and loading times, allowing quick web browsing and email access, and eliminating malware of all types. The customer could pay $20 for installation plus $10 for the recovery CD and $40 for data preservation (through dual-booting). Many people would gladly pay $20 to give their old computer another chance at usefulness.

I would charge that little because I need the Linux experience and I'd like to encourage the adoption of Linux.I would also write a quick tutorial to show the new users how to use the essential functions. Ideally, I would convince a computer repair shop to refer customers with hopelessly obsolete computers to me. I don't think this could be a money-making project, but I would enjoy the experience.

Obviously, you don't have to contact me to use this idea, but I would still appreciate a comment if you decide to try it.

Cockroaches and WoW

I have many ideas, most of which aren't to interesting to the average person. Every once in a while, I come up with something so fascinating (in my opinion), I wish I could share it with the world. Well, now I can!

As I was taking an evening walk a couple months back, I had an unusual thought: "Why doesn't a scientist hook up a roach's brain to a virtual avatar? He could wire the bug's mobility processors to the motion of its avatar and its senses directly into the game. That would be an interesting enough experiment, but what if he hooked up the bug to a massively multiplayer online game such as World of Warcraft? In theory, he wire the bug's brain to give it pleasure if it did something good for its player, like damaging another player, and pain if it did something bad, like taking damage.

This bug could become the best WoW player in the world, because it would play non-stop, with an insatiable urge to succeed. Its sole purpose in life would be to win the game, and it would keep trying and learning until it did. Of course, I don't have the means or the experience to accomplish something like this, but it is a very interest hypothetical, in my opinion.