Airplane etiquette dictates no eye contact with your aisle-mates. A nod is permitted, but only to tacitly acknowledge the coming detente of a long flight. Do not speak to your temporary neighbor. Speaking leads down the slippery slope of small talk into an hours-long conversation with no escape, where 27A mistakes you for a confidant interested in the inexplicable woes of unfulfilled life or unrequited love. Or pics of their kids.
If this happens, what can you do? Nothing, zero, zilch, nada. Sip your crappy coffee, strain to pick out inconsequential words over the noise of the engines. Nod, and reciprocate by sharing pictures from your phone. You need to pee, yet the fasten seatbelt sign never turns off. You’re trapped.
I cracked once in business class—opening my mouth on transatlantic flight. Big mistake. 10 hours is too long to talk to the obnoxious mamby-pambies they got sitting up there.
Flight time from Oakland to Seattle is just 2 hours. On one of those flights, every one of my polished avoidance techniques failed me, and I talked to Cliff Stoll for the entire flight. It was a great two hours! Cliff is a mad scientist, and I remember our conversation like it was yesterday.
Mathematicians and Klein Bottles
Even on a 6AM flight, Cliff’s enthusiasm got me going. He peppered his stories with a guttural chuckle I can still hear in my head.
We talked about Oakland—his home, my ex-home. His kids going to Oakland Tech—we moved out of Oakland so my kids wouldn’t go to Oakland Tech. His time at UC Berkeley, which preceded mine by 10 years, but we both worked in the Astronomy department. Cliff has a PhD in planetary astronomy. Me? I patched bugs in their FORTRAN accounting programs.
We talked about Cell Tower technology, where Cliff quickly lost me in the math—this was Cliff’s gig at the time, as a technical advisor, which sounded like he roamed the place, pointing the way like a joyful skinny Buddha. We talked about Klein bottles.
Klein bottles are magical mathematical constructs—no edges, no inside or outside, no spatial orientation. They can only truly exist in four dimensions, but Cliff makes beautiful hand-blown glass versions that intersect. While he made fun of the Seattle mathematicians conference, where he was headed to hawk his Klein bottles, you could tell these were his people.
Cliff still makes and sells Klein bottles out of his house in Oakland. If you’re in the neighborhood he welcomes you to stop by and catch up (call ahead first!)
DESIGNS SO EXCLUSIVE THAT THEY ARE NOT TO BE FOUND EVEN IN FAMOUS MUSEUMS!
The Cuckoo’s Egg
Our plane was on approach to Seattle when, in an offhand way, Cliff mentioned he’d written a book called The Cuckoo’s Egg where he tracked down one of the first known hacker rings. Turns out, it’s the seminal tale of the early days of hacking in the Cold War, just as computers were getting hooked together in something called the Internet. I’m sad this book no longer appears to exist in my house.
If you’re into spy’s and hacking and the early days of computing, it’s a great story:
One of the techniques Cliff used to find his KGB hackers was with a honeypot. When Cliff noticed a 75-cent accounting anomaly, he started looking more closely, and found a hacker snooping around the files of his Lawrence Berkeley lab computers .
Cliff created a fake account filled with a bunch of tasty looking files, stored behind weak security, to lure the hacker in, and track him down.
My Wirepine Bots
I’ve been getting increasing spam from bots, and looking to stem the tide, I remembered my conversation with Cliff.
A lot of my websites have a contact form. While it’s better to get people to pick up the phone or send a direct email, or just buy your stuff, the contact form remains a staple for small business. Enter your: Name, Email, Description of your inquiry, etc. and you’ve got a lead.
I first noticed bots on the Holocaust Story Project site. I talked about the HSP last week—I coordinate getting our first and second generation survivors telling their stories in the classroom, and the speaker request form is where it starts. I started to get submissions with a normal looking name and email, but a fabricated city and state, and always this text in the description field:
The territory occupied by one of the constituent administrative districts of a nation.
The phrase is oddly legit—that helps form submissions get by basic spam filters. The source emails are never legit. I checked a few of originating IP addresses. One was a mobile network in Nigeria; a known happy home for spammers. Another originated from the Seychelles; specifically a notorious bulletproof hosting provider Cloud Innovation Ltd. They roll out the welcome mat to spammers and botnets; no takedown requests honored here.
I’ve gotten spam and bot traffic on wirepine.com from day 1. Sometimes, for giggles, I check my junk mail folder. I get pitches on the daily promising to making me the #1 result on Google, 10X my customers, fix all the supposed errors on my site, make videos that’ll make me famous, host me on a podcast or get listed in an exclusive directory. Bot form submissions, versus emails, often get by spam filters, so I pay more attention to those, and they’ve been increasing.
Here’s one Felicity Sauncho sent me this week. Felicity is a character from the cybercrime novel Bleeding Edge by Thomas Pynchon) and here she is promising me ‘bot free’ YouTube growth. Lets go Felicity!
Name: Felicity Sauncho
Email: felicitysauncho030@gmail.com
Timeframe: Felicity Sauncho
Budget:
Tell me about your project: Hi there,
We run a YouTube growth service, which increases your number of subscribers both safely and practically.
- We guarantee to gain you 700-1500+ subscribers per month.
- People subscribe because they are interested in your channel/videos, increasing likes, comments and interaction.
- All actions are made manually by our team. We do not use any 'bots'.
- Channel Creation: If you haven't started your YouTube journey yet, we can create a professional channel for you as part of your initial order.
The price is just $60 (USD) per month, and we can start immediately.
If you have any questions, let me know, and we can discuss further.
Kind Regards,
Felicity
Fake Felicity came at me from an IP that maps to a big hoster in Spain called Virtono Networks. It’s probably fronting a VPN (I wrote about VPNs here), so bot Felicity could be spamming me from anywhere in the world.
You get the picture. Annoying now, potentially malicious later. What to do?
The Honeypots
While Cliff blazed the trail fabricating his honeypot trap, it’s now a common technique and WordPress (the stack I build my websites on), incorporates it as a feature in most form builders. While the implementation varies, the basic idea is a field in your form that appears to be required, however is hidden from real users. A honeypot field. If it’s filled out, a bot must’ve done it, and so it gets dumped in the bitbin, never to be seen again.
Substack’s bot blitz: Emma Horsedick (Don’t laugh)
Few weeks ago, I opened up my phone to find a bunch of notifications of oddly affirming comments on my latest post. Stuff like:
There’s a kind of clarity here that we don’t get in mainstream media anymore. It’s voices like yours that make a difference.
A bot army of users named Emma Horsedick (Don’t laugh) found a chink in Substack’s defenses, posting nearly 100,000 such comments by cleverly incrementing comment IDs, to 1,000s of publications and even internal Substack systems.
Chris, Substack CEO and Mills, Substack head of Design, talk about Emma and what she did, how she did it and what she wanted, in the first 5 minutes of this video.
For Substack, this became a coming-of-age moment where the platform generated content and attention that escaped its walled garden, spawning memes like this one:
Spam has a bright future
Long ago, when spam came in through a slot in your front door, the tangible cost of paper, postage, farming address mailing lists, etc. was a deterrent.
Comparable digital costs are negligible. The incremental cost of sending 100,000 emails versus 1,000 is minimal. Just like Substack shut down Emma Horsedick (Don’t Laugh) pretty quick, there are plenty of countermeasures and mitigations available. Many are expressly to tell bots from humans.
Cliff built his honeypot 40 years ago—kicking off modern intrusion detection—and today’s cybersecurity experts keep inventing new defenses for every new hacker trick.
AI was undoubtedly behind the clever comments Emma posted; likely also the key phrase in my HSP bot forms.
In a constant race to a bottom we never seem to reach—AI is powering a new arms race, unbottling a bunch of techniques to up spam and bot attacks, while it’s also being used to prevent them.
Spam evolved from hacking; bots evolved from Spam. I wonder what’s next?
I laughed… 🙄