Slashdot Mirror
New Hampshire Man Sentenced To 7 Years For Robo-Calling Malware
alphadogg writes with this excerpt from Network World: "A New Hampshire man who made $8 million by installing unwanted dial-up software on computers and then forcing them to call expensive premium telephone numbers was handed down an 82-month sentence this week. Prosecutors say that between 2003 and 2007, Asu Pala and others put together a lucrative business by setting up premium telephone numbers in Germany — similar to the 1-900 numbers used in the US — and then infecting German PCs with software that would automatically dial the numbers for short periods of time." Do that many people still have modems attached?
Only way to get rid of them.
http://CryoLANparty.com/ A lan I'm staff on!
Gotta love the punitive vs retributive approach to justice in the West. Why not make the guy work towards paying back the victims instead or locking him up for 7 years and forcing the victims or us the taxpayers to pay for his food, clothing, heating, cable and housing?
peopel still fax even in 2011 so some modems in systems may just be there for faxing.
Precisely. Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.
I've also never heard of a virus managing to successfully infect a fax.
What's a modem?
So they made 16.5m and had to pay 10.1m, netting about 5.4m. Was it worth it?
sysadmins and parents of newborns get the same amount of sleep.
T1 is pretty slow, common DSL is faster than T1 connection. T3 on the other hand runs at about 44.6Mbps which is fairly decent, but truthfully anything over 3Mbps with a decent pipeline is fast enough since web-servers don't allocate their entire bandwidth to a single user, however sites like Youtube require you to have at the very least 13 or 14mbps. However, this is straying from the point that the majority of the world-wide-web is connected via HSI (200kbps+), and I know you were trying to troll but the United States is ranked about #30 as far as average internet speed.
/. article recently about how most of AOL's consumers are by those who forgot they had the service or just don't mind having it as a secondary service. Funny yet sad stuff.
Going back on topic, it's not surprising that this kind of scam still exists. I remember dialer malware used to be very popular back in the day. I think there was a
A) Did these people not scan there computer reasonably enough to detect the malware.
B) Did these people run a completely insecure OS allowing them to be infected
C) DId these people have enough common sense to run firewall software to prevent the infection
D) Did they not notice there modems dial out to a number they didn't authorize
That's why I never leave the house without wearing a bullet-proof vest, a lead helmet and a condom... too many crazies out there.
Yeah, faxing IS NOT necessary AT ALL.
Why?
All-in-one printers. It's better to just scan the document files, archive them to a zip(if you have to use .jpg instead of .zip.)
This is how I get and sign documents for my insurance agent(versus driving sixty minutes to his office, parking, and waiting.) Since, under contract law, a scanned copy of my contract is considered valid.
LMGTFY
May 5, 2000 - "Love" virus accidentally targets fax machines
http://news.cnet.com/2100-1001-240143.html
Its simple really, the same situation as the idiot who left a bill on the driver seat. You have a choice, you can be aware of the dangers in the world, and try to mitigate them. Or you can be a brazen fool, and reap the rewards that entails. In this scenario, an insured car, in a lawful state is not something worth dying over. The "victim" was at fault in that he could have chosen to hand over the keys and call the police. A pain in the ass, but he'd still be alive, and he'd probably get a new car out of it.
Precisely. Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.
It's also still used where visual content approval is required. Monuments, headstones, printing runs, etc don't get done until someone signs and FAXs back the proof page. Likewise many construction operations send proposals and bids, and receive signed, accepted bids by FAX. Many medical operations like FAX because the transmission can not easily be rerouted or duplicated (without other office workers noticing the half ream of photocopies someone just made).
Yes, you could set up a scanner and hope the people can handle attachments and graphic formats, but for the time being FAX is the most cost effective way to deal with many situations.
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
That's why I never leave the house without wearing a bullet-proof vest, a lead helmet and a condom... too many crazies out there.
Pardon me, I appreciate the basic caution in you advice above, but it's still silly... You see: lead helmets are still not as effective as tin foil hats...
Questions raise, answers kill. Raise questions to stay alive.
Gotta love the punitive vs retributive approach to justice in the West.
Some lessons are only learned the hard way.
The "victim" was at fault in that he could have chosen to hand over the keys and call the police
In some places, it is not enough. Sao Paolo - Nov 2010
"They had to stop at the red light and then all of a sudden five people were around the car, one with a machine gun, and they opened the door and took two rucksacks and disappeared. So nobody was injured."
McLaren's Button was the victim of an attempted armed robbery about an hour earlier but his police driver smashed his way through traffic to escape when the gunmen were seen approaching.
Questions raise, answers kill. Raise questions to stay alive.
Now if the malware dialed once for a short short burst and never again then it can all be put on the guy who developed the malware, however if there was enough time in the attack to scan and detect the malware then he's not entirely to blame.
From the article AND summary:
...and then infecting German PCs with software that would automatically dial the numbers for short periods of time.
Its very possible that the situation you present here was what was happening, the wording isn't really clear (it could be intended to mean short-duration calls, or only a certain number of days/hours/etc before shutting itself down).
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
Read the summary before you editorialize Timothy. Yea, alot of people still had and still have modems, there has been a need for faxing documents and back then there weren't alot of pdf to fax services.
Now I will grant that this guy should be punished, BUT
There is always a "but" when a geek is sentenced to do hard time.
I don't see your point, in one instance the victims cooperated and no one was hurt. In the other, the police were there to handle it, and again no one was hurt. Or were you trying to back me up?
That's legal requirements versus policy.
There are still a lot of places who's policy states they require fax authorizations.
Where I work, we have a rather nice fax/scanner/printer. We usually scan and email to ourselves. A huge number of places require faxes to be sent. Many of those places insist on sending fax responses. They aren't allowed to email, nor give results verbally. The excuse is usually that it's "not secure". I can't quite comprehend how telling someone on the phone is less secure than sending a fax, and hope the minutes or hours later the intended recipient is standing by the fax, and the fax won't be left in a box, on a desk, and will be properly disposed of, rather than just leaving it laying around.
Serious? Seriousness is well above my pay grade.
I don't have a modem, but I do have a USB-attached multi-function printer/scanner that includes fax capability, which I'm pretty sure a piece of malware could trick into calling any number it wanted (might be difficult to keep it from turning on the annoying speaker as it dials). Which reminds me... I should cancel my plans to get a network-attached version that would be vulnerable to such an attack without having to infect any of the PCs on the network; just breaching the firewall or wireless encryption would be enough.
What do you mean they cut the power? How can they cut the power, man? They're animals!
Aw.. Next you'll tell me teletype is antiquated. Bah. That's how I post here. I load it up on paper tape, and wait 20 minutes for it to send. EOT
Serious? Seriousness is well above my pay grade.
Back in those days my mac yawned at fruitless activeX exploits meant for WinIE5, and loled at those .EXE downloads ESPECIALLY if we were dumb enough to doubleclick them; Linux browsers are just as safe, the same as a fax can't load virus code meant for Outlook Express 4 from 10 years ago.
Looks like PP forgot to read the article they posted: targetting and succeeding (at infecting with a virus) are not the same thing
A) Did these people not scan their computer reasonably enough to detect the malware.
If the scanner was able to pick it up.
B) Did these people run a completely insecure OS allowing them to be infected
Should MS Windows users be banned from using the Internet ? Well yes they should, but I cannot see that happening.
C) DId these people have enough common sense to run firewall software to prevent the infection
What good is a firewall, the hardware port to the modem needs to be open to use the Internet. End of story.
>D) Did they not notice there modems dial out to a number they didn't authorise
Not if the malware waited till there was no keyboard activity, or the melware turned off the modem sound before it called.
Even if you were using the phone line when it tried to call you might not spot it, just a couple of clicks while the modem tried to get a dial tone.
The only indication is if you tried to make a call in the middle of the malware call, and even then, a lot of people might blame the phone company.
Yes it is entirely his own fault.
Yes. While DSL, UMTS and DOCSIS are quite common in urban areas, there are still several areas (villages) where dual-channel ISDN is the fastest way to get into the net (2x 64 kBit/s), and many people in those areas still use analog modems (V.90) simply because ISDN lines have a higher monthly fee and dual channel ISDN doubles the costs of each internet connection.
Of course, there is also satellite internet access, but it is expensive, overloaded, slow (despite opposite claims of the operators) and has a high latency. Plus, you need a free line of sight to the satellite and the permission to install a(n additional) satellite dish from the owner of the house. LTE is the latest promise for fast internet access in non-urban areas, following WiMAX. WiMAX exists only in prototype areas, it still is not commonly available in Germany. LTE is only planned, no prototype area exists, and despite legal restraints to install LTE first in areas without high speed internet connections, the first prototype areas will be big cities.
Another reason to use a modem is the ability to send and receive faxes, as others already posted.
Costs for 0900 calls are very high compared to other numbers, and the 0900 owner can define how much is charged. There are two mutually exclusive limits: Either max. 3.00 EUR per minute, or max. 10.00 EUR per call independantly from the length of the call. (Source: http://www.teltarif.de/i/sonderrufnummern-0900.html) So if you use the second option (charge 10.00 EUR per call) and distribute a dialer that makes one-second calls to your 0900 number, you gain 10.00 EUR per second and call. Gaining 8,000,000 EUR (roughly approximating 1 EUR = 1 $) requires 800,000 calls. If you can make 10 calls before getting caught by the modem owner, you need only 80,000 users. If you can make 100 calls before getting caught, you need just 8,000 users.
ISDN users are even more attractive than modem users. The V.90 handshake needs about 10 to 20 seconds, and it is noisy due to the modem speaker. Plus, the V.90 modem blocks the phone line. So it is very likely that the dialer is found very fast. The ISDN handshake takes much less time, about a second, it is silent, and ISDN offers two lines, so you can still use your phone while your computer is busy wasting your money with one second calls to a 0900 line. If that goes unnoticed for one hour, and each call lasts four seconds total, you have 900 calls from one user, 9,000 EUR. Trick just 900 users into using your dialler for one hour on an ISDN line and you gain 8,100,000 EUR.
Tux2000
Denken hilft.
Presumably Skype and Magic Jack allow Voip calls from your computer to premium lines if you have signed up for the right kind of outbound service.
Additionally most people with voip have their voip modems as their frontline firewall on the internet. If anyone manages to either breakinto to those or otherwise sniff their handshaking then presumably one could make loads of calls and bill them to the voip plan (again assuming one has a plan that allows calls to premium numbers.)
Some drink at the fountain of knowledge. Others just gargle.
Indeed, I recently helped to install a PCI modem in a newer PC exactly for faxing.
A lot of buisnesses founded prior to 2000 have been using the fax for 10-15 years. I worked for one company years ago that still hires temps in the summer to file and send responses to their faxes simply because in the slow season having a verifiable paper trail allows them to stick their vendors with the cost of screw ups, and also generates jobs for several long-term (12+ years) employees. If your choice is a) speed up the process and lose money converting to the new system while learning from your mistakes of integrating the new system or b) letting your old friends of 12+ years go because they aren't needed.... it's easy to ignore the modern solution.
moox. for a new generation.
Modem card with "voice modem" capabilities, you can get software which will read the caller id info, and do what you want with the incoming call. Hang up on them, play a special audio, voice mail... the possibilities are many.
Mod down people who tell people how to mod in their sigs
I remember hearing about someone who got busted for a similar scheme many years ago. He was a consultant at a brokerage, and he programmed their modems to call his 900 number periodically. He was somewhat careful about it, and was only skimming a couple grand a month, which wouldn't even be noticed in a monthly phone bill that easily ran into seven figures. He got caught when the company blocked all 900 number calls. Apparently, he didn't do a very good job of concealing the ownership of the 900 line.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I'll be damned if I ever upgrade to teletype stop prefer older ways stop
Funny, I do the opposite. When someone brings me a machine weird fault, I yank the modem and then ask "Do you use your modem for anything?" They frequently ask me "what's a modem". I then ask if they hook a phone line up to the computer. When they describe a cat5 cable to me, I tell them they don't need it. I can usually tell by the dust buildup in the phone port, so I know my answer before I start asking silly questions. :)
I had a box of them laying around for a while. I gave it away with a bunch of antique hardware. :)
Serious? Seriousness is well above my pay grade.
I don't see your point, in one instance the victims cooperated and no one was hurt. In the other, the police were there to handle it, and again no one was hurt.
Or were you trying to back me up?
Sort of backing you when saying "you can be aware of the dangers in the world, and try to mitigate them." Just pointing out that the advisable behavior varies with the place and circumstances.
Questions raise, answers kill. Raise questions to stay alive.
(might be difficult to keep it from turning on the annoying speaker as it dials).
Not at all. It's a plain stupid "AT..." command. The default initialisation string sent to the FAX has it turn the speaker on during hand shaking (so you can hear if everything is working ok), and off afterward (no useful information from the transmission noise).
Just send instead a command for having the speaker off the whole time (ATM0, instead of ATM1)
And that's for analog modems. This is Germany we're speaking about, where everything is nearly 100% ISDN since ages. So no noises at all. The fax is purely transmitting digital data.
And as we're speaking about Fax, the fax machine could be a full blown FAX (with attached printer and scanner). Or could be a rather simple small USB ISDN soft-modem with a software suite doing all the work on the PC (and thus even more easy to control for a malware).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
> Yep!
- Where's the router?
> You bet!
- So which is the switcher?
> No, that's our shortstop!
-- thinkyhead software and media
This would have been awesome. If he had gotten away with it.
-- thinkyhead software and media
I don't care for your (oligatory) car example. Here's a better one.
You leave your car parked while you go to the store. It has a new shiny red paint job and looks glorious. You come back and someone has scratched their key all the way up the side of it.
The vandal is still guilty and everything, but you are stupid for going out in a shiny red car. You should know, if not completely ignorant, that there are vandals who get pleasure out of damaging shiny paintwork. So you should paint your car blotchy matt puce green, or not drive it.
Ask your friends, they'll tell you how stupid you were being. You're tempting otherwise innocent citizens to get their keys out and commit a crime they would never dream of otherwise. Stay at home, and for god sake, cover that car up. We don't care how great it looks, have you no shame?
7 years in prison for $8m? $1.14m per year wage is pretty good. I'd guess that a lot of hard-working, honest people would do 7 years inside if it netted their family $8m.
Also it'll be nice for him when he gets out after 4 years and realises he got a pay rise to $2m per year.
I don't think these "mid-range" sentences for high-gain crimes are really effective unless the criminals are forced to give the money back.
Yes.
If you live in an area where such vandalism is common or you frequently visit such an area then it is unwise to spend a lot of money on the painting of your car. Why? Because it is going to be vandalized anyway and you most likely will not know who was the culprit, so you will not be able to get compensation from him, therefore you will just lose the money.
Where I live, thieves sometimes smash car windows even if there is a (possibly empty) cigarette pack inside, as such, if you leave your cigarettes (or something more valuable) inside the car as you leave it, you either are stupid (in thinking that it won't happen to you) or just ignorant (and do not know that your window can be smashed just for a cigarette pack).
I never said innocent citizens though. Criminals are like some elements of nature or something. They are there, you can sometimes get compensation from them (assuming you survive the attack (otherwise it will be your family who gets the compensation), the police manages to catch the criminal, the criminal does not bribe his way out, there is enough evidence for the court to convict him etc) if such compensation is possible (if you are not dead, do not get a permanent disability etc), but usually it's a good idea to reduce the probability that it is you who becomes their victim. Do not leave valuable things inside your car, do not display your new and expensive phone in a dark alley or near a group of thugs, lock your car, lock your home. Just like you protect yourself from lightning, cold, wild animals etc, you have to protect yourself from criminals.
Do you teach your kids (or did your parents teach you when you were a kid) to not take candy from strangers and not get in their cars alone? Why? Why not just assume that all people are nice and if some stranger offers a candy, he is just sharing and has no malicious intent? And if some stranger does something bad, well, it still was not wrong to get into his windowless van.
It's rather easy to encrypt modem data, so well it does have to be open, it doesn't have to be unsecured. I'm still not sure it's entirely his fault, I think there is some ownership that needs to be placed the people who's computers carried out the act of dialing the numbers. Just like your responsible if a kid falls into your pool if it's not blocked off properly, you should be responsible if you computer is not secured properly and carry's out an act such as this.
The hardware port needs to be open yes, but the hardware port can still have simple rules set on it, not to mention you can decrypt on SOME modems, not all but some. It's actually a CCNA lab you can take during the training. I'm NOT saying that these people would know enough or should know enough to configure modem based network security but none the less it is possible to have a secure modem.
It's a most modern definition of uselessness: An email virus that sends itself to a fax machine. That's what a few confused people around the world saw today, as their fax machines began churning out page after page of the computer code underlying the destructive "I Love You" virus. The damage created by this particular manifestation of the virus--the computer equivalent of a pistol shooting a flag that says "BANG"--was nil. If anything, it proved that Microsoft's Outlook program was capable of annoying people even away from their personal computers.
I'm not sure how sending a fax of the virus code to literally print out is "infecting" a fax machine. Annoying, maybe, but all they are doing is sending them a harmless fax.
Two important points left out of the summary...
"Pala, a Turkish immigrant to the U.S., ran a small Massachusetts Internet service provider called Sakhmet when he was approached by others -- men he believed to be the brains of the operation -- and enticed into building the back-end infrastructure for dialer software that was then downloaded onto the German computers, his lawyer, Geoffrey Nathan, said in an interview Tuesday. "
"Pala pleaded guilty to fraud and tax evasion charges in U.S. District Court for the District of Massachusetts in April 2010. In addition to the 82-month sentence, he must pay a $7.9 million fine, along with $2.2 million in back taxes to the U.S. Internal Revenue Service."
and a couple other interesting things...
" Pala was caught after he was flagged by federal authorities after paying cash for his second Lamborghini sports car"
"[Pala] was also secretly working on a sting, trying to nail the two men who had introduced him to the scam. But they couldn't be enticed into a meeting, and the feds ultimately pulled the plug on the operation.
At his sentencing, Pala was given a break for his cooperation with the government, but had the sting worked, it would have cut years more off his sentence, Nathan said. "The case reflects the pitfalls and the success of a cooperation agreement," he said."
As someone who professionally administers phone systems, both restrictions are quite... lets say... arbitrary.
Or, to be more specific - if I want to send a fax from an arbitrary number to you, I create a new office code in my phone switch for that number, create a single station with the number I want to sent the fax from, put the target number as diversion on a second station within my normal number range and then call from my first station the second and start sending the fax. The phone switch then will sent the fax as a diversion out to you with the arbitrary number as sending party, and the phone provider will transmit that fax with the faked sender ID.
The same goes for an altered fax: I catch the SIP data stream on any network switch, extract the RTP data stream, alter the part of the fax I want to alter and resend the fax again - you get two faxes than, one original, and one faked. If I don't want the original fax going out, I do the same on the Border Gateway Controller, and I cut off the called party as soon as the fax negotiation has finished.
Or perhaps PP is not some snooty snob and actually read the title of the article they posted.
It clearly says "accidentally targets", which is a pretty accurate description of what happened; the virus targetted fax machines whereas it clearly shouldn't have.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
None of these apply to only fax, and not email.
Apparently wizard is not a legitimate career path, so I chose programmer instead.
The best part of the story really is that might not have been caught except that he was 'flagged by federal authorities after paying cash for his second Lamborghini.' http://www.itworld.com/networking/138664/man-gets-7-years-forcing-modems-call-premium-numbers
7 years? That means he will probably be out within one. I'm assuming he managed to squirrel away some of that money where it wouldn't be found. He's got his retirement set.
"Hello, this is Homer Simpson aka Happy Dude! The court has ordered me to call every person in town to apologize for my telemarketing scam. I'm sorry. If you can find it in your heart to forgive me, send one dollar to : Sorry Dude, 742 Evergreen Terrace, Springfield. You have the power!"
Get the money back, THEN shoot him. And any virus writers you can find along the way too.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Yes. Because it's so much more convenient to:
1. Fire up the scanning program
2. set up to black and white
3. scan
4. look for the file
5. zip it
6. attach it
7. send it
as opposed to
1. dial the number
2. press SEND
do you realize how much of a douche you sound?
Also, the crimes go back to 2003-2007 when a lot more people would have been on dial up.
To have a right to do a thing is not at all the same as to be right in doing it
Generally, shiny red cars are intended to tempt beautiful young women to get in and give you hand jobs, not to tempt delinquents to key them. That they more often attract the latter than the former is irrelevant.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
di dah di dit dah dah dah di dah di dit
Gamingmuseum.com: Give your 3D accelerator a rest.
It's not necessarily 2 steps. There could be 'find the fax machine' ; 'wait for the person sending a 50 page tender response in front of you' ...
OTOH, I went through the scanning process the other day. Discovered that I'd upgraded to a 64bit OS, and the scanner manufacturer didn't have a 64bit driver (thank you, Canon) - went googling, and found a 3rd party driver that did support that scanner, bought it, then went through your steps 1-7. I'm not looking forward to repeating the process for OSX.
Not exactly infect, but a moebius loop of paper ties one up for a while.
Also, some faxes are PC based. Or have some OS that you could infect.