Day In The Life Of Net Scam Artists

NeoCode writes: "This articles chronicles a day in the life of two hackers. Seems like a reporter anonymously paid these hackers to log in their typical day. In the article, they talk about how they fool people with their spams and phreaking scams. Its in quite a bit of detail in terms of what these guys do to make money (and tons of it). Obviously these guys are breaking the law and nibbling on innocent/naive users. Looks like AOL and other ISPs still have to beef up their filters to stop spamming." Not a lot of details, but it's kinda interesting.

confused

He states -> "Now we gotta go call the 800 number on back" If he got the CC through e-mail what is the back (of the CC) is he referring too? Or did he get them through the mail?

Re:And the credit card companies just don't care

So raise your spam penalties to $1000, or $10,000, or however much it takes to make it worth the effort to collect.

Re:Shame on MSNBC for confusing 'crackers' with 'h

Wow, how the Slashdot community has changed -- not to mention the geek community at large.

A few years ago, while Slashdot was still on the fringe, the very First Post would have complained about the distinction between hackers and crackers.

Now, people are saying, "Who cares about the distinction? We're called what society calls us, and saying that society has the wrong idea is pointless."

True geeks don't care about trying to force our own pet definitions on society at large, but we'll politey correct anyone who comes into our domain and misuses our terms.

It's an infectious disease.

I know hundreds (literally) of people who have this life -- exactly. They spend all day on AOL and drop out of school. They make money now, brag about it, but learn no valuable skills that'll get them a job when all their scams get caught. Now and then, there's someone who gets caught, but being that these people are between the ages of 10 - 20 (on average), nothing will happen to them.
These people are *not* what are considered script-kiddies. They are not hackers. The author has no idea about this terminology. Any one of you can download a program and do exactly what they do. It takes absolutely no computer knowledge or intelligence.
Most people are in the business of scamming for a few years, then realize it won't get them anywhere in life. Then, a new generation emerges, and the last generation become so-called "old school" (which, we know they really aren't).
All and all, it's a black void drawing in lost teenagers through short-lived fame/money and steals away their future so they rot away and leech welfare.

Re:Do not try this you will go to jail.

You're not kidding, my little brother had carded (stolen from AOLer) merchandise sent to the cardholder's name at his home address (my parents' house.

He spent a few weeks in Juvie Hall and 18 months on probation as a 16-17 year old. He would have spent 6 months in the prison, but apparently the Juvenile Courts/ Corrections Dept for Cuyahoga County, Ohio have too many schoolyard drug pushers and child rapists to keep kids who "only defrauded a company for four thousand dollars" more than a couple weeks.

He violated his probation several times by not checking in with his court-appointed supervisor (parole officer) and being picked up for curfew violations, but they never called him on it. They sealed his record at 18 because he hadn't commited any other serious offenses. He quit HS and nowworks at Pizza Hut as a 20-year-old, with no appreciable skills or education.

Funny thing is, our parents were giving him plenty of stuff; new PCs, vidgame consoles, allowance. All they asked in return is that he go to school and study. He just wanted more without having to work for it. Bum.

Re:deficiency

[Nick]

The only way I know of to get past ANI is to trick the operator to diverting your call to the number that you wish to call, thereby having the number of the operator (always xxx-0000) showing up on ANI. But, of course, you can't route data calls this way, so you are pretty much limited to either using someone else's line, or doing what Kevin Mitnick did and aquire a different number through the cellular telephone network, although, with the state of cellular networks today, that is considerably harder to do than it was 5 or 6 years ago

What we used to about 5-6 years ago when we were younger and of less wisdom, was first off to follow one of the 10 commandandments for phreakers 'One must never phreak over thine own wires'...

To do anything really dumb and illegal we had usually went into a downtown back alley and hijacked some business' telephone network interface box to make calls, or more importantly to use a laptop with.

Re:Hmmm.

[AxelBoldt]

Do you need an id in order to send money?

--

Story Summary

[MoNickels]

Quick summary:

This story is a huge crock of shit.

Re:Story Summary

[|guillaume|]

Well said. I could not have said better, sincerly.

Re:Story Summary

[Pseud0]

No kidding! I do not believe for one second that those guys are anything but hacker wannabees.
What ever stopped the first guy from just taking the money and not writing the the story at all? Or maybe he wasn't that paranoid?
The biggest scam described in this article is when the reporter believed that these guys were for real.

--

Shame on MSNBC for confusing 'crackers' with 'hack

[Brian+Kendig]

The behavior described in the article -- duping people, buying lists of stolen passwords, setting up phony web sites -- is barely even the domain of crackers, but still the article has to use the word 'hacker' in its title.

Hackers are people who thrive on being faced with problems and finding clever, innovative solutions to them. Crackers are people who break into computer systems. Confusing the two is like calling every martial-arts student a 'ninja.'

I'm annoyed that MSNBC doesn't understand the difference, and even more peeved that CmdrTaco didn't catch it, either.

Re:*67 has no effect on ISP/Telco logs

[stripes]

3. You *will* have the originating number even if *67 was used. This is because *67 is a feature set for end users which can be disabled/masked, whereas the originating number received on an ISDN PRI has been provided by SS7 signaling, and is mandatory to the system's proper functionning.

A lot of older ISP lines, and even some newer ones from more out of the way places do not have ANI or caller ID.

You can still get the account ID, and maybe the telco can get PEN info, or maybe not.

5. All of the above requires about a day, depending on the size of the log files that have to be searched through, and the short delay in getting info from local telcos (they do move quickly if the right person asks).

Or how well indexed the logs are. A big ISP gets over 300 login/logout events per second. You don't want to use a flat text file and grep for that. (Actually that number is about a year old, it may be 600/sec now)

Re:11 is popular

[stripes]

One of the guys gets some CC numbers off the net and calls the 1-800 number on the back to see how much money is on the card?

You can do that. As a credit card merchant making a data call at least. You can do a verify for a charge (that doesn't actually make the charge), or a reserve for the charge (which still doesn't make the charge, but eats up credit for something like a day or three, until there is another charge from the same merchant number). You could even make a charge, and then issue a credit (but that costs money). There may even be other things, but that was the set that the two places I had to write software to talk to would do.

Of corse that requires a merchant account, and scamming those is probably a lot harder then snarfing up a few AOL accounts :-)

Re:*67 has no effect on ISP/Telco logs

[stripes]

At the ISP I used to work for, our RADIUS servers logged to SQL servers.

Four years or so ago Sybase couldn't even delete a day's data as fast as it was rolling in. Machines have gotten faster since, any maybe Sybase has too, but so has the call volume (I don't know of Oracle was tried). It ended up being done with Sleepycat's DB B-tree product and a lot of custom code.

I can see a smaller ISP being able to get away with Sybase though. There are economies of scale, and diseconomies of scale too.

Criminal Mind

[Bishop]

The "criminal mind" is different from others: they truely believe that they won't get caught. I think neither criminal was really worried about getting caught. They took certain precautions, but it is these precautions that allow them to feel uncatchable.

Re:Hmmm.

[CYberPhreak]

I work at a grocery store service desk, and as such, I handle many western union transactions a day. To answer your question, no, you cannot recieve money without a valid form of identification, and in some circumstances, you cannot send without identification.

If this joker...

[rho]

If that joker is a leet haxor, then so am I.

This was a 15 year old wanking a gullible adult. A real criminal (one smart enough to be making "6 figures") does not brag about his exploits, and certainly do not write diaries to be published on MSNBC.

Hell, for $250, I'll yank that reporter's chain, and give him a better diary, too. Drop me an email, guy, and I'll give you a Great Gatsby-like retelling of how I

• cracked saddamscrib.iq, replaced "Death to the Imperialist Running Dogs" with "All Your Base Belong To Us"
• ghosted Al Gore's email address to subscribe him to the fat-lover's listserv
• stole a CC number belonging to Jeff Bezos, using it to buy "Seven Habits of Highly Successful People" from borders.com

"Beware by whom you are called sane."

Re:If this joker...

[serutan]

yeah, it reads like teenage dialog written by a 40-year-old.

Re:Yeah, Fort Knox...

["Zow"]

Might this be just a tad bit embellished for the reporter's sake?

Did anyone else notice that the one guy was glad to get the $250 from the reporter so he could go out drinking?

Yes, I definately think they're embelishing - at least in terms of how much money they're making with these scams. Others have commented that the logs were faked - I think the idea of suddenly getting $250 to go out drinking wouldn't occur to a reporter that hasn't lived down & out for a while - sounds a lot more like some of my friends back in college.

-"Zow"

Re:A way to check

[Thrakkerzog]

I have my credit card billing address to my address at school. Over the summer, when I am not at school, it is not worth changing the shipping address for 3 months, and changing it back. This is mainly because they fail to do so, no matter how many times I fill out the address change form.

anyway, if I use my CC at home, the bill goes to school, and gets forwarded to home. I think a lot of students do this.


-- Thrakkerzog

Re:If more people would fight back

[Bob+McCown]

I got a spam the other week that lead off with this gem: "This isn't spam. This is a legitimate business email, and I got your address from a list that I purchased"

Sounds like spam to me.

DipScam?

[Delphis]

I swear when I read 'FBI's task force operation DipScam' I thought they said 'DipShits' ... oops.

People accepting them must be pretty damn stupid though.

--
Delphis

It would be nice if

[Ravenscall]

People would learn to do research. Many of these scams fall apart under the smallest pretense of scrutiny. If people were willing to question, especially if it sounds 'To good to be true', these guys would have no niche to exploit.

I never ship to my billing address

[erice]

Becuase no one is ever home during the day when deliveries are made. I always send packages to the office.

Frankly, I don't see how mail order houses who won't ship to an address different from the billing address can stay in business.

Re:I never ship to my billing address

[sunhou]

Because no one is ever home during the day when deliveries are made. I always send packages to the office.

I do this too. But what you can do is contact your credit card company, and give them extra "shipping addresses" that they keep on record. When (some) merchants contact them to verify the card and info, the credit card company basically says "yes, that is a valid address for this card". Most of the on-line merchants I deal with take longer to verify credit card info if the two addresses are different, but this is a way to get around that. Although some merchants make you wait longer for verification if the two addresses are different, whether or not the shipping address is listed with the credit card company...

I think its bs.

[kevlar]

I don't buy it. For one, if they're making tons of money, then why would they need to be paid by the reporter? Moreover, why would they put themselves at risk of getting caught if they're so successful?

Re:deficiency

[Dredd13]

I use www.anonymizer.com to go to the Yahoo account because I'm paranoid. Hell if anyone's going to get my IP (Internet address). Screw the Feds, they are lazy they won't trace me back that far.

Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...

Specifically, what law requires you to keep logs?

D

addendum

[kaisyain]

Look at the Jargon File entry for cracker and you'll see that if you REALLY want to be pedantic you should call them worms instead of crackers...since worm was the original neologism.

Re:Shame on MSNBC for confusing 'crackers' with 'h

[kaisyain]

Hackers are people who thrive on being faced with problems and finding clever, innovative solutions to them. Crackers are people who break into computer systems.

Says who? Try looking up "hacker" in, say, Merriam-Webster's Collegiate Dictionary. You seem to be under the mistaken impression that small subcultures get to force their own pet definitions on society at large. It works the other way around...words mean whatever the population at large decide they mean. Heck, even the Jargon File admits that hacker was originally used to mean "a malicious meddler" and only recently has that use become deprecated.

Confusing the two is like calling every martial-arts student a 'ninja.'

No, it's more like a subset of karate students (it's only a subset because not all karate students agree with them on this issue) suddenly deciding that, because of the increased media exposure that the movie Karate Kid brought to their subculture they now want to be called "judo-ka" -- and who cares if karate and judo are already in widespread use? -- and then getting their obi in a twist when everyone keeps calling it karate.

Unless you are trying to suggest that there is some innate meaning in the two words completely separate from what society imparts to them.

Huh?

[Nickbot]

I went to the site thinking it was an article, but it turns out it's just and advertisement for Adcops.com.

You remember Adcops? The guys that say:
Adcops: "Give me $100 and I'll tell you how to avoid being scammed"
Sucker: "Uh, ok, here you go"
Adcops: "You weren't paying attention"

Oh, that is one sweet scam.

Re:Huh?

[Tackhead]

> it turns out it's just and advertisement for Adcops.com.

And who do we know from adcops.com?

Why, it's Maurice O'Bannon!

What does Maurice do for a living? Why, he's the Treasurer of Empire Towers!

And what does Empire Towers do? Why, they're a bunch of spammers!

What an amazing coincidence!

Re:Huh?

[Tackhead]

> Kudos on the investigative journalism,

Not my research, I just read about it in nanae and followed a few links in google.com.

> I'm off to DDoS adcops.com...

Please don't.

The way to DDoS spammers is to teach all your friends how to read headers so they can report the spammers to their upstream ISPs.

Likewise, teaching your friends to report pump-and-dump spams to the SEC, Nigerian 419 scams to the SS, tax evasion scams to the IRS, quack medicine to the FDA, and Make-Money-Fast to the USPS, is a highly effective ways to deny service to the scammers behind the spammers.

Traditional DDoS over a network is (a) illegal, and (b) network abuse, the very thing anti-spammers are trying to prevent. We're the good guys, remember?

But getting the spammer deleted - whether from his network (abuse @ his upstream ISP) or from society (various .GOV agencies weilding heavy LART) - is a much more satisfying way of denying service to spammers. Best of all, it's (a) legal, and (b) prevents network abuse.

Re:Huh?

[blue+trane]

Not even one person has said they don't mind spam? Without it, I would never get any email.

Re:And the credit card companies just don't care

[rark]

Serious suggestion: In your copious spare time (that was very toungue in cheek -- I'm a sysadmin, I don't know what spare time is ) something you could do to fight the higher ups, is:

make a list of all the costs involved with spam -- man hours tracking it down, downtime of mail servers swamped with it, getting yourself out of the RBL, business lost/cost to customers of being RBL'd -- make it as detailed as possible, be realistic, but remember that things like the amount they paid some sysadmin to come in at midnight to fix the mail server 'cos some spammer brought it down counts!

Split this into per-spammer chunks (i.e. maybe each spamming incident costs $250 or something, this is, btw, probably too low an estimate)

find out how much your lawyer costs

compare number-of-spammers times per-spammer-costs to lawyer-costs

if a is greater than b, tell the higher ups.

otherwise, file it and return to it occasionally -- increases in costs or spammers might make it useful eventually

Re:Hmmm.

[rark]

They don't mention it in their faq (funny that) but as of last year, at least (the last time I needed western union) they did allow you to pick up money without an ID. The sender had to specifically allow this, and a question was asked with an answer (theoretically) only you should know for authentication.

To confirm this, go down to your local western union and read the 'to send money' form.

Re:GF??!

[sharkey]

Found out her name was Rosie Palms. The date was cut short because the Five Blister Sisters were being abrasive.

--

Re:GF??!

[TWR]

Methinks that "her place" is a glove...

-jon

Re:deficiency

[Felinoid]

Your right he isn't truely untracable.
However it is quite likely for a given cracker to be unaware of ALL the ways he may be cought.

Crackers are less aware of ALL the ways a person may be cought and more aware of the tactics law enforcment uses.

As such if a sysadmin takes on the task and tracks the cracker without law enforcment there is a pritty good chance the sysadmin will catch his/her target.

It is also likely a good precentage of his cracks are brags.. Works of fiction

When I was a kid a friend of mine was a cracker. Most of his cracks were fictional. Likely based on real events and just extended them into the unreal.

The Fort Knox story probably did happen however it wasn't Fort Knox but a dumpster in the back of a company throwing away Sun Sparcs or Pentium 2s for Xeons or UltraSparcs. Or something on that mesure.

First and formost this kid is a con.. so even the storys are cons. Sure he did something similer.. Makes the story believable.. sorta...
Just as when a con sells you rechargable batterys you get used non-rechargables.

Re:And the credit card companies just don't care

[FreekyGeek]

Why won't the credit card companies help us clean up?

Why? Because it's easier tomake their customers pay for the spam by simply passing the losses along to us in the form of higher credit card interest rates.

I've been through this. The credit card companies just don't care about abuse. They really don't. It would cost them money to make the system more secure, and why should they*spend* money when all they have to do is increase our rates and fees?

My only point of confusion

[mindstrm]

Is that, the gist of this is, get credit card numbers.

How is using a friends house as a' drop site' for carded equipmetn safe? How do they not track it down? Someone explain this to me...

Re:My only point of confusion

[QuantumG]

cops go to his friend's house, his friend says "I have no idea what you are talking about" they search the place, can't find the equipment, no case.

Re:My only point of confusion

[QuantumG]

yes well most people with half a brain dont use the same drop house more than once. But no one said this guy had half a brain

Re:My only point of confusion

[Tackhead]

When I first read this article, I thought "Oh no, tomorrow there'll be another 10,000 chickenboners who think they can make $100K/year spamming".

But between the "*67 protects you from being traced", the "I use my friend's house to drop off carded stuff", and all the other things in that article that don't work, I'm kinda glad this article got published.

This article phishes for punk spamming wannabe-thieves in the same way punk spamming wannabe-thieves phish for AOLamer accounts with spams saying "AOL billing needs your password".

I love the smell of roast spammer in the morning... Dawn is but a few hours away.

Re:My only point of confusion

[Twid]

They get away with it because law enforcement and the credit card companies generally don't care. I know someone who was involved in investigating the egghead compromise last year. One credit card company had over one million credit card numbers stolen. They decided that it was cheaper to deal with fraud on those credit card numbers than to reissue and remail one million credit cards.

For the credit card companies, it's a business decision, in the USA you can only be held liable for $50 in fraud if you report it, so they likely feel it's the consumer's problem to report it.

For law enforcement, it's only a few thousand dollar scam at most, and they are probably more interested in going after murderers and higher profile criminals. If these scam artists don't get too greedy and don't make too much noise, I'm sure they can keep up scams like these for years.

For the internet computer store, it's a tough call, many customers really do buy laptops as gifts or want stuff sent to a different address, are you going to turn away that business?

Here's a typical story from here.

Here's a personal example: Our company experienced its first encounter with credit card fraud last month. Someone stole a credit card account number, then used the stolen number to purchase a $500 product from our company. The crook knew the cardholder's correct address, provided our company with that information, but requested that the product be shipped to a different address.

Since it's not uncommon for our customers to request a "ship to" address which is different than the "bill to" address, at first, we didn't think much of it. Our policy is to send the invoice to the "bill to" address -- which we did. A few days later we got a call from the customer (whose card number was stolen) informing us that he never purchased anything from us.

This particular scamster used one of the free email services (Juno) to open an email account in the stolen cardholder's name -- which made the transaction appear more legitimate. We informed Juno's security department of the fraud taking place. (Juno said that they shut down the scamster's account.)

Although we got authorization and approval from our merchant account vendor, we bear all the loss.

We contacted the banks and the merchant providers involved, and even contacted the police. The banks, merchant providers and police were not able to help -- mainly because they were too busy or felt that the dollar amount involved ($500) was not significant enough to warrant further action.

While I think the stories are probably somewhat exaggerated, I think that there is more truth than many posters have been willing to admit.

- Twid

Re:My only point of confusion

[poptix_work]

Um...ok...I don't follow that NetZero is untraceable because it is free. And if he knows it's untraceable, why use anonymizer? Or try to hide his number from logging systems by using *67 (which won't work, btw)? And he talks as though subpoenas are hard to get...fact is, getting a subpoena for a phone number is a piece of cake. FYI, as a systems admin at an ISP, your dial up terminals (ascend, portmaster, etc) will not get callerid for calls that are A) out of area B) *67 or C) caller id blocked permanently (an option usually reserved for government) even with PRI's, the telco simply does not send the information. (Not to say his telco wouldn't be able to keep dialing logs) As for using anonymizer, after netzero, i'd say it would be an extra layer of protection.

Re:My only point of confusion

[poptix_work]

re: cell phone, probably used credit cards to pay the bill, and most likely a tracphone, which only requires a credit card for use, pretty much anonymous.. used by a lot of criminals, especially drug dealers.

Re:My only point of confusion

[tonywong]

Are you that naive to expect that law enforcement will walk away after repeated drops to a house? All they'll do is stake out the address, especially if the ask FedEx to flag shipments to that place.

The logs are bogus entries by wannabes.

Re:My only point of confusion

[psxndc]

This is completely true. My girlfriend's CC number got stolen somehow (no, she didn't give it to any non-reputable online store) and the thief charged a $500 stereo and a $2500 laptop to her card. The thief made errors in her billing address though (4 digit zip code?? c'mon) and the store that the thief bought the stuff from called my girlfriend's bank. The bank called her and confirmed that she didn't buy either of those and cancelled the transaction.

Well, being a little computer savvy and wanting to CATCH this guy, I got the IP address of the computer he ordered from, traced it back to a viginia cell phone company and... nothing. Though everyone involved: the bank, the store, and the cell phone company had records of the ordeal, and were helpful the day it happened, nothing came of it. The bank said that since it was only $3000, they weren't going to persue it, the store said "talk to the bank about trying to prosecute" and the cell phone provider said "hmm... well we did find some people using our services to steal porn, but not what you're talking about. Thanks". And the police effectively took the paperwork we filled out and put it in the circular file. If its not a large sum of money to the _company_, they don't care.

crap, made me think about becoming a criminal...

psxndc

Re:My only point of confusion

[ArticulateArne]

Maybe they intentionally put this stupidity in the article to try to draw would-be criminals into trying it and then getting caught...

Re:My only point of confusion

[john_many_jars]

If you read the article, the second hacker at midnight starts netting ccs. At 12:30 he has about 30. Then he calls the 800 numbers on the back. What, did he get the actual credit cards in his email? or did he not check his facts?

Re:My only point of confusion

[Dendrite]

Have you seen the resolution of the UPS signature pads? I wonder just how much analysis could be done from the mush of pixels they record.

Re:My only point of confusion

[taliver]

And the next time, the cops go to the house, watch the stuff get delivered, and then wait for whoever to come pick it up.

Or simply arrest the friend at that point. Sure, they might not have a whole lot to hold him on, but sitting in a police station with four cops staring at you and telling you you can go if you say who the stuff is for can be a bit intimidating.

Re:My only point of confusion

[blindbat]

For law enforcement, it's only a few thousand dollar scam at most, and they are probably more interested in going after murderers and higher profile criminals.

No, they sit around four way stops handing out traffic tickets. :)

Re:My only point of confusion

[Technician]

Yea, that was pretty dumb ordering pizza on a stolen phone and having it delivered! I had a friend who had a phone, and he opted to leave it on to put a way the crook. It worked. A quick check of all the people he phoned the day before gave all the info needed. Who called you yesterday at 2 "my son" Did you deliver a pizza yesterday to XXXX nw 55th st. at 7:45 PM? Yea. Did they pay by check? Yea. May I have it? Yea.... End of story.

Re:My only point of confusion

[shyster]

If you read the article, the second hacker at midnight starts netting ccs. At 12:30 he has about 30. Then he calls the 800 numbers on the back. What, did he get the actual credit cards in his email? or did he not check his facts? No...but each bank has an identifying (IIRC) quartet in the CC #. Cross-reference the quartet to a list of CC issuing banks and their 800#'s. Nice and easy...

As mentioned before, the difficult part is the drop.

Re:My only point of confusion

[shyster]

It's pretty simple. The NetZero account is "untraceable" because no real info is needed to sign up, and no credit card. Anonymizer hides the originating IP address, so it's difficult to even find out that it's a Netzero account. *67 will block private sector companies from receving CallerID info (unless it's an 800#, which will still receive the info), but the telco's logs would still have info.

So basically, anyone trying to track down would have to go thru Anonymizer.com to get their logs on the IP address (do they even keep logs?), then thru NetZero to get an account name, whcih would be bogus. Then Feds would try to get the phone number from NetZero, would not be able to. So, now they have to subpoena the phone company for logs of who called this Netzero node # at this time. It is a large pain in the ass.

Contrast this with a spammer who doesn't take these precautions. Ask store.com for the orginating IP address. nslookup the ip address, returns as an Orlando, FL Bellsouth dialup node. Call BellSouth, ask who had this IP address at this time. BellSouth gives account info. All done.

Re:My only point of confusion

[Shoten]

Oh, there's a lot more to it than that...I simply cannot believe how many things in this story make no sense. For starters, here's where I think thing really went wrong at first:

OK, some guy on Efnet (an Internet chat area) told me last night he would Western Union me $250 if I wrote a diary of one of my typical days and e-mailed it to him in .doc format.

Okay...anyone who knows IRC knows what insano things that posers will say in channels. Enough said, just someone say it to a reporter before he does this sort of story again?

He was too stupid to be a Fed.

Ok...maybe that one is credible. If I were a journalist doing a story on something that gets as technical as this topic, I'd have someone backing me up who can smell the difference between truth and what these guys are dishing out.

...through an untraceable NetZero account. I use www.anonymizer.com to go to the Yahoo account because I'm paranoid. Hell if anyone's going to get my IP (Internet address). Screw the Feds, they are lazy they won't trace me back that far. Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me.

Um...ok...I don't follow that NetZero is untraceable because it is free. And if he knows it's untraceable, why use anonymizer? Or try to hide his number from logging systems by using *67 (which won't work, btw)? And he talks as though subpoenas are hard to get...fact is, getting a subpoena for a phone number is a piece of cake. All you need to do is file a "John Doe" lawsuit and request an expedited subpoena. The ISP will gladly turn over the information...they have entire departments just for this purpose usually.

By then I'll have a new number. Hell, I go through telephone lines about one every 2-3 months.

Um...dude? Word of warning...the phone companies keep their records longer than that...some of them actually remember your address for upwards of 4 or even as many as 5 or 6 months...amazing huh?

At that point I started tuning out. These guys supposedly are pulling in thousands a month in fraud, yet somehow they have managed to elude capture despite the incredible numbers of mistakes they make in covering up their tracks? This is ludicrous...but the biggest scam is the fact that a reporter got a great story that even got slashdotted, for $250. Too bad it's all lies...it looks as though these two losers really ended up scamming even more people than they claim to.

Re:And the credit card companies just don't care

[mindstrm]

Where are your lawyers, and how exactly does the company justify not letting it go through? This is one for the lawyers.

Re:deficiency

[WasterDave]

"Rarely is the question asked: Is our children learning?" -- George W. Bush

All your politician are belong to us.

Dave

Re:deficiency

[joekool]

my girl friend works for a cell phone company, as tech support. last night she was tellin me how the tech at work showed her how to click on a period here a letter there, and you were put into the tracking sstem that showed you( on a map!) where a call was coming from, where the nearby towers were, etc

Re:deficiency

[joekool]

just because the long/lat is displayed on a map, does not mean that it does not exist--and just cause you don't know how it works, don't call it bull just because I referenced my GF, as it happens I know several other pople who work for other companies(lubbock being a good place to put call center's) and have heard mention of similar systems at their place's of business. And for the record, I did mention that it was hiddin, didn't I--only the tech's knew about it, apparently, and one just happened to show it to her

Re:If more people would fight back

[LennyDotCom]

I agree but what really bugs the Hell out me is when spammers quote some bogus bill that hasn't passed into law yet and try to tell me that "This is not spam according to ... such and such bill"
I think I will decide what is and what isn't spam not some damn moron spammer!!!!

Re:If more people would fight back

[LennyDotCom]

I know can you believe how stupid these people are?
I e-mail a spammer that was trying to sell me something to take me offer thier list they e-mail back and a said
" I thought spam was e-mail that offered get rich quick skeems"

If more people would fight back

[LennyDotCom]

We could solve most of the spam problem If more people would fight back instead of just ignoring spam

follow the link in my sig. to find out more about what you can do

Re:If more people would fight back

[Monte]

. I think that all users who register NEED to be verfied as LEGITIMATE people, so that when someone does send spam using fdgstshsts@hotmail.com, they'll know WHO IT IS...

Geez, that's going to mean a lot of birth certificate lookups and blood tests...

Re:If more people would fight back

[Stonehand]

The bogus Hotmail mail may not actually be originating from their mail servers. It's not unusual for spammers to specify AOL or Hotmail addresses in messages that have absolutely nothing to do with either, on the originating side at least.

You may be able to check this. ISTR, for instance, that if it IS from them, they always embed the originating IP address in the headers, and perhaps other information.

Re:If more people would fight back

[Eil]

A lot of my spam now shows that type of disclaimer. (well, it did before I switched accounts). The most common line goes something like:

<BEGIN PASTE>

"Duruing your recent visit to our affiliate, <some fake site>, you "opted-in" to our email promotion campaign to alert savvy web users to outstanding online offers. This is not Spam. We are adhereing to <some fake law>, <some fake section>, <some fake paragraph>, where it states that <what we are doing is compleltely legal, you turd>. If you wish to be removed from this mailing list, plase vist <fake web address> or reply to this email message with only the word REMOVE. <...which won't work, because we forged the headers, haw haw.>

COMPLETELY FREE PENIS ENLARGMENT, PLEASE CALL THIS INTERNATIONAL NUMBER TO ORDER YOUR KIT TODAY!

<END PASTE>

Re:If more people would fight back

[eean]

However, from the MSNBC artical it seems they actually often have real email address's at Hotmail or Yahoo. The guy said he had a bot that signed him up for 20 Yahoo addresses at a time. I know when I look at the full headers of spam it often comes from the free email service that it claims. I mean, why would they lie about something when it would be easier to get a free hard-to-trace email address?

Re:If more people would fight back

[Snookmz]

It apears to me that you're spamming with constant posts with that sig. of yours :)

Re:If more people would fight back

[Stackis]

I live in Washington State, and WA is one of the few where "spamming" is illegal...

It's got to be one of the most annoying things on the web. I totally hate it when I see an email address in my hotmail inbox like fdgstshsts@hotmail.com....it's complete bull. I think that Hotmail, and the other online email sites can do something to stop the misuse of sending e-mail. I think that all users who register NEED to be verfied as LEGITIMATE people, so that when someone does send spam using fdgstshsts@hotmail.com, they'll know WHO IT IS...

There needs to be a waiting period for registering a new email address, almost like there is when trying to purchase a handgun.

Re:If more people would fight back

[ungerware]

I got one that began with this little gem:

Interracialsex does not send unsolicited emails.

Funny, I don't recall soliciting...

Re:If more people would fight back

[Shenzi]

Easier said than done, I'm afraid - how does a host like Hotmail know if someone is "legitimate", short of sending someone over to their house to see if they really live there. The internet is too anonymous, unfortunately; it's very easy to 'become' someone else simply by making up an imaginary name and address (I've done it a few times before), and free email providers simply don't have the time or resources to check every single new registration.

Besides, if there was - say - a one-week waiting time until you could get a new email address, the would-be spammers would just go elsewhere, as would most legitimate users.

The only way spammers can be stopped is if enough people report them, but unfortunately the worst that happens is the spammer in question gets booted off his/her ISP... a small price to pay, since most seem to use free ISP's like NetZero and Juno.

That's just life, unfortunately... someone spams you, all you can do is trace it back to a free email account registered under a fake name on an anonymous ISP.

Technology. Don't ya just love it?

-- Shenzi

Re:*67 has no effect on ISP/Telco logs

[DJGreg]

At the ISP I used to work for, our RADIUS servers logged to SQL servers. Worked awesome for statistics generation, and with a few well-tuned stored procs, was very fast at finding precisely this kind of info.

Re:I emailed the author of the article.

[jonathanclark]

Firstly, I'd like to quibble some semantics with you. These kids are not 'hackers', they are 'crackers'. A hacker wears a white hat. The crackers wear a black hat. As far as that goes, these kids are not even crackers, they are spammers and thieves.

You can argue all you want, but "hacker" is understood by the general public, but "cracker" is not. In the same light, "Virus" may be something different from a "Trojan Horse", but you tell that to an average computer users and they'll say "huh?" MSN is written towards the general public and while the author may very well know the difference between cracker and hacker, he/she would rightly chose to say "hacker" rather than wasting the readers time with a paragraph explaining what a cracker is. It is a sign a good author to target the language to the reader. You just need to accept the fact that the general population isn't interested in learning a billion vocabulary words to make you happy. While it may seem important to you, it's useless trivia to most of the world.

I would argue that the language of hacker and cracker does not even have the meaning you say. You can be a cracker and still be "one the side of good". Crack is actually a very positive word. "That is a crack team." Cracking generally means to "crack open", as an a bank vault, a copy protection scheme etc. It implies an action, not an intent. So a locksmith might be called to crack a safe for which the keys were lost, or I might be consulted to crack a copy protection software scheme and test it for weaknesses before it is released. I consider myself both a hacker and a cracker, but I do not use either talent for evil.

jc @ crack.com (yes, my real email address)

Hackers?

[Jimithing+DMB]

Since when did the term hacker become a catch all for criminals who use a computer? I am absolutely appalled by this. While it is true that words should and will naturally evolve in a language, this is really not the case here.

It seems to me that the author or editor decided to use the word hacker in the title for some sensationalism. This story does not even describe what an average citizen would call a hacker. Most people think of a hacker as someone who infiltrates a computer system. Most people also think that hackers steal information and damage property (e.g. delete or destroy data).

In all reality, a hacker is someone who is extremely skilled with computers. A hacker also has knowledge about how to break into a system. For instance, any system administrator worth a damn is a hacker. That is to say that they are skilled with computers and know how to break into the system. This puts them in a position to keep computer criminals (note the word choice, criminals not hackers) from breaking into the system.

In this article, the computer criminals are just that, criminals. They are simply modern-day scam artists. But hey, "Watch a computer scam-artist work the system" probably doesn't have that same ring to it.

Originally I was going to send an e-mail to Bob Sullivan (the author) but if you do a search for the word hacker on the page you will not find it in his article, only in the headline and in links to other MSNBC headlines. Apparently this is just some editor with his head way up his ass.

Re:Hackers?

[MadAhab]

You know, I was going to reflexively say something about how the hacker/cracker speech is redundant and that it's pointless trying to educate anyone about what a hacker is, but this time they really went too far. This is horribly sloppy journalism and really unprofessional. It's one thing to juice up the headlines, it's another to completely misrepresent the article and the story. I don't see anything related to ANY definition of hacking here.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

Re:Hackers?

[eean]

Since the 80's when the media first started misusing it.

Re:Hackers?

[shyster]

In all reality, a hacker is someone who is extremely skilled with computers. A hacker also has knowledge about how to break into a system. For instance, any system administrator worth a damn is a hacker. That is to say that they are skilled with computers and know how to break into the system. This puts them in a position to keep computer criminals (note the word choice, criminals not hackers) from breaking into the system.

I'm not sure I'd agree with that, really. In the olden days, when I used to keep up with such jargon, a hacker was no more or less than a "tinkerer". And it didn't necessarily have to be with computers. I consider some above-average mechanics to be "hackers", in that it's a mindset-not an occupation.

A "cracker" is someone who cracks into computers...hence the name, cracker (not be confused with Florida Crackers, which prefer their nom-de-jeur (sp?) capitalized). These would usually, be criminals, but not necessarily black-hat. Unfortunately, there does seem to have been a large overlap between hackers and crackers, in that people with the hacker mindset would often resort to cracking for the sheer fun and curiousity of it. That is, they're a criminal in actions, but not necessarily in spirit.

A "phreaker" is someone who abuses the phone systems (note the ph)...this isn't really done anymore AFAIK, but was quite popular in the 80's.

Now, with the proliferation of newbies on the Internet, we've given rise to this new breed of criminal written about in MSNBC. While it's not really appropiate to label him as a "hacker", it's not too far off from the old "social-engineering" tactics employed by crackers. But, personally, I think this is just a twist on a con-man/scam artist. Just because he uses a computer to get more victims doesn't mean we have to come up with another name for him.

As for the 6-digit income/year, you've got to figure at least half of that is BS. So, we're down to $50,000. Now figure that that's retail value. If he selling this stuff (and I'm sure he is), then he's probably getting less than 50% of the retail for it. So, now we're looking at $25,000. And that's not unrealistic.

Will he get caught? Possibly...Is it likely. Not unless he scores big or pisses off the worng people. The only people who have incentive to track him are the retailers. The stolen card member is only out $50 at worst. The credit card company will simply refuse payment to the merchant, because they were not able to verify the card was not authorized. (The CC Co.'s idea of verification is to check the signature ...obviously this is impossible online, so the merchant bears the risk). So, the merchant takes the chargeback and writes it off as uncollectible. Part of doing business on the 'Net.

Re:Hackers?

[Snookmz]

WHO CARES ITS A FUCKING WORD!!!!
There are so many slashwankers so wrapped up in the meaning of a word "hacker" that they miss that the whole article is just a crock of shit anyway!!
The real name for this type of person is Criminal, so please just get over it...
Slashwankers can't see the forest for all the trees i tells ya! :)

That's the third time...

[Polo]

That's the third time I had to enter my credit card info to post to slashdot.

What's up with that?

Re:That's the third time...

[Stackis]

Don't feel bad...I had to enter my cc info, as well as my ss#, mothers maiden name, and the last time I had a bowel movement...

11 is popular

[Shotgun]

One starts at exactly 11am the other starts at exactly 11pm? One of the guys gets some CC numbers off the net and calls the 1-800 number on the back to see how much money is on the card? Western Union gives out $250 in cash? One of the guys has stolen merchandise sent to his "friend's" house?

This bullshit is worse than those hollywood movies showing a 16yr old breaking into the NSA and breaking their strongest encryption in 3mins with a full GUI animation sequence. At least the hollywood bullshit doesn't claim to be true. (It only claims to be entertaining, which is enough lying in itself).

Re:11 is popular

[poptix_work]

Unfortunately, my bank ( I won't say which, but the credit card is a Visa ) allows *anyone* to call in with either a CC#, or a Cheque, and "verify funds available", you get dumped to a computer, punch in an amount (50000# for $500.00)
and it says "Funds available" or "Insufficient Funds at this time". *sigh*.

Re:11 is popular

[Delirium+Tremens]

This bullshit is worse than those hollywood movies showing a 16yr old breaking into the NSA and breaking their strongest encryption in 3mins with a full GUI animation sequence.

Come on, if you can write a program to crack the NSA in 3 minutes, please make it flashy, no? At least add a \b\b\b\b\b progress bar or a /|\- spinning sequence. Or make it download pictures from alt.bin.*, let you play Tetris or - better - show Banner Ads!

--
"Moderate down and we'll get your balls in Meta-Moderate."

Word GUID

[jmauro]

The first kid was so worried about getting tracked, but he still wrote his document in word. He'll be tracked by Word's GUID and busted the same way the Melissa virus write was tracked. Oh well, it is good fiction.

Who is more gullible...

[afabbro]

...the journalist who believed this story, or the Slashdot editors who gave it credence?

me too.

[gimpboy]

since i'm a grad student, i live at school. unless ups/fedex/etc will start shipping between 10pm and 6am, i will only be able to recieve packages on sundays or about once a month on weekdays. i've never had trouble having stuff shipped to the office at school thought.

use LaTeX? want an online reference manager that

*lappies*

[Mr.+Quick]

why are these guys buying so many _lappies_?

i have one, not really looking to add 5 more.

guess i'm not a hacker.

NetZero (Genuity Networks) -- dangerous anonymity

[Michael+Spencer+Jr.]

Last year my former company had an internet security incident. The attacker used an account with a normal ISP to try the hole, and then reconnected with a NetZero account to perform the attack.

The short of it: I would partially or completely firewall the 4.0.0.0/8 class A -- the company responsible for this network allows people to sign up with bogus account information, and doesn't provide 'common courtesy' help or information when requested. Do you want anonymous IP addresses making SSL connections to your web store? Do you want anonymous IP addresses making connections to your network at all?

The long story is, while talking with Genuity Networks I discovered:

The 4.0.0.0/8 class A contains all of NetZero's dialup IP pool, as well as some non-NetZero Genuity Networks customers.

(The name NetZero wasn't obvious in the DNS name...but when a reply to my initial email to them came back with a call log number and (NetZero) in the subject line, I figured it out.)

Genuity Networks *refuses* to tell you which IPs are the NetZero dialups in your area, so you can block them. I didn't want to block the entire 4./8 class A, so I did something I probably shouldn't have: I put together a shell script that ran nslookup on every address in the 4.4./16 class B. I came up with about 12 class C networks that have 'omaha' in the reverse-lookup DNS names. I firewalled those.

(I was so pissed off at the lack of help I received, I was considering replying to the message, cc'ing the original abuse address, but editing the sender's portion of the message so it looked like he told me which networks to block, and that I thanked him for the information. I never sent the mail though.)

--Spence

difference?

[CAIMLAS]

What's the difference between scamming someone openly, as companies like AOL tend to do with their overly priced 'special AOL offer' products, and scamming them covertly as these individuals do? The only difference I see is that AOL has the backing of their big name, while these folks don't.

-------
CAIMLAS

lol rofl BANG!

[Grendel+Drago]

Can we institute the death penalty for anyone who writes 'lol' and 'rofl' in random spots lol?

I swear, if AOLamers actually talked like that, they'd be institutionalized... or shot...

-grendel drago

Learn to hack!!!!

[untoward]

All you need, in order to be a hacker are the following things. 1. an UNTRACABLE CAR with a lisence plate that you get officially changed every year. 2. an Untracable gun with which to mug people with, you can get these after only a few days at any gun shop, after you aquire your lisence. 3. An idiot reporter to certify you as one of America's elite

Re:Yep..thats what I thought too.

[Assistant+Madman]

Of course 11am to 11pm is his working hours. 11pm is his bedtime, and he'll be grounded if he stays up later.

Try hard carders

[QuantumG]

Why not just buy a list of a few thousand card numbers from real hackers.. fucking tossers. It is amuzing that there is actually ways to get cash off CC's these days. Carding was never popular because you had to get physical goods delivered and then sell it to make cash.. ie you had to know a fence and frankly if you're gunna go into that business why not just steal cars or break into houses?

This bill isn't good enough.

[jcr]

Among other failings, it caps the civil damages at $150K.

A lame anti-spam bill is much worse than NO anti-spam bill.

-jcr

Re:GF??!

[Tackhead]

> Probably carded her.

Crack whores accept VISA? ;)

Re:Bell Sympatico's taking care of this the Bad wa

[Tackhead]

> But in typical Bell Canada fashion, they've blocked all traffic eminating FROM port 25, not traffic with a DESTINATION of port 25.

So lemme get this straight - punk spammers doing direct-to-MX out of port 25, who are easily traced, are blocked, but dirtbags who relay-rape anonymizing Sendmail 8.6 relays in China (traffic to port 25) continue to abuse with imputiny?

Fuck, that is clueless.

The best scam is...

[Elbereth]

The best scam, IMHO, is this:

1. Download some X Rated pics from your news server (alt.binaries.pictures.erotica.female.*)
   
2. Set up an adult site on a free server or your own server (say, on a DSL line)
   
3. Spam the hell out of AOL
   
4. Get some people to pay $10 for a one-time sign-up fee, with lifetime subscription
   
5. Take down the site
   
6. Wait a few days, weeks, or whatever
   
7. Repeat
   

You can just repeat the last few steps... don't even need to change the pictures or the HTML, unless you want to scam the same people over and over. Just make sure to change the name of the site and the name of the management.

I would set up an adult site of my own, but it's too much bother. Oh yeah, and my girlfriend would kill me. :)

CRAP!

[Capt_Troy]

What a big pile of steamy crap!

I wouldn't call scamming AOL users hacking at all?
And who the hell talks like that? The most amazing part of the story is that "Criminal # 1" has a girlfriend!

<yawn> Give it a rest

[mccrew]

Crackers, hackers. Whatever. Get over it.

----
Wind and temp at my house

Re:deficiency

[iamsure]

>>11:03 a.m. Open up one of my new Yahoo accounts through an untraceable NetZero account.

>Uh... And how do you suppose your gonna dial into it?

Maybe using one of the scammed cell phones? Its not hard, not even remotely hard. One laptop (which he talks about getting), and a dongle, and he is all set with a cellphone that is -- somewhat -- untraceable.

>Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...

As far as I know, they dont keep logs there *AT ALL*, on purpose.

>.. Boy is this moron sure dumb
Actually, I know a few darker-hat individuals, and this is rather close to their actions. Maybe a few key details were left out for those with less of a clue, but hey, it's not his fault you cant connect the dots.

Re:deficiency

[iamsure]

Unlike the reputability of "your girlfriend", I actually work for a national wireless company myself. I can tell you that is bull. To track a cell's location *is* possible, and is done on a not-so-often basis. However, it is by long/lat, and to do so on a end user in a non-test environment requires a subpeona.

At least in OUR company, thats how it is done.

Sounds like you smoked a little too much while watching the net. :)

Hmmm.

[emf]

"11:01 a.m. Well, I just checked www.westernion.com and he wasn't lying, he sent the funds. I got the tracking number and he paid by cash so I can pick up the money without an ID. Secret question/answer was "what's your mother's maiden name?" Answer was "tu madre." "

Can you really pick up money from Western Union without an ID? I checked their website and their FAQ says:

"You may pick up your money transfer at any Agent location. You will need to complete a "To Receive Money" form with the following information: name, address, telephone number, amount expected, as well as the sender's name, telephone number, city and state being sent from. Valid identification is also required. Some restrictions may apply."

Seems fishy...

I also found this interesting:

"Screw the Feds, they are lazy they won't trace me back that far. Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me."

I'm pretty sure *67 doesn't work on some ISDN/PRI Lines (which many ISP's used). I know for a fact it didn't work at a local ISP here (I tested it personally).

Re:Hmmm.

[shepd]

>I'm pretty sure *67 doesn't work on some ISDN/PRI Lines

It also doesn't work on 800/900 numbers, they use ANI, not caller ID. AFAIK Nothing can on an 800 number, short of an operator initiated block, IIRC.

This is why I laugh every time America's Most Wanted wants people to phone their 800 number "anonymously".

Re:Hmmm.

[Zeus72]

Yeah, as long as it is cash, no id needed. A password is enough. Just as he described. I send money to my just-out-of-jail relative this way, since he has no driver's license or other acceptable picture id. Been doing it for at least a year.

Re:Hmmm.

[snoop_chili_dog]

This is one stupid reporter. Obviously he either made this up or he made one 13 year old a little bit richer. The whole thing reads like a bad Gibson novel....no, Gibson is a bad Gibson novel.

Re:Shame on MSNBC for confusing 'crackers' with 'h

[lizrd]

i think you need a better example than priests and con artists. some of us are not sure what the difference there is. :)

I figured that someone would point this out sooner or later. I thought that priests seemed like the professional speachmaker most likely to produce images of good honest people. Especially when compared with the other obvious choice..... Senators.
_____________

Re:Shame on MSNBC for confusing 'crackers' with 'h

[lizrd]

Hackers are people who thrive on being faced with problems and finding clever, innovative solutions to them. Crackers are people who break into computer systems. Confusing the two is like calling every martial-arts student a 'ninja.'

These guys aren't even crackers. They aren't breaking into computer systems or anything like that, they just steal credit cards. The only way in which they even resemble a hacker is that they use a computer to do their 'job'. But so do most receptionists. Confusing web con artists with hackers is like confusing real world con artists with priests because both make speaches as part of their work.
_____________

Re:Spammy

[Stonehand]

Are you talking about H.R. 718, "Unsolicited Commercial Electronic Mail Act of 2001", sponsored by Rep. Heather Wilson (R-NM)?

According to CNN, it's passed Committee vote and will be sent to the House floor for consideration. A version needs to be introduced and passed in the Senate, the two reconciled, then sent to POTUS.
Here's the text, if anybody's interested. Actually, that's probably a temporary link which will break VERY soon, so you can instead use this link, which should hopefully re-exec the query, and then click 'Full Display'.

It's actually fairly interesting. There's explicit protection for service providers to take 'good faith' efforts to block UCE, which would appear to protect users of things like the real-time black-hole list for mail servers, and what not. And you can't go after them for innocent retransmission, either.

It's probably based on existing telemarketing law, with its references to pre-existing business relationships, opt-out (they need to provide a means for opting out of lists in their UCE, but they don't need you to opt in BEFORE they send the first UCE) and all.

Interestingly, it only refers to individuals. I'm not sure how it applies to UCE from corporations -- for instance, whether the entire company is liable as a whole or just the employee(s) who decided to spam, or whether this could in any way be applied to spam-friendly ISPs.

I got a bridge to sell ya....cheap.

[Cptn_Zippy]

Yeah, I'm sure some guy who makes $2k a month just from some click-ad scam is going to salavate over $250 to write an article for MSNBC.

Do these guys ever check anything for reliability?

Oh wait, it's >MS< NBC. How foolish of me.

Obviously faked

[glindsey]

I'm sorry, but this has my "bull-meter" pegged at maximum, and here's why:

Well, I just checked www.westernion.com and he wasn't lying, he sent the funds. I got the tracking number and he paid by cash so I can pick up the money without an ID.

Regardless of whether you can get cash by Western Union with an ID (which has been touched upon by others), we're supposed to believe this guy didn't just take the money and run? The same guy who has stolen countless credit card numbers, bought thousands of dollars of merchandise, and is "untraceable"?

Please.

Re:Obviously faked

[ScuzzMonkey]

Well... people like to brag. Gets 'em in trouble, but it's often little to do with the monetary aspect. But I have to agree with you--the whole thing smells like BS. The only question is, is the reporter making the whole thing up, or is he just getting his chain yanked by some thirteen year-old who saw an opportunity in a chatroom?

Re:Shame on MSNBC for confusing 'crackers' with 'h

[AugstWest]

....which would make them phreaks, no?

Re:deficiency

[poptix_work]

Yep. it's required for the new E911 system, where
the phone companies are required to be able to
tell where you are so they can send EBS (emergency broadcast system) messages to your phone if you're in a certain area. (tornado, toxic gas leak, meltdowns, nuclear war...)
although, in my opinion it's more for tracking by the government since it would be easy to send those messages on a per-tower basis, considering the range of the towers arent -that- far.

If he's making $$$ a day, why bother with $250?

[romi]

Fine, this guy *claims* that he's untraceable and whatever, but if he's half way intelligent, why bother taking the risk of writing up supposedly true exploits for a measily $250? (According to the story, that's what he's getting paid).

Of course, if the stories aren't even true in the first place, I guess it makes sense. Or, equally likely, the whole big thing is just a hoax.

Detail

[scumdamn]

So is there quite a bit of detail or not a lot of detail?
Make up your minds, people!

Yeah, Fort Knox...

[Speare]

How much validation is done on these claims of great exploits?

"9:15am Cracked a Brinks truck using my PalmOS hackmaster app called 'cash'."

"9:45am Almost tripped the goons at Fort Knox, but hid in the bushes an extra five minutes. An hour later, a five-nines bullion bar in my backpack, and off for new challenges."

Might this be just a tad bit embellished for the reporter's sake?

Re:Yeah, Fort Knox...

[FortKnox]

I can assure you that I've counted the bullion bars inside, and I'm full.
No one can steal crap from me... :-P

Sorry, the title forced me to reply....

Re:Yeah, Fort Knox...

[NewbieSpaz]

Yes it was embellished, the reporter even noted that... "Note that computer criminals are apt to exaggerate their successes"

Re:Yeah, Fort Knox...

[Delirium+Tremens]

The "reporter" is just running free advertising for Dan Clements of AdCops, who's fevered imagination is responsible for this piece of tosh.

Exactly! And by the way, how comes those kids make $4,000 a day when AdCops' Top3 list of cheaters contains a $5,000 fraud guy?
All this is is free adverisement, stupid e-journalism, and ridiculous fiction.

--
"Moderate down and we'll get your balls in Meta-Moderate."

Re:Yeah, Fort Knox...

[Flarg!]

No kidding. The one guy claims he used a stolen credit card number to buy a PS2. Fort Knox would be easier.

Re:Yeah, Fort Knox...

[Rogerborg]

Might this be just a tad bit embellished for the reporter's sake?

Bwah ha ha. The "reporter" is just running free advertising for Dan Clements of AdCops, who's fevered imagination is responsible for this piece of tosh. "Evil thieves everywhere! Only Dan can protect you! Won't someone think of the children?!"

The scary bit is that it actually looks like it was written by a clueless reporter, not someone who should have at least an inkling of how to write a plausible story. But bear in mind that it's fright fiction written for the benefit of purchasing execs, and it becomes clear why it's so risible.

Re:And the credit card companies just don't care

[puppet10]

I agree small claims is designed for exactly this problem. Additionally it usually only costs a small amount to file a claim (here its ~$30) and if the other party doesn't show up they default and you win the judgement and even if you lose your action you only are out the cost of filing and if you get a judgement in your favor and they don't pay they are in contemp of court and judges tend to take that seriously (can you say Bench warrant).

/me continues the rant

[MattGWU]

A thousand poxes upon your head, Mr. O'Reilly....you gave me "Programming Perl, Second Edition" when I really needed "Credit Card Fraud in a Nutshell", The Roman God Book (you know? the guy on the AmEx? This is funny, people, laugh!), to say nothing of "Stopping Spam".

O wasted youth!

Never again will I reclaim the time spent learning of the MIPS and PowerPC assembly or postulating applications of microwave data communications or cryptography. Oh the 1337 skr1ptz I could have forged using SDMI vector registers and operations, enciphered in none but the best Blowfish or AES...they would pj33r on Dalnet, but nay...it is not to be.

Days wasted actually doing things when I could have lounged in bed all day, with my laptop of the day, causing housewives and preteens on AOL to fall lame victim to my insidious cunning. Pausing only, of course, to take a highly circular and redundant path to the nearest Texaco to recieve money from MSNBC writers (Oh how the Black Helicopters would follow me, but for naught).

Ok, that's about enough of that

Re:/me continues the rant

[acceleriter]

"Credit Card Fraud in a Nutshell", The Roman God Book

OK, it's a nit, but that's a Roman Centurion, not a Roman god, on the American Express card.

Could have been much worse

[MattGWU]

I had "Greek God Book" there before I remembered I had such a card and took a look! Definately not Greek style, but Centurian didn't even come to mind, for some reason.

Re:Could have been much worse

[MattGWU]

Only if they also teamed up with LinuxCare and made it bootable.

Re:Could have been much worse

[acceleriter]

Now if American Express would come up with some kind of partnership with O'Reilly, and issue animal cards, then we'd have something (with such perquisites as "online concierge" and "fine Internet dining" :). I know I'd convert for a llama card.

Am I the only one

[MattGWU]

Who is really, really hoping the reporter (or to a lesser extent, his two subjects) is reading this discussion? How could he not know this article is on slashdot? I'd be very interested to hear his response to all this.

On the other hand, the two tea-leaves have probably targeted us all for a good working-over (This is me...this is me being very afraid....*cough* this is funny, people, laugh (tm)). In other news, I had to enter my credit card number to get my bogonflux mail...don't remember that before. I'm expecting an invoice for a PS2, a case of Jolt, and 15 AOL accounts to show up at my door care of "Heywood Jablomi" any day now. Oh well.

Poor reporter...

[MattGWU]

...almost have to feel sorry for the guy. First, he lost $500. Second, he got completely and totally worked over by these two. Third, imagine the #channel this guy had to hang out in to find these two geniuses. Script kiddies are very unpleasent people to have to deal with. They're rude, obnoxyous, unintelligent, speak incoherently, swear alot, and so forth. Fourth, he's getting utterly destroied on Slashdot...he'll never work in this town again!

Caveat: This post is working under the assumption that the two criminals existed. Smart money on the whole thing being as big a scam as that which was being 'reported'. Thank you for your time

I sense a disturbance in the bogon flux

w0w!!!

[MattGWU]

d33z d00dz R k-1337 h4x0rs!!!

And to think...I thought hackers wrote tight code, and messed with hardware and such. Boy was I ever wrong...it's all in the credit card fraud, banner ad fraud, spamming, and porn! So many wasted nights...

Speaking of nights, what hackers work from 11 am to 11 pm?! And when was somebody going to tell me that netzero and AOL were the ISPs of choice? This article has really opened my eyes, and I'm going to get a few phony email accounts and turn my life around!!

.....*grumble*

Re:Spamming

[MattGWU]

Exactly, but who wants to read a story about something as mundane as spamming? People get spammed several times a day, but rarely do people get 'hacked'. Saying it's hacking and not spamming lends a credibility, and no small measure of mystique to the story. Spamming is irritating...hacking is exciting. Besides, do you think this reporter cares about the gross misuse of the term? He's just trying to make a buck, and he'll get more bucks for his story on 'hacking' than 'spamming'.

Re:Bell Sympatico's taking care of this the Bad wa

[duplicate-nickname]

Get your head screwed on straight u moron....any mail client will have destination port 25 connections. Blocking out-bound connections on port 25 will not only stop SMTP servers, but clients also. Who mod'ed this fuckhead up?

They have lives?

[i-sob]

The first carder spends just a little over two hours with his girlfriend. For a "movie and back to her place" -- he's embellishing at best. Neither of them seem to have a live. They just sit in the bedrooms with laptops and buy more computers and games with their scammed money. So- they don't mind living a paranoid life because they haven't much of one to begin with!

Follow the money

[Sorklin]

I feelthis may be at best exaggerated, and at worst a hoax. Just sounds too cliche.

Why would there be a hoax? Well, hmm. Follow the money. I went to the Adcops site where the original story comes from. Poked there a bit before finding out that to be a member (and read or see the 'Fraud Museum' or other valuable evidence, you need to fork over US$90.

Hmm. Perhaps Adcops did a little hack job of their own to get publicity and increased revenue sales. Ya Think?

Re:deficiency

[isaac_akira]

or doing what Kevin Mitnick did

considering how things worked out for him, i don't know if i would reccomend following in mitnick's footsteps...

Does anyone actually believe these people?

[rakslice]

They're scam artists, so they must be trustworthy. =) [error... entering paradox mode... brain shutting down.]

Did you know that they have removed the word "gullible" from the dictionary?

Humanity is stupid.

[bradipo]

All I can say is that if people are stupid enough to fall for scams like this then it serves them right.

and what's with the ActiveX ?

[dingbat_hp]

Today I keep getting fed ActiveXs in the Doubleclick banner too. What is it with you guys ? You claim to be a mouthpiece for the anti-corporate libertarian code-free-or-die brigade, yet you spew banners and spamware like a $2 pr0n site.

Spamming

[zpengo]

Spamming isn't exactly hacking.

Re:Spamming

[Ronin+X]

clever teen-agers, so called "script kiddies."

CLEVER? Script kiddie actions require the same amount of cleverness as figuring out how to use a blow-up doll.

Re:Spamming

[Flarg!]

They also say:
In fact, some argue these curious computer kids are hardly criminals at all.
I would agree. I would call them a damned nuisance.

Re:Paypal Ripoffs

[aphor]

CC's come with insurance that has a $50 deductible. Coverage is null if you let someone else use your card or fail to notify the issuer's company in reasonable time that the card has been abused.

Paypal is just a CC vendor. They are like a card holder, but instead of card number, they get a vendor ID, and authority to put debits and credits on cardholders' accounts. They have credit reports on file like cardholders. If they break vendor rules, they get penalized. Maintaining the secrecy of your card number is part of their vendor contract. If their CC# storage is compromised, they get penalized by the CC company.

You will probably only have to pay $50 if your card number is stolen, but they may try to get you to pay more. Get a lawyer (one of those fix-your-credit guys) if there's a lot of money involved.

With that context, and to answer your question, it is possible there is a flaw in PayPal's software. However, considering the potential liability of that flaw, you should assume "someone" is getting paid to evaluate the system. It is doubtful there is any flaw as easy to exploit as a luser. This all depends on the "security consultant" that signed off on this thing.

Re:What a load of....

[shameless]

Funny, I didn't think the "girlfriend" bit was out of place... after all, a guy who pulls in this kind of money probably throws it around just as quickly and easily as he gets it. He probably has no problem getting something recognizably female and breathing to hang on his arm... No, the part that got me was that he left for "dinner with his girlfrend and then back to her place" (nudge, nudge, wink, wink, say no more!) at 5:30PM, and was back home scamming away at 7:50PM. I figure that even for a teenage hacker who'd probably never kissed a girl before starting his life of crime, this is a little quick!

Re:Shame on MSNBC for confusing 'crackers' with 'h

[haystor]

I seriously be interested in seeing a "correct" usage of that predates today's common usage.

Re:Shame on MSNBC for confusing 'crackers' with 'h

[haystor]

I seriously be interested in seeing a "correct" usage of that predates today's common usage. Where did my extra words go?

I would seriously be interested in seeing a "correct" usage of hacker that predates today's common usage.

Praying on Naiveity

[Dave500]

Assuming the reports are accurate, the only reason these guys/gals are successful in these schemes is because there are people out there naueve enough to fall for their social attacks.

Yes, they did work the system, but I don't see anything here to be worried over - people will simply have to learn that you don't give your credit card details out on a whim...

The only thing that does concern me is that people like this provide the powers at be the perfect excuse to attack anonimity... :(

Ah well - rant over.

Bell Sympatico's taking care of this the Bad way..

[OdinHuntr]

... By blocking all port 25 traffic.

But in typical Bell Canada fashion, they've blocked all traffic eminating FROM port 25, not traffic with a DESTINATION of port 25. So those of us who run SMTP servers for a useful purpose (receiving mail at erik@ is quite useful) are screwed ... and the true spammers will just reconfigure their spambots to send out traffic on port 31337 or something.

If you use Bell Sympatico HSE (I'm in Montreal, but they go over to Toronto, Ottawa, maybe out to BC I don't remember), check out SympaticoUsers. You'll find the messageboards and announcements quite useful.
--

Re:Do not try this you will go to jail.

[blue+trane]

Most people are so quick to make jokes about other people they don't realize some of us are tortured and feel great pain when they do this.

Even if they realized it, they might not care. Have you never seen a bum collapsed in the street, perhaps asking for help, being ignored by everyone who passes? People can be callous.

Re:Do not try this you will go to jail.

[blue+trane]

care...or else! yeah, give me some guns to enforce it, that would be fun!

guess I'm just skeptical of the old "education" approach. My solution would be to expand our efforts in space so misfits like me could run off and hide in an unexplored frontier.

Re:Do not try this you will go to jail.

[blue+trane]

I went to jail >10 times for possesion of marij., paraphanalia and pimping/pandering. I smoked crack, stole cars, broke into houses, have been shot, and have shot back.

awesome, man. I just became a suicidal pathologically shy introverted junkie.

Please forgive my bitterness. we're on the same side.

I never knew!

[Avumede]

Who would have thought that these crackers are so jolly! I can imagine when the police catch up with them:

"The police are at my front door. LOL. They look really mad! LOL! You'll never take me alive coppers! LOL. Oh, now they're shooting at me, what morons LOL. Hey, what's this red stuff coming from my chest? LOL!!"

Can't track?!!

[garoush]

"He was too stupid to be a Fed. Hell I don't care if he is, he can't track me."

What?! If he can't "track" him how was he able to contact him with the request in the first place?!!!

Such reports by notable journalist coming from a well known source, MSNBC.com, does nothing but scares the hell out of your average computer users. MSNBC.com would have done a better *service* to its readers if it educated them about how to *NOT* become victims.

---------------
Sig
abbr.

YHBT. YHL. HAND.

[L.+J.+Beauregard]

Does anyone believe that an active con artist would tell the whole world how he cons people?
--
Ooh, moderator points! Five more idjits go to Minus One Hell!
Delenda est Windoze

Re:Do not try this you will go to jail.

[Oztun]

I forgot to mention that I used to chat with about 10 people who went to jail trying both of these scams.

And I meant sooner rather than later.

Re:Do not try this you will go to jail.

[Oztun]

check out my website if you want to see what I have to say about school shootings.

www.oztun.com

Re:Do not try this you will go to jail.

[Oztun]

Thank you, so am I =).

Re:Do not try this you will go to jail.

[Oztun]

My point is that they should care. Its time the nice people start laughing at the stupid people.

Re:Do not try this you will go to jail.

[Oztun]

no actually the alternative is a small cell where bubba sticks it in your ass every night. I guess some people have to learn an even harder way than I did.

Re:Do not try this you will go to jail.

[Oztun]

Ok actually let me just say I wasn't talking about guns I was talking about attitude. Ever notice that people think your cool if your stupid? Anyway I was probably a much worse misfit than you. I went to jail >10 times for possesion of marij., paraphanalia and pimping/pandering. I smoked crack, stole cars, broke into houses, have been shot, and have shot back. Just to clarify things a bit for you.

Do not try this you will go to jail.

[Oztun]

As someone who was into the underground scene on EFNet from 91' to 95' let me tell you, don't think you can do this.

The first guy collects his money at western unions. This will not work because the feds work with AOL and you will scam a fed who will be at the western union waiting to meet you.

The second guy has his carded mail sent to a friends house. Whoever signs for this is going to jail. Once the friend gets arrested he will rat him out.

I bet these two guys pulled this off once or twice and wrote about it like its a day job. If someone stupid falls for it you might make quick cash once or twice. If you keep trying it you will get busted sooner than later.

Re:Do not try this you will go to jail.

[susano_otter]

Well written, well put. Not that I'm authorized to judge :)

I'm glad to see you made it through the tough times.

Re:Do not try this you will go to jail.

[susano_otter]

You know what, though? I'd rather return to the days when the "hip" thing for highschool outcasts to do was warez scams and carding.

It sure beats the current fad of shooting your classmates.

(Lovecraftian emphasis added)

Re:Do not try this you will go to jail.

[BeerSlurpy]

Oztun couldnt be more right.

A lot of people got rounded up for just this sort of naughtiness in the late 80s and early 90s and it changed a lot of things in the underground. The warez d00dz and the carderz and the coderz (phone code guys) all used to be part of the same clique. It was good fun for bored high schoolers everywhere- like I said, this changed.

The FBI made some very prominent credit card fraud arrests due to guys using this exact scheme. The carders were buying computer equipment and hanging out on BBSes with warez doodz. They were also posting CCs to a number of warez BBSes for trading purposes. Unfortunately for the warez dudes who weren't involved with the carders, the FBI found out about the use of the BBSes and infiltrated and raided a huge number of them. When the busts started going down, there was a huge media shitstorm.

Anyway, word got around that carding was a quick ticket into jail, so almost everyone avoided it from then on. Warez is a fun hobby for some (I dont "get it" personally), but these guys arent looking for jail time. I strongly disagree with the 6 figure salary. Once the CC companies notice a pattern, the feds will be invited in almost immediately. Once they compromise a single carder, they will eavesdrop on his dealings for a while to pick up all his friends. Then they raid. Like Oztun said, this has happened before.

Re:And the credit card companies just don't care

[cluge]

Lawyers fees are more than the cc charge. CC company has more lawyers and we could wait up to 2 years to get the cash. I've simply been told by the highest person in the company to "Let it go" it costs to much to pursue it. Sad Fact of Life, money buys you the ability to fight. Welcome to the real world.

And the credit card companies just don't care

[cluge]

I work for a small ISP and we have a Zero tolerance policy regarding SPAM. We clearly state that if you spam we will charger your account 500 dollars and send you on your way. We do the research (sometimes newbiews/chruch groups get a second chance) and bill the SPAMMER. The SPAMMEr then complains to his CC company and they ALWAYS give him a refund and charge for the pleasure of enforcing a CLEARLY stated policy. It doesn't matter if i provide a contract SIGNED by the customer, and have logs with phone numbers etc etc etc add nauseum. The CC people simply will not let the charge stick.

Now according to this acrticle these people use SPAM as one of their main forms of getting to victims. Hmmm how can we fight this problem?? If we were ALLOWED to enforece our AUP, and our contract that a customer signs then this activity would be less profitable and easier to trace.

For isntance, joe/badboy/hacker uses a stloen card signs up for a throw away account and start spamming. If joe is useing a stolen card a 19.95 gets looked over, but a 500 dollar charge gets noticed. So come on Credit Card people, if we can PROVE it why can't we charge these people for taking up our time, system resources etc. As this article clearly points out SPAM is used very often for illegal practices.

Why won't the credit card companies help us clean up?

Re:And the credit card companies just don't care

[wjr]

The people who signed the AUP and then spammed owe you $500. The credit card companies won't collect this debt for you (even though it seems they should). So take the spammers to small claims court - you have a signed agreement and proof they violated it - just because the CC companies won't enforce it doesn't mean it's not a real debt, and small claims is designed for collecting on debts like this. No lawyers needed.

Fake ID?

[Galvatron]

Okay, so this guy has a million stolen credit cards, and you don't think he's made/bought a couple of fake IDs with made up names? As for *69, this guy doesn't sound too bright, so maybe he never really tested it?

Anyway, I'm not saying you're wrong, it does seem a little fishy, but on the surface the facts seem reasonable enough.

The only "intuitive" interface is the nipple. After that, it's all learned.

Earn?

[rjamestaylor]

Some claim to earn thousands each day just by working various scams.

What an insult to honest working people.

Re:deficiency

[alexburke]

subpoena Anonymizer for logs (by law they have to keep them)

Excuse me? Since when was any entity required by law to keep logs of anything?!

--

huh?

[hyperizer]

Its in quite a bit of detail in terms of what these guys do to make money (and tons of it).... Not a lot of details

So which is it, man?

Re:Off-topic, but has to be said

[susano_otter]

You're totally right. I should have said "Lovecraftian" emphasis. . . ever notice how everybody says "Lovecraft" when they're actually thinking "Derleth"?

Crackers, not hackers

[alanjstr]

Damn media. Ok, I read the article. All it really shows me is that AOL users are easily duped. Other than being yet another example of how easily script kiddies can work, was there anything informative about that article? I think not.

Re:Crackers, not hackers

[gwernol]

Damn media. Ok, I read the article. All it really shows me is that AOL users are easily duped. Other than being yet another example of how easily script kiddies can work, was there anything informative about that article? I think not.

It may not have been informative for you or most other Slashdot readers, but it wasn't aimed at you. If you notice, the article was posted on MSNBC News, not on Slashdot. It wasn't aimed at informing people who already know about this problem, it was aimed at informing the vast majority of Internet users who aren't aware of this kind of activity.

Sometimes its easy to forget that 99.9% of Internet users have never even heard of Slashdot and don't have the same background and interest in technical matters that Slashdot readers have.

Re:Spammy

[TandyMasterControl]

That's allright. I filter aol's mail so they don't have to: all senders from that domain are shown the way to /dev/null with a quickness.

Re:Spammy

[Shocker69]

Maybe if AOL would stop spamming!

AOL

[Shocker69]

"LOL, ROFL" Is it just me, or does the guy that wrote this sound like an AOLer that is just living in a fantasy world? I was just waiting for him to say "A/S/L Got A pic?"

Re:GF??!

[Shocker69]

Probably carded her.

Re:FAke-ass news

[Shocker69]

True, article didn't say anything about Social Security and PIN numbers which are MUCH harder to obtain.

great fanfic

[ruin]

Man, that shit's better than Gibson. I'm surprised the author managed to resist the temptation to go overboard on the haX0r slang.

Welp, I gotta jet. sQu1db0y (a 'hacker') teld me hes gonna score me some perqs. (UNIX 'shell' accounts) Dam. Some days it just feels like the whole worlds smeared with Vaz. (?)

--

oh, please

[elegant7x]

Firstly, I'd like to quibble some semantics with you. These kids are not 'hackers', they are 'crackers'. A hacker wears a white hat.

I thought the ESR fanboys had given up. If all hackers wore a white hat, then why the need for the term 'white hat hacker'. While its obvious that these guys are not hackers, crackers, or script kiddies by any sense of the word, claming that 'hackers' are all good guys is ludicrist. Please stop, you're making us all look stupid.

Rate me on Picture-rate.com

Is this some sort of joke?

[Pimpy]

If it is, I'm certainly not laughing. When people start confusing inept script kiddy morons as hackers we run into a whole confusion issue. This whole article starts out attempting to outline that these people are in fact not your typical moronic script kiddy.. then a few lines later in _both_ diary entries, there are endless references to total reliance on scripts? And it's always nice to see that competence level of these people be ever diminishing... Last I checked, both anonymizer and *67 can both be subpoenaed for information if it's in relation to some sort of malicious activity. If anything, these people need to be shot so they can be saved from their own stupidity.

Re:WTF?

[|guillaume|]

Damn with your "LOL" you sound just like one of them...

It has already been said but....

[slashdoter]

there's a sucker born every min....

Education is the only way to stop this type of thing. heh and castration

________

Re:It has already been said but....

[tb3]

And every one of them has an AOL account.
-----------------

Teenage hacker has dinner with girlfriend?

[toybuilder]

Somethings not right... Hacker #1 takes a break at 5:30PM to have a dinner-date with a girlfriend, and then returns at 7:30PM? I'd believe it more if he didn't have a girlfriend, or 2) took the reset of the night off to be with his honey.

As others have implied

[Pinball+Wizard]

the only thing this guy "hacked" was the $250 from the ever-clueful MSNBC reporter.

Assumming it wasn't all made up to begin with.

Re:WTF?

[SquadBoy]

I meant that. It was supposed to be funny.

WTF?

[SquadBoy]

"SECURITY EXPERTS WILL tell you most of the computer attacks they see every day are initiated by clever teen-agers, so called ?script kiddies.?"
I started laughing when I read that. Most of the rest of it was very funny also. I never thought I would read the words "clever" and "script kiddie" in the same sentance. LOL

Re:WTF?

[ackthpt]

Compared to the average AOL'er, script kiddies are geniuses. Then again, so would be a house cat, dog, wren or wombat.

When I was a begining programmer, back in the days of yor, we regularly wrote fake-login programs. Some with malicious intent, and some, like me, to see how clean an imitation we could write. Not hard to leave one running, come back in an hour, type KWIT and see how many accounts and passwords I collected. Only caught if there was an admin on duty that night (rarely.)

I have in my email box a fake request to update PayPal account information, very well done, but obvious that it forwarded to an ISP with free accounts and CGI support. The spammer sent this out on a Friday, at the time the staff at the ISP went home. After a few calls to InfoSpace, I knew this ISP (a subsidiary of InfoSpace) didn't have abuse/support staff on call all weekend. A perfect choice and the timing was thoughtful. An entire weekend for the password stealer to collect PayPal accounts from unwitting people.

This diary, if you view it in the correct light, betrays some lack of understanding on the part of the perpetrator, but it would be an error to assume that it's all BS because of the *67 part. People misunderstand many things and a criminal usually gets nabbed when they get lazy. (a la, returning to the scene of the crime, because it worked so good the last time.) Clever in some ways, stupid in others.

--

And so begins..

[EraseEraseMe]

The self-righteous posts of what constitutes "Hacking".

Much like 'virii' or 'cracking', everything is subjective. Let's all ignore the colloquialisms used and focus on the meat of the article; spammers need lives

Re:And so begins..

[Conspiracy_Of_Doves]

If I could make 6 figures honestly I could make do without a life.
----------

Re:deficiency

[electricmonk]

Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me. By then I'll have a new number. Hell, I go through telephone lines about one every 2-3 months.

Uhh... No matter how many times you change your number, there is always a record

A little clarification on this:

Almost all large customers of the phone company (i.e. those who have some kind of leased line or ISDN services) have a service called ANI, which stands for (AFAIK) Automatic Number Identification. The *67 service has no affect on whether this aquires your number or not, so you are pretty much screwed if you call in on your own phone line.

The only way I know of to get past ANI is to trick the operator to diverting your call to the number that you wish to call, thereby having the number of the operator (always xxx-0000) showing up on ANI. But, of course, you can't route data calls this way, so you are pretty much limited to either using someone else's line, or doing what Kevin Mitnick did and aquire a different number through the cellular telephone network, although, with the state of cellular networks today, that is considerably harder to do than it was 5 or 6 years ago.

A way to check

[DragonMagic]

Oftentimes, if an order through our store is fishy, the billing contact will be addressed. Since there is no overnight delivery available, deliveries can be delayed. We don't use the phone number so much as the mailing address, or the credit card company.

Online stores should be more paranoid about orders which have different billing and shipping addresses. Yes, people send out gifts, but then again, if they're shipping out a gift and you contact them, then you'll know whether it's a true order or a scam.

Dragon Magic

It's...

[Aloekak]

also the life of a security administrator... :)

You can really tell this story is fictional,

[taliver]

since somebody who lays in bed all day typing on a computer and eating pizza claims to have a real life girlfriend.

AdCops.com site not even secure!

[jmoloug1]

Anyone click over to Adcops web site? Go to their "member login" page and notice its not even a secure connection! And these people are signing up cusotmers to protect them from stolen credit cards and passwords? I think the whole thing is a joke.

Re:AdCops.com site not even secure!

[teatime]

I think Adcops is the real scam. I checked out their weak site and it looks ridiculous. They ask people to report people on their site and the like. What if the person reporting is lying. It looks like they have absolutely no expertise in the area of security and technology.

GF??!

[DeadVulcan]

5:30 p.m. I'm going to go meet my girlfriend. Take her out to dinner, go back to her place.

How did he meet this girl? By spamming a whole bunch of E-mail addresses??

Hey, then again...

--

Re:GF??!

[Dr.+Awktagon]

Either dinner was really short, or something else was.

Nah, she charged by the hour and he didn't want to run up the cc bill too high.

Re:GF??!

[Anoriymous+Coward]

And he was back by 7:50pm. Either dinner was really short, or something else was.

--

Re:however...

[mizhi]

They do have a niche to exploit... "stupid people"

Re:deficiency

[Bungie]

Since the late 80's and early nineties, phone companies have moved switching from the old card spitting stepper and crossbar systems to more computerized versions. Even with *69, you are still logged somewhere on the system. In the old days it worked because unless your phone companies system popped out a "trouble card" you would pretty much not be found. With newer databases, most companies can provide and exact record of EVERYTHING you have dialed from your phone, even if you dial only three numbers and hang up.

That story is full of BS. *69 is completely traceable and you are correct in what you say because ANI is done a "layer" below the CLID system which *69 works on. He would get caught so easily, especially dialing any number outside of his areacode which can often cause some friction between CLID interfaces at different switching stations, and the block may become changed or not even work at all!

Re:Shame on MSNBC for confusing 'crackers' with 'h

[ichimunki]

i think you need a better example than priests and con artists. some of us are not sure what the difference there is. :)

Yeah, we know

[sulli]

hackers != crackers. Next!

If this is hacking I'm not worried

[dropdead]

Thses guy's look like theif's and liar's not hackers. Hell even calling them script kiddies is a compliment. We don't call scam artits who use the phone Phreaks, so why do we call someone who happens to use a computer a hacker? I use GIMP to resize a picture at work am I now a multimedia professional?

Off-topic, but has to be said

[nugatory]

> It sure beats the current fad of shooting your classmates.
> (Lovecraftian emphasis added)

Gah.... That's not a "Lovecraftian" emphasis. Howard Philip Lovecraft never did that cheesy italics-at-the-end thing. You're thinking of August Derleth, who finished a few of Lovecraft's stories after Lovecraft's death, and wrote a bunch more in what he wistfully hoped was Lovecraft's style. Sadly, Derleth didn't have Lovecraft's talent for foreshadowing and structured his endings so ineptly that he had to resort to italics to make readers notice that the last sentence or so of the story was important.

Re:however...

[QwkHyenA]

Amen!

I watch what my parents do when they go online and it amazes me! They'll double click on anything and follow ANY link emailed to them!

Yep..thats what I thought too.

[NeoCode]

This whole thing is just too weird. Either the reporter wrote the story himself or the spammres are just stupid. I mean its obviously a story about spamming and not "hacking". And the thing that made my noggin go off is that the first guy seems to be working alone and doing quite good for himself (so he says). Then why would he taje this stupid risk for 250 bucks. And 11am-11pm ?!?! Those are his working hours. All that and he has a girl friend. Go figure
I just though I'd send this to /. If nothing else it would give people something to bitch about.

Re:Not very convincing

[NeoCode]

Tell me about it. When I first read it I was like, "huh!". but the again, the story came from msnbc. wouldn't surprise me at all if this thing came out as baloney.

Re:however...

[agentZ]

An update for modern times? "There's a sucker logging on every minute."

Re:deficiency

[tswinzig]

Specifically, what law requires you to keep logs?

I don't recall the exact name of the law, but I believe the bill in congress was HR1984.

Re:deficiency

[tswinzig]

Drat. You ruined my joke. HR1984. 1984. Get it?

A related link...

[CharlesDonHall]

The Honeynet Project has something similar.

That's two weeks worth of IRC logs from a compromised machine. A typical day seems to involve hanging out on the #warez channels and begging for someone to give you some credit card numbers.

Re:Big time criminals

[Weh]

I have my doubts about this story too, however I can think fo a reason why the kids would want to accept the $250; I think that they probably want the attention, if you're alone in a room there's no feedback on your work like in a normal job. In other words there's noone that says -you did a good job on this or that etc. etc. I think that even though they might (and I seriously doubt it) be making lots of money that kind of attention is important to people too.

This article is pretty naive.

[AFCArchvile]

I never thought I'd see "clever" and "script kiddies" used in the same sentence.

That is, until I saw it on an MSNBC article.

Re:*67 has no effect on ISP/Telco logs

[gol64738]

whoa, hold on buster. sure, going from point A to point B direct? yes, you are quite correct. HOWEVER, who is stupid enough to do something malicious on the net without hopping ALL OVER THE DAMN PLACE first?
this takes me back to early eighties, phreaking trashing daze.. when using a stolen long distance id#, i'd hop from sprint, to MCI canada, blow an operator offline at a pbx, back to the US and then to the intended target (just try and trace me through all that analog equip).
anyways, today isn't much different. what 'hacker' out there doesn't have 10+ hacked accounts on 'forgotten' university boxes with shell accounts? gimme a break.

gol

Re:Yeah, Fort Knox... OT MSNBC slam

[MidnightLog]

The scary bit is that it actually looks like it was written by a clueless reporter, not someone who should have at least an inkling of how to write a plausible story.

I love the picture of the reporter that MSNBC displays next to the story. He certainly looks clueless. He does have nice hair, however.

Re:Phony degrees

[KGraci]

Couldn't resist. quote frome the article: "One virtual university even offers a mail-order degree in nuclear engineering safety." THAT'S how homer got the job.....

Uh?

[Beowulf_Boy]

Did they catch these guys and then have them do this, or what?
I mean, if I was a hacker, I sure wouldn't go doing something like a diary, and giving it to these people! Even if it was through a hot-mail account, it'd still be traceable, if they new a HAcker was defiantely using it.

This is a joke.

[paranoidsim]

I notice one thing from this fake article. MSNBC bashing their biggest internet rival, AOL. well at least bashing their users.

Re:Shame on MSNBC for confusing 'crackers' with 'h

[MillionthMonkey]

Oh give it up already. In common usage nowadays, the word "hacker" means, pretty much, "using computers for criminal activity". Most people have no idea of the former (correct) meaning of the word. Curse the credulous, stupid media and the technically illiterate public if you want, but that's how the language has evolved. "Real" hackers get so upset about this, but it's just a frigging word. Abandon it. It's a lost cause. Call yourselves something else. This is one battle the hacker community will not win.

Re:Shame on MSNBC for confusing 'crackers' with 'h

[MillionthMonkey]

You never heard of the "New Hackers Dictionary" by Eric S Raymond?

Re:Shame on MSNBC for confusing 'crackers' with 'h

[shyster]

Phreaks are people who abuse the phone system. I believe these would simply be described as Internet-savvy con artists.

Re:4 d4y 1n th3 l1f3 0f 4 h4ck3r

[Interrobang]

Ok, this is the funniest thing I've read since...well...yesterday, when I encountered this autobiography of Norman Spinrad.

Apparently, having a high fever can give you pretty 31337 phr33X0r p0w3rz too!

Re:Not real h4><0rs

[Nucky]

He's on dialup, remember ^_^

Not real h4><0rs

[Nucky]

Come on, if this were real, it would look more like this:

11:00AM: I just woke up. Apparently I fell asleep while loading slashdot. I reload again.

11:01AM: Reload slashdot. I have a script to reload slashdot for me. I'll be sure to get "First Post" today!

11:02AM: Reload slashdot.

11:03AM: Reload slashdot.

11:04AM: Reload slashdot.

...

Not very convincing

[Sue+Forslev]

I don't think the reporter's telling the truth. I'm a law abiding citizen and if someone I didn't know sent me $250.00 and he didn't know who I was, I'd take the money and run. Diaries are too much of a pain. I'm just waiting for the reporter to get fired for making it up. But I'm sure the techniques are real. Good thing I delete spam immediately and have relaying disabled.

Observation...

[cmowire]

If that article is, in fact, true (I have some doubts about the veracity of it)...

Obviously, straightforward scams like getting AOL accounts and cc numbers are much more productive than stupid pyramic schemes. ;)

Re:*67 has no effect on ISP/Telco logs

[jamtz]

Did anyone else notice that bad guy #1 only spent 2 hours at his girlfriend's place for dinner? Not much time...

Wouldn't it be because he is supposed to be a great hacker-geek who also has a girlfriend, something NOT seen in real life?
In real world, Mr. Hacker would be having dinner with his old granny, tops...

Spammy

[Husaria]

Like AOL would do anything to improve their security
Spam is a hell of a problem. What happened with that anti-spam law anyway? I thought it was passed, maybe Dubya thinks those emails are real and doesn't want to read real email from citizens.

deficiency

[deran9ed]

11:03 a.m. Open up one of my new Yahoo accounts through an untraceable NetZero account.

Uh... And how do you suppose your gonna dial into it?

I use www.anonymizer.com to go to the Yahoo account because I'm paranoid. Hell if anyone's going to get my IP (Internet address). Screw the Feds, they are lazy they won't trace me back that far.

Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...

Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me. By then I'll have a new number. Hell, I go through telephone lines about one every 2-3 months.

Uhh... No matter how many times you change your number, there is always a record

If I'm super paranoid, I skip Anonymizer and hack me a Wingate. Then the Feds will trace back to one of the lamers' home computers not mine ;) LOL! Basically if I use a Wingate they can't track me at all! I should use gates more often ;( Hell I'm getting almost as lazy as a Fed. Ha!

Boy is this moron sure dumb

Seems to me like the only thing he "hacked" was some dumb ass reported who was an ass enough to get conned into thinking this e-tard was anyone special or had any talent other than bullshitting.

The media is going ballistic on "hacker" cases these past few months, and I'm starting to think they should be held accountable for promoting this activity, especially when you pay someone to do this (basically).

The media has totally bastardized hacking and those in the computer security field like the hackers at companies like @stake, Neohapsis.com, etc, end up getting bad reputations from morons like this. Its a shame to think people actually pay mind to idiots like this often casting dark shadows on to those that "hack" for just cause, such as fixing issues, e.g., Rain Forest Puppy, DugSong, obecian, etc..

Stupid news

Re:deficiency

[dhollis]

Seems to me like the only thing he "hacked" was some dumb ass reported who was an ass enough to get conned into thinking this e-tard was anyone special or had any talent other than bullshitting.

Don't kid yourself here; the reporter got what he wanted. He got a flashy story about the computer "underground". The hax0r even dressed the story up for him with pompous language and sensationalism. The reporter is probably happier with this than something true but bland.

4 d4y 1n th3 l1f3 0f 4 h4ck3r

[deran9ed]

Part 1: A School Day

7:20am: Elite hax0r wakes up to prepare for another challenging day of 7th grade.
7:25: Elite hax0r signs onto AOL (computer is never turned off)
7:30: Elite hax0r checks new mail for elite hacking progs and warez
7:40: After 10 minutes of chatting in with the folks in leet, elite hax0r's mom takes the telephone off the hook.
7:55: m0m and elite hax0r are having an argument about wasted time online.
8:00: elite hax0r's dad drops him off at Mitnick Middle School
8:05: elite hax0r enters typing class. this is his elite hacking playground, and he loves to confuse the teacher by pressing num lock, and shouting '3y3 hax0red j00!!!'
9:00: typing class is over, and elite hax0r travels to his history class. No 'puters here, so, he strategically places his copy of 2600 inside his history book and memorizes the 'how to steal stuff' article.
9:30: history teacher catches elite hax0r with the clandestine 2600 and takes it away from him. elite hax0r begins a heart-wrenching speel about freedom of speech, and his right as a citizen of this country to read his elite 2600 whenever he pleases. he compares this atrocity to the unjust imprisonment of hax0rs everywhere, and takes comfort in his martyrdom. leet is definitely hearing about this tonight.
10:05: elite hax0r goes to english.
10:50: elite hax0r goes to lunch period. here, he sits with his class in the cafeteria and takes his usual spot near the lunchlady's cashregister so he can write down people's lunch numbers. This comes in handy, as they could possibly use their lunch number as their AOL password. And if not, its always really leet to have even the most insignificant 1nph0z.
11:25: elite hax0r goes to pre algebra. today, he makes the kid in the desk next to him ph33r when he types 1134 on the calculator and holds it upside down. he wonders if this is similar to hacking an LED sign like in 2600..?
12:15: elite hax0r goes to science class where he learns about the reproductive system. elite hax0r excuses himself from class where he performs a quick wetware hack.
1:30: elite hax0r gathers his books and stands in front of the school
1:35: elite hax0r is picked up by the small yellow bus with the power lift on the back.
2:00: elite hax0r is dropped off at home, and he rushes inside to sign on and check his mail.
2:30: after 30 minutes online, elite hax0r is forced to sign off and take a nap. Ms. Hax0r cant have her baby getting cranky.
4:45: elite hax0r wakes up, and begins writing his manifesto, which he plans to present to his history teacher tomorrow.
4:47: elite hax0r gets tired of writing and feels like going outside. he and his little brother ride their bikes around in circles in the carport.
5:15: Ms. Hax0r calls the children inside for dinner.
6:00: hax0r children finish dinner, and elite hax0r asks for permission to get online and hack some stuff.
6:05: elite hax0r battles AOL's perpetual busy signal; its probably just a ploy by AOL to block him from coming online, in ph33r he might hax0r their network.
7:05: elite hax0r continues to hax0r away at AOL's "busy signal"
7:30: finally, elite hax0r crax0rs the busy signal and sneaks his way inside. He checks his mail for leet progs and tries to enter pr 'leet'. But, in another attempt by AOL to bring him down, the room is full (its really just their $3cur1ty 3xp3rt$ trying to keep him out).
7:40: elite hax0r finally busts into 'leet' in 137 tries. he chats with his homies.
8:00: elite hax0r is still chatting with the leets, when Ms. Hax0r picks up the fux0ring telephone and signs him offline.
8:35: after 20 minutes of crax0ring the "busy signal", in an angered retalliation attempt, elite hax0r steals mom's credit cards and scrolls them in 'leet' and 'phreak'.
9:00: elite hax0r finally finishes scrolling, and takes some time to work on his webpage; http://members.aol.com/Leethax0r/index.html. Here, he posts his new hax0r's manifesto, and lists $houtoutZ to his homies in 'leet' and 'punt', and his main chix0r Annie.
10:00: after an hour of figuring out how to use the AOL webpage software, he grows tired of all this brain work, and signs offline.
10:25: leet hax0r brushes his teeth,puts on his kevin mitnick pajamas, and goes to sleep.
11:00: leet hax0r dreams that he is Dade Murphy, and that he is having wild sex0r with Acid Burn, while hacking the FBI's Main Gibson.

Stupid News

Re:4 d4y 1n th3 l1f3 0f 4 h4ck3r

[Stackis]

11:15...
haxOr has a cig, and snuggles w/his blow up doll...

*67 has no effect on ISP/Telco logs

[chathamhouse]

"Screw the Feds, they are lazy they won't trace me back that far. Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me."

I'm pretty sure *67 doesn't work on some ISDN/PRI Lines (which many ISP's used). I know for a fact it didn't work at a local ISP here (I tested it personally).

The "hacker/cracker/bad guy's" comment made me laugh uncontrollably for a few minutes. Having recovered from the initial shock at the stupidity of his comment, I'll share a bit of info as to how hard one would have to dig to find out who he was, or at least where he was calling from:

Note: I work for a national telco/isp, the combination of which greatly helps this process.

1. Find just one of spam boy's emails originating from his "phished" account. The message's headers will be more than pleased to provide you with time stamps.

2. Take the time stamps and userid, and compare them to the logs in the authentication servers (tacacs or radius, normally). These logs should, unless morons setup the system, indicate which NAS (network access server, the box you dial into) was used to logon to the ISP. The NAS should have sent a string to a syslog with connection speed (upstream/downstream), dialed number, and originating number.

3. You *will* have the originating number even if *67 was used. This is because *67 is a feature set for end users which can be disabled/masked, whereas the originating number received on an ISDN PRI has been provided by SS7 signaling, and is mandatory to the system's proper functionning.

4. With the originating number, the local telco will provide the line's physical address. This is assuming that a police officer/investigator/detective makes the request. Of course, there are many free number-to-address directories on the net that could provide this data.

5. All of the above requires about a day, depending on the size of the log files that have to be searched through, and the short delay in getting info from local telcos (they do move quickly if the right person asks).

All this to say that if these guys are getting away with their crimes for the time being, good for them. However, some "cyber crime" unit will eventually do a sweep, grab all of the above info for a bunch of small time operators in a given city, and shut them down. Yee-haw.

Did anyone else notice that bad guy #1 only spent 2 hours at his girlfriend's place for dinner? Not much time...

Re:Shame on MSNBC for confusing 'crackers' with 'h

[JonKatzIsAnIdiot]

>Confusing the two is like calling every martial-arts student a 'ninja.'

Actually, your analgy fits. A martial-arts student is studying to improve his life. A ninja is a luser who thinks running around in black pajamas is kewl.

YO MTV HACKS!

[maddest_hatter]

Although I missed the actual show, I am sure this is just a rehash of a transcript from that MTV show on hacking. The kid in this one seems to be just as uber cool. I wish I stilled used the term "phishing." I remember when I had AOL and everyone used those stupid scripts. It is amzing that they still work. Which is to say, that perhaps they don't.

As far as I am concerned, there is either a really creative reporter or a creative script kiddie behind this.

*maddest_hatter*

Re:Day 3

[Stackis]

Day 4...

Gets job at Microshaft to try an fix all of the frigging IIS 5 holes

I emailed the author of the article.

[banuaba]

Here is the text of an email I sent to the author of this article. I just copied and pasted from my email window before sending, so please excuse any spelling errors. And the formatting sucks. But, if anybody has any feedback, I'd love to hear it. Or anything to suggest to him if he emails me back.

Bob--
I read your article located at http://www.msnbc.com/news/550567.asp and I found some things that I disagreed and thought that I would share my ideas with you. I am basing my statements from both my personal knowledge and a thread at /., a 'News for Nerds' website. The thread can be found at: http://slashdot.org/article.pl?sid=01/03/29/163624 0&mode=nested .

Firstly, I'd like to quibble some semantics with you. These kids are not 'hackers', they are 'crackers'. A hacker wears a white hat. The crackers wear a black hat. As far as that goes, these kids are not even crackers, they are spammers and thieves. They do not bypass system security in any way, they do not have to show any cleverness. Speaking of clever, you say "clever teen-agers, so called "script kiddies" Script kiddies are not clever. That is the point of the term. They use scripts that were formatted by someone who possessed skill and they just run them. This is not clever, it is, to use thier lingo ' 74m3' (lame).

Secondly, I think that you were had. I think that these were just a couple of bored guys on EFnet who decided to see how much money they could leach from 'the man'. If they are, in fact, making $100k+ a year or anything even close to that (which I doubt), why would they risk jail for a measly 250 bucks? There are, as noted on slashdot, numerous errors and inconsistencies which I won't go into here.

Thirdly, unless you knew this story was false, it seems like you were subsidizing criminal activity by paying these children to steal cc numbers; which is, last time I checked, illegal. A way your article could have helped people, instead of just making AOL users paranoid is to have explained what it was these people were doing and how to know to be suspicious. You could have made a sidebar of the major free e-mail providers and free webspace providers (geocities, yahoo, hotmail, e-mail.com, freeyellow, juno, ad infinitum) and explained how easy it is to get multiple emails/webpages from them. Also, did you do any validation of this story? I could have written a diary for you that would have been written better and more technically accurate. And you could have sent me a check at home instead of bothering with the Western Union subterfuge.

If you would like to contact me, feel free to do so by any of the information listed below.

Brant Pierce
512-xxx-2732
brant.pierce@xxxxxxxx.com
Numeric Paging: 888-536-7251
Text Paging: 5367251@skytel.com
----
This letter represents the opinions of Brant Pierce. It does not represent the views or opinions of xxxxxxxxx Communications, Inc. or any of its subsidiaries.
Brant

Another hacker/cracker story.

[AX.25]

9:15am Reload /. darn no new story.
9:16am Reload /. still no new story.
9:17am Reload /. still no new story.
9:18am Reload /. Ah, new story not posts, first post here I come.
9:18:20am First Post suckers!!!!!!
9:18:25am [#27] what the...???

Not worth it.

[Joohn]

Living a paranoid life like that can't be worth any money in the world.

the Obvious

[cowtamer]

-he's making 6 figures...so he'll risk his behind for $250 -he uses a stolen cell to order pizza. Ingenious... -and, of course, he has a girlfriend!!! (the serial port?)

Re:Shame on MSNBC for confusing 'crackers' with 'h

[Nurgster]

Hackers are people who thrive on being faced with problems and finding clever, innovative solutions to them. Crackers are people who break into computer systems. Confusing the two is like calling every martial-arts student a 'ninja.'

Taking this out of the context of IT for a moment, the verb 'to hack' generally implies destruction (and usually involves an axe), so maybe the MSNBC definition is better suited for the use?

Phony degrees

[Eoli]

Here's an old Wired! story about how phony degrees are a big scam. This may be related to the fact that you see so many PhD's at Microsoft.

six figures

[thanq]

six figures a year? and they spend it on laptops? wht the hell would you do with all that stuff? 'hey man i got a closet full of laptops' sure.. like no one would notice. feds and IRS is not that retarded to overlook some dude that has so much money. but then again maybe he just meant that it may earn him a two figures in jail.

5:15pm : Mom gets home, must take out garbage

[Morticon]

Notice perpetual bachelor number one didn't spend so long at his girlfriend's place.

PRAVDA - Don't it feel good?

[TechnoGrl]

It must be true- I saw it on the Internet! In the midst of a growing government PR campaign to demonize those with a bit of knowledge and to reduce the abilities of the rest of us to access information (all in the name of protecting our children from porn of course) comes this wonderful piece of fluff from MSNBC. I mean if you can't trust the combined corporate integreties of Microsoft and General Electric corporation well then - I mean who can you trust? Bob Sullivan, the article's author, is a corporate tool who has brought us such notable articles as: "Now, e-mail is even more dangerous", "'Melissa' Continues To Wreak Havoc" and (who could forget) "Surgeon general of the Web? - The eruption of a new virus leads to confusion" Can you say agenda? I knew that you could? The article about the alledged hackers smells worse then a Unix geek on a three day coding binge - I don't believe a bit of it. Wonderful piece of fiction though. Want to find out how and why this kind of crap gets passed off as "news"? Check out these articles about cia partnership with our national news media: http://www.mprofaca.cro.net/ciapress1.html http://www.whatreallyhappened.com/RANCHO/POLITICS/ MOCK/mockingbird.html

stories

[Diplomat73]

reporters are always looking for good stories. with all this take about spam and such, its no wonder that a story like this occurs. I mean people do want to know the 'faces' behind all the spam. I like to thing of it like something like the Scarlet of Pimpernel.

What a load of....

[Zeio]

The story that is filled with hacker-esque buzzwords went awry when he mentioned a girlfriend. Another flaw is how would a e-journalist locate such a mind fetus to get an 'expose' on the subject? Please.

that's very clever mr. "hacker man"...

[TrollFeeder]

...but are you happy?

--
"May the forces of evil become confused on the way to your house"

Re:your sig:

[slaida1]

it's from star wars..
emperor palpatine said to luke.

Re:Big time criminals

[Computer!]

Sorry. In the time it took me to type my reply, all of my points had been brought up already. Just wanted to let you know that I know that you know.

Big time criminals

[Computer!]

I have a hard time believing that these guys are clearing six figures a year on these scams. For the following reasons:

1. Why would anyone keep a diary of their days, which could be used as evidence to send them to jail, and sell it for a measly USD250? If these guys are really pulling down USD100K+, this would be chump change.
2. Where's all the cash? Laptops and Playstations are nice toys, but you can't trade them for food or rent. The only cash actually mentioned is the USD250 that the boys were paid to keep track of their crimes
3. All of these scams are pretty short-lived once you get to the point of actually receiving hard merch for your efforts. I don't know who the friend is that he keeps sending stolen stuff to, but that kid's an idiot. Once someone checks their credit card bill, and traces it back to this "friend", it's all over.
4. Although it wasn't mentioned, I get the feeling these dudes live with their parents. Not exactly high rollers, eh?

AOL

[I_am_God_Here]

Reminds me of when I was on AOL. I used a program called AOHELL. It was quite useful. It included what was known as a phisher. The phisher generated authority style screen names and sent people messages that were very scary and formal looking that asked for a persons passwords. Me and my friends used to make a game of it and see how meny suckers we could get to give us their password, credit card numbers, mom's madain name, anything we could think of. Certian things were more points then other, password 5, credit card numbers 15, and so on. The one who got the highest score won a case of beer. We always just through out the information we got. The fun for us was getting the numbers off someone not actually causing trouble. That stupid game wasted many an afternoon.

yeah im sure

[whtvr4]

So this 'hacker' was paid $250 to log a typical day in their life. According to this 'hacker' s/he makes thousands in a day. Why piddle around for $250?

We are deeply concerned.

[aol]

We here at AOL are deeply concerned with what we are reading here.
Remember just because someone puts pictures of boobies on a website and says you can see more or only $4.95, does not mean that it is a good deal. (It is only a good deal if they show booty also).

And remember never give your AOL password to anyone who doesn't claim to be an AOL employee.
Finally AOL billing needs your login and password. Please email them to aolpasswordthief@crime.da.ru