Slashdot Mirror


How To Catch A Scammer/Spammer

Joe 90 writes "An interesting story got posted on the Irish Linux Users group. It involves the arrest of a scammer/spammer working in an internet cafe. It even includes the attempt to eat a usb pen drive, several cops and a 10 minute struggle to subdue the man. Story is available on the Linux.ie mailing list By the way Gardai = the cops in Ireland."

7 of 382 comments (clear)

  1. Re:Sounds like a Monty Python episode by kjdames · · Score: 5, Insightful
    Heh, more like "The Court Jester" circa 1956.

    "The pellet with the poison's in the flagon with the dragon; the vessel with the pestle has the brew that is true."

    --

    Typos... that's just how I role.

  2. Neat :) but... by MacAndrew · · Score: 5, Insightful

    i'm trying to picture a revived miami vice, focused on computer crimes. imagine the possibilities. ok, there aren't many...

    congrats to the irish police for taking the offense so seriously. but is anyway here wary of the snooping involved? yes the sysadmin had every right to monitor traffic, but in what depth and for what purpose? for example, there's talk here of trying to fish out the suspect's email password and so on -- at police request. wouldn't it would feel a bit different in the police, without warrant, were to do the same themselves -- imagine worst case of them bugging all internet cafes to examine generic traffic without individualized suspicion. it's bad enough they want to see what we do at the library....

    practically speaking, i would imagine the government generally lacks the resources to parse large amounts of computer data. but just wait until it can be done by computers hunting for suspicious transactions, much as the credit card companies do now to catch fraud. the capability is there.

    i'm not sure where the legal stuff comes out here, this is not US law, but wonder about future possibilities. it is debatable what expectation of privacy you have in an internet cafe -- are keyloggers ok? is decrypting information different from reading plain text? must the user be warned? as an analogy, consider that when the federal exclusionary rule was first judicially established, it did not apply to states and the "silver platter doctrine" emerged whereby state investigators would get what the feds wanted and hand it over clean of any search and seizure problem. obviously this is a charade.

    someone who acts at the behest of the government -- an agent -- pretty much *is* the government, and i wonder if this interpretation colors the reaction of anyone here on privacy -- normally /.'rs are pretty, um, passionate on privacy and gov't intrusion, even if this IS an (alleged!) spammer who by definition is not humanoid. :)

    1. Re:Neat :) but... by OmniGeek · · Score: 5, Insightful

      Well, the following considerations have a strong impact on my view of the privacy issues:

      1) Scammer was using a public Internet cafe. For that matter, he was using the Internet, and don't we all understand that anything going out over the 'Net unencrypted can be considered seen by many eyes? There's no reasonable expectation of privacy in this situation. I certainly don't expect more privacy at an Internet cafe than I can get from using SSL on a machine I control; SMTP traffic is effectively public.

      2) Scammer was caught in flagrante delicto, turned in by the sysadmin on the basis of unsolicited information from a public source. This is far, far from the situation where Ashcroft tracks my every 'Net transaction in the absence of probable cause. (And the police in this case VERY likely have probable cause to get a warrant to search the perp's computer and crack his codes.)

      Even if this weren't a spam case, (say, a kidnapping or extortion rap instead), I don't see a fundamental issue of concern in the specific circumstances involved. I worry much more about snooping in the absence of clear evidence of a crime (yes, Mr. Ashcroft, I mean YOU).

      --

      "My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
  3. Re:whitelists rock by Anonymous Coward · · Score: 5, Insightful

    Sorry, that doesn't solve the whole spam problem. Your mail server is still getting hammered by spam, it's just that you aren't seeing it. You are still paying for, directly or indirectly, the bandwidth that is being gobbled up by all the unwanted email that is sent to you.

  4. Re:whitelists rock by Anonymous Coward · · Score: 5, Insightful

    And it also means that I can't email you, since I don't know your password, and the only way I could get your password is by asking you, and the only way I could ask you - since I don't have your address or phone number - is by emailing you.

    Doubtless that doesn't bother you, as you probably aren't interested in getting email from me. I, on the other hand, do frequently receive personal email from strangers. Your "solution" is worthless to me.

  5. Re:whitelists rock by Anonymous Coward · · Score: 5, Insightful

    Except that now, anyone who cares to do a simple whois lookup on the domain ww.com will quickly find himself in the posession of your name, address, and phone number, in addition to your e-mail.

    Not that anyone will call. But still, maybe you'd better think about that?

  6. "we can hardly block outbound smtp" by TBone · · Score: 5, Insightful

    Why not?

    You're a cyber cafe, not a shop that's set up with local accounts. Mail should be of one of two types:

    • Webmail/remotemail/etc, in which case, the mail actually doesn't get sent from your servers, it goes through the webforms/ssh/whatever to be sent from the remote server
    • Mail from actual local accounts for the Cafe's staff. This mail should be filtered to your mail server, and should only be forwarding mail from those accounts. Setting this up is fairly trivial with the many AUTH-before-SMTP methods out there.

    Either way, your proxy server should have a default DENY outbound port 25 EXCEPT from your mailserver, which itse'f is handling the authentication for the few accounts that really are allows to send mail.

    --

    This space for rent. Call 1-800-STEAK4U