Feds Thwart Extortion Plot Against Best Buy

hiero writes "From an article in the Star Tribune: 'Federal authorities said Tuesday they thwarted an extortion plot against Best Buy Co. Inc. by a man who sent the company an e-mail threatening to expose what he claimed were weaknesses in the retailer's computer system unless he was paid $2.5 million.' What's really interesting to me, though, is this paragraph further on in the article: 'The federal search warrant was obtained the morning of Oct. 24 and allowed the FBI, with Best Buy's cooperation, to use an Internet device known as an Internet Protocol Address Verifier. It contained a program that automatically sent back a response to Best Buy after the company sent a message to the e-mail address. The response allowed investigators to identify Ray as the sender of the e-mail threats, according to the government.' Internet Protocol Address Verifier? Is this Carnivore in action?"

Just a little "bug" in the mail, silly wabbit

[Kwelstr]

Easy does it. You don't need a big surveillance program, just add a bug to your email that "grabs" the reader's IP addy and voila!

Easy does it, apply the KISS principle to life.

Re:Just a little "bug" in the mail, silly wabbit

[wljones]

Go to http://www.grc.com . It will probably give back the IP address of the caller along with an explanation of how anyone can do this. Steve Gibson goes on to say that anonymity is not easy on the Internet, and assuming your messages are anonymous is foolish.

What carnivore does.

[Chrysophrase]

Over here there is a Congressional Statement of what Carnivor "officialy" does, or is "allowed" to do. One paragraph of this statement:

Carnivore is a very effective and discriminating special purpose electronic surveillance system. Carnivore is a filtering tool which the FBI has developed to carefully, precisely, and lawfully conduct electronic surveillance of electronic communications occurring over computer networks. In particular, it enables the FBI, in compliance with the Constitution and the Federal electronic surveillance laws, to properly conduct both full communications' content interceptions and pen register and trap and trace investigations to acquire addressing information.

gives us the gist of it. So yes this very well be Carnivore in action.

Re:Web bug (Handy for job application e-mails)

[mosschops]

You cant turn off HTML in M$ LookOut

Oh yes you can - something I rely on to avoid spammers using the same trick!

this dude dosent sound very clued up

My thought exactly ;-)

If he had used spammer techniques..

[Karl+Prince]

would they have caught him

and few other ways of hiding yourself, as below

1. Dedicated firewalled Linux Laptop with WLAN, and changing MAC
2. WarDrive around for a unsecure internet connection.
3. Use proxies from unsecured PC's, lists available from DBL providers, or you Email server logs.
4. Setup up a web mail account, and send business proposal.
5. WarDrive to other access poiunt for continuing dialog
6. Travel around a bit to avoid setting a Wardrive pattern

I would think this would be very difficult to trace without social engineering

Re:is carnivore bad?

Is this Carnivore in action?

No, it isn't. Like another poster said, this is really just a web bug. Carnivore is a sophisticated system for parsing billions of e-mails and flagging interesting things like threats against the President for analysts to examine, but has nothing to do with validating return addresses or anything like that.

The only way to actually know that someone is actually receiving your e-mail at a particular location is to include a web bug that reports their IP address back to you, by opening a socket connection directly to something on a server you own (e.g. an image). So either include an image in the e-mail which is requested from your server, or include a trojan that "phones home" when they run it.

It works. Try it the next time you want to see who's really spamming you. Just send a web bug to whatever the response address is they want you to contact, (you know, for your Nigerian money-laundering instructions), and then examine your server logs carefully to find out where they really are in the world. Of course, you could also send them a backdoor if you wanted, instead of just a beacon, but I would never countenance such uncivilized behavior :)

Re:Please Think Before Exposing Paranoia

[Glamdrlng]

I disagree. If a private citizen were being extorted for 2.5 mil, the feds would be willing to get involved. It's when the script kiddy down the street is extorting the local cyber cafe for free coffee that the feds won't touch it. Last I checked, the loss had to be above $5000 for the feds to investigate computer crime. That was a couple years ago though, don't know what it is now.

Re:Please Think Before Exposing Paranoia

[I8TheWorm]

$5000 is still the low cutoff for felony theft... anything below is a misdimeanor and gets handled at the local level.

Re:is carnivore bad?

[macho]

If you're looking for sources of information, Ward Churchill and Jim Vander Wall's book Agents of Repression: The F.B.I.s Secret Wars Against the Black Panther Party and the American Indian Movement (South End Press) is a good start. When large numbers of readers refused to believe the stuff they had written (even though it extensively referenced the FBI's own documents), they did a follow-up book that just reprinted the FBI material called The COINTELPRO Papers: Documents from the FBI's Secret Wars Against Dissent in the United States. Harder to disbelieve that, I guess.