How To Catch A Scammer/Spammer
Joe 90 writes "An interesting story got posted on the Irish Linux Users group. It involves the arrest of a scammer/spammer working in an internet cafe. It even includes the attempt to eat a usb pen drive, several cops and a 10 minute struggle to subdue the man. Story is available on the Linux.ie mailing list
By the way Gardai = the cops in Ireland."
I kinda like all the stories I have read here about /.ing the spammers and signing them up for junk snail-mail and the like. (and if anyone can find me the link to the old story, I'd appreciate it)
It's a comforting thought to know that there actually is legal action being taken against those suckers. :) I think it's a proof that he knows he's in deep trouble :)
I find it very amusing to read how the spammer tries to struggle and fight back the cops
He's being sarcastic and poking fun of the spread of the term "African-American." My students write in their exams all the time about "African-American" tribes in Africa. A friend who teaches in England has had exchange students from America ask about "African-American" history in England.
You ought to look sometime at how many marketing/spam/spyware sites are front-ended by a "search" engine. It gets them classified as search engines in web filter databases.
People generally don't care that much about the decreased bandwidth - a problem which can also be solved - use port knocking algorithm of some kind!
And besides, spamming is pretty sophisticated these days, if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to ( as far as I know )
I promise I'm not a spammer, I am interested in the subject though.
I do believe whitelisting is the way to go!
Only way to be sure!
African-American is about the stupidest PC label ever. First, as you rightly point out, it technically has no racial connotation and covers all the other racial groups who have lived in Africa for generations.
Secondly, a Kenyan I knew (who happened to be a black Kenyan), once told me never to call an African African. "There are no such things as Africans. There are not even Kenyans or other such nationalities, although I can tolerate being referred to as Kenyan since it is the best compromise between easily identifiable to foreigners and almost correct."
Technically my wife's boss and daughter are African-American, since both of them were born in South Africa. They're also white, and it would be side-splitting to have her report her "race" in college as African American. I'd wager there are more than a few college scholarships naively defined as being for African Americans, when they really mean blacks.
Some of you who were on #linux on friday will know part or most of this story already as i witnessed some of it (while drinking a truly delicious hot chocolate). For those of you who don't, the following is a report written up by a friend of mine on his succussful (or at least, it's looking good) attempt to stop and catch a 419 scammer. I feel it's worth the read
,
John
-------- Original Message --------
Subject: I fought the scammer... and I won.
Date: Fri, 02 Apr 2004 21:54:30 +0100
From: Steffen Higel
To: John Allman
paulinemccaffrey at eircom.net, stevecash at ireland.com, tony.odonnel at cs.tcd.ie, declan.dagger at cs.tcd.ie, edwin.higel at brookside.ie, marynstanley at eircom.net, richard.bannister at cs.tcd.ie, oconnoat at tcd.ie, jean.higgins3 at mail.dcu.ie
[This is long, and is quite heavy on the technical discussion. Skip the bits you don't understand. It gets interesting.]
I work for a busy Dublin Internet cafe, doing some sysadmining and general computer maintenance. On Sunday the 28th of March, I got a rather distressing email from a sysadmin in a large U.S. University. Spamcop had blacklisted our server's external IP address. Abuse mail for the server in question gets sent to my college account (bad practice, I know, but it's a part time job). My college uses Spamcop as a blacklist source. You can probably tell what happened...
Anyway, said email included the full headers of an email which was natted by our server pretending to be from the widow of Mr. Jonas Savimbi, offering the recipient a share of an unspecified large sum of money. The usual panicked thoughts kick in... "Have I fiddled with something which has left us as an open relay?", "Has our server been cracked?", "Have I been sleep-spamming again?". A more reasoned examination of the headers showed that the mail had originated from one of the IP addresses that we assign dynamically to people who bring laptops into the cafe. This is something of a nightmare for cafe operators, we can hardly block outbound smtp but then again it isn't possible for us to manually check every single mail either. Maybe rate limiting is a valid technical solution. Or a contraption which hits the user on the head for every mail they send. So if they send 1 an hour, it's a mild nuisance. But if they send 100 a minute, it'll probably kill them.
A peek through the logs revealed:
Mar 26 15:04:16 server dhcpd-2.2.x: DHCPDISCOVER from 00:40:f4:5d:aa:f7
via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPOFFER on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:20 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:20 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1
Bingo. I had something to work with. The network card is one based on a Cameo 32bit chipset. Matches up quite nicely with these:
Return-Path:
Received: from 192.168.1.70 (server.XXXXXX [XXXXXXX.29])
byXXXXXXXXXXXXXXXXXX) with SMTP id i2QFrgi0002755
for ; Fri, 26 Mar 2004 10:53:44 -0500 (EST)
Reply-To: "michelle savimbi"
From: "michelle savimbi"
To:
Subject: urgent response
Date: Fri, 26 Mar 2004 15:53:26 +0000
Organization:
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_0 00_0034_01C221EC.6C64F7B 0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000ams
X-MimeOLE: Produced by Microsoft MimeOLE V6.00.2800.1165
I asked around, and a man, described as being black (or is the word African-American these days?), roughly 30, with an accent which seemed half London and half African had been in the cafe with a laptop and had a number of visitors call into
The jury is still out on that question.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed