Slashdot Mirror
New Hampshire Man Sentenced To 7 Years For Robo-Calling Malware
alphadogg writes with this excerpt from Network World: "A New Hampshire man who made $8 million by installing unwanted dial-up software on computers and then forcing them to call expensive premium telephone numbers was handed down an 82-month sentence this week. Prosecutors say that between 2003 and 2007, Asu Pala and others put together a lucrative business by setting up premium telephone numbers in Germany — similar to the 1-900 numbers used in the US — and then infecting German PCs with software that would automatically dial the numbers for short periods of time." Do that many people still have modems attached?
Only way to get rid of them.
http://CryoLANparty.com/ A lan I'm staff on!
Gotta love the punitive vs retributive approach to justice in the West. Why not make the guy work towards paying back the victims instead or locking him up for 7 years and forcing the victims or us the taxpayers to pay for his food, clothing, heating, cable and housing?
peopel still fax even in 2011 so some modems in systems may just be there for faxing.
Where they connected by headset couplers, or was Mitnick reading off of a teletype & whistling into the reciever!?
A) Did these people not scan there computer reasonably enough to detect the malware.
B) Did these people run a completely insecure OS allowing them to be infected
C) DId these people have enough common sense to run firewall software to prevent the infection
D) Did they not notice there modems dial out to a number they didn't authorize
Now I will grant that this guy should be punished, BUT i think there is or should be a reasonable assumption that computer users have to protect and check there own PC's and it's not entirely his fault, Now if the malware dialed once for a short short burst and never again then it can all be put on the guy who developed the malware, however if there was enough time in the attack to scan and detect the malware then he's not entirely to blame.
If these people didn't take the right steps to protect there computers then it's kind of like someone with an unsecured access point complaining when other people use there router, to a lesser extent even a WEP encrypted router. For once can we point out the fact that most users, present company excluded are really just not secure enough on there PC's .
Over all if there's nothing the users could do and they were completely the victim then fine, they can't be blamed. I'd be very very surprised if most of the reason this happened wasn't because the PC's were unsecure, running a horrible OS and sitting on a unsecured network with no firewall and virus/ spyware/ malware software.
Do that many people still have modems attached?
Oh yea! Why can't the world be 1337 H4x0r5 like america, where everybody has teh T1.
After living with someone who was forced by her work to maintain a landline for faxing, the very thought of faxing fills me with rage to this day.
I would gladly sponsor a virus which infected and violently blew up fax modems.
Precisely. Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.
I've also never heard of a virus managing to successfully infect a fax.
What's a modem?
So they made 16.5m and had to pay 10.1m, netting about 5.4m. Was it worth it?
sysadmins and parents of newborns get the same amount of sleep.
Yeah, faxing IS NOT necessary AT ALL.
Why?
All-in-one printers. It's better to just scan the document files, archive them to a zip(if you have to use .jpg instead of .zip.)
This is how I get and sign documents for my insurance agent(versus driving sixty minutes to his office, parking, and waiting.) Since, under contract law, a scanned copy of my contract is considered valid.
LMGTFY
May 5, 2000 - "Love" virus accidentally targets fax machines
http://news.cnet.com/2100-1001-240143.html
Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.
While true, this is still stupid. Not a major problem in the scheme of things, I know, but when the very conversation we're having is about the fact that a modem can send a stream of bits to a fax machine as easily as to an email account, it's pretty clear that one should have no more bearing than the other.
I know the legal system shouldn't be jumping on the bandwagon every time new tech comes along, but it's 2011, there's plenty of precedent involving email. Either accept both or deny both, but don't make some arbitrary distinction between the two.
You see legal importance, and we see antiquated laws built around antiquated communication methods.
Fax should have died out in the year 2000. Its resilience is... agitating.
Precisely. Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.
It's also still used where visual content approval is required. Monuments, headstones, printing runs, etc don't get done until someone signs and FAXs back the proof page. Likewise many construction operations send proposals and bids, and receive signed, accepted bids by FAX. Many medical operations like FAX because the transmission can not easily be rerouted or duplicated (without other office workers noticing the half ream of photocopies someone just made).
Yes, you could set up a scanner and hope the people can handle attachments and graphic formats, but for the time being FAX is the most cost effective way to deal with many situations.
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Gotta love the punitive vs retributive approach to justice in the West.
Some lessons are only learned the hard way.
just shows some of the unbalance? that situation appears to have the potential to change rapidly & dramatically (so we don't 'forget'.. again?) you can just feel the winds of change swirling all around US, & wafting directly onto much of the rest of the world? see you (soon?) at one of the many scheduled million baby play-dates near you.
Read the summary before you editorialize Timothy. Yea, alot of people still had and still have modems, there has been a need for faxing documents and back then there weren't alot of pdf to fax services.
Now I will grant that this guy should be punished, BUT
There is always a "but" when a geek is sentenced to do hard time.
Wow, this took me right back to a time where there were security warnings about clicking on links which would hang your modem up and dial a premium service up. Forgot all about that sort stuff.
That's legal requirements versus policy.
There are still a lot of places who's policy states they require fax authorizations.
Where I work, we have a rather nice fax/scanner/printer. We usually scan and email to ourselves. A huge number of places require faxes to be sent. Many of those places insist on sending fax responses. They aren't allowed to email, nor give results verbally. The excuse is usually that it's "not secure". I can't quite comprehend how telling someone on the phone is less secure than sending a fax, and hope the minutes or hours later the intended recipient is standing by the fax, and the fax won't be left in a box, on a desk, and will be properly disposed of, rather than just leaving it laying around.
Serious? Seriousness is well above my pay grade.
Faxing is the ONE true blessing the government allows, that prevents lines of people going around the office buildings, and keeps me from sitting in waiting rooms far too many times.
I don't have a modem, but I do have a USB-attached multi-function printer/scanner that includes fax capability, which I'm pretty sure a piece of malware could trick into calling any number it wanted (might be difficult to keep it from turning on the annoying speaker as it dials). Which reminds me... I should cancel my plans to get a network-attached version that would be vulnerable to such an attack without having to infect any of the PCs on the network; just breaching the firewall or wireless encryption would be enough.
What do you mean they cut the power? How can they cut the power, man? They're animals!
Aw.. Next you'll tell me teletype is antiquated. Bah. That's how I post here. I load it up on paper tape, and wait 20 minutes for it to send. EOT
Serious? Seriousness is well above my pay grade.
Back in those days my mac yawned at fruitless activeX exploits meant for WinIE5, and loled at those .EXE downloads ESPECIALLY if we were dumb enough to doubleclick them; Linux browsers are just as safe, the same as a fax can't load virus code meant for Outlook Express 4 from 10 years ago.
Looks like PP forgot to read the article they posted: targetting and succeeding (at infecting with a virus) are not the same thing
'unwanted dial-up software'
Sounds a bit like AOL :P
Yes. While DSL, UMTS and DOCSIS are quite common in urban areas, there are still several areas (villages) where dual-channel ISDN is the fastest way to get into the net (2x 64 kBit/s), and many people in those areas still use analog modems (V.90) simply because ISDN lines have a higher monthly fee and dual channel ISDN doubles the costs of each internet connection.
Of course, there is also satellite internet access, but it is expensive, overloaded, slow (despite opposite claims of the operators) and has a high latency. Plus, you need a free line of sight to the satellite and the permission to install a(n additional) satellite dish from the owner of the house. LTE is the latest promise for fast internet access in non-urban areas, following WiMAX. WiMAX exists only in prototype areas, it still is not commonly available in Germany. LTE is only planned, no prototype area exists, and despite legal restraints to install LTE first in areas without high speed internet connections, the first prototype areas will be big cities.
Another reason to use a modem is the ability to send and receive faxes, as others already posted.
Costs for 0900 calls are very high compared to other numbers, and the 0900 owner can define how much is charged. There are two mutually exclusive limits: Either max. 3.00 EUR per minute, or max. 10.00 EUR per call independantly from the length of the call. (Source: http://www.teltarif.de/i/sonderrufnummern-0900.html) So if you use the second option (charge 10.00 EUR per call) and distribute a dialer that makes one-second calls to your 0900 number, you gain 10.00 EUR per second and call. Gaining 8,000,000 EUR (roughly approximating 1 EUR = 1 $) requires 800,000 calls. If you can make 10 calls before getting caught by the modem owner, you need only 80,000 users. If you can make 100 calls before getting caught, you need just 8,000 users.
ISDN users are even more attractive than modem users. The V.90 handshake needs about 10 to 20 seconds, and it is noisy due to the modem speaker. Plus, the V.90 modem blocks the phone line. So it is very likely that the dialer is found very fast. The ISDN handshake takes much less time, about a second, it is silent, and ISDN offers two lines, so you can still use your phone while your computer is busy wasting your money with one second calls to a 0900 line. If that goes unnoticed for one hour, and each call lasts four seconds total, you have 900 calls from one user, 9,000 EUR. Trick just 900 users into using your dialler for one hour on an ISDN line and you gain 8,100,000 EUR.
Tux2000
Denken hilft.
Presumably Skype and Magic Jack allow Voip calls from your computer to premium lines if you have signed up for the right kind of outbound service.
Additionally most people with voip have their voip modems as their frontline firewall on the internet. If anyone manages to either breakinto to those or otherwise sniff their handshaking then presumably one could make loads of calls and bill them to the voip plan (again assuming one has a plan that allows calls to premium numbers.)
Some drink at the fountain of knowledge. Others just gargle.
...is the new dial-up modem found in laptop and mobile phones
Indeed, I recently helped to install a PCI modem in a newer PC exactly for faxing.
A lot of buisnesses founded prior to 2000 have been using the fax for 10-15 years. I worked for one company years ago that still hires temps in the summer to file and send responses to their faxes simply because in the slow season having a verifiable paper trail allows them to stick their vendors with the cost of screw ups, and also generates jobs for several long-term (12+ years) employees. If your choice is a) speed up the process and lose money converting to the new system while learning from your mistakes of integrating the new system or b) letting your old friends of 12+ years go because they aren't needed.... it's easy to ignore the modern solution.
moox. for a new generation.
Modem card with "voice modem" capabilities, you can get software which will read the caller id info, and do what you want with the incoming call. Hang up on them, play a special audio, voice mail... the possibilities are many.
Mod down people who tell people how to mod in their sigs
I remember hearing about someone who got busted for a similar scheme many years ago. He was a consultant at a brokerage, and he programmed their modems to call his 900 number periodically. He was somewhat careful about it, and was only skimming a couple grand a month, which wouldn't even be noticed in a monthly phone bill that easily ran into seven figures. He got caught when the company blocked all 900 number calls. Apparently, he didn't do a very good job of concealing the ownership of the 900 line.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I'll be damned if I ever upgrade to teletype stop prefer older ways stop
Funny, I do the opposite. When someone brings me a machine weird fault, I yank the modem and then ask "Do you use your modem for anything?" They frequently ask me "what's a modem". I then ask if they hook a phone line up to the computer. When they describe a cat5 cable to me, I tell them they don't need it. I can usually tell by the dust buildup in the phone port, so I know my answer before I start asking silly questions. :)
I had a box of them laying around for a while. I gave it away with a bunch of antique hardware. :)
Serious? Seriousness is well above my pay grade.
Every time i have faxed something on my own behalf in the last 4 years, I have used an email-to-fax service.
This is so fucking dumb.
Modems can be used to access ISP's in other countries when the government closes the internet during riots.
Either accept both or deny both, but don't make some arbitrary distinction between the two.
Arbitrary restrictions such as:
1. Reliable phone company records of sender, receiver and time;
2. Unlikelihood that the fax will be intercepted and/or modified en route.
Oh, wait, not that arbitrary after all.
(might be difficult to keep it from turning on the annoying speaker as it dials).
Not at all. It's a plain stupid "AT..." command. The default initialisation string sent to the FAX has it turn the speaker on during hand shaking (so you can hear if everything is working ok), and off afterward (no useful information from the transmission noise).
Just send instead a command for having the speaker off the whole time (ATM0, instead of ATM1)
And that's for analog modems. This is Germany we're speaking about, where everything is nearly 100% ISDN since ages. So no noises at all. The fax is purely transmitting digital data.
And as we're speaking about Fax, the fax machine could be a full blown FAX (with attached printer and scanner). Or could be a rather simple small USB ISDN soft-modem with a software suite doing all the work on the PC (and thus even more easy to control for a malware).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
> Yep!
- Where's the router?
> You bet!
- So which is the switcher?
> No, that's our shortstop!
-- thinkyhead software and media
This would have been awesome. If he had gotten away with it.
-- thinkyhead software and media
7 years in prison for $8m? $1.14m per year wage is pretty good. I'd guess that a lot of hard-working, honest people would do 7 years inside if it netted their family $8m.
Also it'll be nice for him when he gets out after 4 years and realises he got a pay rise to $2m per year.
I don't think these "mid-range" sentences for high-gain crimes are really effective unless the criminals are forced to give the money back.
Let's assume that he stashed aside a few million bucks. Let's say $3 for the sake of argument.
He'll likely get out of his prison sentence after 24 months for good behavior.
So here's the question: Would any readers here NOT do 24 months of minimum security prison for $3 million bucks?
Given the above analysis, I'm going to have to assume several readers are already busy replicating the scam...
And I'd be posting in morse code if it weren't for slashdot's fucking comment filters. Way to ruin the joke /.
It's a most modern definition of uselessness: An email virus that sends itself to a fax machine. That's what a few confused people around the world saw today, as their fax machines began churning out page after page of the computer code underlying the destructive "I Love You" virus. The damage created by this particular manifestation of the virus--the computer equivalent of a pistol shooting a flag that says "BANG"--was nil. If anything, it proved that Microsoft's Outlook program was capable of annoying people even away from their personal computers.
I'm not sure how sending a fax of the virus code to literally print out is "infecting" a fax machine. Annoying, maybe, but all they are doing is sending them a harmless fax.
Two important points left out of the summary...
"Pala, a Turkish immigrant to the U.S., ran a small Massachusetts Internet service provider called Sakhmet when he was approached by others -- men he believed to be the brains of the operation -- and enticed into building the back-end infrastructure for dialer software that was then downloaded onto the German computers, his lawyer, Geoffrey Nathan, said in an interview Tuesday. "
"Pala pleaded guilty to fraud and tax evasion charges in U.S. District Court for the District of Massachusetts in April 2010. In addition to the 82-month sentence, he must pay a $7.9 million fine, along with $2.2 million in back taxes to the U.S. Internal Revenue Service."
and a couple other interesting things...
" Pala was caught after he was flagged by federal authorities after paying cash for his second Lamborghini sports car"
"[Pala] was also secretly working on a sting, trying to nail the two men who had introduced him to the scam. But they couldn't be enticed into a meeting, and the feds ultimately pulled the plug on the operation.
At his sentencing, Pala was given a break for his cooperation with the government, but had the sting worked, it would have cut years more off his sentence, Nathan said. "The case reflects the pitfalls and the success of a cooperation agreement," he said."
As someone who professionally administers phone systems, both restrictions are quite... lets say... arbitrary.
Or, to be more specific - if I want to send a fax from an arbitrary number to you, I create a new office code in my phone switch for that number, create a single station with the number I want to sent the fax from, put the target number as diversion on a second station within my normal number range and then call from my first station the second and start sending the fax. The phone switch then will sent the fax as a diversion out to you with the arbitrary number as sending party, and the phone provider will transmit that fax with the faked sender ID.
The same goes for an altered fax: I catch the SIP data stream on any network switch, extract the RTP data stream, alter the part of the fax I want to alter and resend the fax again - you get two faxes than, one original, and one faked. If I don't want the original fax going out, I do the same on the Border Gateway Controller, and I cut off the called party as soon as the fax negotiation has finished.
Or perhaps PP is not some snooty snob and actually read the title of the article they posted.
It clearly says "accidentally targets", which is a pretty accurate description of what happened; the virus targetted fax machines whereas it clearly shouldn't have.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
None of these apply to only fax, and not email.
Apparently wizard is not a legitimate career path, so I chose programmer instead.
The best part of the story really is that might not have been caught except that he was 'flagged by federal authorities after paying cash for his second Lamborghini.' http://www.itworld.com/networking/138664/man-gets-7-years-forcing-modems-call-premium-numbers
7 years? That means he will probably be out within one. I'm assuming he managed to squirrel away some of that money where it wouldn't be found. He's got his retirement set.
What an outrage! The president of the US shouldn't be polite to dictators, he should slap them all on the face with a dueling glove. That way the number of wars we are in at one time can be in at least 2 if not 3 digits! Spread those troops thin like butter on diet toast! That will help matters and make the world a better place!
"Hello, this is Homer Simpson aka Happy Dude! The court has ordered me to call every person in town to apologize for my telemarketing scam. I'm sorry. If you can find it in your heart to forgive me, send one dollar to : Sorry Dude, 742 Evergreen Terrace, Springfield. You have the power!"
Get the money back, THEN shoot him. And any virus writers you can find along the way too.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Yes. Because it's so much more convenient to:
1. Fire up the scanning program
2. set up to black and white
3. scan
4. look for the file
5. zip it
6. attach it
7. send it
as opposed to
1. dial the number
2. press SEND
do you realize how much of a douche you sound?
Also, the crimes go back to 2003-2007 when a lot more people would have been on dial up.
To have a right to do a thing is not at all the same as to be right in doing it
di dah di dit dah dah dah di dah di dit
Gamingmuseum.com: Give your 3D accelerator a rest.
It's not necessarily 2 steps. There could be 'find the fax machine' ; 'wait for the person sending a 50 page tender response in front of you' ...
OTOH, I went through the scanning process the other day. Discovered that I'd upgraded to a 64bit OS, and the scanner manufacturer didn't have a 64bit driver (thank you, Canon) - went googling, and found a 3rd party driver that did support that scanner, bought it, then went through your steps 1-7. I'm not looking forward to repeating the process for OSX.
Not exactly infect, but a moebius loop of paper ties one up for a while.
Also, some faxes are PC based. Or have some OS that you could infect.
What would really be punishment, is placing an unbreakable telephone in his cell and then release his number to the public so they can call him 24 hours a day. ;)
Just so people can tell him how it feels to get all those unwanted calls.
Unlike the USA, Germany has a functional and fast (ISDN) phone network. And at the time of the crime most people used ISDN to get into the internet and that is where it got tricky for the victims. You hear a modem dialing (at least you hear it clicking when opening the line) but with ISDN cards you don't hear or see anything. Even worse, you get at least 2 lines so, even when on a call this thing could dial.