Slashdot Mirror
Taking On A Spammer
_QED was the first of an onslaught of users to submit a story about a programmer who got his domain forged by a spammer and took action. I don't know if this is real and I'm certainly not suggesting doing this yourself, but this is an extremely interesting story.
I agree. The complete lack of any technical information on the hacking seems pretty suspicious. I do know of at least 6 different ways to get into a windoze machine and do this, but all of them take a little time and effort. Given the detailed amount of other info, I'd expect a little bit on the hacking.
There are other incorrect technical details which would point to this poster being more of a user (ex-spammer) rather than a system administrator. The "blank Bcc: line" comment is wrong, because Bcc: is a function of the MUA, once it gets sent to the MTA over SMTP, every one of those addresses is converted to an RFC821 RCPT command.
I got the exact same feeling from this whole affair as you have, an ex-spammer disgruntled he didn't get paid for something. He/She had some time alone with Rodona's laptop, and copied a bunch of stuff onto some floppies or ftp'ed. With a little fixing up to appear as an agrieved sysadmin to throw his ex-employers off the scent.
Spammers and telemarketers are all fair targets for retribution, whether through hacking or social engineering (the sex survey, FBI hotline, others)
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
There are mirrors at:
:)
http://elias.rhi.hi.is/premier.cl uelessfucks.com/
http://cow.org/~noise/belps.freewebsi tes.com/
http://homepages.manawatu.net.nz/~alanjb/
There is also some interesting posts at an old mirror here:
http://premier.cluelessfucks.com/ (gotta love that domain name!)
This is great information... where else could you find out how many freckles are on a spammer's ass
------
IanO
------
Objects in Mirror are Losing!
You know something. I find it very disgusting how so many people who advocate an anonymous internet when it comes to file sharing on Napster, and so forth, but the MINUTE they get spammed, they are all shouting about accountability and how we need better records of who is using the internt.
People, the internet is both accountable and anonymous. Basically, if you want to be anonymous, it's not that difficult to do so. And, if you want to be accountable, you can do that too. The point is, spammers will always fake headers in some way, and "illegal" mp3s will always move anonymously through non-logging proxies, and people will continue to put up webpages showing off their new Corvette, including exactly where it's parked at night, and where in the garage the keys are stored.
The only combat we have against Spammers, is the capitalist approach. Spammers would not be in business, if not for all of the nullheaded PR people who feel they need to mass-market the internet cheaply. And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people.
At my company, we urge our marketing department to stay away from companies who want to send out spam on our behalf. And we've batted 1000 so far (thank god). I feel that we're doing our part by not supporting companies whose only product is unsolicited email. So if you ask me about the "big picture" of stopping SPAM, my answer is simply, stop paying them to do it.
Just reading the first page causes me to shudder at the way it's written.. Take this quote, for example:
... Finally on the fourth day my digital pager went off. The message on the LCD read; "Spammer is on-line!"
By carefully examining the email headers and message body of previously sent spams I was able to identify a unique signature that appeared in every email the spammer sent. I designed an email filter to detect this signature, and placed it on the mail gateway of a high volume Internet mail server
The above just makes me laugh, if you ignore the question of, "how'd you get that filter program on the 'high volume internet mail server'?" Did you use your h4x0ring sk1llz, or was it your own for your business of providing advanced TCP/IP know-how?
Once I had escalated my remote access to that of a full privileged local user
We're talking windows 95 here.. At least judging from the screenshots. EVERY user is fully privileged.
There was only one way to find out how many of them were forging my domain. I was going to have to hack them all!
I love that quote. It sounds like it came straight out of "Hackers."
Regardless of whether or not it's fake, it's entertaining in two ways -- once as a fantasy tale of someone taking revenge on spammers, and once as a badly written overly dramatic technical article from an advanced TCP/IP know-how provider who can use advanced tools like NSLOOKUP and WHOIS...
--- Where's my X.400 protocol decoder?
This was a long time ago, and I don't feel good about it now. I don't know what happened to the guy, but given what he appeared to be up to he might easily have been disciplined or even sacked. In some senses he deserved it, but...
My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal.
There may be many people in Clarkesville, TN reading this story now - /. is widely read, and, significantly, is widely read by journalists who may take up the story. By publishing personal details about them we risk stirring up something like a lynch mob - not necessarily in this case, but the potential is there.
Don't get me wrong - I dislike spammers and scammers and borderline criminal sleazoids as much as anyone, and there's no doubt that this Rodona is a sleazoid. The issue is the power of the medium which is being used against her. Yes, sure, it's the same medium that she has been using against others; but it is also a very powerful medium.
It is, I think, appropriate to make evidence of this sort about this sort of people available to their local police office if you think a crime is being committed (as appears to be the case here); but given that sleazoid lowlife are often not the best balanced of people psychologically, we may be whipping up a storm of hatemail and hate phone calls which may cause harm out of proportion to the crime.
I'm old enough to remember when discussions on Slashdot were well informed.
All that I can see in "Man in the Wilderness'" claims are a few addresses and phone numbers that anyone could come up with using WHOIS and one of the gazillion phone directory web sites. His claim of capturing a screen shot of the spammer's computer is just outrageous...Windows may be full of networking holes, but c'mon...
I don't doubt that he was spammed...and I don't doubt that he was spammed by the spammers that he's claiming to have cracked. But I think that almost everything on that web site is made up.
Sure, he probably feels good that he could associate some names to the pages that he posted, but the text reads like a really bad detective story.
Maybe I'm wrong, but looking at the story with an impassioned eye sure makes it look like some guy with an ego and an axe to grind needs to take a creative writing class.
-h-