Slashdot Mirror
How To Catch A Scammer/Spammer
Joe 90 writes "An interesting story got posted on the Irish Linux Users group. It involves the arrest of a scammer/spammer working in an internet cafe. It even includes the attempt to eat a usb pen drive, several cops and a 10 minute struggle to subdue the man. Story is available on the Linux.ie mailing list
By the way Gardai = the cops in Ireland."
I work for a busy Dublin Internet cafe, doing some sysadmining and general computer maintenance. On Sunday the 28th of March, I got a rather distressing email...
...I asked around, and a man, described as being black (or is the word African-American these days?)
Hmmm...
the admin narrating the story said the perp looked to be black (or is the word
African-American these days?), roughly 30, with an accent which seemed
half London and half African
Uh, I don't think the term 'American' should be applied to a guy with a half London and half African accent who's currently in Ireland. I just don't see the connection.
"The pellet with the poison's in the flagon with the dragon; the vessel with the pestle has the brew that is true."
Typos... that's just how I role.
Where's all the posts saying how this guy's privacy rights were destroyed/taken/bushed by the sysadmin?
/. we are supposed to ignore the fact he's in public and using someone else's internet.
This is
i'm trying to picture a revived miami vice, focused on computer crimes. imagine the possibilities. ok, there aren't many...
/.'rs are pretty, um, passionate on privacy and gov't intrusion, even if this IS an (alleged!) spammer who by definition is not humanoid. :)
congrats to the irish police for taking the offense so seriously. but is anyway here wary of the snooping involved? yes the sysadmin had every right to monitor traffic, but in what depth and for what purpose? for example, there's talk here of trying to fish out the suspect's email password and so on -- at police request. wouldn't it would feel a bit different in the police, without warrant, were to do the same themselves -- imagine worst case of them bugging all internet cafes to examine generic traffic without individualized suspicion. it's bad enough they want to see what we do at the library....
practically speaking, i would imagine the government generally lacks the resources to parse large amounts of computer data. but just wait until it can be done by computers hunting for suspicious transactions, much as the credit card companies do now to catch fraud. the capability is there.
i'm not sure where the legal stuff comes out here, this is not US law, but wonder about future possibilities. it is debatable what expectation of privacy you have in an internet cafe -- are keyloggers ok? is decrypting information different from reading plain text? must the user be warned? as an analogy, consider that when the federal exclusionary rule was first judicially established, it did not apply to states and the "silver platter doctrine" emerged whereby state investigators would get what the feds wanted and hand it over clean of any search and seizure problem. obviously this is a charade.
someone who acts at the behest of the government -- an agent -- pretty much *is* the government, and i wonder if this interpretation colors the reaction of anyone here on privacy -- normally
...your server has that much more spam to send to the bitbucket. :)
--JT
Sorry, that doesn't solve the whole spam problem. Your mail server is still getting hammered by spam, it's just that you aren't seeing it. You are still paying for, directly or indirectly, the bandwidth that is being gobbled up by all the unwanted email that is sent to you.
And it also means that I can't email you, since I don't know your password, and the only way I could get your password is by asking you, and the only way I could ask you - since I don't have your address or phone number - is by emailing you.
Doubtless that doesn't bother you, as you probably aren't interested in getting email from me. I, on the other hand, do frequently receive personal email from strangers. Your "solution" is worthless to me.
Except that now, anyone who cares to do a simple whois lookup on the domain ww.com will quickly find himself in the posession of your name, address, and phone number, in addition to your e-mail.
Not that anyone will call. But still, maybe you'd better think about that?
Given that Spam is spiced ham I doubt that anyone is going to get Mad Cow Disease from it...
Sapere aude!
If he's using something like TMDA, he can view all emails that have been queued and not delivered yet. This means you can kiss your $1,000,000 stash goodbye =)
I've got absolutely nothing to hide, which is
why my real address & phone number are in the
whois.
And I think anybody that registers domains with
fake ID should not have them to begin with,
10:1 it's a scam in progress.
Yes, but that can be overcome with a web based e-mail interface.
Its a simple idea:
Problem: sender is not on recievers whitelist
Solution: There is an alternative means of sending mail. sender just has to solve a simple puzzle or retype "fuzzy" text from the screen, at some designated page. The solution to the puzzle, together with senders e-mail are encrypted and sent off to the recievers web server. The senders e-mail is then TEMPORARILY added to the whitelist - i.e allowed to complete 1 smtp packet delivery for example, and then his/her mail address is removed from the whitelist
The sender then sends his/her mail (smtp) to the reciever. If the sender is a spammer, he cannot resend additional messages until he refills out another puzzle!!. So now the only way an anymous mailer daemon can spam is if it has AI built in,
lets see the spammers take that challenge on!
But do people want to implement systems like this, let alone whitelists??
No, they'd rather we all got spammed to oblivion!
This is a story that starts with a sysadmin seeing a 419 scam, hearing that there was a black guy with a "suspicious" accent in his cafe, deciding that this must be our criminal, and deciding to read his e-mail to find out...
Right?
Not totally. He first said that a company (Spamcop?) blacklisted him and he didn't know why. He went back to investigate and looked through the logs, he saw a lot of traffic by someone using a laptop at the cafe and figured that the person was spamming. He had the hours it happened, and asked, and the person told him about the "suspicious" people during those hours.
No, a sysadmin has his IP balcklisted because of spam, discovers it was sent from a laptop and when. Then he finds out that there was someone in with a laptop at the right time and they had visitors while they were there (which is not rare or suspicious of itself in a net cafe, but it attracts attention and can look suspicious depending on what they are doing). The guys description was male, black, 30 and a half london, half african accent. The sysadmin had the MAC address of the laptop and asked the staff to watch out for the same man. When the same guy appeared the sysadmin raced in and after the guy had waited to get a particularly private booth the sysadmin saw the mac address appear and hence had his confirmation. But the police wanted someone caught in the act of doing something illegal so he had to keep watching until the spam went again. Not quite as you described it eh?
Never underestimate the dark side of the Source
So this eyewitness
applauds the superb work done by these gardai in a very difficult
situation.
Most of the time the Garda can't find their arse with both hands. Looks like they got it bang on this time. Fair play to them. I saw a similar scene at an internet cafe in Dublin about 2 months ago. Somebody was being hauled out of onto the street by to Garda and 2 plainclothes garda. I always figured he was getting busted for kiddie porn. Perhaps it was spam after all.
friends don't let friends teleport drunk
I was pretty sure that Paddywagon reffered to there being so many Irish American cops, rather than the prisoners being Irish
if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to
Ridiculous. Spammers don't even see bounces, since most spam isn't sent from their own computers. Its mostly sent throw open relays and hijacked machines. I see attempts from names I blacklisted 5 years ago.
Why not?
You're a cyber cafe, not a shop that's set up with local accounts. Mail should be of one of two types:
Either way, your proxy server should have a default DENY outbound port 25 EXCEPT from your mailserver, which itse'f is handling the authentication for the few accounts that really are allows to send mail.
This space for rent. Call 1-800-STEAK4U
As a black man, I absolutely HATE being called African-American.
People *think* they're being *safe* by referring to me as one, but I'd rather punch anyone that uses that term in the friggin' nose.
He didn't say they were scammers, did he? Re read the quote you posted. Doesn't say a thing about them being involved, does it?
You're not being politically correct, you're being an asshole.
Carpe Deez
This guy had caused the Internet Cafe to get put on a black list. The police were not willing to do anything without catching him in the act. How was the sysadmin supposed to do anything woithout monitoring his outbound traffic?
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Blocking port 25 is only a short term fix. There's no law that says email has to be sent on port 25. Wiith spammers increasingly using cracked PCs running SOCKS proxies and the like, these can be on any port whatsoever.
Spammers are quick to adopt countermeasures to simple technical efforts to thwart them. Anyone who receives email will have noticed how much the content of spam has changed in just the past year, in order to evade the new filtering technologies. The same thing will happen as port 25 blocking becomes widespread.
I'm surprised that the author used the term "paddywagon", which I understood to be an american term particularly offensive to an irishman.
-MattT *** Not speaking for my employer, or any other sentient beings ***
... while in an internet cafe? I mean, in theory it's not much different from a hotel providing a phone service to a customer, whilst sneakingly listening in.
Don't get me wrong here, spammers are bad and should be caught, but it doesn't do any good when the spammer is let go in a day because of lack of undisputed evidence. My eavesdropping on a communications channel doesn't really do much good there.
I understand that when the communication actually goes to your own server there is nothing wrong (practically, in many countries it is ok to record a conversation as long as you are the one having it), but I feel that intercepting his yahoo or mail.com passwords is a little on the gray side of the law...
Please correct me, I want to be wrong here.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd