Day In The Life Of Net Scam Artists

NeoCode writes: "This articles chronicles a day in the life of two hackers. Seems like a reporter anonymously paid these hackers to log in their typical day. In the article, they talk about how they fool people with their spams and phreaking scams. Its in quite a bit of detail in terms of what these guys do to make money (and tons of it). Obviously these guys are breaking the law and nibbling on innocent/naive users. Looks like AOL and other ISPs still have to beef up their filters to stop spamming." Not a lot of details, but it's kinda interesting.

Story Summary

[MoNickels]

Quick summary:

This story is a huge crock of shit.

Re:If more people would fight back

[Bob+McCown]

I got a spam the other week that lead off with this gem: "This isn't spam. This is a legitimate business email, and I got your address from a list that I purchased"

Sounds like spam to me.

Re:deficiency

[Dredd13]

I use www.anonymizer.com to go to the Yahoo account because I'm paranoid. Hell if anyone's going to get my IP (Internet address). Screw the Feds, they are lazy they won't trace me back that far.

Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...

Specifically, what law requires you to keep logs?

D

Re:GF??!

[TWR]

Methinks that "her place" is a glove...

-jon

That's the third time...

[Polo]

That's the third time I had to enter my credit card info to post to slashdot.

What's up with that?

Do not try this you will go to jail.

[Oztun]

As someone who was into the underground scene on EFNet from 91' to 95' let me tell you, don't think you can do this.

The first guy collects his money at western unions. This will not work because the feds work with AOL and you will scam a fed who will be at the western union waiting to meet you.

The second guy has his carded mail sent to a friends house. Whoever signs for this is going to jail. Once the friend gets arrested he will rat him out.

I bet these two guys pulled this off once or twice and wrote about it like its a day job. If someone stupid falls for it you might make quick cash once or twice. If you keep trying it you will get busted sooner than later.

Re:Do not try this you will go to jail.

[susano_otter]

You know what, though? I'd rather return to the days when the "hip" thing for highschool outcasts to do was warez scams and carding.

It sure beats the current fad of shooting your classmates.

(Lovecraftian emphasis added)

And the credit card companies just don't care

[cluge]

I work for a small ISP and we have a Zero tolerance policy regarding SPAM. We clearly state that if you spam we will charger your account 500 dollars and send you on your way. We do the research (sometimes newbiews/chruch groups get a second chance) and bill the SPAMMER. The SPAMMEr then complains to his CC company and they ALWAYS give him a refund and charge for the pleasure of enforcing a CLEARLY stated policy. It doesn't matter if i provide a contract SIGNED by the customer, and have logs with phone numbers etc etc etc add nauseum. The CC people simply will not let the charge stick.

Now according to this acrticle these people use SPAM as one of their main forms of getting to victims. Hmmm how can we fight this problem?? If we were ALLOWED to enforece our AUP, and our contract that a customer signs then this activity would be less profitable and easier to trace.

For isntance, joe/badboy/hacker uses a stloen card signs up for a throw away account and start spamming. If joe is useing a stolen card a 19.95 gets looked over, but a 500 dollar charge gets noticed. So come on Credit Card people, if we can PROVE it why can't we charge these people for taking up our time, system resources etc. As this article clearly points out SPAM is used very often for illegal practices.

Why won't the credit card companies help us clean up?

Re:GF??!

[Anoriymous+Coward]

And he was back by 7:50pm. Either dinner was really short, or something else was.

--

deficiency

[deran9ed]

11:03 a.m. Open up one of my new Yahoo accounts through an untraceable NetZero account.

Uh... And how do you suppose your gonna dial into it?

I use www.anonymizer.com to go to the Yahoo account because I'm paranoid. Hell if anyone's going to get my IP (Internet address). Screw the Feds, they are lazy they won't trace me back that far.

Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...

Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me. By then I'll have a new number. Hell, I go through telephone lines about one every 2-3 months.

Uhh... No matter how many times you change your number, there is always a record

If I'm super paranoid, I skip Anonymizer and hack me a Wingate. Then the Feds will trace back to one of the lamers' home computers not mine ;) LOL! Basically if I use a Wingate they can't track me at all! I should use gates more often ;( Hell I'm getting almost as lazy as a Fed. Ha!

Boy is this moron sure dumb

Seems to me like the only thing he "hacked" was some dumb ass reported who was an ass enough to get conned into thinking this e-tard was anyone special or had any talent other than bullshitting.

The media is going ballistic on "hacker" cases these past few months, and I'm starting to think they should be held accountable for promoting this activity, especially when you pay someone to do this (basically).

The media has totally bastardized hacking and those in the computer security field like the hackers at companies like @stake, Neohapsis.com, etc, end up getting bad reputations from morons like this. Its a shame to think people actually pay mind to idiots like this often casting dark shadows on to those that "hack" for just cause, such as fixing issues, e.g., Rain Forest Puppy, DugSong, obecian, etc..

Stupid news

4 d4y 1n th3 l1f3 0f 4 h4ck3r

[deran9ed]

Part 1: A School Day

7:20am: Elite hax0r wakes up to prepare for another challenging day of 7th grade.
7:25: Elite hax0r signs onto AOL (computer is never turned off)
7:30: Elite hax0r checks new mail for elite hacking progs and warez
7:40: After 10 minutes of chatting in with the folks in leet, elite hax0r's mom takes the telephone off the hook.
7:55: m0m and elite hax0r are having an argument about wasted time online.
8:00: elite hax0r's dad drops him off at Mitnick Middle School
8:05: elite hax0r enters typing class. this is his elite hacking playground, and he loves to confuse the teacher by pressing num lock, and shouting '3y3 hax0red j00!!!'
9:00: typing class is over, and elite hax0r travels to his history class. No 'puters here, so, he strategically places his copy of 2600 inside his history book and memorizes the 'how to steal stuff' article.
9:30: history teacher catches elite hax0r with the clandestine 2600 and takes it away from him. elite hax0r begins a heart-wrenching speel about freedom of speech, and his right as a citizen of this country to read his elite 2600 whenever he pleases. he compares this atrocity to the unjust imprisonment of hax0rs everywhere, and takes comfort in his martyrdom. leet is definitely hearing about this tonight.
10:05: elite hax0r goes to english.
10:50: elite hax0r goes to lunch period. here, he sits with his class in the cafeteria and takes his usual spot near the lunchlady's cashregister so he can write down people's lunch numbers. This comes in handy, as they could possibly use their lunch number as their AOL password. And if not, its always really leet to have even the most insignificant 1nph0z.
11:25: elite hax0r goes to pre algebra. today, he makes the kid in the desk next to him ph33r when he types 1134 on the calculator and holds it upside down. he wonders if this is similar to hacking an LED sign like in 2600..?
12:15: elite hax0r goes to science class where he learns about the reproductive system. elite hax0r excuses himself from class where he performs a quick wetware hack.
1:30: elite hax0r gathers his books and stands in front of the school
1:35: elite hax0r is picked up by the small yellow bus with the power lift on the back.
2:00: elite hax0r is dropped off at home, and he rushes inside to sign on and check his mail.
2:30: after 30 minutes online, elite hax0r is forced to sign off and take a nap. Ms. Hax0r cant have her baby getting cranky.
4:45: elite hax0r wakes up, and begins writing his manifesto, which he plans to present to his history teacher tomorrow.
4:47: elite hax0r gets tired of writing and feels like going outside. he and his little brother ride their bikes around in circles in the carport.
5:15: Ms. Hax0r calls the children inside for dinner.
6:00: hax0r children finish dinner, and elite hax0r asks for permission to get online and hack some stuff.
6:05: elite hax0r battles AOL's perpetual busy signal; its probably just a ploy by AOL to block him from coming online, in ph33r he might hax0r their network.
7:05: elite hax0r continues to hax0r away at AOL's "busy signal"
7:30: finally, elite hax0r crax0rs the busy signal and sneaks his way inside. He checks his mail for leet progs and tries to enter pr 'leet'. But, in another attempt by AOL to bring him down, the room is full (its really just their $3cur1ty 3xp3rt$ trying to keep him out).
7:40: elite hax0r finally busts into 'leet' in 137 tries. he chats with his homies.
8:00: elite hax0r is still chatting with the leets, when Ms. Hax0r picks up the fux0ring telephone and signs him offline.
8:35: after 20 minutes of crax0ring the "busy signal", in an angered retalliation attempt, elite hax0r steals mom's credit cards and scrolls them in 'leet' and 'phreak'.
9:00: elite hax0r finally finishes scrolling, and takes some time to work on his webpage; http://members.aol.com/Leethax0r/index.html. Here, he posts his new hax0r's manifesto, and lists $houtoutZ to his homies in 'leet' and 'punt', and his main chix0r Annie.
10:00: after an hour of figuring out how to use the AOL webpage software, he grows tired of all this brain work, and signs offline.
10:25: leet hax0r brushes his teeth,puts on his kevin mitnick pajamas, and goes to sleep.
11:00: leet hax0r dreams that he is Dade Murphy, and that he is having wild sex0r with Acid Burn, while hacking the FBI's Main Gibson.

Stupid News

*67 has no effect on ISP/Telco logs

[chathamhouse]

"Screw the Feds, they are lazy they won't trace me back that far. Plus I got *67 on, they'll need subpoenas to, and a ton of tracing to even get close to me."

I'm pretty sure *67 doesn't work on some ISDN/PRI Lines (which many ISP's used). I know for a fact it didn't work at a local ISP here (I tested it personally).

The "hacker/cracker/bad guy's" comment made me laugh uncontrollably for a few minutes. Having recovered from the initial shock at the stupidity of his comment, I'll share a bit of info as to how hard one would have to dig to find out who he was, or at least where he was calling from:

Note: I work for a national telco/isp, the combination of which greatly helps this process.

1. Find just one of spam boy's emails originating from his "phished" account. The message's headers will be more than pleased to provide you with time stamps.

2. Take the time stamps and userid, and compare them to the logs in the authentication servers (tacacs or radius, normally). These logs should, unless morons setup the system, indicate which NAS (network access server, the box you dial into) was used to logon to the ISP. The NAS should have sent a string to a syslog with connection speed (upstream/downstream), dialed number, and originating number.

3. You *will* have the originating number even if *67 was used. This is because *67 is a feature set for end users which can be disabled/masked, whereas the originating number received on an ISDN PRI has been provided by SS7 signaling, and is mandatory to the system's proper functionning.

4. With the originating number, the local telco will provide the line's physical address. This is assuming that a police officer/investigator/detective makes the request. Of course, there are many free number-to-address directories on the net that could provide this data.

5. All of the above requires about a day, depending on the size of the log files that have to be searched through, and the short delay in getting info from local telcos (they do move quickly if the right person asks).

All this to say that if these guys are getting away with their crimes for the time being, good for them. However, some "cyber crime" unit will eventually do a sweep, grab all of the above info for a bunch of small time operators in a given city, and shut them down. Yee-haw.

Did anyone else notice that bad guy #1 only spent 2 hours at his girlfriend's place for dinner? Not much time...