Taking On A Spammer

_QED was the first of an onslaught of users to submit a story about a programmer who got his domain forged by a spammer and took action. I don't know if this is real and I'm certainly not suggesting doing this yourself, but this is an extremely interesting story.

It's probably not fake

[Erik+Fish]

I don't see any obvious reason to believe that this site is fake. People here are complaining about it not having enough technical details, but they don't seem to realize that the spammers are out there reading this site as well. Now what do you think would frighten your average spammer (they aren't known for being too bright) more? A detailed explanation of exactly how this guy socially engineered his way into these computers or a menacing but vague description of his "stealthy hacking" full of colorful adjectives and small words? In the first case, Billy Joe Bob Spammer will just say to himself "Well gee-whiz, I'll just be sure not to fall for [fill in the blank]!" while in the second he's left thinking "OH NO!! HACKERS ARE JUSS LIKE IN THE MOO-VEES!!"

As for the people who are wondering why he doesn't publish this on his own web site under his own name, e-mail address, home telephone number and social security number -- have you even for one second considered the fact that what he did was CLEARLY ILLEGAL?

Anyway, this spammer DOES exist. I actually first found out about this page from a recent post to the SPAM-L mailing list. Here is the first and third posts on that thread:

Subject: Nuke: from alts.net
Date: Mon, 5 Jun 2000 09:51:47 -0700
From: "Hart, Andrew"
To: SPAM-L@PEACH.EASE.LSOFT.COM

4601 W. Sahara looks very familar, but I didn't find
an abundance of recent NANAS hits against it.

-----Original Message-----
From: Technical Support [mailto:support@alts.net]
Sent: Wednesday, May 31, 2000 7:02 PM
To: *******@aol.com; TOSspam@aol.com; abuse@verio.net; abuse@alts.net;
tech@connectcorp.net
Cc: nanas-sub@cybernothing.org; spamrecycle@chooseyourmail.com
Subject: Re: [Email] Spam: Free Rate Quote!

Thank you for notifying us of this spammer. Our policies do NOT allow bulk emailings in any way. The account free-cybermarket.com has been terminated effective 10:00PM EDT 31 May 2000.

Best Regards
ALTS, LLC ABUSE
abuse@alts.net

At 08:50 PM 5/31/00 , *******@aol.com wrote:

URL: http://www.free-cybermarket.com/m/index.html
Dropbox: mailto:ulistsrvcs@fr.fm?subject=unsubscribe

FROM mail-abuse.org TO www.free-cybermarket.com.

traceroute to free-cybermarket.com (161.58.232.252), 30 hops max, 40 byte
packets
...
7 vwh0.dca.verio.net (129.250.30.166) 89.765 ms 91.406 ms 89.846 ms
8 free-cybermarket.com (161.58.232.252) 89.429 ms 89.517 ms 89.734 ms

Query: free-cybermarket.com

Sunrise Beach Inc. (FREE-CYBERMARKET-DOM)
4601 W. Sahara
Las Vegas, NV 89122
US

Domain Name: FREE-CYBERMARKET.COM

Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
Enterprises Inc., SunRise (SE4175) sunrise@CONNECTCORP.NET
SunRise Enterprises Inc.
4601 W. Sahara
Las Vegas , NV 89102
NONE GIVEN (FAX) NONE GIVEN

Domain servers in listed order:

NS1.ALTS.NET 192.41.1.48
NS2.ALTS.NET 161.58.9.48

Details on NANAS

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ =
J. Andrew Hart

Subject: Re: Nuke: from alts.net
Date: Mon, 5 Jun 2000 10:50:18 -0700
From: Jay Hennigan
To: SPAM-L@PEACH.EASE.LSOFT.COM

On Mon, 5 Jun 2000, Hart, Andrew wrote:

> > 4601 W. Sahara looks very familar, but I didn't find
> > an abundance of recent NANAS hits against it.

Seems to me that address turns up in the ICQ logs of Rodona Garst,
the posting of which kept me up all night reading. Fascinating stuff.

http://belps.freewebsites.com/
http://premier.cluelessfucks.com/

--
Jay Hennigan - Network Administration - ***@****.***
NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
WestNet: Connecting you to the planet. 805 884-6323

It's a market failure

[TopShelf]

The only combat we have against Spammers, is the capitalist approach. Spammers would not be in business, if not for all of the nullheaded PR people who feel they need to mass-market the internet cheaply. And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people.

You can't really blame those PR people - maximizing your exposure for a minimum of expense is a basic goal of any marketing campaign. Spam is an example of a market failure, wherein otherwise beneficial free-market forces encourage behaviour which causes negative externalities (just like a manufacturing plant has an incentive to dump pollutants cheaply). Sure the spammer gets their message out, and might generate some revenue off that, but everybody else carries the expense of unnecessary traffic, pissed off users, etc.

The question is, how best to deal with this situation. Sure, this guy probably should have "changed the names to protect the (presumed until proven guilty) innocent," but would anybody have believed him in that case?

Re:How'd he get the screenshot??

[bonehead]

Sure, it's possible.

Not to turn Slashdot into a cracker training school, but here's one way.

Assume the Windows box has file sharing turned on and is poorly secured. Prepare yourself a back orifice binary, and place it in C:\WINDOWS\Start Menu\Programs\StartUp. OK, now you say, "But that doesn't take effect until she reboots." Fine, use one of the many readily available "Ping of Death" type tools to freeze up the machine. Bingo. She hits the reset switch and your nice little "remote admin tool" is now up and running. (since she's on AOL, take the appropriate steps to ensure that her new IP is made known to you when she reconnects.)

That's the simple version. Believe me, I've been in the position of defending machines and networks against similar attacks, and the things he's claiming to have done would not be that hard to pull off on the typical home users unsecured machine.

Re:C'mon, that's totally made up!

[swm]

Maybe...but it takes a lot of skill and imagination to make up something like this. The photos, the back story, writing in several people's voices...

If he knew how to do that he'd be a novelist, not a hacker.

Re:C'mon, that's totally made up!

[Kaa]

Can't remember though if it will start immediately on installation, or if it needs to wait for a Windows restart (like everything else !)

Well, since you can execute code on the taget machine (that's how you got BackOrfice installed, right?), what's to prevent you from executing BackOrfice immediately after installation?

Kaa

Lobotomy as Punishment?!?

[FatSean]

I thought a lobotomy was a prerequisit of using MS products! :)

Re:I don't believe it.

[tzanger]

I have to agree with you. I am suspicious of how he hacked them... he provided all other details, why not these?

Now I didn't recognize one of the icons in the systray, I believe it was second from the left. The computer one with some kind of slice thingy. None of those others provide remote access to screen/keyboard. I didn't see any VNC Server there, nada. Now that icon may be a PC/Anywhere icon but I don't use that software and don't recognize it.

Anyway I'd like to see some more proof.

BTW: If this story is true: Great. I hope the spammers have a lifetime of grief bundled into the next couple weeks. They deserve every measure of it. If it's untrue, however, this "Man in the Wilderness" should be subjected to a swimming pool full of double-edged razor blades.

Re:This Article is FAKE

[bonehead]

Unless "She" had her C drive shared with no password, which is unlikely

Not only is it NOT unlikely, it's actually quite common.

Re:C'mon, that's totally made up!

[ananke]

even if it is, you have to admit - a lot of effort would be put in making up those icq logs [100xs of pages]

Too convenient

[British]

So the spammer's machine just happened to be running BO/NetBus/PCAnywhere? That sounds too convienient, and why did he word it that he "hacked" into the computer?

This story sounds something like you'd see on TV or the movies, where everybody's computer is "hackable" and you can see what they are doing on their computer in realtime.

Let me guess, he typed a command on the spammers computer saying "ACCESS ALL OF THE SECRET FILES" in huge letters and got everything he needed.

The wild west isn't where I want to be.

[hey!]

With apologies to Tom Lehrer.

. When you show up in a country that (despite what anyone says) is run like the Wild West, stealing a few horses is going to get you in trouble. No matter how normal it is in any other place you've done business.

What is disturbing to me is that all we have is this guy's word. Now I happen to believe him, but what if this whole thing turned out to be a clever and malicious hack taken out at these folks' expense?

Where there is no justice, I have no problem with the quickest gun carving out his own revenge. But it would be better if there were something like due process and independent review of evidence, and impartially and uniformly implemented punishment, rather than a system of self appointed judge/jury/executioners. That way the little guy and the inexperienced get justice too.

Re:The wild west isn't where I want to be.

[Wah]

What is disturbing to me is that all we have is this guy's word.

Do you really think anyone would take the time to forge a 20 pages long ICQ conversations? We seem to have a lot more than just his words. Yes, this is "vigilange justice" web style. You are the due process and independent review of evidence. All this guy has done is organize and present it.
--

Re:The wild west isn't where I want to be.

[hey!]

Do you really think anyone would take the time to forge a 20 pages long ICQ conversations?

As I said, I believe this guy is telling the truth and that this little piece of frontier justice is justified, in absence of any other kind of protection.

However, I'd like to ask you why you think it is so implausible that somebody who wants to trash somebody's reputation badly enogh wouldn't go through the trouble of forging 20 pages of dialog. Here's a true example from my circle of acquaintences: Woman A get's involed with a man whose ex-girlfriend (Woman B) was emotionally unstable. Woman B fixates on woman A as the source of her problems, and begins to intercept some of her mail. Woman B begins to send change of address notices Woman A's creditors, and eventually begins to apply for credit cards and record club memberships, ignores important legal notices etc. Woman B successfully trashes (at least temporarily) Woman A's credit rating and causs no end of hassle.

The world is full of fruitcakes with too much time on their hands.

The problem with frontier justice is that everyone, the reasonable folks and the kooks thinks what they do is justified. If you think this is a good way to run a society, check out the movie, The Ox Bow Incident.

Re:The wild west isn't where I want to be.

[Wah]

my point was that he is not the judge or executioner, just a very good detective providing evidence of all the concerned party's actions (both his and theirs). They are more than free to respond, although at most that would warrant a slashback blurb. This is the proverbial "head on a spike" to warn the others. "Brutal" indeed.

Hell hath no fury like a woman scorned. This is not a saying, this is the truth.

And I'll check out the movie. This one right?
--

Re:The wild west isn't where I want to be.

[hey!]

my point was that he is not the judge or executioner, just a very good detective providing evidence of all the
concerned party's actions (both his and theirs). They are more than free to respond, although at most that
would warrant a slashback blurb. This is the proverbial "head on a spike" to warn the others. "Brutal" indeed.

Sure, I agree with almost everything you've said, conditioned on the premise that he is telling the truth. I believe he is telling the truth as he sees it, but clearly he is not a disinterested party. The animus he bears to these people, while understandable, makes me view what he says with caution. The "brutal" material he posted was in my mind uncalled for, as it had nothing to do with what they did to him or other people. It was disproportionate and mean spirited. Enough to uncover their illegal actions and leave it at that. The desire to hurt and humiliate another human being (even under some provocation) does no favors to a man's credibility, at least in my book.

And I'll check out the movie. This one right?

Yep, with Henry Fonda. Enjoy.

Re:I don't believe it.

[psaltes]

To elaborate on this point:

there are 95 icq logs, spanning over 2.5 megs, all of text. This is *51000* lines of text! This would take huge amounts of time and effort to forge in any consistent manner, which they seem to be. I agree the methodologies that he described are pretty vague, but he got these logs somewhere, as well as a ridiculous amount of email. And if they are all real, the person who wrote them is obviously a hardcore spammer.

So Obviously real...

[milliyear]

Did you even READ the ICQ logs???????

These low-lifes routinely INSTALLED PCAnywhere on their machines so they could work from their laptops in bed!!!! Getting in was a no-brainer!! And they didn't know sh*t about the technology!!! They had a revolving door of script kiddies that had to set up their systems!!! They only knew what the script kiddies taught them!!

And check out some of the other URLs mentioned - they are all there! (like silver-shamrock.com)

"We have heard the BS alarm.....and it is you!!!"

Re:So Obviously real...

[Basset]

Read a little further into the ICQ logs such as this one and you will find bank account numbers and social security numbers.

If this is all made up, the guy sure is taking a risk by publishing (what appears to be) real information.

Damn all that spam, I hope it becomes unprofitable someday, although I don't see how that would happen. I logged into my unused HotMail account the other day and had over 110 e-mails in three weeks, all of it spam.

*sigh*

Re:C'mon, that's totally made up!

[jd]

PCAnywhere, Back Orifice (classic & 2000), Windows 2000's Remote Terminal (I forget the "proper" name), Netbus + any screen grabber, and a whole host of other such software.

If you have a problem with spam, FIRST, secure the domains with Nessus.

THEN, configure your mail server to bounce mail with broken headers.

THEN, follow the Advanced Networking HOW-TO to set the queue for TCP connections to port 25 to a much smaller value.

Finally, only accept connections from hosts with a valid IDENT response.

Chances are, your average spammer won't be capable of forging any e-mail that can pass through even rudimentary security, such as this, without having to reveal their true name & true e-mail address. Something your typical spammer is unlikely to do.

Re:Story...

[mmhm]

It was PC Anywhere that did her in.

Re:C'mon, that's totally made up!

[DrSkwid]

she's using icq

and left sharing open

simple install subseven on her machine

not heard of it?

nvr mind
.oO0Oo.

Thanks for the best laugh I've had in a long time.

[BigBlockMopar]

Yeah, these losers have been filling my mailbox up with crud, too.

I was looking forward to e-mailing the creator of this website to congratulate him for his wonderful efforts, but when I pointed the mouse over the e-mail link, I noticed I'd be e-mailing myself. D'Oh!

Oh man, I don't think I've ever laughed so hard while being so angry. It's the weirdest combination of emotions.

I can't get over what illiterate schlump she is, especially from her screen shots. (I guess Windows' poor security is a good thing after all...)

Dude, I know you're out there, and I'm sure you probably read Slashdot at least occasionally. Thank you for taking the risk to stand up for what is right... even if it's technically illegal.

I suggest that we set up a legal defence fund for this guy, just in case he ever gets caught. How's a little Slashdot charity sound? If we combine our resources, I'm sure he could hire OJ's lawyers - and if they could get OJ off, they can get anyone off.

some depth of truth

[daemous]

it's a bit strange he didn't reveal a little more tech on how he got some of the info. but, he did do all many of the same steps i'd use. directory lookups (whois, whitepages, 411, etc) and sniffing on a major mail server with a pager feed.. seems real enough. but the way it is written is strange.

anyway, here's a bit of extra fact:

"Pump & Dump" Claim
Mark Rice Insider Info

So he does exist, and he did want to trade 50,000 shares. Of course the problem with good lies is they are often half-true.

Re:some depth of truth

[daemous]

i've made up my mind. this is got to be 95% true. the icq logs would be beyond insane to make-up.

Re:Technical Detail

[bonehead]

Well, it depends on how strictly you want to define "right after". I'd say within 5 minutes would still qualify, and that's plenty of time to copy the binary into the startup folder and hit the machine with a ping of death to force a reboot.

Not that the PC Anywhere theory is implausible, I'm just making the point that it wouldn't be too much more difficult to get the same access even without getting lucky.

Re:Throw them in the pit!

[StJefferson]

Actually, I reported a spam routed through his new services last year... Sent a long note to his ISP, explaining that I thought providing him bandwidth was foolhardy.

Got a message back from the "Great Man" himself, with his claims of being anti-spam, &c., &c., blah, blah, blah. Truth be told, I never heard from that spammer again -- nor any other that I could trace through Wallace, since then. (This is in the context of 300+ confirmed kills for 1999, and over 200 so far this year.)

Kinda cool, though, putting a tick-mark on my SPAM can to represent that kill. :-)

How to bill spammers

[doublem]

Whenever we receive SPAM mail, I send this reply:

The Windmill e-Mail Parsing System(c) indicates that the message you have sent is an advertisement, commonly known as SPAM mail. If your message is NOT Spam, please click your e-mail program's "Reply" button and re-send your message.

If your message IS Spam, be advised that this is a Business E- Mail address, and and as such costs money to maintain.

Your e-mail costs us money.

Any further advertisements sent to this address will be invoiced to your firm at $5.00 per message. The act of sending further e-mail messages to this address is considered acceptance of this billing arrangement.

MIS Department
Accounts Receivable

If they send us more SPAM, I send them this:

Please consider this your invoice for $5.00.

Reply promptly with information regarding your preferred payment method. You will not be invoiced for any e-mails exchanged regarding your account.

Your Customer Number is SPM23975, please use your customer number in all correspondence with ETS, Inc.

Have a nice day.

Accounts Payable

Nothing has ever come of it, but it makes me feel better.


Matthew Miller,

Re:How to bill spammers

[quux26]

Why stop at $5?? I list $1,000.00 or whatever is allowed by federal/state law, whichever is lower. I recall a person nailed Radio Shack a few years back by putting "by cashing this check, you agree that my name will not be added to a mailing list" clause on the check (or similar), took them to court, and won. I don't remember the details tho.

By sheer coincidence (or so I guess), I've yet to bill anyone - they haven't repeated the action yet.

My .02
Quux26

Re:This Article is FAKE

[delysid-x]

it's not that unlikely? a quick scan with a smbscanner will come up with a bunch of open hard drives waiting to be poked around on. You'd be amazed how much porn (in hidden subdirs), warez and mp3's the average dsl user keeps on their hard drive.

sometimes they even have their printer shared so you can send them messages

Re:Fake? Seems like it.

[uglyduckling]

Regardless of whether or not it's fake, it's entertaining in two ways -- once as a fantasy tale of someone taking revenge on spammers, and once as a badly written overly dramatic technical article from an advanced TCP/IP know-how provider who can use advanced tools like NSLOOKUP and WHOIS...

And it looks like they're using Windoze and haven't got their DNS set up properly:-

C:\>nslookup *** Can't find server name for address 192.168.0.1: Non-existent domain *** Default servers are not available Default Server: UnKnown Address: 192.168.0.1

Re:Spam Spam Spam...

[tzanger]

Better yet, go find yourself a copy of Stevespam, one of the best .mod files I've ever heard!

I guess I'm kinda dating myself here... I was deep into BBSes when this song came out. Wow I kinda miss "Dial attempt #322..." on Telix. :-)

Re:where are the details

[Floody]

There does seem to be too much hype and too few details to the story. A questionable point in my mind: Just how does one track a user to an IP address based on email? Unless you control the originating SMTP server (hence you could cull the logs), it must be very difficult to resolve a user down to an IP... in this story, the return domain was forged but the originating SMTP was stolen from an unrelated service, so how is the spammer IP address resolved?

Discovering the originating IP address from the headers of a given message is trivial. Most SMTP MTAs record the IP of the client connection in a Received: line. All one need do is examine the first non-forged Received: line in the message header.

Re:something is wrong in that screenshot !

[xrayspx]

If you took a screenshot of my game machine right now, it would show ICQ Netdetect offline and AIM offline. Why? I use GAIM and LICQ, but they're installed on the 98 machine, and it is connected right to the net right now. Maybe she was offline by choice? M'kay.

Re:Story...

[luckykaa]

I'd have thought people could set up an entire business catching spammers. ISP's spend a lot of money blocking spam. If there were enough people working full time the problem could probably be reduced quite drastically.

Story...

[chandler]

It's a nice "story"... but it reads like a copy of Takedown - all sensationalism. Anybody else notice this? It's gotta be a fake, or at least exagurated (sp?).

Re:Story...

[Mr.+Slippery]

I'd have thought people could set up an entire business catching spammers.

Hmm, could be fun. Spam bounty hunter - "Have traceroute, will travel."

Would be even more fun if I got to administer the clue-by-four to the spammer personally, though...the criminal justice system is so impersonal.

Re:Story...

[bobajob]

Welp.. thats a whole lot icq messages and documentation to fabricate. It prob would have been easier to hack her system then create all that. I hope it is true. These hackers, crackers, whackers, and spammers oughta be put to slave labor in dung pastures. All the info one can consume on the net and these bozos have to crap on the e-mail system and break into servers. I hope the next article I read here is about Mitnik getting raped in jail.

Re:Story...

[luckykaa]

Hard to say. Looking at the evidence, there's a mixture for and against it being honest.

The email address is root@127.0.0.1 which helpfully prevents us from getting any extra information.

The data there looks like too much work for anyone to come up with just for revenge.

The story is very vague on how he "hacked my way in to the spammer's computer"

There's probably enough information for a criminal conviction

Rodona seems to be using the same computer for playing games and running a business. Unusual, but not unheard of.

Re:Story...

[Fishstick]

Yeah, could be fiction, but it is damn interesting. Anyone try calling those numbers or checking NSI records to verify any of this? ( I would byt I'm at work and I don't think my boss would find calls to Tennesee very funny.

And those pictures -- gee haw, if this is a hoax, it sure is an elaborate one. Didn't really see anything yet that made me go 'no way!' yet, though.

Re:Story...

[Masked+Marauder]

That is one of the things that impressed me about the site... these people are soooo stupid!

My god, they were spamming for stock-scammer and A: they lost mony on the pump&dump even though they were 'in the know,' and B: the scammer's check bounced!

Just dumb white trash hitching on the information superhighway.

Re:Story...

[adb]

It sure looks from the premier.cluelessfucks.com mirror site that there is a real Rodana and she's pissed at seeing this stuff made public.

Re:Story...

[bonehead]

The data there looks like too much work for anyone to come up with just for revenge.

Wow, you must be one incredibly calm and laid-back person. I think you've terribly underestimated what a powerful motivator anger can be. (especially if he happens to have some spare time on his hands anyway)

Re:Story...

[Squeeze+Truck]

True. I have a friend who has permanently put about 40 or so spammers out of business.

He runs a small ISP and uses his work time to track down about 2 spammers per month.

Re:Who else thinks Rodona Garst is cute?

[moonboy1]

Hey, let's start a Rodona Garst fanclub !!!

Maybe. But the whois was recently

[chickenmadrasplease]

Domain Name: PREMIERSERVICES.COM Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: www.networksolutions.com Name Server: NS2.HOST4BIZ.NET Name Server: NS.HOST4BIZ.NET Updated Date: 03-mar-2000 >>> Last update of whois database: Wed, 7 Jun 00 06:18:55 EDT

Re:Legal? Who cares?

[DrSkwid]

Taking law into your own hands is _always_ wrong.

Like the French Resistance during WW2
or the American Revolution

the government takes the law into it's own hands.
What's so different about yours?
.oO0Oo.

Need Technological solution

[BoLean]

We need a technological solutions to this problem, not a legislative. If there was no method to fake e-mail then this wouldn't be a problem.

OFFTOPIC!

[Svenne]

That "bitchslapping page" in your .sig sure was an interesting read! I just wanted to encourage you to keep it online for others to read, as it may prove helpful, just as you said.

Just my 2 cents.

Re:OFFTOPIC!

[Fishstick]

Thanks for the compliment. Another week or so and I'll probably take the link out of my .sig and put it on my user page or something so it doesn't look like I'm crying over spilt milk forever. Thanks, though.

freewebsites.com slashdotted already!

[Russ+Nelson]

Freewebsites.com is slashdotted already. Already! Anybody mirrored it?
-russ

Re:freewebsites.com slashdotted already!

[Sean]

Bah, you bastards! I was halfway through reading it off the link from HNN when it got /.ed! That was quick...

--

Re:freewebsites.com slashdotted already!

[rcriii]

It was /.ed before I even got there, then as I finally began to read it an amusing thought occurred to me: If this person was so wicked by the spamming, how do they feel about being slashdotted? rcriii

Re:freewebsites.com slashdotted already!

[ar0n]

Doesn't really matter since he's not hosting this server. But freewebsites.com could mind. yadayada -- offtopic I know --- yadayada

Spam, anonymity and reputation

[dsplat]

Spam used to really annoy me, but over the years, I have gotten used to just deleting it every day. It takes me a few seconds. However, there are some facts to consider about spammers:

• The cost of that few seconds multiplied by the number of employees in a large corporation or customers of a large ISP can justify a full time anti-spam position responsible for build filters. Spam does cost recipients money.
• Many of the schemes that spammers are involved in are illegal in some of the jurisdictions they send to: cable descramblers, pump-and-dump stock scams, chain letter pyramid schemes, pirated software, etc.
• Their headers are frequently forged, doing collateral damage in what sometimes amounts to an indirect DOS attack.

As for anonymity on the net, I'm actually for it. I also for a more secure network. And I have no problem with blocking sites and users that break the rules without needing to find out who they are. However, if this story is true, the spammers in question made no attempt to be anonymous. They revealed who they are through publically accessable information. Too bad.

I have read a couple of suggestions for persistent anonymous identities on the net. People can decide whether to do business with you based on the reputation of your anonymous identity. That would require a couple of important components:

• Cryptographically secure authetication
• Trusted sites for maintaining a record of those reputations

Certainly, there would be nothing to stop people from maintaining multiple identities or creating new ones on a whim. However, if your reputation was your ticket to transactions on the net (buying, selling, possibly even working), it would be worth a lot. Set your threshold at 2 and refuse to talk to the ACs and new users. The choice would be yours.

The bottom line on anonymity is that in a sense, true anonymity is impossible. To achieve that, it would have to be impossible to link anything I say or do to anything else about me. That would mean that every e-mail message, every web page, every Usenet post would be a disconnected entity. That isn't useful, and probably isn't possible.

What is useful is when I can go online and seek information about a medical condition I think I may have without leaving a trail that insurers can link to me as a customer. If they want to know something about my medical history that's fine. They should have to ask me. They can refuse to insure me if I refuse to divulge it. Limits on the scope of legitimate questions are a matter for the legal system.

Anonymous identities are most useful when they allow two-way communication. That requires persistence. And that means that they are subject to retaliation for their actions. The retaliation is simply limited to what you can do to an anonymous ID. You can wreck its reputation so that others won't do business with it. With a strong mechanism to accomplish that, imagine what would quickly happen to spammers. If we could identify them as spammers within minutes of the first offense, and nearly everyone used filters that would then refuse mail from them, how much of a business could they build?

Imagine if it became public knowledge that they had engaged in a pump-and-dump scam before the markets opened the morning after they sent their e-mail. Would you want to be a spammer holding 100,000 shares eVapor.com when NASDAQ halts trading on it because the pump-and-dump is reported before the opening bell? Watch the $80,000 you put into it turn into a complete loss.

Re:Spam, anonymity and reputation

[whoop]

I must say since I implemented the MAPS RBL on my mail server, I get very little spam directly to my box. On the other hand, my ISP account gets about 3 messages a day and I haven't used that email address anywhere publicly for a good 2+ years.

This is obviously worse than a murder.

[roman_mir]

We must have Universal laws for such occasions, these laws must be exactly the same accross the boundaries of different countries, everyone should know that it is impossible to run away from the law by switching location. Once there is an agreement between all the countries about the universality of computer crime related laws, then death penalty should be reinforced for the following crimes:
1. Spamming email accounts
2. Spamming mobile phones
3. Spamming in all other forms
4. Hijacking and/or forgering domain names.
For everything else it should be 'life'.
For using M$ products it should be lobotomy.

Hmmm

[/]

The blurb for this story didn't contain any warning about "the usual hacker/cracker misnaming applies". Does that mean slashdot has grown up and moved on to more important matters, or is CmdrTaco asleep at the wheel?

Re:C'mon, that's totally made up!

[Olias]

Ok, so assuming PC Anywhere, VNC, or BO is installed, how did this so called "hacker" figure out one of the maachines he hacked was a laptop in a bedroom? Either this is totally made up or this guy used to work for these people and is trying to get even with them.

Re:C'mon, that's totally made up!

[cccdoug]

It is a really good story, though!

But here's a potential loophole (unless I'm totally wrong in my figures, which I could be...someone please recheck):

The screenshot says she was sending 3,522 e-mails per hour. That's just under 58 e-mails per second. She was supposedly using a throwaway AOL dial-up account. (The frac T1, it was said, was not used for sending spams.) Even if the laptop had dual-channel ISDN, the maximum she could spew just under 16 kilobytes per second. This would mean the size of the e-mail would have to be 282 bytes. That's enough for maybe just over four lines of text. The examples provided on the site had multiple paragraphs of text and bulleted-item lists in the spam-mails.

It doesn't add up. She **might** get 58 spams per second if #1) there was no bandwidth wasted to pesky things like TCP/IP headers and SMTP commands, #2) there were no rejected spams, #3) she had a dual-channel ISDN connection with compression for her AOL dial-up, and #4) the spam-mails were very small.

I really find it hard to believe that AOL offers dual-channel ISDN with compression and that Rodona coincidentally has an ISDN adapter for her laptop and the spams she happened to be sending when the screenshot was taken were uncharacteristically small.

But I absolutely **love** the story. Should've been a book. I really, really hope that it's true!

Re:So which is it?

[redmist]

WTF are you talking about?

---------------- but the MINUTE they get spammed, they are all shouting about accountability and how we need better records of who is using the internt. -----------------

He didn't once start whining about accountability. He just cracked them and MADE them accountable.

.{redmist}.
-------------------------------------------------

Re:Looks like an ex.

[mattbee]

That's not something I'd want to admit to on a public forum where photographs of this woman's breasts are available :-)

Re:New Slashdot poll: How many people believe this

[blixco]

Now *that* would be funny. Server the revenge page from the harddrives of the victim. And they'd never figure it out, until they were slashdotted. Heh. Check the IP he gives, maybe the C: drive is still available? Not that I'm suggesting anyone *actually* do this..... OK, maybe I am.

Running Roughshod over the bill of rights

[carlos_benj]

I find it interesting that no one has mentioned that this information could not be used to prosecute because of how it was obtained. Turning the goods over to a prosecuter would do no good since such information must be given to authorities by someone who had permission to access the files or are obtained by a search warrant.

Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

carlos

Re:Running Roughshod over the bill of rights

[carlos_benj]

"did you read the ICQ log? "

Didn't read the ICQ log. Most of the pertinent information appeared to be covered by those who did.

"The bill of rights only applies to the government,AKA: the police. If the police did this they wuld be in some troble."

That was my point. If that information were to be turned over to the authorities, I believe it would be inadmissible as evidence because of how it was obtained. If I remember correctly, tipsters can provide a piece of the pie to establish probable cause, but the case would have to be built on evidence procured through sanctioned means.

carlos

Re:Running Roughshod over the bill of rights

[carlos_benj]

"Not quite sure where you got your law degree at, but the first ten amendments originally only applied to the federal government. (Not the states, and definitely not the citizens)."

I don't think my degree is actually final until I finish the box of cereal it came in (I don't like to use IANAL since the acronym seems contradictory). The remainder of your comment is interesting from a historical perspective, but does not necessarily apply to current practice as you pointed out.

"Even so, and I am far too lazy to hit Westlaw at this hour to find a case to prove the point, evidence obtained by a private citizen is not subject to exclusion under the fourth or fifth amendment."

If that's the case, what's to prevent law enforcement from enlisting private citizens in collecting evidence, thus circumventing the intent of the law? Again, we're talking about how the law is applied today.

"If your neighbor stole all of your drugs, kiddie porn, etc., and was arrested by the police for burglary, do you honestly believe that when the criminal tells the officers where he stole it from, that you should not be prosecuted on that evidence?"

One difference in your scenario is that the evidence was uncovered during a criminal investigation, as to how that would play out in the courts, I don't know. As far as what I do or don't believe, isn't that irrelevant since most criminals don't think they should be prosecuted? Al Capone maintained that he was a simple furniture salesman and not a crime boss.

I'll admit I haven't thoroughly researched the topic, but I'm sure my memory isn't that bad. I've read numerous articles and have had friends (and a bro. in law) in several law enforcement capacities all of whom talk about the constraints they are under in order to procure and preserve evidence so that it is admissible in court. Besides, that's the way things work in all the cop shows like Miami Vice, Hill Street Blues, Andy Griffith.....

carlos

Open Relay

[xrayspx]

From what he's saying, they aren't using open relay on HIS machine, they're using open relay on someone elses machine, and using his domain in the return address fields. In fact, it looks like the software she uses IS her mailserver, she just feeds it the addresses and it goes, using the reply to: address that she specifies. Now I'm gonna go get 1st Class Mail and play around to make sure I'm not 100% full of crap.

Re:But the events don't occur that way....

[blixco]

Hrm. I would think that the screenshot happened *after* he breached the machine....Maybe we should ask him. Oh. Wait. Nevermind.

A million emails on a Windows laptop?

[Col_Panic]

I have experience as a Network Admin at a site where we had to send out tens of thousands of emails each day to everyone who played our game to tell them if they won the prize or not. Yes, it was spam but at least it was spam that people knew full well they were gonna get when they played the game. Sending out 100,000 emails took a dual 600 VALinux machine with a gig of RAM a few hours even with Qmail tweaked to hell and sitting in a more-bandwidth-than-god co-lo. Sending a million emails via a windows laptop via an AOL dial up account would take the better part of a week, I would think, at least. Considering that, as far as I could tell, the article only meantions emails being sent from this laptop, and presumably other associates with similar setups, I find it VERY difficult to believe that they REALLY could have been sending out this volume. This makes me seriously doubt that any of this is real. Made a really good joke though.

Re:Fake? Seems like it.

[c@pt4!n_m0rg@n]

actually, the signature stuff is real. check the SPAM-L archives.. we've been tracking the "mail. " spammer for a few weeks. i've got plenty of procmail sh*te to id signatures in spam i get (by mailer, by x-headers, by message-id format, etc, etc) and i /could/ have it page me during a run if i wanted to. i'm not saying this is real, but its its a joe job, this guy's a f*cking psycho who had enough time to type up hundreds of pages of logs. so no, i dont think it's fake. -chris ps: here's my mirror http://cow.org/~noise/

Re:Fake? Seems like it.

But there is the insider, ex-boyfriend, bitter custody battle, disgruntled ex-employee, angle that is plausible.

Re:Umm... It's fake?

[revscat]

HAhahahahahahaha! BWAAAAHAHHAHAAHAHAHAH! Oh man, hahahaahahahaha. That was DAMN funny. Hoo-whee. That got my funny bone a goin. Slapped my momma! HAHAHAAHAHAHA!! COMBAT BOOTS! AAAAAAAAAAAHAHAHAHAHAAHAHAHAHAHAAH!!! Oh yeah, good stuff. Classic.

- Rev.
hahahahaha

Re:Technical Detail

[tinyuan]

Why just BO? Many offices use PC Anywhere to allow the sysadmin to keep track of users and systems, as well as to provide better tech support to users in other buildings in their complexes where aplicable. Some lazy sysadmins install it to keep from having to walk all the way down the hall. And PC Anywhere is way to easy to crack. I dunno about you, but personally I think that this seems a little more plausible (less implausable?) than finding/installing BO.

-Ma Tin Yuan
Who doesn't make the decisions, and doesn't like them, but carries them out, because, as a slave to capitolism, he loves his paycheck.

Re:C'mon, that's totally made up!

[ars]

Your calculations are inaccurate because in a single email you can specify more then one To line. So if you need to send 100,000 emails to hotmail - put 5 address each time on the to line (RCPT TO: actually) and you can speed up your send rate 5 times.

Re:Looks like an ex.

[doublem]

Hey, when the lights are out, all that matters are a lady's natural skills, and she was VERY skilled..... ;P~


Matthew Miller,

Re:I don't believe it.

[Ralph+Bearpark]

Well, if it is a fake then it must have taken a real looong time to produce ... I mean, those IC Q logs ...

Regards, Ralph.

Re:How to bill spammers (WRONG!)

[Yekrats]

You say "Nothing has ever come of it..." I don't think so.

Your idea about sending a fake bill to spammers is a very BAD idea. By sending them email, you verify your existence. Once your address is verified as "legit", what happens? You get more spam. For the same reason, never click on their "click here to opt out" links!

I'd advise using Spamcop (spamcop.net) The free part of SpamCop un-obfuscates the email header information, then allows you to automagically send a letter of complaint to the appropriate authorities. Personally, I've seen several accounts (email and website) disappear after I've used Spamcop against them. It's quite satisfying. Spamcop also has a fee-service for filtering email (which I haven't tried yet).

I hope this helps!

Something suspicious

[ChrisWong]

I am not so bothered by the writer's smugness in writing -- this guy may not be a skilled writer after all -- as the information he offers. You may notice that the alleged spammers listed there appear to be all (or mostly) female. Certainly, the photos are all of women, and the "kinky stories" seem (I did not read them all) pointed in that general direction. There is a possibility that these pages are neither benign altruism nor an exercise in self-congratulation. Rather, the site could be an elaborate, sexually motivated scheme to harrass these women, especially "Rodona". If Slashdotters could be manupilated into harrassing them, "so much the better".

It is hard to determine the motive or actual circumstances from available information. There is too much uncertainty for me to actually make an accusation. One can think up a whole bunch of other possible motivations: the women-looking-for-attention theory, the disgruntled-ex-employee theory, the let's-make-Slashdotters-look-silly theory, the I-want-attention theory, etc. The guy could really be telling the truth and wants to do the net a service. I only want to point out the possibility that Slashdotters are being manupilated into harrassing possibly innocent victims.

Re:Wish fulfillment

[HP+LoveJet]

I honestly don't know. Having read the execrable Takedown--an exciting technological drama buried beneath a steaming pile of self-aggrandizing*, luridly written shite--I'm much more prepared to believe this than I otherwise would have been.

*(on the parts of both Shimomura and Markoff; I'm not taking sides. They're both jerks.)

Re:C'mon, that's totally made up!

[WH]

Heh.. when I used to work at a large colocation provider/backbone it was unbelievable how many of them would send spam to noc@

Anagrams of Rodona Garst

[d0bby]

"Rodona Garst" Anagrams
-----------------------
Tornado Rags
Dragon Roast
Sargon-Tardo
and the obvious
Arson God/Rat

I think Rhonda has kids...

[walnut]

Can you imagine when Rhonda's kid takes her for show and tell?

"So Timmy, what does your mother do?"

Then he can say, "My mom spams your parent's email account with porn."

Wow... I bet parent/teacher confrences are a riot there...

Re:C'mon, that's totally made up!

[c@pt4!n_m0rg@n]

not true.. you can have an envelope w/ 20 recipients, sometimes more depending on the MTA. the content-lenght was 1043, or about 44 bytes. you have 65,000 ports open to send outgoing mail on to various outbound relay servers. sending 10,000+ messages a MINUTE is not unfeasable for 128k frac-t1.

Spammer "Hall of Shame"

[GuNgA-DiN]

We should start an international "Spammer Hall of Shame" to police this sort of thing. Rodana can be the first picture hanging on the wall. Just like there is a group of enforcers on Gnutella who publically humiliate people searching for kiddie-porn - we should embarass spammers publically.

Not just cancel their accounts and black-list them (which we already do). But, we should post pictures of them making asses of themselves (like the picture of Rodana flashing her tits). The police have started using this technique to cut down on prostitution in some cities. They set up a sting operation and post the pictures publically of all the dudes who get busted trolling for hookers. This is a MAJOR embarrasment!

There is something to be said for public shame as a punishment. What ever happened to it? They used to use the stocks to punish people. It really didn't hurt you physically - but you stood in the town center all day and got laughed at and publically humiliated for your crimes. We need to weed these sub-human spammers out and publically embarass them and show them that spamming is a despicable practice that will NOT be tolerated!

Re:something is wrong in that screenshot !

[Bilbo]

> ..she's on AOL you .... It's OBVIOUS that she's online.

Duh.... unless the "screenshot" is faked, a point you were obviously too dull to catch on to...

-- Your Servant,

Re:So which is it?

[insipid]

I don't think this guy was going after these people because they were sending spam. He was doing it because they were using his domain name and he was getting thousands of emails from people pissed off about receiving spam from his domain.

I think that's perfectly understandable.

Re:Hmph

[bonehead]

Actually, that's not very far fetched. Assuming she does, in fact, have a web-cam, back orifice provides this functionality with a single mouse click.

Re:Who else thinks Rodona Garst is cute?

[llywrch]

Oh boy, just what we need: a new way to discourage Spammers. I can see it now.

Spammer's phone rings.
``Hello?"
``Yeah, hi! Is this $SPAMMMER?"
``Why?"
``I got a copy of your spam, the one about the web site that promises ``Real Time Lezbo S&M Action". I gave it to a nerd buddy, who tracked you down. I decided to come on over & see you perform."
``If you come over here, I'm gonna call the police on you."
``I already talked to the chief of police in your town. He's pissed that you sent his child a spam advertising that web site about ``Old MacDonald & His Cow", so he's coming over too. In fact, that's his car sitting in the driveway. If you perform well with Mistress Domme, he's willing to drop the charges. Be sure to ice down the beer!"

Jeez, I'm about to blow all of my karma on this one sick joke.

Geoff

THIS IS WHY YOU DON'T RESPOND TO SPAM -- EVER!

[TrentC]

Assuming this is true (and he's apparently gotten enough accurate information about these individuals that he's either convinced he's right or willing to risk a libel suit) this is a perfect example of why all spam, no matter how interesting the product or service may be or what company it's from, must be deleted without response.

These people are willing to steal other people's AOL accounts (OK, let's all laugh at the AOL users, but it could have easily been a local/regional ISP) to send their spam, the "pump and dump stock scam" probably damages both the hapless investors and the company in question, all in the name of making money.

I say we mega-Slashdot this site -- send a copy of this URL to everyone you know (_especially_ if they use AOL) and tell them to look at it(*). Point out that just because it's comes from a *koff* "trusted" site like eBay or Microsoft doesn't mean it's any more welcome or desired. Make sure that people start using a company's or site's "opt-out" policies for junk mail.

I don't know at what point spam becomes "unprofitable" but the more people who refuse to cater to spammers or their clients, the better.

Jay (=

(*) Okay, maybe not everyone you know. No point in spamming in the name of anti-spam. But at least tell people about the site.

Re:THIS IS WHY YOU DON'T RESPOND TO SPAM -- EVER!

[c@pt4!n_m0rg@n]

no. dont delete. LART. www.abuse.net has a contact lookup database you can complain through. read the page, and learn the right way to respond to spam (w/o breaking the law, that is). -c

Re:So which is it?

[stinkydog]

The part most folks forget when talking about SPAM is that somebody is buying the junk the folks are selling. Like everyone else on the net I look forward to a cascade of crap every time I open my mail program. What amazes me is that somebody is sending these idiot money for their get-rich-quick scheme and their diet drugs. I wonder how many responses are required to make bulk e-mail profitable? I be their bussinesses are on pretty shaky ground and a small reduction in the number of responses could put them out of bussiness. I think the answers might be to educate the 'consumers' of these questionable products against responding. This is the surest way to put a stop to commercial spam. With a little more education, we could erect a tombstone in the dot-com graveyard for bulk e-mail. StinkyDog -Sit, Stinky, sit. Good dog.

Re:So which is it?

[SWroclawski]

Wrong. People do want to be anonymous.

When you walk down a crouded street, you're (for the most part) anonymous. Even if there are cameras on you, they don't know it's you (unless you're being followed). But the net, and especially the web, is different. Cookies and logs make you as trackable and traceable as if you had a homing device and all your vital information was sent without human intervention.

Free speech is one issue and privacy another, but they tie in with being able to being anonymous.

A great quote, "If it can't be abused- it's not a freedom".

- Serge Wroclawski

Anthropy principle

[Nicolas+MONNET]

Ponder this: If he never had been able to crack the machine, you would never had heard of the story.

Did you look through all his "evidence"?

[road_warrior]

Look at the vcard: http://elias.rhi.hi.is/premier.cluelessfucks.com/v -cards/Rodona-Garst.vcf Why would "Rodona" put "Spammer For Hire" in her title? It's gotta be a fake.

Cannon Fodder

[blueforce]

Bahaw HAW HAW HAW!

Ok, lemme get this straight.....

Chucklehead says she's on a laptop at home.

Screenshot of AOL/1stClassMail:
Did anyone look at the systray on that screenshot??? There's a WINGATE Icon in the systray and the ICQ Netwatcher icon. So, I'm to assume from Ol' boys description that this pc is connected to the internet. I look at the systray and see ICQ isn't connected - if it was and she closed it, the Icon would be gone. If it were disabled, the icon has a red circle with the slash through it. Is there a WINGATE client???? Who, on this planet, with enough guts to be a professional spammer with questionable ethics (even for a spammer), is STUPID enough to use a laptop running WIN98 and WINGATE proxy server?????? ICQ isn't connected to anything. How do you suppose knucklenuts got the screenshots without ANYONE seeing ANYTHING? Hack her - Ok. Hack her and surf - OK. Hack her and get screenshots? C'mon.

Oh..... by the way.....Windows98....
"...escalated my remote access to that of a full privileged local user,..." WHAT? What Penis wrinkle made that up?

Re:C'mon, that's totally made up!

[Captain_Chaos]

PCAnywhere, Back Orifice (classic & 2000), Windows 2000's Remote Terminal (I forget the "proper" name), Netbus + any screen grabber, and a whole host of other such software.

Yeah, but you have to _install_ all of those first. It's possible, but not very likely, that the spammer had been infected with BO or some such program, but IMNSHO it's far more likely that this is a hoax.

Sensationalizm

[aeil]

This does look quite like a large piece of sensationalizm. altho, if I had caught a ring of spammers, I would probably sensationalize it as well. Spammers are the dregs of the internet society by any measurement. Even porn kings rate higher. If this is real then much applause is due. and yeah having your account used as the from: line really sucks. I worked for a major university for a while, and if any spam appeared from a domain, the entire university blocked the domain(s). and at some point after receiving a message from the "offender's" domain, the admin would either email from another acount, or call and complain. I think that out of this we should look at the implications of all the admins out there who do not use "due proccess" in deciding to ban domains for "improper email" and instead use the knee jerk reaction of O SH*T lock this out NOW. even if this story is all sensationalizm, the points of proper administration are valid.

I made the list!!!!

[Lord+Kano]

I made the list of people whom this company is afraid to spam my old email address of "lordkano@sgi.net" is on the list download the list of people whom they fear from...
http://homepages.manawatu.net.nz/~alanjb/misc.ht m

LK

Re:I made the list!!!!

[Erik+Fish]

Hah!

Two of my old e-mail addresses (that I still use today) made the list.

They probably got a lot of those from news.admin.net-abuse.email

Re:You've got to be careful with this...

[Stradivarius]

My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal

Whether this spammer (the "poor dork Rodona Garst") is stupid or not is really irrelevant. By the fact that she is able to use a computer to send spam, con naive AOL users into providing their usernames/passwords, participate in illegal stock schemes, etc, she has demonstrated that she has sufficient mental capability to be considered mentally competent (i.e. not mentally retarded or insane), and as such is responsible for her actions. And as they say, don't play with fire unless you're willing to get burned. This time, she got burned, and I feel no sympathy for her. If she was unwilling to take the risk of her (immoral, and some illegal) actions being exposed, she should not have performed those actions, and *further* should not have framed innocent people for them.

Now, I might be swayed by your argument about stirring up a "lynch mob", had this simply been a case of political disagreement, or someone doing something unpopular/controversial, etc. But the problem here, to me, is that not only did do it, but then framed an innocent individual for her spams. If that individual then comes back and kicks her in the ass, well then c'est la vie. She can deal with it. If she was spamming people without forging her IP (or forging it to be restricted numbers, thus not implicating innocents), then maybe publishing her information would be too extreme. But in this case, I think it is appropriate.

All in all, I think she and her associates got off rather easy. If the story is true, and the Man In The Woods did indeed gain access to the computers of Garst et al., then he could have easily destroyed everything on their disks rather than simply publishing the information about her deeds on the Web. Or perhaps he could have discovered sufficient personal data to cause more personal havoc in her life. Given the hassle that she caused, I think he showed remarkable restraint :-)

Re:Technical Detail

[bonehead]

I think that this seems a little more plausible (less implausable?) than finding/installing BO.

I have to disagree. Finding BO is no big trick, just go to the web site and download it. It would also be much easier to install/hide from a remote location because of it's smaller size.

I've got a feeling

[Lord+Kano]

that this is a spoof.

This guy claims to be such an important security expert, yet in addition to reading all of the "Hacker books", visiting "Hacker webpages", reading all of the traffic from the "Hacker mailing lists", and earning a living he STILL has time to hack his way across the internet and steal a hundred megabytes of information from these people.

I think that he even throws in the negative comments about AOL users in an attempts to curry favor with people like us.

Rodona, or whoever she is, has some decent nipples but I doubt the veracity of his story.

LK

Open Shares on the net? Sure...

[ka9dgx]

If you recently recieved spam from anyone, and happend to be using Windows, do a net view \\ip.address.of.offenting.spammer, and you might be surprised to see open drives.
For example, if you see:
Received: from Comp1 (max1-31.losangeles.corecomm.net [216.214.106.XXX]) by cfexchange.ccff.ca with SMTP
(Microsoft Exchange Internet Mail Service Version 5.5.2232.9)
id JY36QKNM; Wed, 7 Jun 2000 09:17:35 -0400
To: ghguy@dffhgj.com

You would then do
net view \\216.214.106.XXX.
You might see something like:
Shared resources at \\216.214.106.XXX

Sharename Type Comment
C Disk
EPSON Print
The command was completed successfully.

The real question is, what next? There are a wide range of options available, from the calling of authorities (The ISP in question) all the way down to revenge. Where is the happy medium?

--Mike--

Count the freckles?

[ShadyG]

I only see one. Hugely disappointing. I was hoping for a challenge.

Re:Technical Detail

[Christopher+Biggs]

That list is probably at least partially a list of posters to news.admin.net-abuse.*.

I never reply to spam. I often followup spam to originating site's postmaster/abuse. I occasionally post to nana*. I'm on the list.

Oh, and to those who say "the whole story of hacking in is impossible!", bite me. People are really that dumb---I've known lusers who

1. Indiscriminately share their drives so their friends can get files (and everyone else on the planet can rape their machine)
2. Log all their juicy chat sessions (and leave netsex logs lying around with nice obvious filenames).

I'm not convinced this story is real, but I'm sure it's not impossible.

Re:So which is it?

[I+R+A+Aggie]

Legally, nothing is going to be done until some big guys get hurt. Not likely.

Been there, done that. flowers.com (a bakery) was forged in a spam run. They sued the spammer, and won.

James

Re:Umm... It's fake?

[llywrch]

>Another datapoint: on the site there is a list of "anti-spammers that they won't send spam to".

I took a look at this list. A number of the names are obvious spam-blocks, abuse@*, etc.

And I found my own name. Four times, different variations. Wow, & I haven't complained about spam in years. (Could it be that I'm just a cheap SOB who won't buy anything advertised in email? Naw.)

But I'm saddened that they didn't include my favorite spamblock of all time -- the one where I used ``cyberpromo".

Geoff

Parallels

[CAIMLAS]

Is it just me, or did this account read a lot like the book "The Cuckoo's Egg"? (Has anyone read this phenominal book?)

It seemed to me to either be a very similar situation, or a fairly blatant rip of the story.

-------
CAIMLAS

Re:Parallels

[CAIMLAS]

Well, there's always NetBus and BackOrifice. But yeah, it's highly unlikely.

-------
CAIMLAS

Re:In case of Slashdotting read here...

[ericfitz]

Evidently Rodona got to cluelessfucks.com- they took the mirror down.

Re:It's a disgruntled ex-employee

[PD]

This is absolutely REAL information. I checked out the list of anti-spammers that he got off her computer, and MY NAME WAS ON THE LIST.

You can see for yourself. pdrap@ctp.com, pdrap@concentric.net and pdrap@cris.com are all on the list. Those addresses are no longer active, but at one time I did a helluva lot of spammer killing with those addresses.

I was skeptical too, but after considering it all night, it makes much more sense that he snagged the info using Back Orifice than the notion that he made it all up. Particularly so since the data appears to be accurate.

Re:I don't believe it.

[mOdQuArK!]

BackOrifice or NetBus-style monitors would give you this kind of info, allow you remote (at least command-line) control of the victim's computer (even at the same time they're using it!), collect screenshots, and conceal themselves from the "usual" methods of determining what's running on their own machine - that's what they were designed to do.

As for WHY he doesn't say how he did it - maybe he's anticipating being able to "get" them again, and doesn't want them cutting off his access?

Re:It's a disgruntled ex-employee

[anticypher]

I agree. The complete lack of any technical information on the hacking seems pretty suspicious. I do know of at least 6 different ways to get into a windoze machine and do this, but all of them take a little time and effort. Given the detailed amount of other info, I'd expect a little bit on the hacking.

There are other incorrect technical details which would point to this poster being more of a user (ex-spammer) rather than a system administrator. The "blank Bcc: line" comment is wrong, because Bcc: is a function of the MUA, once it gets sent to the MTA over SMTP, every one of those addresses is converted to an RFC821 RCPT command.

I got the exact same feeling from this whole affair as you have, an ex-spammer disgruntled he didn't get paid for something. He/She had some time alone with Rodona's laptop, and copied a bunch of stuff onto some floppies or ftp'ed. With a little fixing up to appear as an agrieved sysadmin to throw his ex-employers off the scent.

Spammers and telemarketers are all fair targets for retribution, whether through hacking or social engineering (the sex survey, FBI hotline, others)

the AC

Anagrams for Rodona Garst...

[eap]

Running the name through an anagram generator provides these results, among others:

RADON GAS ROT
ROAD RAT SONG
DRAGON ROAST
ARROGANT SOD
GRAND AS ROOT
SODA GRANTOR
NAG STARR DOO
ORGAN RAT DOS

And my personal favorite: SATAN ROD GOO

Conspiracy theories, anyone?

Re:It's a disgruntled ex-employee

[TreeRat]

Don't get too excited... This address (treerat@usa.net) appears on the list... for me it's just a /dev/null account. I've never used it to file abuse complaints... None of my real accounts appears on this list, and I have to tell ya, I've had my fair share of "spammer kills"

As a guess, this is just a run of the mill spam list... If you take a look, some of the addresses are even munged...

Cheers,
TreeRat

Re:C'mon, that's totally made up!

[cccdoug]

Oh yeah...that's true. If that spamware she was using would sort out the victim list by mail exchanger and address as few as five to ten victim's e-mail boxes per envelope, those numbers would be achievable. Even on a 56k (33.6 max. upload) dialup those numbers would be achievable. Cool! This still could be a true story!

Again...I really hope it's a true story. It's nice to believe that someone somewhere is using vigilante justice tactics against spammers.

The biggest things I see going for the story are:

1. The provided details! (icq logs, pictures, etc.)

2. The premier.cluelessfucks.com mirror was taken down under threats of lawsuits.

The things against this story being true are mentioned in a zillion other posts, most of which seem to center around the lack of actual hacking details. :(

If it _is_ true, I wonder if this spam queen is on the phone right now selling the story about how she was victimized by a hacker who tried to destroy her livlihood (and cruelly put pictures of her humungous aerolas all over the internet) to Lifetime...

C'mon, that's totally made up!

[Karmageddon]

He hacked his way across the internet and into that computer and captured a screenshot? Please! If he knew how to do that, he'd be far too busy to do what he's doing with it.

BTW, I host my own domains and email and I monitor spam closely. The problem is getting worse: There's even a spammer operating over the last few days who is mailing to "postmaster@" and that is a huge no-no. They are shameless.

Re:C'mon, that's totally made up!

[Nspectre+Anatomy]

It would be very easy to discern a laptop if you have access to it's files. There are many thumbprints that identify laptops from desktop machines.

Hell, Config.sys and Autoexec.bat alone will usually do it.


-=me=-

Re:C'mon, that's totally made up!

[ZipperHead99]

PCAnywhere has an Icon in the Systray

Re:C'mon, that's totally made up!

[ZipperHead99]

ICQ was not running. Look at the screen shot.

Re:C'mon, that's totally made up!

[GoRK]

Well, From the screenshot showing, there are a number of things that could have allowed this to happen..

First, apparently all the people of premiere services used ICQ to communicate and possibly send files and other gimmicky junk around. Tag BO onto a funny Flash animation or something...... send it to two of the premiere services people as coming from each other.. do a little social engineering so they wont suspect that it wasnt the other person that sent it.... BO is installed and running in about 30 seconds and blammo you take a screenshot. How long does it take to send 500K emails over a dialup? You have plenty of time here.

Presumably, a trojan would have been used as he's just gotten too much information off of those computers not to have used one. Either that or a problem with Windows shares..

~GoRK

Re:C'mon, that's totally made up!

[kid_wonder]

i agree that it totally made up, but there is a product called PCAnywhere in which you can actually view a remote pc screen. its also a pretty common port search - i see it a few times a month. of course, the user should have the software installed and poor passwording ;)

__________________________

Re:C'mon, that's totally made up!

[Kaa]

He hacked his way across the internet and into that computer and captured a screenshot? Please! If he knew how to do that, he'd be far too busy to do what he's doing with it.

Ever heard of something called BackOrfice?

Kaa

Re:C'mon, that's totally made up!

[Masked+Marauder]

The spammer was forging the victim's domain in the email text. I would guess the domain is 'on' 24x7.

Re:C'mon, that's totally made up!

[DrSkwid]

hehe I used the ICQ History Grab as my clue

I couldn't get the screenshots 'cos it was timing out.


.oO0Oo.

Re:C'mon, that's totally made up!

[c0y]

Heh, not at all. I've followed this whole story, read nearly every one of the 10,000 posts to n.a.n.a.e. on the topic (including the attempted joe-job and "You suck" posts by the 'victimized spammers'). My observations:

1) I've been pissed enough at a spammer to start their own little web page. Had I the ability to track them down and post more personal info, I would have jumped at it.

2) I've twice done just this type of 'hack', albeit with a white hat. Ever hear of network.vbs? A simple little script that searches for unprotected win98 shared drives across random class C networks. Seeing this thing hit looks like an attack, and on two occasions when I caught it in progress, I "hacked" back. That is, using the Start->Find-->Computers-->IP I pulled up the remote machine and started browsing directories.

The first time I had the guy's name, home address, phone numbers, passwords (including bank account), all within 5 minutes of his 'scan' of our network. It was trivial, no special hacking/cracking skills needed. It took me a while to realize that he had been infected with a virus (I called, told him what I found and we looked at it together- my first thought was that he'd been compromised, but I couldn't see where network.vbs was sending it's data (it doesn't, just spreads and spreads)).

Anyway, both computers that I tracked back this way were running PCAnywhere. The 2nd one I found didn't have a password.... I connected and fired up the chat screen, in case someone was sitting around. Tried but no response (oh wait, it's 11pm Sat. night, these people must have a life which is why they got no sekurity ;)

Ok, so now I can do pretty much whatever I want.... (including taking screen shots, searching her local network neighborhood for other computers, etc.)

I laughed at it all for a moment, then opened a remote browser window to the network.vbs listing at Symantec. Then I disabled file sharing, wrote a note explaining that it and PCAnywhere needed to have password protection, and then terminated PCAnywhere and my connection.

Always wanted to see the look on their faces when they found they'd been 'hacked'.

Anyway, the "Man in the Wilderness" seems very plausible to me, and could have been done without the benefit of any special 3l33t hax0ring skillz.

My one initial bit of disbelief came at seeing that he'd gotten so much data off of a dial-up. Then I remembered that the spammer has a factional T-1 and only used the AOL account for spam runs. So Man in the Wilderness probably got his initial access through AOL, but came back to the dedicated IP for the real goods.

-c0yest, inspired with a new greeting for his MTA

220 No spam. Trespassers will be violated.

Re:C'mon, that's totally made up!

[bonehead]

If he knew how to do that, he'd be far too busy to do what he's doing with it.

Please. That's no big trick. You've also got to remember that this guy was getting probably hundreds of e-mails a day, both complaints and bounces, which he (understandably) took rather personally. Anger is a powerful motivator. Lots of people will happily devote more time and effort to something than is logical once you get them properly pissed off.

Re:C'mon, that's totally made up!

[dingbat_hp]

Ever heard of something called BackOrfice?

Heard of it. Can't remember though if it will start immediately on installation, or if it needs to wait for a Windows restart (like everything else !). This is not only a screenshot (which isn't impossible), but it's (allegedly) a screenshot made very soon after the white-hat first connected to the Spammer's machine.

Any BO experts around ? - How quickly can you bring it up and functioning ?

Re:C'mon, that's totally made up!

[Inoshiro]

"Finally, only accept connections from hosts with a valid IDENT response."

How exaclty are people who use Win32 supposed to send mail through the SMTP server then? What about machines which have been rooted, or otherwise have identd installed to fake responces?

Relying on the client to provide valid data is a trivial security flaw. Perhaps you mean to say, "only accept mail to a non-local domain from an explicit set of IP addresses," and make sure that your machine has anti-spoofing enabled to its highest level via

echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 2 > $f
done
echo "done."

You'll also want to use the Postfix mailer, as you have to misconfigure that to relay spam.
---

Re:C'mon, that's totally made up!

[jd]

The Windows 2000 one I mentioned comes with Windows 2000 and is installed with it, I believe, whether you want it or not.

Re:C'mon, that's totally made up!

[Karmageddon]

Dude! if the machine is running PC Anywhere, you wouldn't need to launch Back Orifice. This story is made up!

Re:Nine will get you ten, the story's fake.

[CSG_SurferDude]

NO, they didn't use his site as a relay, they used it as a FORGED return address.

Read the article.

Legal? Who cares?

[Janthkin]

I don't know if it's legal; that's one of those debates that's still up in the air (see here for the last /. article about such). But this seems to be justified at the very least. The crimes he KNEW these people were comitting (to say nothing about what he found out) are sufficient. Now, IANAL, but I don't think what he found is admissable as evidence for prosecution, but it would serve as a great reason for conducting civil and criminal investigations, wouldn't it? Then they can get the same info legitimately, and can the spam for a few years, or hit them in their pockets, where it hurts. :)

Re:Legal? Who cares?

[pe1rxq]

Taking law into your own hands is _always_ wrong. Even is somebody is 'guilty' in your eyes! You are not a judge, judges (or a jury for the americans) can declare somebody guilty not you.

If everybody was judging everyone then there won't be many left afterwards.

Jeroen

Re:Legal? Who cares?

[automandc]

I know that no one will read this so long after the orig. post, but: jurors do not have a "constitutional right of jury nullification". In fact, a juror who votes for acquital despite a firm belief in guilt is violating their oath as a juror (yes, in any jurisdiction) and is therefore a criminal. The rub is, you can never prove it, and no right minded court/prosecutor would ever attempt to. But, must dispel the myth: Jury nullification is not a "right". Sorry for the offtopic. automandc

Re:Legal? Who cares?

[/]

Well, that's one response, but I wouldn't say it's the correct one. Ideally, the system would have a certain amount of vigilanteism in order to keep authorities on their toes (tree of liberty, blood of tyrants, all that jazz), which is why jurors have the constitutional right of jury nullification, among others.

Re:Legal? Who cares?

[Fishstick]

Internet vigilante?! Maybe, I don't know. You might wonder if cracking anothers computer to get someone's data and then posting it on the net doesn't make you any better than the spammers at some level.

I think this person had a moral imperative to expose these scumbags. Turned them over to AOL as soon as there was enough info -- same thing I would do. Not sure if I'd be worried about what was admissable in court. Just tipping off AOL is good enough for me. AOL, if they decided to make a court case, would undoubtedly legally obtain whatever information they needed. (or does an anonymous tip by someone who obtained info illegaly automatically throw the whole thing out?)

And hacking into her laptop and downloading all of her stupid pictures (including the one of freckles on her, umm... you know) and posting them on the net is classic!

So yeah, there is a conflict here. "Two wrongs don't make a right" and all that. I don't know if I'd post all this if what was done was illegal. These spammers are scum, no doubt. But does that justify cracking into their computers? Could this person have just gone to the FBI or something after they got the IP of that first filtered e-mail? Sure, that would not have been nearly as satisfying as publicly exposing and humiliating them, but then, I dunno, seems like the ends don't justify the means (ok, enough cliche` -- I'm done now)

Re:Legal? Who cares?

[pe1rxq]

I don't think so, in an ideal system you wouldn't have to keep authorities on their toes.... But the fact remains that people often judge others on things other than facts. When emotion and prejudice get involved it always goes wrong.

Jeroen

Re:Legal? Who cares?

[/]

I said ideal "system", not ideal circumstances. I'm presupposing that abuse of power is inherent in human nature, and that any ideal system must take that value into account. If you want to go ahead and start switching your variables around, then you're not arguing constructively.

three fefts make a right...

[taskiss]

but two wrongs don't make a right. ya can't fight fire with fire without being called a pyro. stop fighting the fight yourself and call in the fbi.

In case of Slashdotting read here...

[IanO]

There are mirrors at:

http://elias.rhi.hi.is/premier.cl uelessfucks.com/
http://cow.org/~noise/belps.freewebsi tes.com/
http://homepages.manawatu.net.nz/~alanjb/

There is also some interesting posts at an old mirror here:

http://premier.cluelessfucks.com/ (gotta love that domain name!)

This is great information... where else could you find out how many freckles are on a spammer's ass :)

------
IanO

Re:In case of Slashdotting read here...

[jpayne]

Yeah, we'd had hits from the audience that was
asking, and /. hadn't posted the story submitted
on Monday. I figured its time had been served.

Re:In case of Slashdotting read here...

[Chalky31]

Not necessarily closed down by 'them' but closed themselves down in response to the weight of traffic.

Re:In case of Slashdotting read here...

[IanO]

Actually they closed it on Tuesday. The guy figured it's purpose had been served (ie. it was just a mirror) so he just left links up to the original and mirrors.

I guess I could have been clearer by saying 'ex-mirror' instead of 'old mirror'.

------
IanO

Re:I don't believe it.

[.pentai.]

Nice to see I'm not the only one here that thinks this is complete bullshit. He basically said "I'm smart so I was able to hack them and here is a picture of their monitor". As for the stock stuff I saw nothing about stock pumping/dumping schemes or insider info, just someone telling someone else to buy this or that...granted I didn't read it all (the aweful colors scared me away).

Oh ya, since when can you get a picture of someone by hax0ring them?

Re:Where in the world is Rodona Garst

[RedWizzard]

It's not in the search engines because it's too new.
The original story is dated as the 24 of May. The mirror at http://premier.cluelessfucks.com/ was taken down less than 2 days ago.

It takes a while before there is enough linking to it for the search engine's web crawlers to find. For example Google last grabbed /. on the 4th of April.

Re:It's a disgruntled ex-employee

[WWWWolf]

I was in the list too...

Very happy day. I've never been sure if The List Of Very Dangerous Individuals exists....

...not only The List exists, but I'm on it. WAY cool.

I also saw a lot of familiar addresses there... =)

Technical Detail

[Zack]

The lack of technical detail, and specifically the references the "screen shots" led me to believe that this story isn't real. As easy as it is to take down a Windows box, it is not easy to gain full remote access except through BackOriface or what not.

I also find it highly unlikely that every single spammer in this group would be completely vunerable to an attack. It's entirely possible that there is some voodoo that I don't know about, but this doesn't look real to me.

Re:Technical Detail

[PD]

Those people ARE NOT the ones who replied to get removed. Those people are antispammers who Rodona doesn't want to hit because they will complain excessively and she will lose her accounts much more quickly.

I was on the list marked as an anti-spammer, although it was under old accounts. All the accounts with pdrap in them are my old accounts that I used to spam hunt with. I still spam hunt every day.

Re:Technical Detail

[Anomalous_Coward]

I'm curious about the tech details too. But I
surmise that he got in through poor security on
Ye Ol' Port 139. He does show a net view of their
lan. And ... not many would accuse this spammer
group of being all that clueful.

Re:Technical Detail

[Zack]

True, I can see a Samba network being wide open, but that doesn't mean that they could get a screenshot of the desktop. Unless this guy was the actual spammer and wrote the story to cover himself ;-)

Re:Technical Detail

[nazgul@somewhere.com]

I don't get the anti list. I checked it and there are at least a dozen addresses on it from my domain--yet they are all bogus. So it can't be due to complaints, or people coming after her. Seemed pretty random to me.

Re:Technical Detail

[davebooth]

I'm pretty certain I know how he got in if it is real.. Just look how often any randomly chosen netblock gets portscanned looking for drives shared in windows without passwords, or alternatively look at the spread of NETWORK.VBS which propagates over this kind of open share. No voodoo involved just a stupid user or lan admin. Having done that you can rape the hard drives at your leisure looking for the pics that will make someone regret the day her bf bought the digicam or the internal memos of the company you wish to discredit...

As for screenshots, you may need some extra help such as backorifice but if you got full access to their C drive then what the hell, just install it yourself!

This is why I block the netbios-over-tcp ports at my boundary router both ways so that even if somebody does have an insecure share it dont get advertised to and cant be reached from the internet at large.

# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking

Re:Technical Detail

[Stonehead]

First off, this story was on k5 yesterday. At that time, the site was still accessible. I wonder whether all mirrors have got antifile.zip - which includes 4 MB of email addresses of people who replied to get off Rodana Garst's mailinglists. I would never have put that file online.
By the way, the archive didn't shock me because of Rodana's pictures, but because of the size of antifile.zip - if those people are only the ones who hoped to get removed from Garst's List (I found five of my co-students on it), how big must the full archive be?? Twenty million email addresses? Forty? One billion?
We are just some toy in the spammer's hands. I'm never going to reply spam again "to be removed". Deleting is the only thing that helps. Well, I could put up a .procmailrc filter on the headers.. :)

Re:Technical Detail

[bonehead]

Oh, come on. Use your imagination. Once you see that there are open file shares, it's a simple matter to get a copy of Back Orifice installed and running. After that, all the screenshots your heart desires are only a mouse click away.

Re:Technical Detail

[Nicolas+MONNET]

What about the following scenario: he finds a Windows file sharing wide open, he replaces one of their often used files with a BackOrifice trojan, the clueless spammers double click on it, et voila. Sounds perfectly possible to me! Now the whole story could be a hoax, but it's still completely possible. Never underestimate the stupidity of a spammer!

Re:Technical Detail

[davebooth]

on second thoughts, scratch the backorifice comment. the windows api for grabbing screenshots aint that complex, if I remember right... Even my ancient version of borland c++ came with an example prog to do just that, I think.. sure it may use older deprecated calls but I bet they are still there in current versions of 'doze for backwards compatibility.

# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking

Re:Technical Detail

[tinyuan]

Yeah, but if he really DID get that shot right after she sent out a spam, he couldn't have installed BO and then gotten the screenshot right then, so what I meant was that it isn't as likely (from my POV, in any case) that he just found BO allready installed and running as it is that he just found PC Anywhere (or Norton Remote Administrator, I neglected to mention that in my last post) allready installed and running. Apologies for any unclearness (is that a word?) in my posts.
-Ma Tin Yuan
Who really, really, really loves his paycheck, and all the cool toys it buys him. His last one bought him the entire Curse of SPAWN action figure set. Go ahead. Call him childish. He doesn't care.

Fellow Virginians: Let's use the Law to stop spam!

[TimeHorse]

In Virginia, we passed a bill last year making Spam a crime wherein the victim is entitled to financial compensation on the order of $10 per Spam up to $25,000 per day for an individual and at least $25,000 per day or $10 per Spam whichever the greater for any violated ISP involved.

So, why don't we set up an Anti-Spam Legal fund for suing spammers in Virginia? Anyone opting into the fund agrees to let the fund prosecute the case on their behalf and in return all proceeds go back into the fund. Whatever surplus the fund recieves can go into Anti-Spam education, lobbying for Anti-Spam laws in other states / nationally, support for MAPS, ORBS and other Anti-Spam mail blockers, and perhaps some other related Open Source projects or the FSF.

The problem is the legal work would have to start out pro bono as initially revenue into this fund would be quite small as people learn about it and opt in. Also, most Spammers may be difficult to take to court in Virginia though the interstate commerce laws should apply to anyone in the United States at least. OTOH, were it to develop, reputation of the consequences of Spamming in Virginia would become pretty well reputed and make this state even more of a Spam-Free Commonwealth. :) Even if by this recognition the funds value trickles back to none, it will have served its purpose.

And since AOL is located in Virginia, wouldn't any account on their server constitute an Individual Presence in the state of Virginia -- namely the e-mail address -- thus allowing any user to sue any Spammer who spams the supposed cash cow of AOL users...?

Of course, the one other problem with this is that it invites the Pro-Business, Pro-Free Speech at-any-cost Supreme Court to strike the law down... :(

No there isn't silly lad!

[doublem]

If your connected through a LAN, you never see an icon indicating the existence of a net connection. As soon as my company switched from dialup to ISDN we had to get used to the fact that we had no way of knowing if we had an active net connection without launching some program that checked it. (NetMonitor, Netscape, IE, Ping)


Matthew Miller,

Re:You've got to be careful with this...

[JeremyC]

My brother and I are both in Clarksville, TN reading this! How odd....

Umm... It's fake?

[revscat]

With some degree of hesitation I have got to say that it's fake. There aren't enough details about how he did what he did, but there is alot of pomp and circumstance. Plus, those *pictures*! I find it difficult to believe that any human looks that goofy. But then there's Linda Tripp... The documentation of addresses and telephone numbers gives a certain amount of credence, but the technical details were so sketchy that I'm really having a hard time believing this. And the picture with the chat from the "cuosin" and the porn ad in the background was too stereotypical to be believable.

I'm skeptical, is all I'm saying.

- Rev.

Re:Umm... It's fake?

[PD]

I'm on it too. I hunt spam every day for fun. I think the site is real. All the addresses with 'pdrap' in them are my old ones.

Re:Umm... It's fake?

[thc69]

"Plus, those *pictures*! I find it difficult to believe that any human looks that goofy."

Hah! You haven't met my family. I have people in my family who have the same goofy features as those people (Note: The non-goofy features differ. ;)

Re:Umm... It's fake?

[Bob+Dobbs]

Another datapoint: on the site there is a list of "anti-spammers that they won't send spam to". That list, at least, looks legit (I'm on it and a friend that does anti-spam stuff for an ISP has a lot of addresses on it).

This, of course, wouldn't be all that hard to fake, but it's a pretty big list and does (in my opinion) give some creditability to the whole thing.

I don't think he did enough

[DGregory]

After reading his recount on hacking into these peoples' computers and deleting their spam program, I honestly don't think he did enough. He should have taken them to court, suing for the damages, and hopefully send their asses to jail for fraud. If enough of these people get caught and something DONE to them, it will be a deterrant for when other people are thinking of spamming. These people just think they'll make money, and think that they won't go to jail.

I do like all the pictures and home addresses of the spammers. I hope they know that everyone knows who they are! hahahaha

Re:I don't think he did enough

[DGregory]

Heh okay I think I responded before I thought too much about the site. I am in agreement that I think it's fake too. I did a look up on Rodona's supposed ICQ number and there is no such user.

http://wwp.icq.com/3483645

Re:I don't think he did enough

[/]

But her home address doe s exist.

Re:So which is it?

[Corrado]

I was thinking on the way to work this morning about ways to stop spam. One way I thought of was to configure your email filter to look for a special X-HEADER that contains some unique code (PGP Fingerprint?) of the sender. Your email filter could then match those fingerprints up with a file of known good friends and simply reject the ones that dont match or dont have the X-HEADER in place.

Or has this been thought of before? :/

Later...

Let it be true!!

[doublem]

I SOOO want this to be true, and even if it isn't it's a great read. Spammers are evil and must be stopped.

I'd pay $$$ to "see a movie" about a task force, funded by disgruntled ISPs, that does this exact sort of thing, tracking down spammers and cracking their systems...

The frustrated writer begins to ponder a novel......


Matthew Miller,

What I don't undestand...

[nkg]

Why did she use his email address to begin with?
After he deleted her email account, why did she use his details again?
surely it won't be hard for Rodona to track him down.

Does any one reconize the spam which is listed on the site?
If so what was the repy-to email address

Just wondering........

This has got to be a Fake

[ZipperHead99]

I'm no hacker but I do know enough. How the heck did he ever get a screen shot of the 'hacked' machine. Perhpase I'm missing something.... but to get such a shot you'll need some kind of Third party software installed that moddifies the Win95/98 Kernal. Theres no feasible way to do so without rebooting the machine, and pushing a fair ammount of information down the pipe. How could have possibly done so during one session without the end user taking notice?

Please prove me wrong in my assumtions.

Re:So which is it?

[ttyp0]

There is a difference. You can't compare UCE to MP3s. When I download a MP3 anonymously, I'm asking for the file. I don't ask for unsolicited email!

Premiere Services Website

[cascadefx]

I checked out the website listed in the Premiere Services whois lookup mentioned in the story and it says it is a property management company. Makes the story sound more and more fishy to me.

Then again maybe he is really mad at freewebsites and is looking to DoS them through the slashdot effect. Hmmm....

Re:So which is it?

[quux26]

Basically, if someone wants an anonymous internet, too bad. No one (who is sane) wants that.

No, we want anonimity. Maybe you could start by backing up your assertion that wanting anonimity = insanity, possibly the most head-in-the-sand statement I can think of in today's global political situation (think China).

My .02
Quux26

Whoops

[Your_Mom]

Im sorry, but this sounds like John Markoff wrote this. I really don't believe it. Also, This is not the first time a domain controller sued a Spammer, Matt Seidl from localhost.com sued a spammer for using his domain name in their spam. Which I hate to say, was thrown out.

Well..

[mindstrm]

If this is real, and it certainly *could* be.. two things come to mind.

1) We are brought up to think two wrongs don't make a right. What the person did here is most likely very illegal. It doesn't matter what caused it. It's illegal. (which makes me wonder if he really did it)

2) Screw what we are brought up to think. The net is different things to those of us in the know. The boundaries are different, the rules are different, and what we thing the 'net' really is is more refined and accurate. So.. how can those who don't know make laws against it?

Pump 'n' Dump

[mindstrm]

See those messages encouraging mass spamming in order to get stock volumes up? That's pump 'n dump. A credible public company on the market does *NOT* need to behave like this, PERIOD. There is *NO* reason to do this.
Smallcap (penny) stocks that are basically scams (those with many shares are 'pumping' the stock by all this spam, hence creating volume, and an increase in price, and an increase in demand for the stock, and then dumping what they own for moremoney.)
That is not what stock is about, and it's illegal.

Re:Pump 'n' Dump

[Lazlo+Nibble]

In http://belps.freewebsi tes.com/Stock-Scammers/Pump-N-Dump.htm, Rodona mails Mark Rice on December 3 and lets him know that she has completed her mailing touting MSOF.

Now go to http:// www.bigcharts.com/intchart/frames/frames.asp?symb= MSOF&time=8&freq=1 and check out what MSOF did around that time. On November 30, it opens at 1/16th. Closes at 1/8th. Dec 1, closes at 3/16. Dec 2, 3/8. Dec 3, 7/16. So in three days of trading, anyone with MSOF has septupled the value of their holdings.

It gets better. People take profits over the next few sessions and the stock troughs a bit. But in the second half of the week it starts really charging. It closes the next Monday, Dec 13, at well over a point. And if you bought in at 1/16ths and sold with perfect timing when MSOF peaked at 1 1/4, you would have turned a $1000 investment into $20k in under two weeks.

where are the details

[chipwich]

There does seem to be too much hype and too few details to the story. A questionable point in my mind: Just how does one track a user to an IP address based on email? Unless you control the originating SMTP server (hence you could cull the logs), it must be very difficult to resolve a user down to an IP... in this story, the return domain was forged but the originating SMTP was stolen from an unrelated service, so how is the spammer IP address resolved?

Re:where are the details

[Garpenlov]

A questionable point in my mind: Just how does one track a user to an IP address based on email?

Just look at the 'Recieved:' headers.. Here's one from an actual piece of spam I've got sitting in my mailbox.

Received: from alan (PPPa55-ResaleFtLauderdale1-2R7288.saturn.bbn.com [4.48.80.212])
by outmail3.pacificnet.net (8.9.3/8.9.3) with SMTP id QAA10239
for <[deleted]> Thu, 4 May 2000 16:24:05 -0700 (PDT)

Obviously, I took out my real address and put [deleted] in there, but you get the point..

Remedial English for Script-Kiddies

[BigBlockMopar]

There is a reason he didn't put up his email address.

Of course. I wouldn't put my main e-mail address on a webpage like that, much the same way I don't put my main e-mail address up on Slashdot. Web-based e-mail is wonderfully anonymous (when you kill all browser cookies), and since you only end up downloading the message from the server if you click to open it, you don't waste an hour waiting for a day's worth of spam to be fed down the pipe from your POP3/SMTP mail server. That was probably the easiest option available to him.

Given that the subject matter was illegal and it's not impossible for Hotmail or Yahoo or others to trace IP addresses, my next tactic would be to use an cyber cafe or some other similar place to create the e-mail address. Probably, I'd upload the webpage to the server from another cyber cafe to assure greater anonymity, just in case they're logging IP addresses, too.

Further, it's easy enough to write a Javascript that breaks your e-mail address into two pieces so that webspiders don't find it and spam it, and yet when a user clicks on the link, it gives you the correct and complete address. I'd pass you the script you can add to your own websites to do this but I don't have it handy right now. It's common enough knowledge, I didn't write it.

Subj: Your an idiot. (Score:0)

Hmmm. Generally, if you wish to insult someone effectively, it's better to have a thorough and proper command of the language you are using.

Pursuant to the above paragraph, you will note this convention, used every day in common English:

"your" = possessive. ie. "It's your brain that doesn't work."

"you're" = contraction of "you are". ie. "You are about as intelligent as a tsetse fly."

To combine the two into an impressive demonstration of your new-found (though, ironically, remedial) English skills, you could use a sentence like the following:

"It's not your fault that you're not very intelligent."

Along those same lines, you should be aware of tricky words like "there", "they're" and "their". And "its" vs. "it's" never ceases to confound.

Since I suspect English is your first language, I would expect you to demonstrate a more thorough command of the language than was demonstrated in your post. One's second and third languages are generally expected to display grammatical and contextual errors; but I would doubt you have either the tenacity or the requisite breeding required to learn a second language. I have nothing but respect for those who learn several languages, since it's not an easy process. (I know, I speak several fluently.)

I hope that you get to use this tidbit of information to avoid being marked down on your high school freshman English tests.

Now, isn't there a nice and warm Sony Playstation waiting somewhere for you? Or maybe you prefer a little Jerry Springer?

Re:Remedial English for Script-Kiddies

[BigBlockMopar]

but the lead chips taste soooooooooo good!

That they do. I used to lick roof-flashing, myself. But now, I'm more of a mercury-through-skin kind of guy.

Oops. Time for me to break my midnight thermometer... gotta run. ;)

Re:something is wrong in that screenshot !

[mindstrm]

Doesn't mean it's offline... though it may.

The computer sitting next to me was moved from dialup to DSL... and as long as the modem is donw, icq netdetect still thinks the machine is 'offline' (even though ethernet link is up)

Spam Spam Spam...

[Ron+Harwood]

Shut up you bloody vikings...

Sorry, to this day whenever I hear the word spam - I think of Monty Python.

Gotta be fake,

[whatever999]

What sort of cruel parents would name their kid "Rodona"? And that face, eeeuuuooow. . .

Re:So which is it?

[Robert+S+Gormley]

The kind of anonymity that Napster users do is the home version of intellectual property theft, with copyright violation (artists songs are their work, right?) and so on thrown in.

definite STORY.

[__aawavt7683]

"I also downloaded enough information from other data files to determine who I was dealing with. Despite my dislike for spammers, I left the laptop otherwise un-harmed"

now... how would this person know it's a laptop? he can't. Even if he did go into the power management and saw it was set to notebook/laptop/whatever, you can't be sure. But why would he do that anyway? heh...

2nd: he says "laptop." anyone with as much knowledge as he claims to have would know laptops are ancient, and would be calling them notebooks. (does anyone think dead tree when they here "notebook" nowadays?..)

-DrkShadow

Re:definite STORY.

[__aawavt7683]

yes, me again. Another quote.

"From Clarksville, Tennessee to Los Angeles, California, and from the office server to the bedroom laptop"

now... he apparently knows that there's an office server, and the SPECIFIC location of the "laptop." Well.... heh... this is just seeming more and more like science fiction. I feel I've make my point, so I won't post any more. I might continue reading, or might not... I don't like fiction very much. science fiction would be better.

Re:definite STORY.

[TheKodiak]

Ok, dude - how many people do you know WHO USE AOL that have PCMCIA cards on a desktop?

Re:It's a disgruntled ex-employee

[Randy+Rathbun]

I tend to think it is someone they know also. As much as I like to think it was a BO attack, there is another perfectly acceptable hack... gaining physical access to the machine!

Notice that the author only shows ICQ stuff from a few machines. That ain't a lot. In fact, two of the machines were prolly sitting next to one another. Simply email/ftp all the icq message files/.jpegs/.txt files and ya got lots of ammo. Getting near three machines is pretty easy. Hell, look at how Kevin got all his passwords - he just called people on the phone and said "what is your password?" They gave it to him.

However the site author did it, it is pretty damned wicked.

At least the WHOIS is real

[doublem]

Well, the WHOIS info he lists for PREMIERSERVICES.COM is accurate. Check out http://www.networksolutions.com/cgi-bin/whois/whoi s?STRING=PREMIERSERVICES.COM&S TRING=Search


Matthew Miller,

One "expert" coming up...

[BLKMGK]

Okay - here's the deal. BO and BO2K are both programs that must execute on the target system. You don't "hack into" a machine and execute it remotely. There's generally no command shell available that will allow you to kickoff a program like that. Instead it's generally easier to send them an executable that has BOwhatever wrapped in it. When they exeucte this program is loads itself up, sets some Reg keys, and opens a port for business.

If this person is claiming to simply have knocked on the door of this machine and gotten a screenshot s\he is full of it. On the other hand it's possible these morons had already had someone send them a copy of BOwhatever and that they had a port open and waiting. IF that was done then yes it wopuld've been CAKE to take a screenshot.

Goes like this - find the correct port - 31337 for BO for instance, log in - usually no password, screenshot the system saving it to a file somewhere (there's a command for this), then fire up a WEB server on their side (BO can do this easily), browse to the correct file location, download the screenshot. If you're smart you'll "freeze" the file for transfer (compress it) and then "melt" it on your side. If you don't do this the transfer of the data can become a bit noticable - I once almost got spotted when someone's little CUCME conference was lagging due to this - they were having CyberSex of all things (shiver). Figures I got the woman's side of it too - that means I saw the guy on her screen (ick).

So - the only way this could've been done quite as it was described (or as quickly as it was described) was for BO to already have been present. Considering that I used to find BO on as many as a hundred machines a night on my ISP alone (I used to warn people) this isn't exactly incredible but... Just imagine the infected sorts of files people must send to SPAMMers! If you read the ICQ logs you can also see that we're not exactly talking about rocket scientists either :-)

My question is this - if this is a haox, why? An axe to grind on this company? That's an awful lot of work creating those logs ya' know, the conversations are mostly lucid... But then, who the heck saves all of those silly ICQ conversations? Talk about leaving evidence around for whoever busts down the door!

I dunno' if I believe this or not.... Sorry to ramble :-)

P.S. There used to be whole archives of screenshots done with BO. My favorite was of a desktop where the message read somerthing like "get off the computer dork, there's a perfectly nice girl on the bed behind you - go get it on with her" - the second shot, taken through the system's camera (yes it does this) was of the guy's face! Talk about a laugh riot - his jaw was on the floor!

Re:One "expert" coming up...

[AdamJ]

But then, who the heck saves all of those silly ICQ conversations?

ICQ logs by default, I believe. Pretty easy for the average person to not even know that they can be deleted - or even that they exist.

I haven't read many of the ICQ logs from the site, but writing actual conversational speech that reads like real speech isn't a trivial thing. Not saying it's impossible that all the ICQ logs were fabricated, but it would have taken a lot of time, especially considering having to generate and keep all the time/date stamps sane.

Adam

Spammer's Customer

[pclinger]

I live in Lake Forest, about 2 miles from Mission Viejo, CA. On this page: http://belps.freewebsites.com/PS-Employers/orderfo rm.htm It says a company in Mission Viejo sent in an order to these people. I think I'll drop by tomorrow to see if I can confirm/deny if any of this is true or not. Patrick

Re:Throw them in the pit!

[CaptainSuperBoy]

Sanford Wallace.. now that's a name I haven't heard in a long, long time..

Seriously, though, Cyber Promotions has been dead for years. Sanford says he's anti-spam now, but his actions don't reflect this.

Re:I don't believe it.

[adamsc]

His claim of capturing a screen shot of the spammer's computer is just outrageous...Windows may be full of networking holes, but c'mon...

Don't confuse your ignorance with technical impossibility. BackOriface is similar to pcAnywhere or Microsoft's SMS, all of which give you remote GUI access to a Windows box. Want even more? According to the Back Oriface feature list BO2k supports Multimedia support for audio/video capture, and audio playback.

Note that BO is pretty easy to install. A shared drive with no password or a weak one or a trojan horse email or website (ActiveX can work for you!) would all allow you to break into a clean Windows box. One with dozens of insecure programs installed (e.g. ICQ, some IRC clients, some email clients, etc.) would be even easier.

__

Wired

[Hard_Code]

Man, this should be a Wired article. This is just too good.

Re:Wired

[www.thefish.com]

Unfortunately, Wired stopped running these types of articles a few years ago in favor of more info on the Wired Index fund.

Re:So which is it?

[Tau+Neutrino]

The part most folks forget when talking about SPAM is that somebody is buying the junk the folks are selling.

Not necessarily. If spamming really did work, how long do you think it would be before all the big producers of mainstream consumer crap picked up on it?

I'm sure that most spam runs have some rate of positive response, but it's abysmally small. It's the job of spammers to convince their potential clients otherwise. They rely on new, uninformed, and clueless folk who want to make it big by selling in CyberSpace (tm).

Rule 1: Spammers lie.

fishy...

[idot]

This is definitely a strange story. How did he hack the computer?

How did he obtain all the photos? Do these ppl store their semierotic photos on their hard drives?

And these stories at the and i didnt really have time to read...

strange indeed

Maybe he simply got put down by these women and now simply tries to blame them in public.

Punitive

[chuckw]

I read the whole site and looked at every picture and am confident that this is punitive action taken by someone close to Rodona. Here is how I came to my conclusion:

1. If this guy is such a professional, he would have included some valid contact information on the site. You would think that a professional would want to use something like this to promote himself.

2. There are banner ads on the site. This guy knew that it would be a hot topic and prepared with the requisite revenue generating banner ads. This is not the mark of a professional. I could understand if this were part of a larger site, and the banner ads were simply blanketed on all pages.

3. The pictures are too darn detailed. What reason would she have for keeping those on her own personal computer (which is where the "security expert" claims to have gotten them from). I don't know about you, but my first reaction to "driver's license photos" is to get rid of them.

4. The pictures were augmented with comments. A professional would not do this. Augmenting the pictures shows anger towards her. In a legitimate sense, this could be anger directed at a spammer, but it is an amatureish thing to do. This lends credibilty to the fact that she is an ex-something-or-another.

5. The risque stories are a bit odd. There is no context included with them and they appear to have simply been cut and pasted. Rodona's name isn't on the pages anywhere, nor are any e-mail headers, file names or other identifying marks on them that would indicate that they were part of Premier's product offering. Bottom line, they simply don't fit.

6. The "Email Me" link at the bottom of the page kinda gives it all away IMHO. Click it and you'll see what I mean...

So who do I think did it? There is a ring on her left finger in a few of the pictures so the obvious choice would be a bitter ex-husband. There is also a piece of someone in the background on the "freckled butt" picture. My guess is that he bears an amazing resemblence to the guy who created the website.

It is also obvious that this woman has children. I'm guessing there's probably a pretty nasty custody battle going on. I'm sure this isn't pleasant for her and her children. Imagine one of her kids picking up the phone and hearing a stream of vitrioloc filth from some ignoramus who thinks they're doing us all a favor.

Ok so maybe Rodona is being a B***CH about the divorce and her ex isn't exactly mature enough to handle it well. It probably explains why they are getting divorced in the first place. Please leave her alone. She's probably embarassed and stressed out enough as it is. Good luck Rodona. E-mail me if you want help (just reverse the address above)...

-Chuck
--
Quantum Linux Laboratories - Accelerating Business with Linux
* Education
* Integration
* Support

Fake? Maybe, but love those pix!

[swb]

Maybe it *is* faked -- maybe not, but if it isn't you have to *love* the idea of snagging nudies off of a hard disk and posting them on the internet.

It's kind of like the old punishment idea of public humiliation. I'd imagine that all the flabby-ass Rodona's out there would think twice if they knew that if caught spamming their flabby butts and ugly boobs would be on the internet..

Re:Curious...screenshot?

[yuggoth]

IIRC, some of the well-known remote administration tools like BO2K or NetBus (or something else, I haven't tried them yet) offer the possibility to take screenshots of the remote desktop.

Having said that, I don't think the story is true - too little actual information and too pictures of ugly peple for my taste...:)

Case by case, anonymity can be necessary

[benenglish]

Interesting. You say:

>

Why? Well:

>

If I correctly assume (and please disabuse me of the notion that your specific example isn't meant to be applied generally if that's the case) that you're saying "People who want to be anonymous just want to escape accountability," then I have to ask "Why not?"

There are plenty of times when escaping accountability is a very, very good thing. Some of those rabble-rousing pamphleteers who helped rile up those New World colonists into a revolutionary frenzy certainly had a good reason to want to escape responsibility. If you were some oppressed peasant getting beaten senseless because of trumped-up charges brought against you by the local mullah and you had some pictures of said mullah engaging in a sexual act with an animal or child not his wife, wouldn't it be just spiffy if you could post those pics to the net in complete anonymity?

In both cases, and a few thousand more that a little imagination could dream up, the reason total anonymity would be a good thing is not because, in general, escaping responsibility is a good thing. Anonymity in these cases is good because the price you pay for accepting responsibility can and often is set by people or institutions that are flat-out evil.

If you live in a place or time where the people who have power to punish you will use that power to hurt you for simply exercising the natural rights that all humans should have, then total anonymity can be a darn valuable thing. Where folks disagree these days is on whether we live in a world that meets that description.

That decision is up to you. Personally, I think that even if you believe that the political powers in your jurisdiction are moral, just, and competent, I'd still advise you keep the option of being anonymous just in case things go south in the future. Who knows what the world will look like in 20 years? I don't. I want the option.

Better yet, I wish total anonymity was the default.

Re:Case by case, anonymity can be necessary

[Bad+Mojo]

Basically your describing using anonymity as a tool for Free Speech, not anonymity to escape prosecution. Anonymity is a tool, not a basic right of being human like we take Free Speech to be. 'nuff said.


Bad Mojo

Re:So which is it?

[CConkle]

I got the fax.com thing too. It is absolutely illegal, and violates several VERY SPECIFIC codes. My copy of their spam got thrown out- maybe I'll get another. Do you know of anybody who's fighting them? I want to nail the buggers.

So which is it?

[nharmon]

You know something. I find it very disgusting how so many people who advocate an anonymous internet when it comes to file sharing on Napster, and so forth, but the MINUTE they get spammed, they are all shouting about accountability and how we need better records of who is using the internt.

People, the internet is both accountable and anonymous. Basically, if you want to be anonymous, it's not that difficult to do so. And, if you want to be accountable, you can do that too. The point is, spammers will always fake headers in some way, and "illegal" mp3s will always move anonymously through non-logging proxies, and people will continue to put up webpages showing off their new Corvette, including exactly where it's parked at night, and where in the garage the keys are stored.

The only combat we have against Spammers, is the capitalist approach. Spammers would not be in business, if not for all of the nullheaded PR people who feel they need to mass-market the internet cheaply. And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people.

At my company, we urge our marketing department to stay away from companies who want to send out spam on our behalf. And we've batted 1000 so far (thank god). I feel that we're doing our part by not supporting companies whose only product is unsolicited email. So if you ask me about the "big picture" of stopping SPAM, my answer is simply, stop paying them to do it.

Re:So which is it?

[girlfriday]

Let me make a social commentary at this point....I have read enough of this to gleen that this gal Rodona is supposed to be a Christian and yet there's too many things within the story facts that lead me to believe otherwise....why would someone who is a Christian act so unethical for such a long amount of time...I realize that there are those out there that do stuff like that...but if you read the ICQ chat, it sounds like she was really oppresive in her faith....also, the AOL IM chat seems pretty mild....if I were Rodona, I would have stuck it to that webmaster, but she doesn't...why? So I ask this question, beyond the actual technical questions, where is the consistency in personality?

Re:So which is it?

[girlfriday]

And one more comment...someone said that PCAnywhere did her in....not so....she would have had to have that application opened and had allowed security to be wide open on that...

Re:So which is it?

[sik+puppy]

...nothing expensive...

or the poor owner of a fax machine that is spammed by non-profit organizations

fax.com and the national center for exploited and missing children has started a junk fax campaign, and last friday i came home to find my fax machine out of toner and paper. when confronted fax.com gets very indignant and says what they do is legal etc.

spamming should be a capital crime. i love junkbusters.com and spamcop.net

we have a choice - legal regulation, or wild west vigilantism - both suck - as to which is the lesser evil?

Re:So which is it?

[locutus074]

For informational purposes only:
<g>

A co-worker told me about the "Black Loop of Death" or some such. One accomplishes this by taping several sheets of construction paper together, end-to-end and lengthwise. Then start faxing it to your favorite number. Once the first end comes through, tape it to the other end. Voila. :)

--

Re:So which is it?

[sik+puppy]

im working on it. the legality is grey. according to the tcpa, junk fax is banned, period. but in other parts of the law, it refers to exemptions for CALLS made by on on behalf of non-profit organizations - this is where the national center for missing and exploited children comes in - in exchange for money, they have hired fax.com to send fax ads.

i will definately follow up on this. i am also working on getting a tv news story done on this.

in the mean time here is how you can help kill these vermin.

1. verio.net is the isp for fax.com - i would think that junk fax violates their acceptable use policy.

2. sun microsystems - they are a major donor to the non profit - email/write them and suggest that the misbehaviour of ncfmec is reflecting badly on them

3. cai.com (computer associates) is another major sponsor - let them know too.

4. finally www.missingkids.com - contact the offenders directly and let them know how you feel (politely please - foul language and threats of violence accomplish nothing, or worse) (do let them know that you have written to their sponsors about their actions)

5. time to break out pens and paper and write you senators and congresspeople (obviously for those of us in the usa) and let them know that the non-profit loophole is being abused and must be closed.

Re:So which is it?

[StormyMonday]

You know something. I find it very disgusting how so many people who advocate an anonymous internet when it comes to file sharing on Napster,
and so forth, but the MINUTE they get spammed, they are all shouting about accountability and how we need better records of who is using the internt.

Reality check here.

There is a *huge* difference between anonymity and forgery. The kind of forgery that spammers do is the corporate version of identity theft, with trademark violation (your domain is your trademark, right?) and libel thrown in.

Legally, nothing is going to be done until some big guys get hurt. Not likely.

The only combat we have against Spammers, is the capitalist approach. Spammers would not be in business, if not for all of the nullheaded PR people who feel they need to mass-market the internet cheaply.

Not likely. Look how many people opened an e-mail attachment called "love-letter-for-you" from a business collegue. Even if nobody replies, all that's necessary for spam to work is for the spammers to convince their sleazeball customers that it works. There's one born every minute.

From a technical standpoint, stopping spam is fairly simple. All you need to do is have mail relays verify that the message is coming from the source listed in the headers. Simple, that is, until you get to the phrase "everybody on the Internet has to ...."

Re:So which is it?

[Wah]

Did you read the article? These spammers hardly seem anonymous. The tools exist to track people when necessary, it just takes some skill (more than I have).

People wouldn't Spam if it didn't work. Why do you think people are so eager to set aside common coutesy for profit? As long as there are clueless folks on the Net, it will be economically profitable to spam them.
--

Re:So which is it?

[Bad+Mojo]

"You know something. I find it very disgusting how so many people who advocate an anonymous internet when it comes to file sharing on Napster, and so forth, but the MINUTE they get spammed, they are all shouting about accountability and how we need better records of who is using the internt."

"You're making a common mistake. You're confusing insanity with style." - Quintin Stone

Basically, if someone wants an anonymous internet, too bad. No one (who is sane) wants that. What people want (that you don't seem to grasp) is Free Speech and privacy. These are not the same as anonimity. A handle or nick is not the same as being anonymous. The only time anonimity is good is when it contributes to Free Speech. Something spammers will try very hard to argue in their favor, as they have in the past.

Anyone who cries out to be anonymous on Napster or Gnutella is just wanting to not be held accountable. They are not trying to be anonymous to protect their rights.

In the end, a spammer is no different than a person who sends out 5000 faxes to people who didn't ask for them. Instead of paying for 5000 sheets of paper, the spammer is relying on someone else to foot the bill and pay for the fax paper their ad is printed on. This is nothing short of theft of resources in order to make a profit.

*DISCLAIMERS*
1) Yes, I know I make some assumptions in this post. I'm sure there are some people who want the internet to be totally anonymous. I think those people are crazy.
2) I know I can't spell. Sorry. I try.

Bad Mojo

Re:So which is it?

[jd]

Bull. If systems used host and server authentication the way that they're supposed to, it would be impossible to forge headers or IP addresses. The system would automatically reject them.

Capitalism is no better or worse than dealing with this problem than any other philosophy. In the end, the only guaranteed solution is secure authentication and compliance with standards. Do that, and spam would cease to exist.

Re:So which is it?

[Inoshiro]

"And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people." Unless you happen to be:

• An ISP whose mail server goes down because of the sudden rush of out going mail
• An unfortunate user whose valuable paid-for connection time is used downloading spam (think European telecom costs)
• The unfortunate ISP who receives a half-million bounce messages.

Spamming is criminal, or should be. Anyone who does it deserves the full penality of law. Since law seems to not be able to deal with it, vigilantism is our only recourse. :-/
---

How long till Slashdot gets a Cease and Desist..

[CSG_SurferDude]

How long till Slashdot gets a Cease and Desist letter because there are links to a certain females private parts?

And, as much as I like seeing "Mess with Spammer" articles, I really wish somebody on the Slashdot staff would attempt to do a little verification on this story before some less reputable person does so.

And, I wonder just how long it will be before that picture (you know which one) get's posted up on Usenet (Alt.binaries.you_know_where) as an advertisement for something lewd...

How'd he get the screenshot??

[superid]

As part of the story he implies that he got this screenshot right after detecting her online for the first time...is this possible or am I just taking the time sequence to literally (perhaps he got the screenshot later)

It seems to me that he would have to use something like BO (Which she would have to install) in order to get it.

Re:You've got to be careful with this...

[beagle]

There may be many people in Clarkesville, TN reading this story now - /. is widely read

You've obviously never been to Clarksville. My grandparents have lived there ever since before my mom was born - they were both born there too. It's not, shall we say, at the pinnacle of the technology forefront.

Don't get me wrong. I love the town and will miss it once I have no reason to go there (after all my grandparents and their immediate families pass on), but ain't too much happenin' 'bout an hour north of Nashville near the KY border.

Snagging AOL User Names

[danderson]

I would tend to agree with the consensus that although it's a cool story, it is probably not true. I would just think that if that many AOL usernames were snagged, we would have heard about somewhere else. Anyone have any more info?

Re:Snagging AOL User Names

[IanO]

Stealing AOL usernames and passwords has been an ongoing story on the net for years. It was on Wired, CNN and others (Slashdot maybe?)

Here is a story from CNN. It's a different method than these spammers were supposed to be using but the end result is the same: bucketfulls of AOL usernames and passwords.

------
IanO

Re:Snagging AOL User Names

[Senior+Frac]

I would tend to agree with the consensus that although it's a cool story, it is probably not true. I would just think that if that many AOL usernames were snagged, we would have heard about somewhere else. Anyone have any more info? As an active member of the anti-spam community. I would like to attest that everything here checks out. It's legit. It's also outrageous and amazing, but none of the anti-spammers has managed to poke any major holes in it; and they're a very suspicious bunch. Premier has been on the anti-spammers' radar, but hasn't drawn any abnormal amount of attention up to now. However, that has changed now that this information was released. I suspect the spammer's ICQ accounts are going to have to be changed from the sheer volume of anti-spammers giving them grief. I've seen quite a few logs of post-hack discussions; they're making all sorts of lawyer threats. Which would be suicide, of course, because that would bring even more publicity, something they can't afford.

--

Re:How to bill spammers (WRONG!)

[nazgul@somewhere.com]

Unfortunately spamcop has a nasty habit of sending complaints to the wrong people. I've been on the recipient end of that and I don't appreciate it.

Hope they get their cumuppin's

[DigitalSorceress]

These people need to get a serious kick in the pants.

Spam pisses me off more than just about any other form of junk-advertising. I will take the commercials on TV and radio, I will ignore banners on web sites and display ads in newspapers, I even have fun harassing telemarketers, but SPAM pisses me off for some reason.

Clarksville citizen:You too? Getting spooky here..

[monkey+#+omega+1]

My brother and I are both in Clarksville, TN reading this! How odd....

But, if we're lucky, we can start a whole new thread about geography! Everyone from a town that is so small/backwards that they think they are the lone /.'er there, please respond!

Re:a way to hack NT

[Masked+Marauder]

at least one of her machines was NT. It was in some of the icq logs.

if it's a fake, then why..?

[c@pt4!n_m0rg@n]

well... there's more to it.. http://cow.org/~noise/belps .freewebsites.com/joejob.html someone in salt lake city took it upon themselves to try to pin the "man in the wilderness" id on ravi pina who owns cow.org. why? revenge, etc, we don't know. we do know that ravi certainly didn't do the hack, and several of the things the poster mentioned just dont ring true -- as steve sobol so eloquently points out. the existance of the joe job really does alot to harm any possible credibility that rodona may have had -- it will, hopefully, result in the termination of two throw away dialups and may implicate another member of the premier services cadre. rule: spammers are dumb. so there you have it.. i really dont think its fake now.

Think about it from HIS perspective

[Aquafina]

If you had committed a crime by hacking into someone else's hard drive and then posted it all on the internet, would you not care about these things? 1) getting arrested? 2) becoming the target of revenge by the spammers? At the same time, wouldn't that desire for revenge cause you to do the following? 1) exaggerate events and/or even make up a few more just to fuck with the jerks? 2) leave out certain incriminating details that would add 20 years to your prison time if you're ever caught? 3) add some mis-information so the spammers will be mis-directed should they try to get revenge on YOU? 4) implicated "other" enemies or people you hate just for fun? Now let's see what kind of loopholes can exist! Suppose these facts: You are the original spammer. You purposely leave trails of bread crumbs to entice would-be vigilantes. You "conveniently" place in your hard drive some photos of your (you, the spammer) enemies' photos. You also place other fake incriminating evidence. Then you just let nature take place and allow your honey pot to be broken into... With these thoughts in mind, go and re-read the web site articles...

Fake? Seems like it.

[Garpenlov]

Just reading the first page causes me to shudder at the way it's written.. Take this quote, for example:

By carefully examining the email headers and message body of previously sent spams I was able to identify a unique signature that appeared in every email the spammer sent. I designed an email filter to detect this signature, and placed it on the mail gateway of a high volume Internet mail server ... Finally on the fourth day my digital pager went off. The message on the LCD read; "Spammer is on-line!"

The above just makes me laugh, if you ignore the question of, "how'd you get that filter program on the 'high volume internet mail server'?" Did you use your h4x0ring sk1llz, or was it your own for your business of providing advanced TCP/IP know-how?

Once I had escalated my remote access to that of a full privileged local user

We're talking windows 95 here.. At least judging from the screenshots. EVERY user is fully privileged.

There was only one way to find out how many of them were forging my domain. I was going to have to hack them all!

I love that quote. It sounds like it came straight out of "Hackers."

Regardless of whether or not it's fake, it's entertaining in two ways -- once as a fantasy tale of someone taking revenge on spammers, and once as a badly written overly dramatic technical article from an advanced TCP/IP know-how provider who can use advanced tools like NSLOOKUP and WHOIS...

Re:Fake? Seems like it.

[shogun]

You can quite happily look something up in that range, assuming of course you have setup a local nameserver to handle your local network, which I guess they haven't done.

Re:So Obviously fake...(not at all)

[Micah]

Of course, since he apparently got in right away after she sent the spam, he would have had to do it without rebooting her computer.

Perhaps he replaced one of the standard Windows EXEs with BO?

PCanywhere is probably a better bet.

Re:I don't believe it.

[Tim+Pierce]

there are 95 icq logs, spanning over 2.5 megs, all of text. This is *51000* lines of text!

Not to mention a file of 200,000 addresses of "confirmed anti spammers" that should never be mailed. Since I found my own address on that list, I have reason to believe that they weren't just randomly generated.

It's a disgruntled ex-boyfriend

[Tim+Pierce]

I tend to like the disgruntled ex-boyfriend theory. The T&A photos are part of it. Would Rodona keep scanned GIFs of her own cheesecake pictures on her disk? Possibly, but unlikely. However, she or her boyfriend would certainly have the developed pictures sitting around. That's why someone with intimate access seems more believable.

But for all that, I didn't find the "hacking" story all that implausible, details or no details.

Re:It's a disgruntled ex-boyfriend

[anticypher]

Gaaaack! I just found the nudie photos as well, now that the /. effect is over. So the ex-boyfriend theory floats as well as the ex-employee theory.

Either way, it was someone with physical access to the machines.

the AC
[thats put a damper on my sex drive for a while]

Why me???

[doublem]

I showed the article to my boss and he told me to print up the contact information the guy stole. He wants to start doing business with them. *SIGH* I reminded him we'd set up our own SMTP server for sending SPAM and were just waiting for him to write the copy.

What he doesn't know is Spamming every possible e-mail address @aol.com will result in AOL blocking the IP ASAP, so while j1234567890@aol.com is still getting his spam, AOL will be making sure our IP NEVER spams AOL again.... (HE HE)

then he'll hire somebody to do it, but the guilt won't be mine!!!


Matthew Miller,

Wish fulfillment

[dr_labrat]

This would seem to be ficticious. Nicely written, and completely what everyone would *love* to do to spammers. However, given the language used and the style of writing I would make a pretty good stab at saying that it was written by someone that has only a passing knowledge of security systems. Anyone who had actually done what he claimed to have done would certainly have described things a little more accurately... "....and hacked my way in to the spammer?s computer. The following screen-shot is a picture of the spammer?s Windows desktop caught in the act of forging my domain. 1st Class Mail is a bulk email program. It is used for spamming the Internet. It has no other purpose. Once I had escalated my remote access to that of a full privileged local user..." This kind of sets my teeth on edge... "...I also downloaded enough information from other data files" Reads like pseudo-technology in a cheap film... I'm not saying the parties involed don't exist. What I a saying that this is wish fulfillment....

not fake, but....

[Evil+Poot+Cat]

probably either staged, or a disgruntled employee. Probably the latter, actually, because addresses check out on some of those leads described in the emails. I don't think those folks would willingly give out salary, employer, phone numbers, etc., without compensation.

Kinda hyped...

[DigiEbola]

This is highly tricked up, otherwise it wouldnt be such a good story. The screen shot was prolly done by any number of remote admin tools, take your pic BO or a variant, PC Anywhere, etc. I mean, this lady can not be too bright, she is a AOLer that runs a spam business.

I would say there is a bit of online social engineering going on. Now, had it been me that had done this, I would have used HER email address, emailed all her clients, and either had them redirect their payments to a swiss account, or I would completely piss them off to the point they take their business elsewhere. Financial ruin is a good end to spammers.

Theres alot of different directions you could take this, if you had the resources he had aquired. Just remember, while as just and as neat as this looks, it could just yet another work of fiction, or yet another "urban myth"

Re:Fellow Virginians: Let's use the Law to stop sp

[richardbowers]

I'd be interested in donating to this, if someone will take lead. Now, we just have to figure out how to market it...

You've got to be careful with this...

[Simon+Brooke]

A long time ago I got pissed off with someone who was posting a series of unpleasant posts on usenet groups under a variety of assumed identities, and was able with a little research to identify him by name as a serving Royal Navy orricer and identify both his work and home phone numbers, which I published on one of the newsgroups concerned.

This was a long time ago, and I don't feel good about it now. I don't know what happened to the guy, but given what he appeared to be up to he might easily have been disciplined or even sacked. In some senses he deserved it, but...

My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal.

There may be many people in Clarkesville, TN reading this story now - /. is widely read, and, significantly, is widely read by journalists who may take up the story. By publishing personal details about them we risk stirring up something like a lynch mob - not necessarily in this case, but the potential is there.

Don't get me wrong - I dislike spammers and scammers and borderline criminal sleazoids as much as anyone, and there's no doubt that this Rodona is a sleazoid. The issue is the power of the medium which is being used against her. Yes, sure, it's the same medium that she has been using against others; but it is also a very powerful medium.

It is, I think, appropriate to make evidence of this sort about this sort of people available to their local police office if you think a crime is being committed (as appears to be the case here); but given that sleazoid lowlife are often not the best balanced of people psychologically, we may be whipping up a storm of hatemail and hate phone calls which may cause harm out of proportion to the crime.

Re:You've got to be careful with this...

[yerdaddy]

> There may be many people in Clarkesville, TN
> reading this story now - /. is widely read, and,
> significantly, is widely read by journalists who
> may take up the story. By publishing personal
> details about them we risk stirring up something
> like a lynch mob - not necessarily in this case,
> but the potential is there.

I agree. And furthermore I really think slashdot
should have done a little more research before
posting this one. I mean, these people's lives
are likely to be completely hell for a long time
now because of this slashdot post. What if the
story is not true or only partially true?

Don't get me wrong, I love slashdot and read
daily, but "the slashdot effect" is a damn
powerful thing. I would like to think you folks
would stop to think and make sure you are using it
wisely.

Re:You've got to be careful with this...

[Bad+Mojo]

"My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal."

I submit that ignorance of `the law' is no excuse. When you show up in a country that (despite what anyone says) is run like the Wild West, stealing a few horses is going to get you in trouble. No matter how normal it is in any other place you've done business.

The wider you spread the spam, the more likely someone is going to do something about it that isn't legal. You're asking for trouble.

Is it so hard to build legitimate e-mail lists of people who want info about your products? I have no problem with that type of e-mail solicitation.

Bad Mojo

Re:You've got to be careful with this...

[Malc]

I agree. If this were all true then the anonymous hacker has stooped as low as the spammers, probably lower. People got quite upset last year when a pro-life group posted personal information about abortion doctors on the web. Posting personal information is vigilante-ism (sp?), and completely uncalled for.

Re:You've got to be careful with this...

[jd]

Agreed. It's one thing to take private action and eliminate a threat to oneself, it's quite another to play one-upmanship and create a larger threat against the supposed attacker.

As for the pro-life group & the doctors, people got upset with the pro-lifers because it affected their freedom. But a lot of the same people are probably pro this hacker, because it doesn't affect them at all, and a lynching makes for a good show to such minds.

IMHO, people generally act out of self-interest, but defend their actions through some "after the fact" pseudo-principles.

I'm going to say the same thing a guy said, about 2000 years ago, before he got nailed to a tree: Don't be hasty to judge. Nobody's perfect, and we are all going to tread on other's toes. It doesn't have to be a capital offence, it just means that we might want to talk things out, honestly, with no protecting one's back. Inside every Ogre, there is a wounded kid. Is kicking him some more going to make him any less wounded?

Re:Nine will get you ten, the story's fake.

[sjvn]

Hello. What he describes is still a problem that goes down to improper relaying.

Steven

Spamprobe accounts.

[Moderation+abuser]

Stopping or greatly reducing spam isn't all that difficult.

1. Create a bogus account.
   
2. Set up some procmail rules on the account to pull the from address etc out of any mail sent to that account and store it in a spammer list.
   
3. Set up sendmail or procmail to bounce or /dev/null all mail which matches the spammer list.
   
4. Publish the spamtrap account or aliases on a couple of web sites and news groups.
   
5. Watch the amount of spam you get reduce significantly.
   

Works quite well but you have to occasionally post to newsgroups etc to keep the account in the various spammers lists. I put it in a couple of .signatures.

You can protect your whole organisation this way. The theory is that the only people who would ever send mail to the spamprobe account are the spammers. You make it clear on the web site and news posts that the address is a spamtrap account.

It's worth using an alias which will sort alphabetically to somewhere near the beginning of a spammers list. Some of them seem to sort the addresses they send to.

This page was already covered

[jtseng]

Not to criticize anyone, but this site was already linked to /. yesterday in an article. The link was buried deep in the comments section. I know /. doesn't have the resources to peruse through everything, but the story isn't that exciting anymore.

BTW I'm still wondering how that person got the spammer's screenshot. I doubt that woman had enough rocks for brains to even know of pcA or VNC and he'd have to get past AOL's proxies. Am I missing something here?

But the addresses are real

[/]

If it is fake, then he's stupid for using valid names/addresses:Rodona Garst and Varnjeet Khalsa. I'm going on the assumption that he doesn't want a libel lawsuit, and so it's at least mostly true.

Re:C'mon, that's totally made up! - PC Anywhere

[nard]

I was woken up early one morning when the G.M of my company rang me to ask if I was connected to and using PC anywhere on his workstation.
A Cracker had got in and the G.M actually watched the bugger use his PC
He started up a chat session but the guy ran like his arse was on fire.
He/She did a good job of covering their back, I could not find out who or where he/she was from.
The budget for network security was raised significantly after that ;-)

Between a rock and a hard place

[bee]

Of course, if he had fully explained everything he had done, everyone on this forum would be slamming him for publicizing how to break in and providing a road map to 31337 script kiddiez to do this kind of thing to naive people across the country and around the world. So either he's faking it if he gives too little information, or he's being a menace if he gives too much. Sorry, you've just squeezed the ratchet of logic a bit too far there. If you want information and detail, look at the two *years* worth of ICQ logs he provided. Who in their right mind would fake up something like that?

Re:I don't believe it.

[herbierobinson]

The SPAM samples are real. I have many of them in my archives (I archive all SPAM I receive so it can be used as evidence).

So Obviously fake...

[daVinci1980]

Okay. Seriosuly. This has got to be the biggest load of BS I've yet to read that could somehow pass as "news."

Why am I so sure? Hacking a Windows box isn't like hacking a *NIX box. There's no magical login remote control console. These people would have to install insecure 3rd party software just to open the door to an attack that involves anything other than DOS attacks. And don't give me the "BackOrifice" or PCAnywhere bit. Both of these would have to be installed just like any other software|virus|trojan.

If these people were all running some form of *nix this would be an entirely different story. But at least he did a more or less good job of that; it is a pretty good story.

And lets look for a second at the varying degrees of intelligence these people have. They are intelligent enough to not use their own domain, intelligent enough to steal passwords from AOL users (addmittedly not hard) but then too stupid to realize that someone has been messing around on their box? Get real. "Gee, I installed that spam software yesterday, now where did it go?"

BS...BS...BS...BS... (The BS alarm) ...BS...BS...
--
"A mind is a horrible thing to waste. But a mime...
It feels wonderful wasting those fsckers."

another rodona garst link

[Trailer+Trash]

Found this link:
http://www.prcorp.com/garst.htm

on this page:
http://belps.freewebsites.com/icq-chat-logs/Rodo na-Server-and-Dave-Gosse.txt

If this story is faked, he had to create this page (this first link at prcorp.com), too. Read the Rodona (Kim) Garst bio there, she's made a lot of money at spamming according to it.

Michael

Back Orifice 2000

[quux26]

I've used this tool myself and obtained screenshots. It's silly easy to use too.

My .02
Quux26

Re:Checked out address via call to directory assis

[Trailer+Trash]

The USGS data for Cobblestone Lane in Clarksville doesn't have addresses with it, so mapping software cannot bring up the address.

wha?

[vsync64]

Seems way too vague on certain points. "I am an expert on, uh, stuff. I, er, hacked my way in." And the volume of logs, documents, etc seems a little high. Is this an attempt to smear a helpless company he doesn't like?

Of course, there are a number of ways he could have gotten a trojan onto her system. (Determining an IP address would be as simple as creating a little Java applet that "calls home" and get her to visit its Web page.) She seems quite gullible.

Let us get involved and stomp out spam

[JohnCub]

After having read this article and the posts regarding it I was troubled. What are we to do? Spam is a global problem that does not seem to have a solution. There is no single agency policing spam although measures are being taken to help curb it. Hotmail is prosecuting 8 spammers for forging email headers and Yahoo's policy is to prosecute as well.

The better part of the ./ community knows how to track a spammer, or at least begin to collect data on them. There are tools of the trade that we are able to use to personally identify a spammer or a compromised box and report it to the authorities. Should a compromised box be shut down? Absolutely, in my opinion. It is the admin's responsiblity to ensure security. If they cannot do that properly, shut off the account. (Maybe this will lead to a heightened respect for the admin field.) :)

What do we do?

I don't know about you, but I've decided to get involved. I'm tracking them. I'm legally collecting as much data as possible and turning the spammers in to the appropriate authorities. I'm not hacking or cracking, I'm using standard tools (tracroute, whois, host, etc).

Are you willing to get involved?

I maintain a web site and have database capabilities. If there is any interest in forming a community of professionals to combat spam I would be willing to use my available server space and bandwidth for that. If you're interested, let me know on my home page message board or by simply emailing me.

If you are not willing to get involved (I know how time contraints are) feel free to drop by and see if we are making any progress.

Getting Brutal?

[Rob+Leduc]

Under the assumption that this is legit, why such a lame response?
So you post a few embarrassing pictures? Not fun, but hardly armageddon.

"Man in the Wilderness" claims to be some hacking superstud. How about
modifying her mail set-up so it includes her name, address, email address,
home phone number and IP address on every outgoing message.

Then let those laws against spamming kick in...

Rob Leduc

All talk, no action

[JohnCub]

Yup.
I had hoped otherwise but the proof is in the actions.

Talk talk talk talk talk about it.
Beat it into the ground, that's the way to do it.

But don't bother acting or doing.

Just talk.

...I've not had a single person contact me...
big surprise.

why must I be right in my assumption of worldwide apathy?

New Slashdot poll: How many people believe this?

[sabaco]

As interesting as the story sounds, I think the chances of it being for real are *very* small...

1. He never says the name of the ISP he claims to work for.
2. No contact info provided for him at all as far as I could see, no name, no email, no icq, nothing... not even a fake hotmail email address or something...
3. He doesn't mention how he convinced them to install BO or whatever similar program he used.
4. He is hosting this site on some crappy free web server. If he really runs an ISP why doesn't he use his ISP for host? Or better yet, why not "hack" some server behind their T1 (they appear to have some at least one according to him) and then host the page on their own servers? That would be *much* more amusing... Perhaps, since he claims to have gotten full access to all of their confidential data, even host the page in their own domain? Maybe http://weareassholes.premierwhatever.com/ :) that would be much funnier at least.

My guess is, the people running that domain are putting the site up to discourage others from trying to take them out or something. Or maybe to garner sympathy for their cause...
-- Braeus Sabaco
Member of the Roman Legion
Customer/worker at Phenomenal Internet Solutions

How the screenshot was done (and the LAN setup)

[blixco]

The network setup is described in the page. Basically, they had some type of dedicated fast connection (T1?) and had that hooked into the LAN. They then had shares set up on the machines....the shares were things like the C:\ drive of the machine....with no passwords. That's the way win95 can work. You can share your resources to everyone. The "hacker" at this point places Back Orifice or some such in the c:\windows\system folder, edits win.ini to include the line "run=backorifice.exe" (or whatever he called it) and waits patiently for the victim to reboot (about a day?). Once she has rebooted, he can snag screenshots and control the machine...plus he still has access to her C: drive. He mentions that the victim only used dialups for spamming (and not the high speed connection) to cover her tracks. No having to mow through AOL proxies....her LAN was connected 24/7 with win9x weak ass security model.

I don't believe it.

[HardCase]

One of the reasons that I liked The Cuckoo's Egg was that Cliff Stoll didn't pump himself up to be some kind of superhero. But more importantly, he actually explained what he did.

All that I can see in "Man in the Wilderness'" claims are a few addresses and phone numbers that anyone could come up with using WHOIS and one of the gazillion phone directory web sites. His claim of capturing a screen shot of the spammer's computer is just outrageous...Windows may be full of networking holes, but c'mon...

I don't doubt that he was spammed...and I don't doubt that he was spammed by the spammers that he's claiming to have cracked. But I think that almost everything on that web site is made up.

Sure, he probably feels good that he could associate some names to the pages that he posted, but the text reads like a really bad detective story.

Maybe I'm wrong, but looking at the story with an impassioned eye sure makes it look like some guy with an ego and an axe to grind needs to take a creative writing class.

-h-

screenshot?

[CBravo]

If you have file access to win, it shouldn't bee to hard to get a screenshot:
-install grabbersoftware
-write some scripting
-change the shortcut for her favorite spamprogramme
how you get fileaccess to a box is a different story...

Re:Throw them in the pit!

[I+R+A+Aggie]

I hereby nominate Spamford Wallace and the gang at Cyberpromotions as the first person to be fed to the lions.

Hey! What have those lions ever done to you to deserve such a hideous fate???

James

Smells 'y

[scrubmuffin]

And I quote: "At that moment I silently came across the Internet from thousands of miles away.." Its a damn good he wasn't noisy, otherwise he could have scared them off.

CHECK OUT UGLY RONDA's TITS

This is so fake. He got pictures of her TITS?!?!? I don't believe this for a second.

I think I'm going to puke now.

Re:CHECK OUT UGLY RONDA's TITS

[Russ+Nelson]

What seems more likely is that *she* took pictures of her tits, and had them on her hard drive. Why? Shit, I don't know, people do stranger things than that in my breakfast cereal.
-russ

Re:So Obviously fake...(not at all)

[blixco]

I covered this in another reply, but feel this bears mentioning again because you UNIX kids don't take the time to consider what a weak security model like win9x offers. The victim was sharing her entire C: drive over a LAN that was connected to a high speed link of some type (read the story, don't just stare at the middle-aged pr0n). With this share wide open, the "hacker" can place the trojan .exe anywhere on the victim machine, then simply tell the machine to run the trojan on the next boot by placing the command "run=c:\pathtoexe\trojan.exe" in the c:\windows\win.ini file.

This is part of the problem: a lot of people think that win9x has some security. It was never meant to.

Reader's Digest Special Edition

[Waltzing+Matilda]

This thing reads like a Reader's Digest Book Excerpt:

"By carefully examining the email headers and message body of previously sent spams I was able to identify a unique signature..."

"I silently came across the Internet from thousands of miles away..."

"...spread like a silent wildfire through Rodona's computer network..."

This article is clearly aimed at novices who are afraid of getting their AOL passwords and credit card numbers stolen.

The whois and nslookup transcripts appear to have the sole purpose if impressing us with his net-savvy.

At the end: "Let's Get Brutal!" Please. "After much soul searching..." he decides to post Rodona's cheesy erotic stories and a picture of half her ass. But he has no trouble publishing her home address and telephone number, which is much more damaging.

Tracking down and stopping spammers like this is good, but this level of self-congratulation is far beyond the call of duty.

ICQ logs too

[Capt_Troy]

Yea, I agree. What about the ICQ logs? There are way too many and they are way too long to fake, and they all contain spammerish type conversations. Think it's real.

-capt.

something is wrong in that screenshot !

A qoute from http://elias.rhi.hi.is/premier.cluelessfucks.com/T heStory.htm "At that moment I silently came across the Internet from thousands of miles away, and hacked my way in to the spammer's computer. The following screen-shot is a picture of the spammer's Windows desktop caught in the act of forging my domain. " http://elias.rhi.hi.is/premier.cluelessfucks.com/p ictures/Rodona-Garst-in-Action.jpg Now comes the weird thing, look at the bottem right of the desktop in the systemtray, icq netdetect if offline, that means there is no internet connection, how the hell did he make that screenshot ?????

but a lawsuit against who?

[sabaco]

He doesn't list any form of contact information, and he is using a free web account, presumably to hide his own identity. And perhaps those people even are spammers. (They don't look familiar to me, but I'm not a 133t h4x0r like "man in the wilderness", so maybe if I was I could take screen shots and find out...)

Anyway, even if they were spammers, that doesn't mean that the whole story isn't BS anyway...Anyone have ANY verification of this stuff?
-- Braeus Sabaco
Member of the Roman Legion
Customer/worker at Phenomenal Internet Solutions

I don't know if it's true ....

[Nicolas+MONNET]

... but it's entirely possible. Ever heard of Back Orifice? There you go. It will allow you to take nice screenshots.

Re:I don't know if it's true ....

[Karmageddon]

but it's entirely possible. Ever heard of Back Orifice?

yes, I've heard of Back Orifice. But, in that case it would only have been correct for him to say, "I discovered the machine had already been hacked and I was able to connect to Back Orifice." Connecting to Back Orifice is not called hacking.

It's a disgruntled ex-employee

[carlhirsch]

That's my theory. There's a strange mix of truth/technical vagueness that makes some of the hacking implausible but the reality of the company irrefutable. Now - do these folks actually spam? Who knows. But the phone numbers are certainly valid. Most of the names are probably real, so who knows?

So I'm gonna say that this is some ex-employee who pulled a bunch of stuff off of his co-workers' drives before bailing. All in all, a pretty admirable example of workplace sabotage. Bob Black would be proud.

-carl

Re:It's a disgruntled ex-employee

[multiplatformgeek]

I second this notion. Someone with access to the systems that is slightly knowledgeable and marginally delusional.

Re:It's a disgruntled ex-employee

[httptech]

That would definately explain the hokey account of how he got the information. I hear a lot of people saying "This is fake" and "Where are the details". I'm guessing they didn't read past the first page, because there are REAMS of incriminating information on those pages- ICQ logs, emails, URLs, passwords. If this is a hoax, someone spent a LOT of time creating it. I'm pretty convinced that this is real information from the spammers' computers. How it was obtained may be questionable.

Perhaps the story writer was not the actual cracker, but a friend of said cracker, and got the details skewed.

Re:New Slashdot poll: How many people believe this

[blixco]

What's so hard to believe?
1. He never says the name of his employer because he doesn't want to get fired and get them sued. Probably did a lot of this on company time.
2. No contact info for someone who maliciously cracks into a machine? Imagine my surprise.
3. He didn't convince them to trojan the machine. They shared their C: drives to anyone on their LAN. Anyone. No authentication. And the LAN was connected to a high speed link. So he placed the trojan and the command to install it himself(either thru win.ini or some registry merge).
4. Why "hack" an entire site into existance? Let some free server handle the load. It's anonymous and free. Plus, the guy probably (hell, most likely) doesn't have the skill to hack a site into creation.

My guess is that people suffer from some form of envy for his simple prank, and have deemed it "impossible" based on their jealousy.

Re:Curious...screenshot?

[#include]

hmmm...taking a screenshot of the desktop isn't that hard. You can even do it in VB . And yes, you can do it under Win95/98 (not sure about NT...don't have much experience with it).

But the events don't occur that way....

[blogan]

He got the screenshot of the dial-up IP. The screenshot was gotten right in the act when his pager went off, so he didn't wait for a reboot or go through the LAN.

Re:New Slashdot poll: How many people believe this

[sabaco]

I didn't say it was "impossible" just unlikely... and I didn't say he had to provide his real name and address or anything, just *some* form of contact, some crappo account that can't be traced back to him... aren't there any anon-email servers left?

As for the sharing of their C drives, I must have missed when he said that. That definately would be highly stupid...

Why *not* "hack" an entire site into existance? He seems to think he's hot stuff, so it oughta be easy... and if they are dumb enough to share their C drives full access no password, then they'd probably never be able to figure out how to turn it off... it would at least prove that he could "h4x0r" their systems. :D hell, if he actually has full access to their C drives, he should be able to add a webserver to the system in five seconds flat.
-- Braeus Sabaco
Member of the Roman Legion
Customer/worker at Phenomenal Internet Solutions

Re:New Slashdot poll: How many people believe this

[Nicolas+MONNET]

He never says the name of the ISP he claims to work for.

Maybe because what he (supposedly) did, while understandable, is actually illegal?

No contact info provided for him at all as far as I could see, no name, no email, no icq, nothing... not even a fake hotmail email address or something...

Maybe because what he did is illegal?

He is hosting this site on some crappy free web server.

Maybe because what he did is illegal?

Who else thinks Rodona Garst is cute?

[doublem]

OK, who else thinks Rodona Garst is kinda cute? I mean, she may be an immoral slimeball, but she looks like a fun lady to get together with. Did anyone notice a wedding ring on her finger? Anyone ever find infor about her on any Swingers' sites? Did she write the kinky stories????

Why do I get the feeling I REALLY need a date....

http://homepages.manawatu.net.nz/~alanjb/RodonasBr eastSize.htm


Matthew Miller,

Where in the world is Rodona Garst

[Cognito]

I find it quite interesting that the majority of web search engines return NO pages having the phrase "Rodona Garst". How could this be?

Nine will get you ten, the story's fake.

[sjvn]

I find it hard to believe in this miracle hacker who manages to take AOL screen shots from afar, but who doesn't know how to turn off his mail server's open relay functionality, which is what enables spammers to use his site in the first place.

Steven, Editor at Large, Sm@rt Partner