Slashdot Mirror
Child Porn Accusation As Online Extortion Tactic
Glenn writes "There's a story on silicon.com about a new twist in the tactics used by online extortionists trying to blackmail ecommerce sites with denial of service attacks. Yesterday one blackmailer threatened to send out child pornography emails in UK gambling site Blue Square's name if it didn't pay up 7000 Euros." This sounds even worse than simple DoS threats.
Using SMTP as our default e-mail system has got to go...
SMTP is wide open to the kind of attack that is being discussed here. Since there's no authentication of the sender, anybody can send out messages with the "From:" address of the desigated victim, and can smear their reputation into being anything from a spammer to a pornographer.
The only surprise to me is that it took the bad guys this long to make the connection into this being something to make extortion threats over. It's not like this was a well-hidden problem with SMTP, sender spoofing has been done by spammers and phishers for years.
We need to retire this standard and find a better way to move e-mail with the ability to authenticate that the claimed sender is the real sender. It'd solve this problem and a whole bunch of other ones at the same time.
one form of scum preying on another form of scum with threats to turn them into scum
Publicize that this is in fact a lie and the truth shall set you free.
In other words, once this scam is publicly known, it will be worthless for the scammers.
Because I could use the money.
I thought they were supposed to prevent stuff like this... or is it a matter of "once the crime's been comitted, the damage is done permanently" so the law can't possibly compensate enough for the loss? Also, does it being probably international screw up the judicial process?
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
Since when do Catholic priests target gambling sites?
That is crap. Couldnt they just find this suckers IP and track him down and get him fined or arrested?
It should, however, get the attentio of the authorities much more readily though.
These guys admit to having illegal photographic material in their possession and are attempting to use it to make a buck. Catching these would be much better publicity for the enterprising copppers than some two-bit hackers.
You can't take the sky from me...
It appears organized crime will be raising their online profile. The net is just another venue for rotten characters.
What, this extortionist thinks that people will honestly believe that a legitimate organization is now sending child porn? I think not. Let him send out all this child porn, thus not only proving that he has it, but also that he's willing to commit extortion and probably a number of other crimes. Good luck to him...
Blackmailers like this provide the test cases that clean up Internet law by building case history. A judge's decision showing the blackmailer is liable protects other victims later, diluting the force of unfounded accusations with trivially contrived evidence.
--
make install -not war
sounds just like an idea i had for a virus about 5 years ago. (no, I didn't write it).
The virus would load a couple of nastypics onto the victims machine, then send out an email to the FBI. The first virus that would get you arrested.
It was just an idea, I have never written a virus that has been let loose into the wild...
People have been forging the From field for a long time, with varying reasons and consequences. In my university, a student sent a message to several thousand people pretending to be the head of the Student Affairs office. It was a very convincing text, but the user's AFS ID (not to mention his IP and room's port) were easily traced with the headers. He was picked up pretty quick.
It might be bad publicity for the company, but it almost certainly will have no legal ramifications for them.
Which brings me to the next question - is there an agency, organization, department, etc. that receives and processes these kinds of threats? If my company got something like this, to whom would I report it? And what would be done?
If there's nobody out there handling these, I suggest a bounty hunter system. The kind with bows and arrows.
The only major effect of this will be the mass blacklisting of emails from online gambling sites.
How will that be a bad thing?
May the Maths Be with you!
And, it scares me miserably that I would even think about that as a tradeoff.
Here's what I do: Bitty Browser & Andromeda
They'd send the emails first, and -then- blackmail.
This way they leave the victims with proof. Dumbasses.
But honestly, I agree with the getting rid of SMTP comment. But something better would have to be developed and become a proven technology before it even started to go anywhere, and I don't see that happening anytime soon.
cleverly disguised as a responsible adult ||
Peopla have told me that me that saying that spammers are one step above pedophiles is in exageration. This type of extortion shows that my statements are true. This shows that spammers are involved with child pornography.
Fight Spammers!
I mean honestly... if you got an email with child porn, and it was from info@partypoker.com, is your first response going to be "Oh my gosh! What an awful company!!" Please... how stupid do you think people are? Well on second thought...
Sure you haven't...
Note to meta-moderators: The moderator who assigned "Troll" does not obviously know what Troll means (and he should not be allowed to moderate Slashdot anymore).
For society to work, with freedom must come responsibility. As long as you can effectively send anonymous information via the Internet, there is no way to hold someone responsible for this sort of action. Even if the laws are there, without any effective way to enforce them, what does it matter?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
..really, I'm shocked. The company I worked for a few months back on a contract basis was getting threats like "If you don't ____________ we'll spam in your name/send people fales rates for your service/send a virus from your accounts/send magic pixies to rearrange in your sock drawer". This really seems like the natural progression of things, as sad as that sounds. You can really only hope for one of two options. Either inform the media and hope if and when it goes down, enough people are "in the know" that you can avoid any backlash or keep your fingers crossed that one of the proposed email verification ideas takes off.
...of something i was thinking about the other day after a couple weeks of hunting spyware on my PC. what if someone comes along and designs some spyware that actually functions quietly (without the random popup windows and other tell-tale signs of infection). And they are able to open a port and upload any sort of incriminating evidence they would like into your own home... what is there to stop this sort of thing from happening? remember the /. article about north korea waging a cyber war on americans?
ITS ONLY A MATTER OF TIME
~slashdot are my only freinds ):
OT discussion follows: My first reaction was, what a stupid idea -- all it takes is one faked entry on the list to turn it into a great weapon against whoever you hate today. Then I remembered Artists Against 419 and its many clones. Funny how I'm willing to trust one but not the other...
Carousel is a lie!
since they're probably in some flea bit FSU state. and given what many (if not most) in the US call "pornography" (when it comes to children) it wouldn't be hard at all to fill that promise by sending out a few pictures of the local kids playing on the beach.
You seem to have forgotten that the internet doesn't end at the coasts?
This isn't about framing them legally - it's about smearing their reputation further. Any competent website op is going to have logs, and their tiering partners are going to have logs as well. It would be almost trivial to prove to the FBI the "bad stuff" didn't come from them, but it would likely be a fair sight harder getting the luser recipients of said material to believe it.
The article says the message was signed 'Bohan Krascevic'. Most of the old Eastern Block countries are really protective of their kiddies. Bohan better hope he gets extradited fast, if they catch him.
Getting your local cops angry is a really bad idea, and this sounds like a really bad idea. I don't think it'll catch on.
See what I've been reading.
A few spammers in an open field killed execution style will rein in this stuff faster than any legislation.
There. Problem solved. You'd be suprised just how many problems violence CAN solve.
--- Ban humanity.
Under capitalism man exploits man. Under communism it's the other way around.
Mothers angry at their soon to be Ex-husbands use the "child porn or Molestation" card all the time to try and ensure that the father can not get custody or even visitation. This is usually used as a way for her to "punish" him for what he may have done and is typically found in divorce cases where the husband was fooling around.
People have been using the boogymen like that for decades... Even when proven innocent it will haunt the accused for their life.
It's too easy to accuse without proof and be sure it will cause huge damage.
Do not look at laser with remaining good eye.
I could be wrong about this, but my guess is that the whole child pron thing is just a bluff. The extortionist already has enough zombie machines to do a DDoS attack, so there's no need to risk a more severe prosecution if caught when a lesser means will do the same job. The additional threat is likely just a kick in the seat of the pants of the target, to make sure the extortionist has their attention.
Sounds like a fairly standard Joe Job such as has happened with DarkProfits. Only difference being here, they're actually extorting on the threat rather than simply trying to damage someone's reputation. Thing is, this could be very damaging. When it comes to child pornography, people tend to get very irrational and seldom check for any form of proof or second opinion. It's kind of like being accused of being a child molester IRL. Even once you prove your innocence, no one will quite look at you the same again and some people will never truly believe your innocence. Heck, the more squeaky-clean of life you lead, the more guilty you may seem to them. After all, you must have something to hide.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Using US Postal Service as our default mail system has got to go...
USPS is wide open to the kind of attack that is being discussed here. Since there's no authentication of the sender, anybody can send out messages with the "From:" address of the desigated victim, and can smear their reputation into being anything from a spammer to a pornographer.
The only surprise to me is that it took the bad guys this long to make the connection into this being something to make extortion threats over. It's not like this was a well-hidden problem with USPS, sender spoofing has been done by spammers and phishers for years.
We need to retire this standard and find a better way to move mail with the ability to authenticate that the claimed sender is the real sender. It'd solve this problem and a whole bunch of other ones at the same time.
Don't pay under any circumstances and do your best to track down the people responsible. Paying or otherwise giving them the ego-stroking they want is just counterproductive.
This is also a good reason why companies should have gotten into the habit of using PGP/GPG to sign their emails as policy... But I guess they get what they pay for now...
Tom
Someday, I'll have a real sig.
That the traffic in illegal drugs is an inadequate means of off-the-books fundraising?!!!
Tell them you'd glady pay 7000 Euros for good quality child porn.
Comment removed based on user account deletion
if digital signing was mandatory and everybody had certs (chicken and egg problem the poster was alluding to) their name would *NOT* be associated to anything untowards, as it would be impossible to spoof an email from somebody else (yeah, you could munge the 'from:' but your mail client would alert you that the email has an invalid signature (and possibly if this is the case the mail wouldn't even get routed in the first place)).
-- the cake is a lie
but if a company, and granted i don't gamble so i don't know what their typical mailings are like, that i do business with sends me an e-mail with pornography in it my first thought is not going to be, "sick bastards! i'll never gamble there again!" it's going to be "one more victim, how sad." i think this type of thing get's blown out of preportion, which if i might add is what the spammers are really looking for (next to money). no i'm not proposing that if we ignore it the problem will go away, find the useless scum and string them up, but i think people in general are smart enough to figure out that the companies they do business with aren't involved in the child pornography industry. i see this as a hollow threat because even if it is followed through with it's an annoyance at best (spoken as someone who has an effective spam filter). the worst part about this is the precedent it sets because i can garauntee this is not the last we've heard about this.
The only way to get rid of a temptation is to yield to it.
-Oscar Wilde
Comment removed based on user account deletion
No officer I did not send that e-mail, it was spoofed.. I do not have any child porn no sir...
Anyone seeing a problem here? If we start spoofing things like this is becomes much harder ro prove person X did send e-mail Y..
I like muppets.
When has the FBI extorted anyone under the threat of spamming kiddy porn in their name?
WTF was that little comment supposed to mean? Anything deeper than "I hate the gummint"? Explain please.
In the absence of an explanation, then you, timothy, are now officially a bigger asshat moron than michael (albeit, not by much).
I don't need no instructions to know how to rock!!!!
I'd say that the scammer/pervert/pirate to free speech soldier is about 5000:1.
This is somewhat like posting a "no trespassing" sign, and a chain link fence around your property. It doesn't prevent the people from cutting through the fence and getting hurt on your property, but it lets you show to the courts that you took reasonable steps to prevent it.
This is also a good reason to check SPF records. If your company or ISP lets child porn email go through that the domain owner explicitly said should not be allowed, you may have to show why you aren't contributing to the libelling of the domain owner and why you didn't protect your employees/customers from preventable child porn.
Yeah, at this instant, SPF is not enough of a standard to give you strong protection, but in 5-10 years, I think that will change.
SPF support for most open source mail servers can be found at libspf2.
Like Lyndon Johnson said, it's doesn't have to be true; it's enough to make the poor bastard deny it.
This whole way of extracting money from people just reach an unacceptable point here.
There are many good techies in Slashdot, why not retaliate against those scumbags in an "open source retaliation scheme against scumbags". I am thinking of some sort of open source militia that would take down the systems from those criminals with the same kind of attacks (or more clever) that they do.
AskSlashdot::How can I contribute in stopping this electronic non-sense?
Given the recent spate of attention given to these offshore gambling sites, I'm suprised these criminals haven't resorted to phishing for user ID's and passwords yet.
Think about it: These are sites with heavy online use, lots of cash transactions, and, unlike a bank, users (and supposedly some of the operators) are unable or unwilling to go to authourities for help tracking down the perpetrators.
So, how long will it be until my daily fake citibank account request is replaced with a fake request for my offshore gambling account number? And how many people will happily go to the phishing site, drop off their account name and password, and next thing you know, they're account is empty?
On reading the headline I thought the extortionists were threatening to upload child pornography to their servers then call the authorities.
This would likely get their servers seized at least long enough to figure out that they'd been hacked. To an on-line business, that may just be long enough to put them out of business.
With just emailing in their name, all the extortionists are doing is causing a breif blip of bad publicity before they get the word out that they're being framed.
... when you establish thought crimes.
If times were different the threat might be to send Communist propaganda.
The guy doing the extorting now has to actually have child porn and has to send it himself. The risk if he gets caught is -way- greater then if he were just cooridinating simple DDOS attacks. He'll get all kinds of scrutiny from all kinds of groups that oridinally wouldn't bother. If he's in some totally untouchable country, he's in the unique position that now if the locals find out they'll probably actually care.
I think the extra risk this behavior exposes the perpetrator to will go a long way to self regulate this trend.
I accuseth thee of being a witch (eth)!
1. Don't give them money, if you do you're stupid.
2. Let em do what they claim they're gonna do. It won't hurt your company.
Anyone with a brain will be able to realize, "Hey, maybe it isn't them doing this nasty deed."
Do you REALLY think if Best Buy spams some dog sex images that people would think, "Best Buy is sick! What are they doing?!" Nah.
That's like getting those "Arnold Says 'Don't be a girlie man and vote for Bush'" spams and thinking Arnold actually approved it.
C'mon... people know better. Extortion is outdated.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Most if not all of these extortion efforts are being committed by Eastern European mafia groups that hire bright young people to do their digital dirtywork.
The U.S. may be responsible for all that viagra spam in your Inbox, but least we aren't threatening to ruin your company unless you pay us off.
Its an old game, the protection racket. Its just found a new home on the Internet.
Fight Spammers!
I see so many ppl here willing to give up animinity and the ensuing free speech, to stop such harassments.
But this is no different than Gun Rights. Many in the USA want to stop gun sales. But that will not stop crimanals from obtaining and using guns. That has been shown in numerous cultures over the years.
What I find sad about this, is that many of the same ppl who fight for the right to own guns (and even unregistered) are the same ones that would remove our rights to be anonomous.
Instead of saying to remove SMTP, it would be better to suppliment it with new controls (sender-id) that will allow users to decide if the want anonymous senders.
What is happening is that you have some ppl who have figure it out how to use the system to hurt others. So many here are now proposing to element the advantage of the system to try and stop the problem.I prefer the "u" in honour as it seems to be missing these days.
It completely destroys email forwarding.
If I have my mail forwarded to my home account, and my home ISP rejected mail based on senderID, *all* of my mail would bounce.
It's stunned.
Comnine this with the fact that spammers are the #1 adopter of senderID systems means that we're destroying useful features for zero benefit.
The correct link.
Fight Spammers!
Crypto doesn't solve everything... but in this case its capability to create messages which can or cannot be repudiated would solve this flat. This is something that has been missing from our email systems for ages -- and until we can get something reliable in place by which a user can absolutely know that the sender is authentic, we'll continue to suffer from SPAM, scams, forgeries, and these attempts at extorsion.
Never a better time for email encryption.
The surest sign of intelligent life in the universe is that none of it has tried to contact us. -- Calvin & Hobbes
...this is ever going to change. Someone will need to create a new protocol for sending mail that will provide the anti-spam features, but more importantly will provide some new, very desirable feature(s) that people will desperately want. This is the only way to get lazy asses to move to a new protocol. The problem lies in who that someone turns out to be. If Microsoft comes up with some whiz-bang new protocol for sending mail that does what I mentioned above, then all the folks who are Microsoft shops will move in that direction and the openess of the internet will have dissipated that much more. If Sun, or Novell do it (assuming they could manage to get an original idea out of their R&D at all. ;P ) the adoption of this new protocol would be slow. If the IETF come up with something, then we'll get the usual people joining in later in this order: *nix vendors first, ISPs with proprietary setups next, and finally Microsoft after their initial attempts at mimicking the IETF but in a backwards way fail. It happened with HTTP that way...
;P )
So the real question isn't, "how do we stop spam by getting rid of SMTP" but it's, "what can a new protocol do that will up the ante in functionality so that everyone and his brother just HAS to have it"? Personally, I have a completely different solution that I've been using with friends and family using freely available open source tools. Think about your phone numbers (work, home, cell) and you'll get the idea... (Come on folks! I can't feed you everything
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
But we have technology that works almost perfectly with existing SMTP servers that combats this very threat.
No, we most certainly don't.
SPF, Sender ID et al are designed to confirm that the sender or sending domain is reflected accurately.
And how, exactly, does this "combat" anything?
Assume a scammer wants to extort money from "UpstandingCo.com". What's to stop them from registering "UpstandingCo.cx", "Upstanding-Co.com", "UpstandingCompany.com", or any one of a zillion other domains, setting up the appropriate SPF/SenderID record, and using that to send out their hoax emails?
Anyone who would believe that "UpstandingCo.com" would send kiddie porn in the first place isn't going to be smart enough to realize that "Upstanding-Co.com" isn't the same outfit.
*THAT* is the problem here. It's not a technical problem, it's a social one - and you can't solve a social problem with a technical solution.
First off, it seems to me that the weak link in this extortion scheme would be the money transfer. The extortionist (not to be confused with "contortionist" or "exorcist", or some combination thereof) would have to be very clever not to be caught by the transfer. If it's something as simple as a wire or drop-off, catching the person or persons responsible would be a snap.
Second, there is no reason to believe that the person(s) making the threat actually has child pornography (not that I'm defending him/her/them). The posession of the material is not required to make the threat. The extortionist could be like a bank robber without a firearm, either claiming to have one but not, or having a toy pistol (having "barely 18" pornography that looks like child pornography).
In short, in order to actually pull something like this off without getting caught, one has to either be very smart or have a very stupid target.
~UP
Eat the Path.
Sad to say, people get all worked up and don't think about the facts. In the 50's it was the commies, in the 2000's it'll be the child-molesters/pronographicers/abusers.
Disgusts me.
Blar.
Could we come up with a more motivated group of people, than gamblers? How about people who are often smart, with good memories? How about people with time and money on their hands? How about people, who are social, many of them, to some degree? How about their being *everywhere*?
How about their not wanting to have their "vice" (gambling) even remotely connected to child pornography?
Post a reward to catch the extortionist. Include benefits a high roller would love to get a chance at, say, travel, being able to access certain games or more access to them.
Catching the extortionist, could make everyone involved, at the very least,a very happy gambler and very possibly a local hero with international renown. Worse for the extortionist, I'm sure there are local bookies and mafia sorts which would act, help, simply to keep their reputations from being mired with child pornography in the media.
This doesn't even include all of the various policing agencies which are now going to cooperate to get the extortionist because they have reasonable grounds to suspect child abuse.
If the extortionist keeps it up, they'll be caught & I can't imagine their making any money because really, what company wants to be seen as funding a child abuser?
What about people putting out claims on behalf of you that there really is no kiddie porn and you're being extorted? Your solution becomes as unverifiable as the claims you had it in the first place.
I'm not dissing your solution, but if nothing in the chain is authenticated, then it just becomes an annoying problem.
Lost at C:>. Found at C.
Aside from the utter fucking nastiness of getting this stuff, it is just as bad to get busted receiving this shit as it is to be busted for sending it, in a frame-up such as this.
I may be completely off here, but I seem to recall a case where a guy was persecuted/prosecuted based on some email he'd gotten via some group but hadn't requested. At least, that's what he claimed.
Even if it were true that he requested it, the problem is with the ambiguity in the law but the complete lack of ambiguity in public opinion. Even if he were eventually found completely innocent and publically touted as a model citizen, there are still going to be all kinds of people who now know way more about his masturbation habits than he'd like, and probably quite a few who refuse to believe that he didn't do it - where there's smoke there's fire.
I can't be certain, but I bet there are some people who have emailed child porn to people and then called the police to turn in the recipient, banking on exactly this kind of thing.
What we need is one of 2 things:
1: A system where we have some reasonable definition of what a person's intent is. Just because Joe Schmo signs up to recieve Hot Anal Action pictures from a Yahoo! group does not mean he is culpable when some asshole spams that group with child porn.
2: A way to absolutely verify where an email came from and then ruthlessly bitchslap the person or people responsible for this kind of shit.
In a reasonable world, I'd hope for 1, but who can say what'll happen.
Since I can't tell them apart, I treat all ACs as the same person.
While zombies seem to be a big problem for DDOS and SPAM, what about...
I send your DNS a IP address on my network.
Your DNS looks it up and sticks the name-address pair in it's cache.
That name happens to be canonically valid in your domain.
I send a batch of spam with that domain name in the 'from' field. The receiving MTA does a reverse lookup on my IP address and I verify it as from your domain.
This is not a SMTP problem and proposed user authentication will not solve it.
Do not look into LASER with remaining eye!
"Vote Bush in november" is the next thing you'll say I guess.
perception is reality
I have often wondered, if a woman had a grudge against her husband she could download child porn to his computer, plant video tapes etc. She then calls the police to report what she had found. Does the husband have any defense? It seems pretty easy to frame somebody this way. Child pornographers should be shot (literally, not just a figure of speach) and those that consume it be held accountable and helped if possible. However, overzelous prosecution could (and probably has)hurt some innocent people.
http://www.georgewbush.com.nyud.net:8090/
I bet this would work outside of the US. Anyone want to try?
Yes people fall for this all the time.
They would be offended and blame that company.
Look how many people will blindly send their banking details to ANYONE claiming to be a representative of a financial company.
The masses are dumb and believe whatever crap they're shoveled. If you don't believe me, look up numbers on how many think Iraq was behind 9/11. It is really mindblowing considering the CIA has clearly stated there is no link.
Now, threatening with sending child porn with their email is not very serious. A lot of spam was sent with my email address (some spammers send spam with real email addresses instead of totally fake ones to try to have more luck, and being hit with that a few times), but checking mail headers normally clean a bit what really happened (why i would travel to mexico just to send spam? :).
Of course, if the mail server of this people is an open relay or is hacked, and is used to send child pornography, spam, 419 scams, Al-Qaeda advertisement or any kind of law-breaking stuff, well, there mail headers will not help a lot, and they will have a bit of responsibility on that.
So you may begin sending me porn now!
quite fair ;-) ... give this good man his money *G*
The child-porn spams would have a trail of servers that clearly did NOT come from the company's mail server.
By the way, SPF checking on mail servers would stop this kind of garbage.
- For the complete works of Shakespeare: cat
"Child pornography" is the modern smear term equivalent to "communism" hurled about in the 1950s by U.S. Senator Joe McCarthy. You didn't have to be a Communist, you simply had to have been accused by Joe McCarthy and BLAMMO! there goes your reputation down the tubes. Numerous Hollywood film actors were treated this way.
Of course, only the weak-minded would follow this line of illogic, but there are plenty of weak-minded people in the U.S. who think the way they are told to.
Can you say "Joe Job"? Sure, I knew you could.
Yah, the people who went on the radio in Rwanda calling out for Hutus to kill Tutsis should be protected!
First thing to do is send out an email to all accounts telling thiem that some scumbag has threatened this, and that if they get porn/spam/etc, it's from the extortionist , and if you live in , you might inform the police.
'course, a Joejob extortion threat really would mess up your day....
A bullet to the head will cure these scums of their illness, once and forever..
Please, someone. Please, please, please. Find them. Do it...
You bet extortion is alive and well. The meatheads who keep saying "how could anyone fall for this" are the same meatheads who fear the government is after them wrongly and watching every step they take. Let me be the first to let you know that I can't believe you fell for all the big brother syndrome bullshit. People are stupid, the stupid ones get caught most times, and there is so much fraud going on that it has got to make you sad - but I am sure you have never been swindled, you have mad wizard like puter skilz - but your mom doesn't, neither does your uncle and your sister. When the bad guys figure out a way to scam someone, and it works - it gets worse. It is very similar to supply and demand - you supply your dumbass sister's bank account and they demand the money. In the spirit of this particular thread, image is everything, why would I be associated with or continue doing business with someone who is fucked up and sending out child porn? The fact that I get spam from any company is good enough reason to stop business with them. On the technical side, it is not going to get fixed because the corporate world does not see a way to make a buck on it.
Laws don't carry any weight at all on the Internet.
At least one alleged pedophile in England got off (no pun intended) by claiming "the virus did it."
Police are learning how to tell virus-borne nastypics from those people manually download.
Of course, that too could become an arms race of sorts.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
What laws apply online exactly? If I send e-mail that is criminal in country a through a proxy in country b where it is not illegal to a receiver in country c where it is. Whose job is it to track me down and punish me? Could country c press charges on country b making them tell them where I am in country a? Would routers in country b be commiting a crime? what if they were in country a or c? DNS servers that point me to a website in country b, would they be responible for sendning me to a child porn site? how about if I own a web site in country b and I register a site and ip from country c is it still a crime in country c? the largest problem here is what laws apply. The blackmailers could set something up that would take months or years to figure out in court and in the meantime they get all their money making hardware taking by their law enforcement agency as evidence. Would aid be provided to make sure that they are able to keep up business during tryals (innocent until proven guilty right?)
If the police's experts say "this guy DEFINATELY has a virus that dropped the KP, and there's no evidence that the person we arrested downloaded it manually or deliberately infected himself" the charge will be dismissed.
If the police's experts say "this PC has no known viruses, etc. at all" or "this PC has viruses, etc., but we ananlyzed them and they did not drop this KP" then the jury will hear about it. This will short-circuit defense claims to the contrary, unless of course the defense has equally-credible expert witnesses to claim "there definately was a virus at fault, and here it is and here's how it works...."
Basically, good cops like making good busts, they don't like railroading innocent people.
Good point about getting arrested being worse than convicted. However, if the police issue a statement saying "this guy was the victim of a computer virus" I think the general public will not hold it against the victim. They realize it could just as easily happen to them too.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Of course a smart company will realize that giving in to blackmail will do nothing except encourage more blackmailing, to the detriment of the whole industry. But in order for all companies to take this stance, it should be made an offense to pay off blackmailers, subject to heavy fines. That makes it much easier for a company to reply to scammers "i'm sorry, we'd love to pay you for your lack of services, but uncle sam won't let us." Such a law would be much more effective than a similar one for kidnappings and ransom, as it becomes more of a pure business decision rather than a moral and emotional dillema.
People "with brains" fall for all sorts of dumb things. (Point of reference: the a political campaign.)
How about the various credit card phishing scams going around?
Unfortunately, plenty of people see "The Internets" as this mysterious place. Who knows what the computers can do? They're ALIVE!!!
But seriously, at $7,000 a pop, it only takes a few frightened, technologically-challenged small to medium-sized business owners to pay and this scam becomes pretty profitable.
Dell, Apple, Gateway, even Micro$oft, would do well to include a "Here's How the Internet Works" seminar with every PC or Mac that they sell. At least let people know the difference between things that are truly scary and things that are not.
the future is here, it is just not evenly distributed - w. gibson
Quote from the Analects of Confucius:
"Lead the people with administrative injunctions and put them in their place with penal law, and they will avoid punishments but will be without a sense of shame. Lead them with excellence and put them in their place through roles and ritual practices, and in addition to developing a sense of shame, will order themselves harmoniously."
Analects II. 3. tr. J. Legge
Although Legalism treats the problem after the fact, Rite (roles and ritual) removes the freedoms of a classless society.
http://en.wikipedia.org/wiki/Confucianism
"free speech should not need anonymity"
Anonymous P2P
The irony of this story is that the blackmailers are making a big gamble by blackmailing a gambling company.
They want $7000? And they think sending a bunch of Kpr0n emails to gambling junkies is going to ruin the gambling companies reputation?!? IF the intended recipients even open the email, they'll probably think it's some sick under-world membership bonus prize and either get off on it or delete it and just go gamble some more. Like they've never seen spoofed pr0n email before. C'mon...
These blackmailers seem about as intelligent as the Nihlists that tried to get the ransom money in the Big Lebowski.
"YAA... Ve takes za MONey!!"
Authority questions you. Return the favor.
The key is to read the SMTP headers and the underlying HTML (if any).
The phishers/extortionists are counting on people not being savvy enough to do that--thus, they 'win'.
LostCluster wants to scrap SMTP.
What other scheme with the reliability of SMTP is around now to take its place?
Then there is all the time, effort, and infrastructure invested in SMTP--no one is going to throw all that away if there isn't something better to take it's place.
All SMTP is is a transport medium--neither good nor evil.
The simple (but time consuming and resource draining) quick fix would be for all email to be publicly encrypted with public key cryptology [the Feds'll love that! >:) ]. Business sites publish their public key out in the open and use their private key to encrypt their email before sending it out. Authenticity problem solved except for two problems:
1) The bad guys correctly guess or generate the private key of bigsite.example.com This is laughably unlikely but possible which leads to the more likely possibility:
2) Someone at bigsite.example.com accidentally or deliberately divulges (under duress?) the secret key to the bad guys.
If 1 or 2 happens, the bad guys can now send email appearing to come from bigsite.example.com even though the email is transmitted from elbonia.example.com If TCP/IP spoofing or a compromised mailserver at bigsite.example.com is used, the desception apparently becomes perfect. Of course, should bigsite.example.com disavow their compromised key and issue a new one, everybody who does business with them have to change their keys and otherwise muck around with public key encryption which will be a stumbling block to the non-crypto savvy.
In the end I say, using crypto or replacing SMTP is not the answer. Just use a bit of detective work on the underlying SMTP headers and any imbeded HTML A HREF links to expose the fraud with the help of a whois service. If it still looks legitimate, you can:
1) Stop doing business with them.
2) Alert them to the situation so they can do something about it.
3) Contact the authorities and let them handle it.
What more can one do in this situation?
People ARE stupid, that's what this country works on. You can convince people to buy almost anything by showing some hot women holding your product on prime time TV, because that automatically makes it awesome. Politicians have known this for years. Is it any coincidence that one of Kerry's biggest problems is that Bush is considered more handsome and more likeable than Kerry (Even though you or I will never ever meet either of the two, and thus shouldn't matter in the election)? No, 90% of america will believe whatever they're told, and their emotions are easily swayed by the mass media. Also, if from this extortion, Best Buy lost as little as one quarter of one percent of their nationwide sales, I'd wager it'd still be considered a major hit on their bottom line.
1. Enthusiasm (widespread use of email)
2. Disillusionment (spam and UL transmission)
3. Panic and hysteria (scams, phishing, extortion)
4. Searching for the Guilty (ongoing)
5. Punishment of the innocent (Joe Jobs)
6. Praise and honor for the non-participants [...]
Child pornography requires cameras, and I'm pretty sure that Catholics pre-date the invention of photography. You're so very wrong that it's almost funny.
you know, their business is gambling.
so their customers ARE people with NO brain cells.
world was created 5 seconds before this post as it is.
Please use the full acronym, or its full name: "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism".
The "USAPATRIOT" Act has nothing to do with patriotism, so calling it the "Patriot Act" is misleading.
(Considering how the Act is being misused these days, even using its full name is somewhat misleading. (How is copyright infringement "terrorism"?))
Personally, I pronounce it "the you sap at riot act" to avoid confusion.
Other pronunciations are "the US ap uh TRY ot act" and (as Jar-Jar) "the YOUsa pah TR-R-RE-E-E at act".
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
1. The Supreme Court ruled that non-photographic "child pornography" (i.e. "these amazing things called paper, ink, paint, etc") is not child pornography at all. So, you fail it.
2. Using phrases like "the existance of Christ" makes you look like an idiot because not only do you fail to spell "existence" right, you also admit that you believe in fictional fairy-tale characters. How can there be a time "before Christ" when Christ never existed? That's twice you fail it in that phrase alone, bringing your total failures to three.
3. Do you have any evidence for your assertion that childhood sexuality was stigmatized in the past? The concept of childhood sexuality being bad is a fairly recent invention (not counting puritanical philosophies where pretty much all sexuality is bad). So, for the fourth time today you fail it.