Slashdot Mirror
Tech Lessons From the Bad Guys
Chris Lindquist writes "Organized crime, porn peddlers, gambling sites — they all use technology to make a killing. CIO.com has posted several stories that spell out how the seedy side uses IT for profit. From the online techniques of penny stock scammers to innovation lessons from a pair of 'accidental pornographers,' to what you can do to fend off cybercriminals, find out what they do right when they're doing wrong."
How does one become an accidental pornographer? 'Oops! I took a full color spread of you nude by accident last night'?
'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
money making tip: get slashdot to link to your pop-up ridden pages
ad free print links:
http://www.cio.com/article/print/117150
http://www.cio.com/article/print/117050
http://www.cio.com/article/print/117201
mod me funny
.... That people actually paid for porn so that these guys could make a buck!
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
Petty stock scams? Organized crime? Sure, I can see that as being 'wrong', though calling "organized crime" wrong is a tautology.
I, for one, do not believe peddling porn or hosting a gambling site are 'wrong'.
Sure, some porn is created in a manner that is harmful to the participants (such as taking advantage of drugged/underage/unwilling subjects). And some people cannot handle gambling -- and fixed games, or games where the players are misled as to their chances of winning, are wrong.
But to generalize that they are all bad? If they are, I don't want to be right.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I was looking for a job and had posted my resume on line (monster.com I think) and got a call from a guy looking for an admin with web server skills. The third or fourth question was if I minded the fact that they would be pr0n servers.
I had to turn them down, and no I don't remember the company name.
So, if you have the right skill and are in a big city market, who knows. You might just get a call.
Streaming video: YouTube made it famous; adult movies made it economically viable.
Thank you YouTube?
Videoconferencing: Businesspeople increasingly use online chat and embedded video rather than conducting face-to-face meetings. Before that, it was used to communicate with Live! Girls! Now!
Face-to-what?
Digital rights management: Through their disregard for intellectual property rights, adult sites helped spur the music and film industries to apply DRM to their online content.
Wait. So we've got the pr0n industry to thank for DRM?
E-commerce: The content on adult sites was so compelling (to some), it helped people overcome their fear of using a credit card online, according to Frederick Lane, author of Obscene Profits: The Entrepreneurs of Pornography in the Cyber Age.
First DRM and then identity theft . . .
I wonder if my boss would go for me doing some cross-training with a pr0n site developer . . . hmmmmmm.
First and foremost, user stupidity works for them, not against them. And second, they don't care jack about any rules or regulations, since they're breaking the law already anyway, so why bother with privacy laws or possible damage claims when you're already scamming the stock market or doing a virtual bank robbery?
You cannot apply that "information" to legal businesses. Or at least, you definitly shouldn't.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bad guys... Banks? Oil companies? Diamond mines? Televised church services? (There are plenty of IT-using "legit" businesses that display questionable moral values too.)
How long till pr0n industries get organized and start pulling off mafia style lawsuits against file sharers? Pornographers Association of Wasted Nudes (PAWN)
"PAWN accuses 7 year old of browsing porn sites" "PAWN seeks $8 million in damages from dead man (Died of a heart attack while looking at bootleg pornography)"
Give Kashyyyk back to the Wookies
Do you know that Western Union doesn't require you to legitimate yourself when withdrawing money if it's not more than (IIRC) 6k bucks? So all you gotta do is find some gullible moron, who'll "work" for your "international financing company" by offering you his account for a transfer. You have your target transfer the money to this moron's account and have him transfer the money via WU, and inform you about the transfer code. He can keep, say, 20% of the stolen money, and hey, who'd turn that offer down, about 1k bucks for 2 hours work? Almost too good to be real!
Then you (or if you're a larger organisation, one of your goons) goes to WU, hands in the transfer code and heads out with the money.
Of course the "financial agent" gets caught. But that's no loss, you know, there's an idiot born every minute, you'll find others.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
But now you've gone and given lessons to the entire Slashdot community!
Well, back to rejecting software patent applications.
Quote:
I don't have vendors paying the freight to conferences at swank resorts to convince me to invest in something that's half-developed and overhyped. I never use jargon. I spend zero time doing PowerPoints.
Makes me wonder why these people are so much more smart than the average CIO that only knows how to "deploy" the latest crap that comes from that city in Washington.
Maybe because it's really their neck on the line, that's what I call responsibility.
how long until
I've been preaching that for years and the usual response was "you can't require people to study computer science before you allow them on the 'net".
All I want is people to take responsibility for their actions. When I hand my car keys to a person I don't know and he uses the car for ill, I get sued. When I let a stranger into my house and he knocks me out and robs everything in sight, my insurance would laugh at me. When you note your secret number on the back side of your ATM card, your bank won't cover the loss.
Just in the computer area, everyone's free to be as careless and irresponsible as he wants to be. It does NOT take a lot of brain power to know that offers that are too good to be true usually are. It doesn't require a lot of computer knowledge to NOT click on an attachment coming from someone identifying himself as "lawyer" (literally "lawyer", not some name). And it for sure does not require a lot of tech study to install some kind of antivirus tools.
Don't get me wrong. I would not require an average user to hack his windows box to tighten security to the maximum. But why is it still asking too much if I ask people to
- Use a router and disallow incoming syncs (most routers do that by default, so the "it's too technical" argument doesn't count).
- Enable Auto-Update on your Windows box (most Linux distributions can that now, too).
- Install some Anti-Virus tools
- Keep the brain turned on when opening mails and unknown software.
What's so problematic and impossible to do about this?
It's certainly not a 100% secure solution. Granted. But it is "good enough". Just like nobody requires you to have iron bars in front of your windows and steel bolts in your high security door, I wouldn't require people to have 100% "hack proof" boxes. There's no such thing as an unhackable box as soon as it has some kind of connection to another box that can be used by a malicious user (i.e. the standard setup for a box connected to the internet). But at the very least this would thwart almost 100% of the standard trojans currently in circulation.
What's so impossible about it?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Unless they're peddling illegal porn, or through dubious methods such as spam or popup-flooding, what makes pornographers bad guys, except that perhaps they don't fall under certain groups' moral or religious views of good.
The rest: penny-stock scammers, cybercriminals, are just that... criminals. There's no crime in porn, so long as the proper laws are observed.
Excuse me?!?! Hey kdawson, if you don't like porn or gambling, then don't indulge in them. On-line or in the real world. If you had paid attention, you would find there is NO reference in the article to Organized Crime and nowhere does it call anyone or anything "bad". At best, there's links the site shoved in to other articles regarding cybercrime and the mob. Furthermore, the article passes no judgment in terms of depicting porn or gambling as bad (it's a business article- they're just forms of business after all). So the next time you approve an article, how about bothering with at least an accurate assessment? And lay off the criticism of porn. This is /. after all, it's the only lovin' some of the loyal
readers get..
*** Sigs are a stupid waste of bandwidth.
Wait. What about pornographers makes them "bad guys"???
Porn is fully legal. Assuming the models aren't forced to have sex (which would make it rape, not porn), and they're not, like, 5 years old (or 15, if you buy the whole "teens can't ever have sex without it being coersion" line), it's not unethical. How can you compare "porn pushers" to mobsters?
I used to work for a porn site, programming on their content and developing HTML and CSS. They're just ordinary people trying to make a living. Porno isn't wrong. For fuck's sake, what is with America's puritanical attitude towards sex anyhow? Hit a 16-year-old, nothing happens. Have consensual sex with a 16-year-old, go to jail and get branded a "sex offender", as if you're some kind of rapist. Show kids a building blowing up, that's okay. Show kids a nipple and OMGOMGOMG JESUS PROTECT THEIR EYES. Seriously, WTF!?
With spending like this, exactly what are "conservatives" conserving?
Exactly. Reading the summary left me scratching my head too. You've nailed the moral judgment excellently already, so I won't repeat that.
But I'll add another thought there: regardless of the moral judgment, exactly what is to learn from porn or gambling sites anyway?
No, seriously. Spammers, scammers, DDOS extortionists, etc, actually face some technical challenges. They need zero day exploits to maintain their army of zombie machines. They need to circumvent or disable protections. (See the many viruses or trojans that disable the major antiviruses and firewalls.) They need to dodge the law, at _least_ in that they need to transfer the ill gotten money abroad without leaving _too_ many obvious traces. Etc.
Those are real technical challenges. Antiviruses for example are getting so defensive against being disabled, that it's sometimes hard to fully uninstall them even as the legit owner of the machine.
You can learn something from that, and (in response to other posts) there _are_ legitimate uses for that knowledge too. E.g., whatever techniques they use to automate looking for buffer overflows, should be mandatory testing techniques for new software.
But porn and gambling sites? Gimme a break. I dare say most of the porn sites are actually just a plain old normal web site. There's nothing particularly high-tech about them, really. Just some thumbnails linking to a video or larger picture. In really "high tech" cases, they might open a popup via javascript for the page with the embedded movie. But that's about it.
Exactly what's to learn there.
Sure, a number of sites use porn as a bait to get one virused. But even then it helps to realize that that's not primarily a porn site, it's primarily a script-kiddie site and the porn is just the bait there. Just because the porn is the bait, doesn't make porn itself some high-tech black-hat thing.
To use a metaphor, there have been cases where people have been lured in a RL (non-internet, back-of-the-van kind) scam with such promises as a cheap second-hand laptop or whatever other cheap no-questions-asked good. Yet that doesn't make laptops themselves some evil bad-guy kind of scam. It's just the bait, the scam is a completely different half of that incident.
A polar bear is a cartesian bear after a coordinate transform.
It's like going to a party and getting so drunk you don't know where you'll be in the morning...or who will be able to have their way with you in the evening.
I'm sorry, but I'm an engineer and I don't understand this comparison. Could you please rephrase it?
Weaselmancer
rediculous.
SPAM: "the sender's name on this particular e-mail sent a shudder down his spine .."
.."
.."
...
.. They are attacking the vulnerability of people's brains, Sophos
PHISING: "The e-mail claimed in convincing detail that there was a problem
FAKE WEB SITES: [and] "urged customers to click on a link--to a phony website
DDOS ATTACKS: "Dougherty's website lay in a coma from a devastating distributed denial-of-service (DDoS) attack that"
Well the root cause of the problem is the above so to fend off cybercriminals you would have to
01. Create an email infrastructure that provides end-to-end authentication and encryption.
02. Create a web identity infrastructure that provides end-to-end authentication and encryption.
03. Make a desktop computer that can't be compromised to be used in a DDoS attack, merely by clicking on an URL or opening an email attachment.
04. Design the upstream network infrastructure to mitigate against DDoS attacks.
Why are we still talking about all this in the middle of 2007. What are all those innovators and security experts doing to earn their salaries.
'These are not attacking any kind of vulnerability in the computer
davecb5620@gmail.com