Slashdot Mirror
Day In The Life Of Net Scam Artists
NeoCode writes: "This articles chronicles a day in the life of two hackers. Seems like a reporter anonymously paid these hackers to log in their typical day. In the article, they talk about how they fool people with their spams and phreaking scams. Its in quite a bit of detail in terms of what these guys do to make money (and tons of it). Obviously these guys are breaking the law and nibbling on innocent/naive users. Looks like AOL and other ISPs still have to beef up their filters to stop spamming." Not a lot of details, but it's kinda interesting.
This story is a huge crock of shit.
Wordnik, a dictionary project which aims to collect
Sounds like spam to me.
Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...
Specifically, what law requires you to keep logs?
D
Hackers are people who thrive on being faced with problems and finding clever, innovative solutions to them. Crackers are people who break into computer systems.
Says who? Try looking up "hacker" in, say, Merriam-Webster's Collegiate Dictionary. You seem to be under the mistaken impression that small subcultures get to force their own pet definitions on society at large. It works the other way around...words mean whatever the population at large decide they mean. Heck, even the Jargon File admits that hacker was originally used to mean "a malicious meddler" and only recently has that use become deprecated.
Confusing the two is like calling every martial-arts student a 'ninja.'
No, it's more like a subset of karate students (it's only a subset because not all karate students agree with them on this issue) suddenly deciding that, because of the increased media exposure that the movie Karate Kid brought to their subculture they now want to be called "judo-ka" -- and who cares if karate and judo are already in widespread use? -- and then getting their obi in a twist when everyone keeps calling it karate.
Unless you are trying to suggest that there is some innate meaning in the two words completely separate from what society imparts to them.
-jon
Remember Amalek.
That's the third time I had to enter my credit card info to post to slashdot.
What's up with that?
For the credit card companies, it's a business decision, in the USA you can only be held liable for $50 in fraud if you report it, so they likely feel it's the consumer's problem to report it.
For law enforcement, it's only a few thousand dollar scam at most, and they are probably more interested in going after murderers and higher profile criminals. If these scam artists don't get too greedy and don't make too much noise, I'm sure they can keep up scams like these for years.
For the internet computer store, it's a tough call, many customers really do buy laptops as gifts or want stuff sent to a different address, are you going to turn away that business?
Here's a typical story from here.
While I think the stories are probably somewhat exaggerated, I think that there is more truth than many posters have been willing to admit.
- Twid
- "When you want something with all your heart, the entire universe conspires to give it to you" -Paulo Coelho
"11:01 a.m. Well, I just checked www.westernion.com and he wasn't lying, he sent the funds. I got the tracking number and he paid by cash so I can pick up the money without an ID. Secret question/answer was "what's your mother's maiden name?" Answer was "tu madre." "
Can you really pick up money from Western Union without an ID? I checked their website and their FAQ says:
"You may pick up your money transfer at any Agent location. You will need to complete a "To Receive Money" form with the following information: name, address, telephone number, amount expected, as well as the sender's name, telephone number, city and state being sent from. Valid identification is also required. Some restrictions may apply."
Seems fishy...
I also found this interesting:
"Screw the Feds, they are lazy they won't trace me back that far. Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me."
I'm pretty sure *67 doesn't work on some ISDN/PRI Lines (which many ISP's used). I know for a fact it didn't work at a local ISP here (I tested it personally).
How much validation is done on these claims of great exploits?
"9:15am Cracked a Brinks truck using my PalmOS hackmaster app called 'cash'."
"9:45am Almost tripped the goons at Fort Knox, but hid in the bushes an extra five minutes. An hour later, a five-nines bullion bar in my backpack, and off for new challenges."
Might this be just a tad bit embellished for the reporter's sake?
[
As someone who was into the underground scene on EFNet from 91' to 95' let me tell you, don't think you can do this.
The first guy collects his money at western unions. This will not work because the feds work with AOL and you will scam a fed who will be at the western union waiting to meet you.
The second guy has his carded mail sent to a friends house. Whoever signs for this is going to jail. Once the friend gets arrested he will rat him out.
I bet these two guys pulled this off once or twice and wrote about it like its a day job. If someone stupid falls for it you might make quick cash once or twice. If you keep trying it you will get busted sooner than later.
Now according to this acrticle these people use SPAM as one of their main forms of getting to victims. Hmmm how can we fight this problem?? If we were ALLOWED to enforece our AUP, and our contract that a customer signs then this activity would be less profitable and easier to trace.
For isntance, joe/badboy/hacker uses a stloen card signs up for a throw away account and start spamming. If joe is useing a stolen card a 19.95 gets looked over, but a 500 dollar charge gets noticed. So come on Credit Card people, if we can PROVE it why can't we charge these people for taking up our time, system resources etc. As this article clearly points out SPAM is used very often for illegal practices.
Why won't the credit card companies help us clean up?
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
"SECURITY EXPERTS WILL tell you most of the computer attacks they see every day are initiated by clever teen-agers, so called ?script kiddies.?"
I started laughing when I read that. Most of the rest of it was very funny also. I never thought I would read the words "clever" and "script kiddie" in the same sentance. LOL
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
An update for modern times? "There's a sucker logging on every minute."
Either dinner was really short, or something else was.
Nah, she charged by the hour and he didn't want to run up the cc bill too high.
And he was back by 7:50pm. Either dinner was really short, or something else was.
--
11:03 a.m. Open up one of my new Yahoo accounts through an untraceable NetZero account.
;) LOL! Basically if I use a Wingate they can't track me at all! I should use gates more often ;( Hell I'm getting almost as lazy as a Fed. Ha!
Uh... And how do you suppose your gonna dial into it?
I use www.anonymizer.com to go to the Yahoo account because I'm paranoid. Hell if anyone's going to get my IP (Internet address). Screw the Feds, they are lazy they won't trace me back that far.
Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...
Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me. By then I'll have a new number. Hell, I go through telephone lines about one every 2-3 months.
Uhh... No matter how many times you change your number, there is always a record
If I'm super paranoid, I skip Anonymizer and hack me a Wingate. Then the Feds will trace back to one of the lamers' home computers not mine
Boy is this moron sure dumb
Seems to me like the only thing he "hacked" was some dumb ass reported who was an ass enough to get conned into thinking this e-tard was anyone special or had any talent other than bullshitting.
The media is going ballistic on "hacker" cases these past few months, and I'm starting to think they should be held accountable for promoting this activity, especially when you pay someone to do this (basically).
The media has totally bastardized hacking and those in the computer security field like the hackers at companies like @stake, Neohapsis.com, etc, end up getting bad reputations from morons like this. Its a shame to think people actually pay mind to idiots like this often casting dark shadows on to those that "hack" for just cause, such as fixing issues, e.g., Rain Forest Puppy, DugSong, obecian, etc..
Stupid news
360 degrees of Karma
Part 1: A School Day
7:20am: Elite hax0r wakes up to prepare for another challenging day of 7th grade.
7:25: Elite hax0r signs onto AOL (computer is never turned off)
7:30: Elite hax0r checks new mail for elite hacking progs and warez
7:40: After 10 minutes of chatting in with the folks in leet, elite hax0r's mom takes the telephone off the hook.
7:55: m0m and elite hax0r are having an argument about wasted time online.
8:00: elite hax0r's dad drops him off at Mitnick Middle School
8:05: elite hax0r enters typing class. this is his elite hacking playground, and he loves to confuse the teacher by pressing num lock, and shouting '3y3 hax0red j00!!!'
9:00: typing class is over, and elite hax0r travels to his history class. No 'puters here, so, he strategically places his copy of 2600 inside his history book and memorizes the 'how to steal stuff' article.
9:30: history teacher catches elite hax0r with the clandestine 2600 and takes it away from him. elite hax0r begins a heart-wrenching speel about freedom of speech, and his right as a citizen of this country to read his elite 2600 whenever he pleases. he compares this atrocity to the unjust imprisonment of hax0rs everywhere, and takes comfort in his martyrdom. leet is definitely hearing about this tonight.
10:05: elite hax0r goes to english.
10:50: elite hax0r goes to lunch period. here, he sits with his class in the cafeteria and takes his usual spot near the lunchlady's cashregister so he can write down people's lunch numbers. This comes in handy, as they could possibly use their lunch number as their AOL password. And if not, its always really leet to have even the most insignificant 1nph0z.
11:25: elite hax0r goes to pre algebra. today, he makes the kid in the desk next to him ph33r when he types 1134 on the calculator and holds it upside down. he wonders if this is similar to hacking an LED sign like in 2600..?
12:15: elite hax0r goes to science class where he learns about the reproductive system. elite hax0r excuses himself from class where he performs a quick wetware hack.
1:30: elite hax0r gathers his books and stands in front of the school
1:35: elite hax0r is picked up by the small yellow bus with the power lift on the back.
2:00: elite hax0r is dropped off at home, and he rushes inside to sign on and check his mail.
2:30: after 30 minutes online, elite hax0r is forced to sign off and take a nap. Ms. Hax0r cant have her baby getting cranky.
4:45: elite hax0r wakes up, and begins writing his manifesto, which he plans to present to his history teacher tomorrow.
4:47: elite hax0r gets tired of writing and feels like going outside. he and his little brother ride their bikes around in circles in the carport.
5:15: Ms. Hax0r calls the children inside for dinner.
6:00: hax0r children finish dinner, and elite hax0r asks for permission to get online and hack some stuff.
6:05: elite hax0r battles AOL's perpetual busy signal; its probably just a ploy by AOL to block him from coming online, in ph33r he might hax0r their network.
7:05: elite hax0r continues to hax0r away at AOL's "busy signal"
7:30: finally, elite hax0r crax0rs the busy signal and sneaks his way inside. He checks his mail for leet progs and tries to enter pr 'leet'. But, in another attempt by AOL to bring him down, the room is full (its really just their $3cur1ty 3xp3rt$ trying to keep him out).
7:40: elite hax0r finally busts into 'leet' in 137 tries. he chats with his homies.
8:00: elite hax0r is still chatting with the leets, when Ms. Hax0r picks up the fux0ring telephone and signs him offline.
8:35: after 20 minutes of crax0ring the "busy signal", in an angered retalliation attempt, elite hax0r steals mom's credit cards and scrolls them in 'leet' and 'phreak'.
9:00: elite hax0r finally finishes scrolling, and takes some time to work on his webpage; http://members.aol.com/Leethax0r/index.html. Here, he posts his new hax0r's manifesto, and lists $houtoutZ to his homies in 'leet' and 'punt', and his main chix0r Annie.
10:00: after an hour of figuring out how to use the AOL webpage software, he grows tired of all this brain work, and signs offline.
10:25: leet hax0r brushes his teeth,puts on his kevin mitnick pajamas, and goes to sleep.
11:00: leet hax0r dreams that he is Dade Murphy, and that he is having wild sex0r with Acid Burn, while hacking the FBI's Main Gibson.
Stupid News
360 degrees of Karma
I'm pretty sure *67 doesn't work on some ISDN/PRI Lines (which many ISP's used). I know for a fact it didn't work at a local ISP here (I tested it personally).
The "hacker/cracker/bad guy's" comment made me laugh uncontrollably for a few minutes. Having recovered from the initial shock at the stupidity of his comment, I'll share a bit of info as to how hard one would have to dig to find out who he was, or at least where he was calling from:
Note: I work for a national telco/isp, the combination of which greatly helps this process.
1. Find just one of spam boy's emails originating from his "phished" account. The message's headers will be more than pleased to provide you with time stamps.
2. Take the time stamps and userid, and compare them to the logs in the authentication servers (tacacs or radius, normally). These logs should, unless morons setup the system, indicate which NAS (network access server, the box you dial into) was used to logon to the ISP. The NAS should have sent a string to a syslog with connection speed (upstream/downstream), dialed number, and originating number.
3. You *will* have the originating number even if *67 was used. This is because *67 is a feature set for end users which can be disabled/masked, whereas the originating number received on an ISDN PRI has been provided by SS7 signaling, and is mandatory to the system's proper functionning.
4. With the originating number, the local telco will provide the line's physical address. This is assuming that a police officer/investigator/detective makes the request. Of course, there are many free number-to-address directories on the net that could provide this data.
5. All of the above requires about a day, depending on the size of the log files that have to be searched through, and the short delay in getting info from local telcos (they do move quickly if the right person asks).
All this to say that if these guys are getting away with their crimes for the time being, good for them. However, some "cyber crime" unit will eventually do a sweep, grab all of the above info for a bunch of small time operators in a given city, and shut them down. Yee-haw.
Did anyone else notice that bad guy #1 only spent 2 hours at his girlfriend's place for dinner? Not much time...