Slashdot Mirror
Taking On A Spammer
_QED was the first of an onslaught of users to submit a story about a programmer who got his domain forged by a spammer and took action. I don't know if this is real and I'm certainly not suggesting doing this yourself, but this is an extremely interesting story.
I don't see any obvious reason to believe that this site is fake. People here are complaining about it not having enough technical details, but they don't seem to realize that the spammers are out there reading this site as well. Now what do you think would frighten your average spammer (they aren't known for being too bright) more? A detailed explanation of exactly how this guy socially engineered his way into these computers or a menacing but vague description of his "stealthy hacking" full of colorful adjectives and small words? In the first case, Billy Joe Bob Spammer will just say to himself "Well gee-whiz, I'll just be sure not to fall for [fill in the blank]!" while in the second he's left thinking "OH NO!! HACKERS ARE JUSS LIKE IN THE MOO-VEES!!"
~ =
As for the people who are wondering why he doesn't publish this on his own web site under his own name, e-mail address, home telephone number and social security number -- have you even for one second considered the fact that what he did was CLEARLY ILLEGAL?
Anyway, this spammer DOES exist. I actually first found out about this page from a recent post to the SPAM-L mailing list. Here is the first and third posts on that thread:
Subject: Nuke: from alts.net
Date: Mon, 5 Jun 2000 09:51:47 -0700
From: "Hart, Andrew"
To: SPAM-L@PEACH.EASE.LSOFT.COM
4601 W. Sahara looks very familar, but I didn't find
an abundance of recent NANAS hits against it.
-----Original Message-----
From: Technical Support [mailto:support@alts.net]
Sent: Wednesday, May 31, 2000 7:02 PM
To: *******@aol.com; TOSspam@aol.com; abuse@verio.net; abuse@alts.net;
tech@connectcorp.net
Cc: nanas-sub@cybernothing.org; spamrecycle@chooseyourmail.com
Subject: Re: [Email] Spam: Free Rate Quote!
Thank you for notifying us of this spammer. Our policies do NOT allow bulk emailings in any way. The account free-cybermarket.com has been terminated effective 10:00PM EDT 31 May 2000.
Best Regards
ALTS, LLC ABUSE
abuse@alts.net
At 08:50 PM 5/31/00 , *******@aol.com wrote:
URL: http://www.free-cybermarket.com/m/index.html
Dropbox: mailto:ulistsrvcs@fr.fm?subject=unsubscribe
FROM mail-abuse.org TO www.free-cybermarket.com.
traceroute to free-cybermarket.com (161.58.232.252), 30 hops max, 40 byte
packets
...
7 vwh0.dca.verio.net (129.250.30.166) 89.765 ms 91.406 ms 89.846 ms
8 free-cybermarket.com (161.58.232.252) 89.429 ms 89.517 ms 89.734 ms
Query: free-cybermarket.com
Sunrise Beach Inc. (FREE-CYBERMARKET-DOM)
4601 W. Sahara
Las Vegas, NV 89122
US
Domain Name: FREE-CYBERMARKET.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
Enterprises Inc., SunRise (SE4175) sunrise@CONNECTCORP.NET
SunRise Enterprises Inc.
4601 W. Sahara
Las Vegas , NV 89102
NONE GIVEN (FAX) NONE GIVEN
Domain servers in listed order:
NS1.ALTS.NET 192.41.1.48
NS2.ALTS.NET 161.58.9.48
Details on NANAS
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
J. Andrew Hart
Subject: Re: Nuke: from alts.net
Date: Mon, 5 Jun 2000 10:50:18 -0700
From: Jay Hennigan
To: SPAM-L@PEACH.EASE.LSOFT.COM
On Mon, 5 Jun 2000, Hart, Andrew wrote:
> > 4601 W. Sahara looks very familar, but I didn't find
> > an abundance of recent NANAS hits against it.
Seems to me that address turns up in the ICQ logs of Rodona Garst,
the posting of which kept me up all night reading. Fascinating stuff.
http://belps.freewebsites.com/
http://premier.cluelessfucks.com/
--
Jay Hennigan - Network Administration - ***@****.***
NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
WestNet: Connecting you to the planet. 805 884-6323
You can't really blame those PR people - maximizing your exposure for a minimum of expense is a basic goal of any marketing campaign. Spam is an example of a market failure, wherein otherwise beneficial free-market forces encourage behaviour which causes negative externalities (just like a manufacturing plant has an incentive to dump pollutants cheaply). Sure the spammer gets their message out, and might generate some revenue off that, but everybody else carries the expense of unnecessary traffic, pissed off users, etc.
The question is, how best to deal with this situation. Sure, this guy probably should have "changed the names to protect the (presumed until proven guilty) innocent," but would anybody have believed him in that case?
Stop by my site where I write about ERP systems & more
With apologies to Tom Lehrer.
. When you show up in a country that (despite what anyone says) is run like the Wild West, stealing a few horses is going to get you in trouble. No matter how normal it is in any other place you've done business.
What is disturbing to me is that all we have is this guy's word. Now I happen to believe him, but what if this whole thing turned out to be a clever and malicious hack taken out at these folks' expense?
Where there is no justice, I have no problem with the quickest gun carving out his own revenge. But it would be better if there were something like due process and independent review of evidence, and impartially and uniformly implemented punishment, rather than a system of self appointed judge/jury/executioners. That way the little guy and the inexperienced get justice too.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Did you even READ the ICQ logs???????
These low-lifes routinely INSTALLED PCAnywhere on their machines so they could work from their laptops in bed!!!! Getting in was a no-brainer!! And they didn't know sh*t about the technology!!! They had a revolving door of script kiddies that had to set up their systems!!! They only knew what the script kiddies taught them!!
And check out some of the other URLs mentioned - they are all there! (like silver-shamrock.com)
"We have heard the BS alarm.....and it is you!!!"
If you have a problem with spam, FIRST, secure the domains with Nessus.
THEN, configure your mail server to bounce mail with broken headers.
THEN, follow the Advanced Networking HOW-TO to set the queue for TCP connections to port 25 to a much smaller value.
Finally, only accept connections from hosts with a valid IDENT response.
Chances are, your average spammer won't be capable of forging any e-mail that can pass through even rudimentary security, such as this, without having to reveal their true name & true e-mail address. Something your typical spammer is unlikely to do.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
anyway, here's a bit of extra fact:
"Pump & Dump" Claim
Mark Rice Insider Info
So he does exist, and he did want to trade 50,000 shares. Of course the problem with good lies is they are often half-true.
Whenever we receive SPAM mail, I send this reply:
The Windmill e-Mail Parsing System(c) indicates that the message you have sent is an advertisement, commonly known as SPAM mail. If your message is NOT Spam, please click your e-mail program's "Reply" button and re-send your message.
If your message IS Spam, be advised that this is a Business E- Mail address, and and as such costs money to maintain.
Your e-mail costs us money.
Any further advertisements sent to this address will be invoiced to your firm at $5.00 per message. The act of sending further e-mail messages to this address is considered acceptance of this billing arrangement.
MIS Department
Accounts Receivable
If they send us more SPAM, I send them this:
Please consider this your invoice for $5.00.
Reply promptly with information regarding your preferred payment method. You will not be invoiced for any e-mails exchanged regarding your account.
Your Customer Number is SPM23975, please use your customer number in all correspondence with ETS, Inc.
Have a nice day.
Accounts Payable
Nothing has ever come of it, but it makes me feel better.
Matthew Miller,
"Live Free or Die." Don't like it? Then keep out of the USA
Better yet, go find yourself a copy of Stevespam, one of the best .mod files I've ever heard!
I guess I'm kinda dating myself here... I was deep into BBSes when this song came out. Wow I kinda miss "Dial attempt #322..." on Telix. :-)
There does seem to be too much hype and too few details to the story. A questionable point in my mind: Just how does one track a user to an IP address based on email? Unless you control the originating SMTP server (hence you could cull the logs), it must be very difficult to resolve a user down to an IP... in this story, the return domain was forged but the originating SMTP was stolen from an unrelated service, so how is the spammer IP address resolved?
Discovering the originating IP address from the headers of a given message is trivial. Most SMTP MTAs record the IP of the client connection in a Received: line. All one need do is examine the first non-forged Received: line in the message header.
We need a technological solutions to this problem, not a legislative. If there was no method to fake e-mail then this wouldn't be a problem.
Freewebsites.com is slashdotted already. Already! Anybody mirrored it?
-russ
Don't piss off The Angry Economist
As for anonymity on the net, I'm actually for it. I also for a more secure network. And I have no problem with blocking sites and users that break the rules without needing to find out who they are. However, if this story is true, the spammers in question made no attempt to be anonymous. They revealed who they are through publically accessable information. Too bad.
I have read a couple of suggestions for persistent anonymous identities on the net. People can decide whether to do business with you based on the reputation of your anonymous identity. That would require a couple of important components:
Certainly, there would be nothing to stop people from maintaining multiple identities or creating new ones on a whim. However, if your reputation was your ticket to transactions on the net (buying, selling, possibly even working), it would be worth a lot. Set your threshold at 2 and refuse to talk to the ACs and new users. The choice would be yours.
The bottom line on anonymity is that in a sense, true anonymity is impossible. To achieve that, it would have to be impossible to link anything I say or do to anything else about me. That would mean that every e-mail message, every web page, every Usenet post would be a disconnected entity. That isn't useful, and probably isn't possible.
What is useful is when I can go online and seek information about a medical condition I think I may have without leaving a trail that insurers can link to me as a customer. If they want to know something about my medical history that's fine. They should have to ask me. They can refuse to insure me if I refuse to divulge it. Limits on the scope of legitimate questions are a matter for the legal system.
Anonymous identities are most useful when they allow two-way communication. That requires persistence. And that means that they are subject to retaliation for their actions. The retaliation is simply limited to what you can do to an anonymous ID. You can wreck its reputation so that others won't do business with it. With a strong mechanism to accomplish that, imagine what would quickly happen to spammers. If we could identify them as spammers within minutes of the first offense, and nearly everyone used filters that would then refuse mail from them, how much of a business could they build?
Imagine if it became public knowledge that they had engaged in a pump-and-dump scam before the markets opened the morning after they sent their e-mail. Would you want to be a spammer holding 100,000 shares eVapor.com when NASDAQ halts trading on it because the pump-and-dump is reported before the opening bell? Watch the $80,000 you put into it turn into a complete loss.
The net will not be what we demand, but what we make it. Build it well.
The blurb for this story didn't contain any warning about "the usual hacker/cracker misnaming applies". Does that mean slashdot has grown up and moved on to more important matters, or is CmdrTaco asleep at the wheel?
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
It is a really good story, though!
But here's a potential loophole (unless I'm totally wrong in my figures, which I could be...someone please recheck):
The screenshot says she was sending 3,522 e-mails per hour. That's just under 58 e-mails per second. She was supposedly using a throwaway AOL dial-up account. (The frac T1, it was said, was not used for sending spams.) Even if the laptop had dual-channel ISDN, the maximum she could spew just under 16 kilobytes per second. This would mean the size of the e-mail would have to be 282 bytes. That's enough for maybe just over four lines of text. The examples provided on the site had multiple paragraphs of text and bulleted-item lists in the spam-mails.
It doesn't add up. She **might** get 58 spams per second if #1) there was no bandwidth wasted to pesky things like TCP/IP headers and SMTP commands, #2) there were no rejected spams, #3) she had a dual-channel ISDN connection with compression for her AOL dial-up, and #4) the spam-mails were very small.
I really find it hard to believe that AOL offers dual-channel ISDN with compression and that Rodona coincidentally has an ISDN adapter for her laptop and the spams she happened to be sending when the screenshot was taken were uncharacteristically small.
But I absolutely **love** the story. Should've been a book. I really, really hope that it's true!
Doug ---- Co-host of Ghostly Talk
carlos
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
Your idea about sending a fake bill to spammers is a very BAD idea. By sending them email, you verify your existence. Once your address is verified as "legit", what happens? You get more spam. For the same reason, never click on their "click here to opt out" links!
I'd advise using Spamcop (spamcop.net) The free part of SpamCop un-obfuscates the email header information, then allows you to automagically send a letter of complaint to the appropriate authorities. Personally, I've seen several accounts (email and website) disappear after I've used Spamcop against them. It's quite satisfying. Spamcop also has a fee-service for filtering email (which I haven't tried yet).
I hope this helps!
Ceci n'est pas une pipe.
Duh.... unless the "screenshot" is faked, a point you were obviously too dull to catch on to...
-- Your Servant,
Your Servant, B. Baggins
Oh boy, just what we need: a new way to discourage Spammers. I can see it now.
Spammer's phone rings.
``Hello?"
``Yeah, hi! Is this $SPAMMMER?"
``Why?"
``I got a copy of your spam, the one about the web site that promises ``Real Time Lezbo S&M Action". I gave it to a nerd buddy, who tracked you down. I decided to come on over & see you perform."
``If you come over here, I'm gonna call the police on you."
``I already talked to the chief of police in your town. He's pissed that you sent his child a spam advertising that web site about ``Old MacDonald & His Cow", so he's coming over too. In fact, that's his car sitting in the driveway. If you perform well with Mistress Domme, he's willing to drop the charges. Be sure to ice down the beer!"
Jeez, I'm about to blow all of my karma on this one sick joke.
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
Thanks for the compliment. Another week or so and I'll probably take the link out of my .sig and put it on my user page or something so it doesn't look like I'm crying over spilt milk forever. Thanks, though.
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Assuming this is true (and he's apparently gotten enough accurate information about these individuals that he's either convinced he's right or willing to risk a libel suit) this is a perfect example of why all spam, no matter how interesting the product or service may be or what company it's from, must be deleted without response.
These people are willing to steal other people's AOL accounts (OK, let's all laugh at the AOL users, but it could have easily been a local/regional ISP) to send their spam, the "pump and dump stock scam" probably damages both the hapless investors and the company in question, all in the name of making money.
I say we mega-Slashdot this site -- send a copy of this URL to everyone you know (_especially_ if they use AOL) and tell them to look at it(*). Point out that just because it's comes from a *koff* "trusted" site like eBay or Microsoft doesn't mean it's any more welcome or desired. Make sure that people start using a company's or site's "opt-out" policies for junk mail.
I don't know at what point spam becomes "unprofitable" but the more people who refuse to cater to spammers or their clients, the better.
Jay (=
(*) Okay, maybe not everyone you know. No point in spamming in the name of anti-spam. But at least tell people about the site.
Ponder this: If he never had been able to crack the machine, you would never had heard of the story.
Would be even more fun if I got to administer the clue-by-four to the spammer personally, though...the criminal justice system is so impersonal.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
I made the list of people whom this company is afraid to spam my old email address of "lordkano@sgi.net" is on the list download the list of people whom they fear from...t m
http://homepages.manawatu.net.nz/~alanjb/misc.h
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal
:-)
Whether this spammer (the "poor dork Rodona Garst") is stupid or not is really irrelevant. By the fact that she is able to use a computer to send spam, con naive AOL users into providing their usernames/passwords, participate in illegal stock schemes, etc, she has demonstrated that she has sufficient mental capability to be considered mentally competent (i.e. not mentally retarded or insane), and as such is responsible for her actions. And as they say, don't play with fire unless you're willing to get burned. This time, she got burned, and I feel no sympathy for her. If she was unwilling to take the risk of her (immoral, and some illegal) actions being exposed, she should not have performed those actions, and *further* should not have framed innocent people for them.
Now, I might be swayed by your argument about stirring up a "lynch mob", had this simply been a case of political disagreement, or someone doing something unpopular/controversial, etc. But the problem here, to me, is that not only did do it, but then framed an innocent individual for her spams. If that individual then comes back and kicks her in the ass, well then c'est la vie. She can deal with it. If she was spamming people without forging her IP (or forging it to be restricted numbers, thus not implicating innocents), then maybe publishing her information would be too extreme. But in this case, I think it is appropriate.
All in all, I think she and her associates got off rather easy. If the story is true, and the Man In The Woods did indeed gain access to the computers of Garst et al., then he could have easily destroyed everything on their disks rather than simply publishing the information about her deeds on the Web. Or perhaps he could have discovered sufficient personal data to cause more personal havoc in her life. Given the hassle that she caused, I think he showed remarkable restraint
that this is a spoof.
This guy claims to be such an important security expert, yet in addition to reading all of the "Hacker books", visiting "Hacker webpages", reading all of the traffic from the "Hacker mailing lists", and earning a living he STILL has time to hack his way across the internet and steal a hundred megabytes of information from these people.
I think that he even throws in the negative comments about AOL users in an attempts to curry favor with people like us.
Rodona, or whoever she is, has some decent nipples but I doubt the veracity of his story.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
That list is probably at least partially a list of posters to news.admin.net-abuse.*.
I never reply to spam. I often followup spam to originating site's postmaster/abuse. I occasionally post to nana*. I'm on the list.
Oh, and to those who say "the whole story of hacking in is impossible!", bite me. People are really that dumb---I've known lusers who
I'm not convinced this story is real, but I'm sure it's not impossible.
-- veni vidi nuclei deceri --- I came, I saw, I dumped core.
>Another datapoint: on the site there is a list of "anti-spammers that they won't send spam to".
I took a look at this list. A number of the names are obvious spam-blocks, abuse@*, etc.
And I found my own name. Four times, different variations. Wow, & I haven't complained about spam in years. (Could it be that I'm just a cheap SOB who won't buy anything advertised in email? Naw.)
But I'm saddened that they didn't include my favorite spamblock of all time -- the one where I used ``cyberpromo".
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
It seemed to me to either be a very similar situation, or a fairly blatant rip of the story.
-------
CAIMLAS
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
This is absolutely REAL information. I checked out the list of anti-spammers that he got off her computer, and MY NAME WAS ON THE LIST.
You can see for yourself. pdrap@ctp.com, pdrap@concentric.net and pdrap@cris.com are all on the list. Those addresses are no longer active, but at one time I did a helluva lot of spammer killing with those addresses.
I was skeptical too, but after considering it all night, it makes much more sense that he snagged the info using Back Orifice than the notion that he made it all up. Particularly so since the data appears to be accurate.
If tits were wings it'd be flying around.
BackOrifice or NetBus-style monitors would give you this kind of info, allow you remote (at least command-line) control of the victim's computer (even at the same time they're using it!), collect screenshots, and conceal themselves from the "usual" methods of determining what's running on their own machine - that's what they were designed to do.
As for WHY he doesn't say how he did it - maybe he's anticipating being able to "get" them again, and doesn't want them cutting off his access?
I agree. The complete lack of any technical information on the hacking seems pretty suspicious. I do know of at least 6 different ways to get into a windoze machine and do this, but all of them take a little time and effort. Given the detailed amount of other info, I'd expect a little bit on the hacking.
There are other incorrect technical details which would point to this poster being more of a user (ex-spammer) rather than a system administrator. The "blank Bcc: line" comment is wrong, because Bcc: is a function of the MUA, once it gets sent to the MTA over SMTP, every one of those addresses is converted to an RFC821 RCPT command.
I got the exact same feeling from this whole affair as you have, an ex-spammer disgruntled he didn't get paid for something. He/She had some time alone with Rodona's laptop, and copied a bunch of stuff onto some floppies or ftp'ed. With a little fixing up to appear as an agrieved sysadmin to throw his ex-employers off the scent.
Spammers and telemarketers are all fair targets for retribution, whether through hacking or social engineering (the sex survey, FBI hotline, others)
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
BTW, I host my own domains and email and I monitor spam closely. The problem is getting worse: There's even a spammer operating over the last few days who is mailing to "postmaster@" and that is a huge no-no. They are shameless.
I don't know if it's legal; that's one of those debates that's still up in the air (see here for the last /. article about such). But this seems to be justified at the very least. The crimes he KNEW these people were comitting (to say nothing about what he found out) are sufficient. Now, IANAL, but I don't think what he found is admissable as evidence for prosecution, but it would serve as a great reason for conducting civil and criminal investigations, wouldn't it? Then they can get the same info legitimately, and can the spam for a few years, or hit them in their pockets, where it hurts. :)
There are mirrors at:
:)
http://elias.rhi.hi.is/premier.cl uelessfucks.com/
http://cow.org/~noise/belps.freewebsi tes.com/
http://homepages.manawatu.net.nz/~alanjb/
There is also some interesting posts at an old mirror here:
http://premier.cluelessfucks.com/ (gotta love that domain name!)
This is great information... where else could you find out how many freckles are on a spammer's ass
------
IanO
------
Objects in Mirror are Losing!
Im sorry, but this sounds like John Markoff wrote this. I really don't believe it. Also, This is not the first time a domain controller sued a Spammer, Matt Seidl from localhost.com sued a spammer for using his domain name in their spam. Which I hate to say, was thrown out.
Objects in the blog are closer then they ap
See those messages encouraging mass spamming in order to get stock volumes up? That's pump 'n dump. A credible public company on the market does *NOT* need to behave like this, PERIOD. There is *NO* reason to do this.
Smallcap (penny) stocks that are basically scams (those with many shares are 'pumping' the stock by all this spam, hence creating volume, and an increase in price, and an increase in demand for the stock, and then dumping what they own for moremoney.)
That is not what stock is about, and it's illegal.
Of course. I wouldn't put my main e-mail address on a webpage like that, much the same way I don't put my main e-mail address up on Slashdot. Web-based e-mail is wonderfully anonymous (when you kill all browser cookies), and since you only end up downloading the message from the server if you click to open it, you don't waste an hour waiting for a day's worth of spam to be fed down the pipe from your POP3/SMTP mail server. That was probably the easiest option available to him.
Given that the subject matter was illegal and it's not impossible for Hotmail or Yahoo or others to trace IP addresses, my next tactic would be to use an cyber cafe or some other similar place to create the e-mail address. Probably, I'd upload the webpage to the server from another cyber cafe to assure greater anonymity, just in case they're logging IP addresses, too.
Further, it's easy enough to write a Javascript that breaks your e-mail address into two pieces so that webspiders don't find it and spam it, and yet when a user clicks on the link, it gives you the correct and complete address. I'd pass you the script you can add to your own websites to do this but I don't have it handy right now. It's common enough knowledge, I didn't write it.
Subj: Your an idiot. (Score:0)Hmmm. Generally, if you wish to insult someone effectively, it's better to have a thorough and proper command of the language you are using.
Pursuant to the above paragraph, you will note this convention, used every day in common English:
"your" = possessive. ie. "It's your brain that doesn't work."
"you're" = contraction of "you are". ie. "You are about as intelligent as a tsetse fly."
To combine the two into an impressive demonstration of your new-found (though, ironically, remedial) English skills, you could use a sentence like the following:
"It's not your fault that you're not very intelligent."
Along those same lines, you should be aware of tricky words like "there", "they're" and "their". And "its" vs. "it's" never ceases to confound.
Since I suspect English is your first language, I would expect you to demonstrate a more thorough command of the language than was demonstrated in your post. One's second and third languages are generally expected to display grammatical and contextual errors; but I would doubt you have either the tenacity or the requisite breeding required to learn a second language. I have nothing but respect for those who learn several languages, since it's not an easy process. (I know, I speak several fluently.)
I hope that you get to use this tidbit of information to avoid being marked down on your high school freshman English tests.
Now, isn't there a nice and warm Sony Playstation waiting somewhere for you? Or maybe you prefer a little Jerry Springer?
Fire and Meat. Yummy.
Doesn't mean it's offline... though it may.
The computer sitting next to me was moved from dialup to DSL... and as long as the modem is donw, icq netdetect still thinks the machine is 'offline' (even though ethernet link is up)
What sort of cruel parents would name their kid "Rodona"? And that face, eeeuuuooow. . .
The kind of anonymity that Napster users do is the home version of intellectual property theft, with copyright violation (artists songs are their work, right?) and so on thrown in.
Open Source. Closed Minds. We are Slashdot.
Heh okay I think I responded before I thought too much about the site. I am in agreement that I think it's fake too. I did a look up on Rodona's supposed ICQ number and there is no such user.
http://wwp.icq.com/3483645
I tend to think it is someone they know also. As much as I like to think it was a BO attack, there is another perfectly acceptable hack... gaining physical access to the machine!
Notice that the author only shows ICQ stuff from a few machines. That ain't a lot. In fact, two of the machines were prolly sitting next to one another. Simply email/ftp all the icq message files/.jpegs/.txt files and ya got lots of ammo. Getting near three machines is pretty easy. Hell, look at how Kevin got all his passwords - he just called people on the phone and said "what is your password?" They gave it to him.
However the site author did it, it is pretty damned wicked.
Well, the WHOIS info he lists for PREMIERSERVICES.COM is accurate. Check out http://www.networksolutions.com/cgi-bin/whois/whoi s?STRING=PREMIERSERVICES.COM&S TRING=Search
Matthew Miller,
"Live Free or Die." Don't like it? Then keep out of the USA
Don't confuse your ignorance with technical impossibility. BackOriface is similar to pcAnywhere or Microsoft's SMS, all of which give you remote GUI access to a Windows box. Want even more? According to the Back Oriface feature list BO2k supports Multimedia support for audio/video capture, and audio playback.
Note that BO is pretty easy to install. A shared drive with no password or a weak one or a trojan horse email or website (ActiveX can work for you!) would all allow you to break into a clean Windows box. One with dozens of insecure programs installed (e.g. ICQ, some IRC clients, some email clients, etc.) would be even easier.
__
You know something. I find it very disgusting how so many people who advocate an anonymous internet when it comes to file sharing on Napster, and so forth, but the MINUTE they get spammed, they are all shouting about accountability and how we need better records of who is using the internt.
People, the internet is both accountable and anonymous. Basically, if you want to be anonymous, it's not that difficult to do so. And, if you want to be accountable, you can do that too. The point is, spammers will always fake headers in some way, and "illegal" mp3s will always move anonymously through non-logging proxies, and people will continue to put up webpages showing off their new Corvette, including exactly where it's parked at night, and where in the garage the keys are stored.
The only combat we have against Spammers, is the capitalist approach. Spammers would not be in business, if not for all of the nullheaded PR people who feel they need to mass-market the internet cheaply. And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people.
At my company, we urge our marketing department to stay away from companies who want to send out spam on our behalf. And we've batted 1000 so far (thank god). I feel that we're doing our part by not supporting companies whose only product is unsolicited email. So if you ask me about the "big picture" of stopping SPAM, my answer is simply, stop paying them to do it.
Basically your describing using anonymity as a tool for Free Speech, not anonymity to escape prosecution. Anonymity is a tool, not a basic right of being human like we take Free Speech to be. 'nuff said.
Bad Mojo
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
True, I can see a Samba network being wide open, but that doesn't mean that they could get a screenshot of the desktop. Unless this guy was the actual spammer and wrote the story to cover himself ;-)
well... there's more to it.. http://cow.org/~noise/belps .freewebsites.com/joejob.html someone in salt lake city took it upon themselves to try to pin the "man in the wilderness" id on ravi pina who owns cow.org. why? revenge, etc, we don't know. we do know that ravi certainly didn't do the hack, and several of the things the poster mentioned just dont ring true -- as steve sobol so eloquently points out. the existance of the joe job really does alot to harm any possible credibility that rodona may have had -- it will, hopefully, result in the termination of two throw away dialups and may implicate another member of the premier services cadre. rule: spammers are dumb. so there you have it.. i really dont think its fake now.
Just reading the first page causes me to shudder at the way it's written.. Take this quote, for example:
... Finally on the fourth day my digital pager went off. The message on the LCD read; "Spammer is on-line!"
By carefully examining the email headers and message body of previously sent spams I was able to identify a unique signature that appeared in every email the spammer sent. I designed an email filter to detect this signature, and placed it on the mail gateway of a high volume Internet mail server
The above just makes me laugh, if you ignore the question of, "how'd you get that filter program on the 'high volume internet mail server'?" Did you use your h4x0ring sk1llz, or was it your own for your business of providing advanced TCP/IP know-how?
Once I had escalated my remote access to that of a full privileged local user
We're talking windows 95 here.. At least judging from the screenshots. EVERY user is fully privileged.
There was only one way to find out how many of them were forging my domain. I was going to have to hack them all!
I love that quote. It sounds like it came straight out of "Hackers."
Regardless of whether or not it's fake, it's entertaining in two ways -- once as a fantasy tale of someone taking revenge on spammers, and once as a badly written overly dramatic technical article from an advanced TCP/IP know-how provider who can use advanced tools like NSLOOKUP and WHOIS...
--- Where's my X.400 protocol decoder?
Not to mention a file of 200,000 addresses of "confirmed anti spammers" that should never be mailed. Since I found my own address on that list, I have reason to believe that they weren't just randomly generated.
I tend to like the disgruntled ex-boyfriend theory. The T&A photos are part of it. Would Rodona keep scanned GIFs of her own cheesecake pictures on her disk? Possibly, but unlikely. However, she or her boyfriend would certainly have the developed pictures sitting around. That's why someone with intimate access seems more believable.
But for all that, I didn't find the "hacking" story all that implausible, details or no details.
This was a long time ago, and I don't feel good about it now. I don't know what happened to the guy, but given what he appeared to be up to he might easily have been disciplined or even sacked. In some senses he deserved it, but...
My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal.
There may be many people in Clarkesville, TN reading this story now - /. is widely read, and, significantly, is widely read by journalists who may take up the story. By publishing personal details about them we risk stirring up something like a lynch mob - not necessarily in this case, but the potential is there.
Don't get me wrong - I dislike spammers and scammers and borderline criminal sleazoids as much as anyone, and there's no doubt that this Rodona is a sleazoid. The issue is the power of the medium which is being used against her. Yes, sure, it's the same medium that she has been using against others; but it is also a very powerful medium.
It is, I think, appropriate to make evidence of this sort about this sort of people available to their local police office if you think a crime is being committed (as appears to be the case here); but given that sleazoid lowlife are often not the best balanced of people psychologically, we may be whipping up a storm of hatemail and hate phone calls which may cause harm out of proportion to the crime.
I'm old enough to remember when discussions on Slashdot were well informed.
If it is fake, then he's stupid for using valid names/addresses:Rodona Garst and Varnjeet Khalsa. I'm going on the assumption that he doesn't want a libel lawsuit, and so it's at least mostly true.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Of course, if he had fully explained everything he had done, everyone on this forum would be slamming him for publicizing how to break in and providing a road map to 31337 script kiddiez to do this kind of thing to naive people across the country and around the world. So either he's faking it if he gives too little information, or he's being a menace if he gives too much. Sorry, you've just squeezed the ratchet of logic a bit too far there. If you want information and detail, look at the two *years* worth of ICQ logs he provided. Who in their right mind would fake up something like that?
At least mafia-owned pizzarias make excellent pizza. Compare to Bill Gates.
All that I can see in "Man in the Wilderness'" claims are a few addresses and phone numbers that anyone could come up with using WHOIS and one of the gazillion phone directory web sites. His claim of capturing a screen shot of the spammer's computer is just outrageous...Windows may be full of networking holes, but c'mon...
I don't doubt that he was spammed...and I don't doubt that he was spammed by the spammers that he's claiming to have cracked. But I think that almost everything on that web site is made up.
Sure, he probably feels good that he could associate some names to the pages that he posted, but the text reads like a really bad detective story.
Maybe I'm wrong, but looking at the story with an impassioned eye sure makes it look like some guy with an ego and an axe to grind needs to take a creative writing class.
-h-
I covered this in another reply, but feel this bears mentioning again because you UNIX kids don't take the time to consider what a weak security model like win9x offers. The victim was sharing her entire C: drive over a LAN that was connected to a high speed link of some type (read the story, don't just stare at the middle-aged pr0n). With this share wide open, the "hacker" can place the trojan .exe anywhere on the victim machine, then simply tell the machine to run the trojan on the next boot by placing the command "run=c:\pathtoexe\trojan.exe" in the c:\windows\win.ini file.
This is part of the problem: a lot of people think that win9x has some security. It was never meant to.
I would tend to agree with the consensus that although it's a cool story, it is probably not true. I would just think that if that many AOL usernames were snagged, we would have heard about somewhere else. Anyone have any more info? As an active member of the anti-spam community. I would like to attest that everything here checks out. It's legit. It's also outrageous and amazing, but none of the anti-spammers has managed to poke any major holes in it; and they're a very suspicious bunch. Premier has been on the anti-spammers' radar, but hasn't drawn any abnormal amount of attention up to now. However, that has changed now that this information was released. I suspect the spammer's ICQ accounts are going to have to be changed from the sheer volume of anti-spammers giving them grief. I've seen quite a few logs of post-hack discussions; they're making all sorts of lawyer threats. Which would be suicide, of course, because that would bring even more publicity, something they can't afford.
--
First off, this story was on k5 yesterday. At that time, the site was still accessible. I wonder whether all mirrors have got antifile.zip - which includes 4 MB of email addresses of people who replied to get off Rodana Garst's mailinglists. I would never have put that file online. .procmailrc filter on the headers.. :)
By the way, the archive didn't shock me because of Rodana's pictures, but because of the size of antifile.zip - if those people are only the ones who hoped to get removed from Garst's List (I found five of my co-students on it), how big must the full archive be?? Twenty million email addresses? Forty? One billion?
We are just some toy in the spammer's hands. I'm never going to reply spam again "to be removed". Deleting is the only thing that helps. Well, I could put up a
A qoute from http://elias.rhi.hi.is/premier.cluelessfucks.com/T heStory.htm "At that moment I silently came across the Internet from thousands of miles away, and hacked my way in to the spammer's computer. The following screen-shot is a picture of the spammer's Windows desktop caught in the act of forging my domain. " http://elias.rhi.hi.is/premier.cluelessfucks.com/p ictures/Rodona-Garst-in-Action.jpg Now comes the weird thing, look at the bottem right of the desktop in the systemtray, icq netdetect if offline, that means there is no internet connection, how the hell did he make that screenshot ?????
What seems more likely is that *she* took pictures of her tits, and had them on her hard drive. Why? Shit, I don't know, people do stranger things than that in my breakfast cereal.
-russ
Don't piss off The Angry Economist
... but it's entirely possible. Ever heard of Back Orifice? There you go. It will allow you to take nice screenshots.
That's my theory. There's a strange mix of truth/technical vagueness that makes some of the hacking implausible but the reality of the company irrefutable. Now - do these folks actually spam? Who knows. But the phone numbers are certainly valid. Most of the names are probably real, so who knows?
So I'm gonna say that this is some ex-employee who pulled a bunch of stuff off of his co-workers' drives before bailing. All in all, a pretty admirable example of workplace sabotage. Bob Black would be proud.
-carl
. We've got computers, we're tapping phone lines, you know that ain't allowed - Talking Heads, "Life During Wartime"
What about the following scenario: he finds a Windows file sharing wide open, he replaces one of their often used files with a BackOrifice trojan, the clueless spammers double click on it, et voila. Sounds perfectly possible to me! Now the whole story could be a hoax, but it's still completely possible. Never underestimate the stupidity of a spammer!
What's so hard to believe?
1. He never says the name of his employer because he doesn't want to get fired and get them sued. Probably did a lot of this on company time.
2. No contact info for someone who maliciously cracks into a machine? Imagine my surprise.
3. He didn't convince them to trojan the machine. They shared their C: drives to anyone on their LAN. Anyone. No authentication. And the LAN was connected to a high speed link. So he placed the trojan and the command to install it himself(either thru win.ini or some registry merge).
4. Why "hack" an entire site into existance? Let some free server handle the load. It's anonymous and free. Plus, the guy probably (hell, most likely) doesn't have the skill to hack a site into creation.
My guess is that people suffer from some form of envy for his simple prank, and have deemed it "impossible" based on their jealousy.
He never says the name of the ISP he claims to work for.
Maybe because what he (supposedly) did, while understandable, is actually illegal?
No contact info provided for him at all as far as I could see, no name, no email, no icq, nothing... not even a fake hotmail email address or something...
Maybe because what he did is illegal?
He is hosting this site on some crappy free web server.Maybe because what he did is illegal?