Posted by
CmdrTaco
on from the i've-seen-this-before dept.
Zendar writes "idg has an article about how students at the 151-year-old Tufts University were paid as little as $20/month to relay spam from computers in their dorms. Interestingly enough, the students approached the spammers about this scheme and not vice-versa."
It seems that being medical test subjects would be less likely to get them killed.
-- Modular Redundancy--Because 4 out of 5 Nodes agree
Crappy Student Jobs
by
ifreakshow
·
· Score: 5, Funny
What happened to the good old days when college students sold blood, sperm or surfed the web to earn beer money!
Re:Crappy Student Jobs
by
Pxtl
·
· Score: 4, Insightful
Or got jobs as telemarketers (hell, most universities even run extensive official telemarketing systems to harass alumni for donations). If you're willing to telemarket, I don't see why you wouldn't be willing to spam. Sure its less money, but its also less work.
I can think of better uses for them
by
petronivs
·
· Score: 5, Funny
I thought college students made all the coin they could ever need with those webcams.
-- This is the real signature
(Beats those shadows on the cave wall, don't it?)
Re:I can think of better uses for them
by
scott1853
·
· Score: 4, Funny
I heard they got some VC money a couple years back, but for some reason their website never took off.
Tracked using MAC address
by
monkey_tennis
·
· Score: 5, Interesting
Interesting that they tracked the individuals down using MAC addresses for computers in their dorms...
I've never heard of any other Uni having the foresight to record this and it seems like a valid piece of info to have to include in any registration document (as per cable modem setup)
Re:Tracked using MAC address
by
Frater+219
·
· Score: 5, Informative
Interesting that they tracked the individuals down using MAC addresses for computers in their dorms...
I've never heard of any other Uni having the foresight to record this and it seems like a valid piece of info to have to include in any registration document (as per cable modem setup)
You don't even need to copy it down at sign-up time... just take it out of the DHCP server logs, or the ARP tables on the building router, then look for the MAC address on a switch port in the hall switch. Provided you know your wiring -- and know what switch port goes to what dorm room -- you just narrowed your problem down to the spammer and his roommate.
(Why yes, I did used to be a sysadmin at a college with a bandwidth hogs problem.)
Re:Tracked using MAC address
by
garcia
·
· Score: 5, Informative
at BGSU they started doing registration for the DHCP server via MAC in 1999 or 2000. When you started up after connecting your computer to the ethernet jack you would get a registration page. You would enter your student ID and your email login/passwd. Your MAC was recorded and a hostname that included your email id was given along w/a static IP. If you logged on from another other port on campus it would show as a "roam" address but it still knew you were authenticated so it still knew your MAC.
If you wanted to register another computer you would either have to use someone else's student ID + login/passwd or call up the people for help.
A side note, they were less than familiar about doing it w/alternative OSs that did not automatically bring up the registration page. You either had to use Windows to do it or have them do it manually. I used Windows;)
Re:Tracked using MAC address
by
garcia
·
· Score: 5, Interesting
I was compromised at one point in time my freshman year and had a smurf attack originate from my machine. They were able to track it down in under 2 hours to my specific port. They shut me down immediately. I had to contact the head of IT directly for reinstatement.
Although it was pretty obvious who was using the most bandwith even w/a tool like iptraf.
Re:Tracked using MAC address
by
Usquebaugh
·
· Score: 4, Funny
Oh another name dropper eh.
A more subtle way is that the college you attend in Cambridge has already implemented this. The only problem with this approach is that all the alumni from Cambridge Universtiy think you're trying to associate yourself with their older and more established college.
This is like the computer nerd equivilent to "College Girls Gone Wild". Anything for a buck.
Except instead of making me want to spank myself, I want to spank them.
-- "Old man yells at systemd"
They got bought cheap!
by
FunWithHeadlines
·
· Score: 4, Interesting
It sure doesn't take much to compromise a person's self-respect or integrity. $20/month in exchange for contributing to a problem that everyone hates, and knowing full well that everyone hates it? They sold out cheap.
It's sort of like the trend for journalist majors to wind up in PR jobs for corporations doing nasty things. The lure of extra money covers over any hesitation they might have in moving from a supposedly neutral position to one that shills for money.
But $20/month? Man, that's some cheap principles. How about we pay them $21/month to turn against the spammers?
---------
Let me guess, you were the arsehole who had the porche parked in the school lot. Did you see the old beat up Ford Escort with a different color fender, no muffler, and a broken windshield? The guy that owned the Escort (and I know him well) would have sold his self-respect for a tuna-freakin-fish sandwich. That guy had LESS than $20/mo for food, toiletries, and beer. You wouldn't survive a week in that guys shoes. $20/mo means another case of mac-n-cheese.
Well, gee, that excuses everything! I see the light now! After that guy broke into my friend's apartment last year and stole all his electronics, I should've excused him too because he was jobless and living in government housing! After all, I "wouldn't have survived a week in that guy's shoes," now would I?
You know what I did in college when I needed money? I got a freaking job; that's what I did. I spent my days sitting at a desk in a computer lab checking student IDs for $5/hour. I didn't throw in with parasites to get by.
Those students did sell themselves cheap. They could've gotten a real job, but instead they decided to let the bottom-feeders of the Internet take advantage of university resources so that they could get a small token sum of money without having to do a damn thing. They whored themselves out probably because they were too damn lazy to actually try to hold down a part time job while in school. As someone who worked for my food, I have absolutely no sympathy for them. They should be kicked out of housing and maybe even expelled for abusing the university network at the expense of others.
-- If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
If you sell out for a price, regardless of circumstances, it means you sold out.
H.L. Mencken was at a high society function and speaking with one of the grande dames of society. After some initial witty small talk, he asked her "Madame, would you sleep with me for a million dollars?"
Much laughter later, she agreed.
"Madame, would you sleep with me for one dollar?"
The dame was grievously offended and asked Mencken what she thought she was--some whore?
"Madame, we've already established that you're a whore," he replied. "Now we're just dickering about your price."
Money for using the computer
by
Gortbusters.org
·
· Score: 4, Interesting
has always been a popular fad. Remember those programs you could install and you would get a 10th of a penny for every website you clicked and it had a banner-system (I believe)? Everyone thought they would make hundreds of dollars a month with that. I wish I could remember the name. People love getting money for doing their normal tasks, i.e. using the computer. If relaying spam could be done with little or no active participation by a computer user, who [average computer user] wouldn't turn down 20 bucks?
What does it matter...
by
mjpaci
·
· Score: 4, Interesting
What does it matter that Tufts is 151 years old? Would this be different if it were 310-year-old College of William and Mary in Virginia or 210-year-old Williams College in Williamstown, MA?
Dear Mr. Spammer, I wouldn't mind to relay your spam at all! In fact, I would do it with a full satisfaction of doing a valuable service to the community! Please, pretty please, pick (and pay) me to be your relay!
WBR / lastberserker
. . .
[...of course I won't detail on _where_ I would relay your spam, but what's the matter - noone would miss it anyways...]
It's cheap, yes, but $20 is about 20 boxes of Mac & Cheese. For some students, this could probably feed them for 3/4 of the month.
Realistically though, profit depends on volume. Some few people probably masterminded the idea, and are taking part-profits somehow. If they skimmed $5 from 20 students with relays - that's $100/month. Still not a lot, but cheap for no work.
Students selling information
by
brejc8
·
· Score: 5, Interesting
I have been getting spam addressed to [my_unix_username]@[my_machinename].cs.man.ac.uk My machine passes the mail to me but I have no idea how the people got this address. The only way I can think of is if someone used finger @ on the machines in the department and then stuck the username with the machinename. As far as I am aware the finger@ is blocked to people outside the department so I am starting to suspect that some students are behind this. Especially as the spam is for local companies.
Will they be setting up servers to share pirated music and video or something??? Oh, wait...
-- "I'm not, like, that smart. I, like, forget stuff all the time." -- Paris Hilton
Thank Heavens for Diagrams!
by
greenhide
·
· Score: 5, Funny
I didn't understand the article at all. Then I saw the helpful graphic at the bottom of the article. It clearly showed just how the process worked! Without that picture, I would have been in the dark.
-- Karma: Chevy Kavalierma.
Follow the money?
by
mjh
·
· Score: 4, Interesting
The article mentions that they can't track the original spammers, that all the further that they can get is to the students computers. If they really want to track the spammers can't they track the money?
Which makes me wonder, how do the students get paid? Remaining anonymous is critical to spammers being able to continue doing their thing. How does a spammer actually pay someone w/out being trackable? I can't imagine that they send cash.
-- Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
You must have failed College Math 101. Dollar amounts are to be clearly be represented in Ramen noodle packets. Therefore, $20 = 160 packets = 160/3 meals per day = 1.8 months of good eatin'.
The School is very liberal..this isn't surprising
by
Migelikor1
·
· Score: 5, Informative
I'm a current student at tufts, and I'm not that surprised that there is some abuse of the system. The University is overall pretty laid back about student computing. The only things the sysadmins monitor for is virii that may cause systemwide problems (they send a person to your room with virus software if one's detected) and excessive bandwidth usage (over a gig per day for more than 3 days in month.)
While it is troubling to know that some of my fellow students abused the policy, it really isn't that hard. Though it pisses me off a little that they used University bandwidth for their little endeavor, the school has plenty, due to massive infrastructure installation in the late nineties. It hadn't caused any issues for the school (nobody I know has complained about a slowdown) so it's my opinion that the fact it's a university isn't a big deal. The kids are entrepreneurs, even if it's in a business I despise, taking advantage of the resources they've paid for. The real question is wether the school will add a clause to the acceptable use policy and start to monitor for spammers. Wouldn't be surprising.
-- My Karma is so good, I'm the Dalai Lama...or something.
You know you are old when....
by
gosand
·
· Score: 4, Funny
What happened to the good old days when college students sold blood, sperm or surfed the web to earn beer money!
You know you are old when:
You had to work a real job to get money in college
People refer to the "good old days" and in your mind it was yesterday
There was no World Wide Web when you were in college (unless you count FTP, BBSs, and Gopher sites)
Your final paper in Computer Hardware Design was on the Pentium processor, and you could only find three sources because it wasn't due to be released for another 6 months.
You post on Slashdot recounting how old you are, hoping someone will think you are cool
--
My beliefs do not require that you agree with them.
What I do not understand is why don't they just block all incoming traffic to the dorms and labs? Why is it that they allow for this traffic to even make it to the PC in the first place?
Frank Grewe, manager of Internet services for the University of Minnesota in Minneapolis-St. Paul, also wasn't surprised. He says the university does not let client machines be used as servers, employs static IP addresses and tracks the amount of traffic going to and from those addresses.
Why track... just do not allow it in the first place and it will be a whole lot easier. I just do not see a reason in allowing inbound traffic to a static IP address on a campus unless it is a server owned (no pun intended) and operated by the staff. When you allow anyone and everyone to do as they please, all hell will break lose.
I can see the point of some PCs and not others, but it should always be a special case when a PC needs access to it from the outside. This is how most corporate companies run their network. I just do not understand why in most cases all I have to do is 'host -l -t any uni-net.edu' and get a list of hosts to look at and forward my spam on from.
As for the out-sourcing of CS to someone else, I would have to disagree, because it is incidents like this that usually teach people. And when they go on to the corporate world, hopefully, they will remember that they need to lock their network down . It teaches fundamentals, and in this industry, unlike a lot of others and what a lot of corporate big-heads think, it is experience more than education that counts in the long run.
--
The
biggest security hole sits between the keyboard and chair. -Andrew McAllister
Re:Unrest is born. . .
by
Snork+Asaurus
·
· Score: 4, Funny
Yeah, but don't forget that according to the article this guy sold his Uni access for $20/month - that doesn't add up very many pizzas or beers.
My guess is that guy should have sold his connection for more like $200 - $500 per month, or based on the # of mails or something. $20/month is laughable, considering that he now most likely has been forbidden to connect to the University's network with his personal machine and may have some sort of procedural punishment on his University records.
This just proves these students aren't as resourceful as they could be. I for one, would have placed some sort of trojan on as many people's computers I could find, then sell ALL of their machine's use for spamming. I mean, I'm certainly not condoning spamming and I dislike it myself, but if you are going to do it, do it right....
Slashdot Mirror
It seems that being medical test subjects would be less likely to get them killed.
Modular Redundancy--Because 4 out of 5 Nodes agree
What happened to the good old days when college students sold blood, sperm or surfed the web to earn beer money!
I thought college students made all the coin they could ever need with those webcams.
This is the real signature
(Beats those shadows on the cave wall, don't it?)
Interesting that they tracked the individuals down using MAC addresses for computers in their dorms...
I've never heard of any other Uni having the foresight to record this and it seems like a valid piece of info to have to include in any registration document (as per cable modem setup)
An interesting look at one of the things students will lower themselves to do to pay for their $80 calculus book.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
This is like the computer nerd equivilent to "College Girls Gone Wild". Anything for a buck.
Except instead of making me want to spank myself, I want to spank them.
"Old man yells at systemd"
It's sort of like the trend for journalist majors to wind up in PR jobs for corporations doing nasty things. The lure of extra money covers over any hesitation they might have in moving from a supposedly neutral position to one that shills for money.
But $20/month? Man, that's some cheap principles. How about we pay them $21/month to turn against the spammers?
---------
has always been a popular fad. Remember those programs you could install and you would get a 10th of a penny for every website you clicked and it had a banner-system (I believe)? Everyone thought they would make hundreds of dollars a month with that. I wish I could remember the name. People love getting money for doing their normal tasks, i.e. using the computer. If relaying spam could be done with little or no active participation by a computer user, who [average computer user] wouldn't turn down 20 bucks?
--------
Free your mind.
What does it matter that Tufts is 151 years old? Would this be different if it were 310-year-old College of William and Mary in Virginia or 210-year-old Williams College in Williamstown, MA?
--Mike
Dear Mr. Spammer, I wouldn't mind to relay your
spam at all! In fact, I would do it with a full
satisfaction of doing a valuable service to the
community! Please, pretty please, pick (and pay)
me to be your relay!
WBR / lastberserker
.
.
.
[...of course I won't detail on _where_ I would
relay your spam, but what's the matter - noone
would miss it anyways...]
My other Beowulf cluster is... er...
It's cheap, yes, but $20 is about 20 boxes of Mac & Cheese. For some students, this could probably feed them for 3/4 of the month.
Realistically though, profit depends on volume. Some few people probably masterminded the idea, and are taking part-profits somehow. If they skimmed $5 from 20 students with relays - that's $100/month. Still not a lot, but cheap for no work.
I have been getting spam addressed to [my_unix_username]@[my_machinename].cs.man.ac.uk
My machine passes the mail to me but I have no idea how the people got this address.
The only way I can think of is if someone used finger @ on the machines in the department and then stuck the username with the machinename.
As far as I am aware the finger@ is blocked to people outside the department so I am starting to suspect that some students are behind this.
Especially as the spam is for local companies.
Mouse powered Chips, Open source Processors and Lego
Will they be setting up servers to share pirated music and video or something??? Oh, wait...
"I'm not, like, that smart. I, like, forget stuff all the time." -- Paris Hilton
I didn't understand the article at all. Then I saw the helpful graphic at the bottom of the article. It clearly showed just how the process worked! Without that picture, I would have been in the dark.
Karma: Chevy Kavalierma.
The article mentions that they can't track the original spammers, that all the further that they can get is to the students computers. If they really want to track the spammers can't they track the money?
Which makes me wonder, how do the students get paid? Remaining anonymous is critical to spammers being able to continue doing their thing. How does a spammer actually pay someone w/out being trackable? I can't imagine that they send cash.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
You must have failed College Math 101. Dollar amounts are to be clearly be represented in Ramen noodle packets. Therefore, $20 = 160 packets = 160/3 meals per day = 1.8 months of good eatin'.
I'm a current student at tufts, and I'm not that surprised that there is some abuse of the system. The University is overall pretty laid back about student computing. The only things the sysadmins monitor for is virii that may cause systemwide problems (they send a person to your room with virus software if one's detected) and excessive bandwidth usage (over a gig per day for more than 3 days in month.)
While it is troubling to know that some of my fellow students abused the policy, it really isn't that hard. Though it pisses me off a little that they used University bandwidth for their little endeavor, the school has plenty, due to massive infrastructure installation in the late nineties. It hadn't caused any issues for the school (nobody I know has complained about a slowdown) so it's my opinion that the fact it's a university isn't a big deal. The kids are entrepreneurs, even if it's in a business I despise, taking advantage of the resources they've paid for. The real question is wether the school will add a clause to the acceptable use policy and start to monitor for spammers. Wouldn't be surprising.
My Karma is so good, I'm the Dalai Lama...or something.
Cutco....
Must... sell... knives...
The whole experience still makes me shudder.
You know you are old when:
You had to work a real job to get money in college
People refer to the "good old days" and in your mind it was yesterday
There was no World Wide Web when you were in college (unless you count FTP, BBSs, and Gopher sites)
Your final paper in Computer Hardware Design was on the Pentium processor, and you could only find three sources because it wasn't due to be released for another 6 months.
You post on Slashdot recounting how old you are, hoping someone will think you are cool
My beliefs do not require that you agree with them.
Frank Grewe, manager of Internet services for the University of Minnesota in Minneapolis-St. Paul, also wasn't surprised. He says the university does not let client machines be used as servers, employs static IP addresses and tracks the amount of traffic going to and from those addresses.
Why track ... just do not allow it in the first place and it will be a whole lot easier. I just do not see a reason in allowing inbound traffic to a static IP address on a campus unless it is a server owned (no pun intended) and operated by the staff. When you allow anyone and everyone to do as they please, all hell will break lose.
I can see the point of some PCs and not others, but it should always be a special case when a PC needs access to it from the outside. This is how most corporate companies run their network. I just do not understand why in most cases all I have to do is 'host -l -t any uni-net.edu' and get a list of hosts to look at and forward my spam on from.
As for the out-sourcing of CS to someone else, I would have to disagree, because it is incidents like this that usually teach people. And when they go on to the corporate world, hopefully, they will remember that they need to lock their network down . It teaches fundamentals, and in this industry, unlike a lot of others and what a lot of corporate big-heads think, it is experience more than education that counts in the long run.
The biggest security hole sits between the keyboard and chair.
-Andrew McAllister
Bucks urgently required. Please post formula.
Sigs are bad for your health.
The one guy I know making $30k a year doing spam
Yeah, but don't forget that according to the article this guy sold his Uni access for $20/month - that doesn't add up very many pizzas or beers.
My guess is that guy should have sold his connection for more like $200 - $500 per month, or based on the # of mails or something. $20/month is laughable, considering that he now most likely has been forbidden to connect to the University's network with his personal machine and may have some sort of procedural punishment on his University records.
::.. check out some Cell Phone Reviews
This just proves these students aren't as resourceful as they could be. I for one, would have placed some sort of trojan on as many people's computers I could find, then sell ALL of their machine's use for spamming. I mean, I'm certainly not condoning spamming and I dislike it myself, but if you are going to do it, do it right....