Slashdot Mirror
How To Catch A Scammer/Spammer
Joe 90 writes "An interesting story got posted on the Irish Linux Users group. It involves the arrest of a scammer/spammer working in an internet cafe. It even includes the attempt to eat a usb pen drive, several cops and a 10 minute struggle to subdue the man. Story is available on the Linux.ie mailing list
By the way Gardai = the cops in Ireland."
Comment removed based on user account deletion
...but a search engine. Posted anonymously as I don't really want to have to fix their stupid server today. Thank you all very much.
Someone prominent in the U.S referred to Nelson Mandela as an African-American. I can't remember who but it brings a smile to my face whenever I hear it.
:-)
I was poking fun at them
[Fuck Beta]
o0t!
- Microwaving
- Immersing in boiling water
- Freezing in a block of ice
- Sundry physical impacts
Digestion wasn't on the list, but I have no doubt that patience, a rubber glove and a dunk in disinfectant would be all that stands between ingestion, data recovery and prosecution.UNIX? They're not even circumcised! Savages!
It's just pork, ham, salt, water, sugar, and sodium-nitrite.
Not really anything to get worked up about.
Then, he spent a bit of time on http://www.emailspidereasy.com. Don't you just love the fake google-textads?
Yup, love is the word. I also love these links on the same page:
Credit cards - links to credit card resources
Cheap loans - compare and get a cheap loan
Compare mortgage quotes - cheap mortgages online
Work from home - make money with working from home
Seems this is the only site spammers need to visit; they have links to spamming resources as well! Very convenient ...
I hear there's rumors on the Slashdots
and they are investigating.
They are a co-lo facility, barebones, FYI.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Eh how about you read the mail.
Our cafe was *BLACKLISTED* by spamcop. I checked the logs. I found his MAC address and when he came in with his laptop. I asked the staff. They described him. He came back and I caught him red handed.
I do my transperant proxying using iptables.
Just forward outgoing traffic on port 25 to local:25.
You need to do some sanity checking afterwards, to make sure you haven't ended up as an open relay. Other than that, it works fine for me.
Hmmm, well let's think for a moment:
a) The internet cafe is more or less a public place, as well as a private establishment. If they don't have a sign indicating monitoring, at least they wouldn't have anything indicating that you do have 100% privacy
b) No "privacy" was violated until the issue with SPAM was discovered. At this time, massive SMTP requests were tracked to a particular machine/NIC using the MAC address.
c) MAC generally being a fairly unique identifier (not many people MAC-spoof), there was a fair bit of surety that the monitoring action was being taken against the same scummy spamming individual, used to acquisition evidence against his activity which while if perhaps not illegal, would almost indefinately violate the usage agreement for the cafe.
d) You don't really really even have that many privacy "rights" with your ISP. They log activity for these very reasons (spammers, kiddy-fiddlers, other illegal activitiy). If you were tagged as a spammer (with a non-spam friendly ISP) or a kiddy-pr0nography, you would no doubt come under scutiny with them as well.
The cafe operator ought to know better:
If you operate a public Internet access point (school, library, cafe, city park, etc.) please block egress port 25 traffic! Your patrons do not need to pretend to be an e-mail server. To allow such traffic to come from your network is to invite spammers, scammers, and so on to operate freely with your resources. Anyone needing legitimate e-mail access can use webmail or pester their ISP or business to use SMTP+AUTH+SSL/TLS for initial mail submission (on a port other than 25, of course).
Configuring a SMTP server to handle this in not difficult for a reasonably skilled sys admin, so no excuses!
Except this was a private business whose product (internet access) was being degraded because they were being blacklisted because of a Spammer.
That has real consequences to the business, as customers may not return when they find that they can't send email to their company/friends from that particular cafe.
Linux - Because Mommy taught me to Share.
The phrase my nipples explode with delight is from a Monty Python sketch. I thought the full works of Monty Python were a required part of the Slashdot cannon.
My hovercraft is full of eels!
Unfortunately, from the article text, it looks like it only took 10 minutes because they really were trying to restrain him without injuring him. Joint locks are difficult if you don't get to hit the guy first. I feel pretty confident in saying that if they'd actually been able to hit him, it would have taken about 10 seconds.
49 20 68 61 76 65 20 74 6F 6F 20 6D 75 63 68 20 66 72 65 65 20 74 69 6D 65 2E
I must disagree to an extent. "Digging up evidence on criminals" is not vigilantism.
A vigilante (taken from Dictionary.com) is one who takes or advocates the taking of law enforcement into one's own hands.
This fellow saw a crime being committed, went through the trouble of doing some investigating and called the cops with the results of his digging. IMHO this is exactly the behavior everyone should be engaged in from time to time.
-John
I may disagree with what you have to say, but I shall defend, to the death, your right to say it. jya.com/ap.htm
The Gardai as they are referred to are actually called, in Gaelic "Garda Siochana na hEireann", which translates to "Guardians of Peace in Ireland" . They are the cops in the Republic of Ireland. They even go on peacekeeping missions abroad.
I hate sigs.
The USB key was probably one of those encryption keys from http://enovatech.net/ they are used in some IBM laptops. It's a hardware real-time encryption device. Where the USB key is the "key".
Remove the key and the harddrive will be inaccessible.
I have bought a domain (let's say johndoe.org) from a very cheap url forwarding company (at a rate of something like $15/year). It comes with unlimited e-mail forwarding aliases, and a "catch-everything" alias (let's say notexisting@johndoe.org), that forwards any e-mail send to non-existing alias to the default e-mail address that I have defined.
:P
:)
The default e-mail address (let's say secret@johndoe.org) is an alias that forwards everything to my real mailbox (let's say johndoe@aol.com). Of course, my real mailbox address, my catch-all address and the "default" address are not given to ANYBODY.
For my communication needs, or whenever asked, I just makeup a e-mail address (jonamazon@johndoe.org for amazon so that I will remember easily what address I use on the site). Since the alias is not setup in the mailserver, when amazon tries to contact me, the e-mail will follow the following alias path:
1) jonamazon
2) notexisting
3) secret (default)
4) real mailbox
When I see an spam message (once in two weeks!!!), I just divert the alias to point to an abuse address of a random spamhaus. The good thing, is that since I use random but descriptive addresses, I can see what websites actually harvest e-mails and sell them to spammers!!!
It is interesting to note that at some point I received e-mail that were addressed at some ridiculus random aliases (e.g. jesus@, happykitty@ etc) of my domain (clearly not used by me). Just an indication of the use of wordlists (of course every such alias got blocked).
I have not yet reached the levels of paranoia of giving seperate e-mail addresses to any of my friends of course
Anyway, it is not as complicated as it looks, and of course way less complicated than using bayesian filters and the like. And believe me, it works
You can tell you don't have to pay for the traffic, and how is an algorithm going to stop traffic OUTSIDE the telcos router. You see if it goes into you network either good or bad traffic you pay for it. The Telco company just sees a figure based on that, and that is what you are billed for
And besides, spamming is pretty sophisticated these days, if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to ( as far as I know )You have got to be kidding! I see bad traffic from addresses EVERY day from addresses that have been dead for 4 years. If it bounces it bonuces back to some-poor-sap.comcast.com. We have blackholed all the big boys so today about 90% of the spam that gets through our servers and our filters is basically untraceable due to the fact that it traces back to some machine on DSL or on a cable network. One day the SAME message comes from a comcast machine here in the US. Tomorrow from a DSL modem in Denmark. You can't stop that, and they can't know what mail is bouncing nor do they care.
Fact 72% of the traffic logged on our servers IS BAD TRAFFIC!!. Either machines looking for an open relay, trying to send to generic addresses that don't exist, or bouncing because they have been blackholed. now with a number like that do you really believe that when they get a bad address they just go away?
Think about it like this only 28% of the use of the server and the connection to the network is paid for. The rest is stolen. Not a good turn around of profit=resources.
I do believe whitelisting is the way to go!This just doesn't work on a business level. Say Joe Blow goes to your web site and wants to use your company. He sends you an email and he's not on the white list and his mail bounces. Most likely he will go somewhere else to do his business and you lost a sale.
The only cure is stiff harsh and cruel punishment of these assholes. They are theives no matter how you look at it, and they steal out of MY pocket daily.