How To Catch A Scammer/Spammer
Joe 90 writes "An interesting story got posted on the Irish Linux Users group. It involves the arrest of a scammer/spammer working in an internet cafe. It even includes the attempt to eat a usb pen drive, several cops and a 10 minute struggle to subdue the man. Story is available on the Linux.ie mailing list
By the way Gardai = the cops in Ireland."
I work for a busy Dublin Internet cafe, doing some sysadmining and general computer maintenance. On Sunday the 28th of March, I got a rather distressing email...
...I asked around, and a man, described as being black (or is the word African-American these days?)
Hmmm...
the admin narrating the story said the perp looked to be black (or is the word
African-American these days?), roughly 30, with an accent which seemed
half London and half African
Uh, I don't think the term 'American' should be applied to a guy with a half London and half African accent who's currently in Ireland. I just don't see the connection.
"The pellet with the poison's in the flagon with the dragon; the vessel with the pestle has the brew that is true."
Typos... that's just how I role.
Where's all the posts saying how this guy's privacy rights were destroyed/taken/bushed by the sysadmin?
/. we are supposed to ignore the fact he's in public and using someone else's internet.
This is
i'm trying to picture a revived miami vice, focused on computer crimes. imagine the possibilities. ok, there aren't many...
/.'rs are pretty, um, passionate on privacy and gov't intrusion, even if this IS an (alleged!) spammer who by definition is not humanoid. :)
congrats to the irish police for taking the offense so seriously. but is anyway here wary of the snooping involved? yes the sysadmin had every right to monitor traffic, but in what depth and for what purpose? for example, there's talk here of trying to fish out the suspect's email password and so on -- at police request. wouldn't it would feel a bit different in the police, without warrant, were to do the same themselves -- imagine worst case of them bugging all internet cafes to examine generic traffic without individualized suspicion. it's bad enough they want to see what we do at the library....
practically speaking, i would imagine the government generally lacks the resources to parse large amounts of computer data. but just wait until it can be done by computers hunting for suspicious transactions, much as the credit card companies do now to catch fraud. the capability is there.
i'm not sure where the legal stuff comes out here, this is not US law, but wonder about future possibilities. it is debatable what expectation of privacy you have in an internet cafe -- are keyloggers ok? is decrypting information different from reading plain text? must the user be warned? as an analogy, consider that when the federal exclusionary rule was first judicially established, it did not apply to states and the "silver platter doctrine" emerged whereby state investigators would get what the feds wanted and hand it over clean of any search and seizure problem. obviously this is a charade.
someone who acts at the behest of the government -- an agent -- pretty much *is* the government, and i wonder if this interpretation colors the reaction of anyone here on privacy -- normally
Sorry, that doesn't solve the whole spam problem. Your mail server is still getting hammered by spam, it's just that you aren't seeing it. You are still paying for, directly or indirectly, the bandwidth that is being gobbled up by all the unwanted email that is sent to you.
And it also means that I can't email you, since I don't know your password, and the only way I could get your password is by asking you, and the only way I could ask you - since I don't have your address or phone number - is by emailing you.
Doubtless that doesn't bother you, as you probably aren't interested in getting email from me. I, on the other hand, do frequently receive personal email from strangers. Your "solution" is worthless to me.
Except that now, anyone who cares to do a simple whois lookup on the domain ww.com will quickly find himself in the posession of your name, address, and phone number, in addition to your e-mail.
Not that anyone will call. But still, maybe you'd better think about that?
Given that Spam is spiced ham I doubt that anyone is going to get Mad Cow Disease from it...
Sapere aude!
If he's using something like TMDA, he can view all emails that have been queued and not delivered yet. This means you can kiss your $1,000,000 stash goodbye =)
Yes, but that can be overcome with a web based e-mail interface.
Its a simple idea:
Problem: sender is not on recievers whitelist
Solution: There is an alternative means of sending mail. sender just has to solve a simple puzzle or retype "fuzzy" text from the screen, at some designated page. The solution to the puzzle, together with senders e-mail are encrypted and sent off to the recievers web server. The senders e-mail is then TEMPORARILY added to the whitelist - i.e allowed to complete 1 smtp packet delivery for example, and then his/her mail address is removed from the whitelist
The sender then sends his/her mail (smtp) to the reciever. If the sender is a spammer, he cannot resend additional messages until he refills out another puzzle!!. So now the only way an anymous mailer daemon can spam is if it has AI built in,
lets see the spammers take that challenge on!
But do people want to implement systems like this, let alone whitelists??
No, they'd rather we all got spammed to oblivion!
This is a story that starts with a sysadmin seeing a 419 scam, hearing that there was a black guy with a "suspicious" accent in his cafe, deciding that this must be our criminal, and deciding to read his e-mail to find out...
Right?
Not totally. He first said that a company (Spamcop?) blacklisted him and he didn't know why. He went back to investigate and looked through the logs, he saw a lot of traffic by someone using a laptop at the cafe and figured that the person was spamming. He had the hours it happened, and asked, and the person told him about the "suspicious" people during those hours.
No, a sysadmin has his IP balcklisted because of spam, discovers it was sent from a laptop and when. Then he finds out that there was someone in with a laptop at the right time and they had visitors while they were there (which is not rare or suspicious of itself in a net cafe, but it attracts attention and can look suspicious depending on what they are doing). The guys description was male, black, 30 and a half london, half african accent. The sysadmin had the MAC address of the laptop and asked the staff to watch out for the same man. When the same guy appeared the sysadmin raced in and after the guy had waited to get a particularly private booth the sysadmin saw the mac address appear and hence had his confirmation. But the police wanted someone caught in the act of doing something illegal so he had to keep watching until the spam went again. Not quite as you described it eh?
Never underestimate the dark side of the Source
if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to
Ridiculous. Spammers don't even see bounces, since most spam isn't sent from their own computers. Its mostly sent throw open relays and hijacked machines. I see attempts from names I blacklisted 5 years ago.
Why not?
You're a cyber cafe, not a shop that's set up with local accounts. Mail should be of one of two types:
Either way, your proxy server should have a default DENY outbound port 25 EXCEPT from your mailserver, which itse'f is handling the authentication for the few accounts that really are allows to send mail.
This space for rent. Call 1-800-STEAK4U
I'm surprised that the author used the term "paddywagon", which I understood to be an american term particularly offensive to an irishman.
-MattT *** Not speaking for my employer, or any other sentient beings ***