New Hampshire Man Sentenced To 7 Years For Robo-Calling Malware

alphadogg writes with this excerpt from Network World: "A New Hampshire man who made $8 million by installing unwanted dial-up software on computers and then forcing them to call expensive premium telephone numbers was handed down an 82-month sentence this week. Prosecutors say that between 2003 and 2007, Asu Pala and others put together a lucrative business by setting up premium telephone numbers in Germany — similar to the 1-900 numbers used in the US — and then infecting German PCs with software that would automatically dial the numbers for short periods of time." Do that many people still have modems attached?

That will teach him!

[vvaduva]

Gotta love the punitive vs retributive approach to justice in the West. Why not make the guy work towards paying back the victims instead or locking him up for 7 years and forcing the victims or us the taxpayers to pay for his food, clothing, heating, cable and housing?

Re:That will teach him!

[vvaduva]

It's all billing data in a modern country, Germany, with a 30 year data retention limitation for many financial/legal documents. I am sure it could be done if they really wanted to do it...

Re:That will teach him!

He was also fined 7.9 Million USD and owes 2.2 Million in back taxes.

Not exactly the typical getting off with a slap on the wrist...

Re:That will teach him!

[shadowofwind]

Because if we start forcing people to work to pay for their crimes, before long it morphs into a slave program with people being convicted on bogus charges for the sake of their labor. This has been tried in parts of the US in the past, and it has been a problem. The people who control the system don't have close to enough integrity to stand that kind of conflict of interest.

Re:That will teach him!

[mr100percent]

It's more to make an example and prevent others from thinking of doing the same.

Re:That will teach him!

[Capt.+Skinny]

forcing the victims or us the taxpayers to pay for his food, clothing, heating, cable and housing

No worries. With the Internal Revenue Service collecting back taxes on his illegally earned income, he is (well, his non-US-taxpaying-victims are) more than paying his way through prison. In the end, it's the US government that profits from his crimes -- some agency expects a $7.9 million fine as income, and the IRS wants $2.2 million in taxes. Sounds to me like the guy owes a debt to society, and the wrong society is trying to cash in on it.

Re:That will teach him!

[mapkinase]

"Why not make the guy work towards paying back the victims " this is unlikely. How much of $30M Simpson paid back to his victim's families?

"punitive vs retributive" you forgot the deterrent component - that is what important. Geeks and nerds (perpetrators of such crimes) are afraid of the prison much more than street-tough guys (perpetrators of conventional off-line crimes).

Re:That will teach him!

[hjrnunes]

While it very well could require more staff, I think it's worth it.

Also, GP says that the people in the system do not have enough integrity, but they still don't have it now, so I don't really see that it would be much worse. I think the current penal model in the West has two issues that we really need to deal with: a) efficiency and b) retribution . And I think they're closely related.

I've given some thought to this and I think that first, we have to separate violent offenders from non-violent. Violent people are the hardest to deal with and in the most serious cases, I think there's really no choice but to lock them up, although it raises the question of how's it going to be when they're released. (At least in countries with no life sentences).

But non-violent (or less seriously violent) offenders, don't really need to spend their whole day just doing nothing, hanging around with other criminals, inevitably exposed to even worse influences than themselves. They can be doing something useful for both themselves and society.
I thought up something along these lines: All elegible (non-violent) offenders, would have to exercise a mandatory occupation, and be assigned a base salary (leveled with minimum wage where it exists) but they will not be able to touch the significant part of it until the end of the sentence. All expenses would be payed for by the offender (taken from base salary).
In fact, sentences might become a value that the offender would be condemned to generate through work, instead of a time length. Each offender could server his/her sentence at a preferred pace.

I know this is quite vague and some points are quite difficult like, how to assign an occupation to each offender? How to make them work? How to stop it from becoming slavery?
These are difficult questions but I think the pros really out-weight the cons: Offenders wouldn't be losing their time while in jail, they'd be doing something productive to themselves and society. Finishing their sentence, they'll have something to live on while trying to find a new job outside. Which would be easier since they haven't just spent 5 or 10 years doing nothing, but instead learned and gained expertise on some trade all those years. And, in case the sentence was wrong and the condemned person is actually innocent, he's in a much more favorable position because the time served was not a complete waste. The state would apply a suitable multiplier to the base salary, and that person could at least look at the time being locked as an intensive period of work with substantial dividends. Might not be much, but it's definitely better than the current situation.

This is just my two cents, but I think it's clear that our penal system is obsolete. It is the most obsolete system implemented in our societies. In it's essencial form, it dates back centuries ago. Someone commits a crime? Jail him.
This doesn't work anymore. A lot of people, especially those that grow up and live in poor neighborhoods and live amongst crime every day, no longer face prison as a punishment. They face it as something they'll just have to endure someday, for whatever reason. They adopt a "stoic" perspective and they just take it. Once they're out, it's business as usual. It's a price they're willing to pay for keeping up with their illegal activities. Furthermore, while inside they get to share experience and knowledge and status with fellow "stoics", possibly finding new partners and contacts in the crime world and building reputation. That is, they're are doing the exact oppose of what they should be doing in prison: rehabilitate. Instead they're sinking even more in crime. At the taxpayers expense.
We should be weary of slavery sure, but we shouldn't let that stop us from improving and changing the system. Just locking people up solves nothing. We need to change people. And people do change. There are plenty examples out there. Prisons should be transformed into schools as much as possible, special schools allright, but schools nonetheless. Places where learning happens.

peopel still fax even in 2011 so some modems in sy

[Joe+The+Dragon]

peopel still fax even in 2011 so some modems in systems may just be there for faxing.

Re:people still fax even in 2011

[Geminii]

Precisely. Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.

I've also never heard of a virus managing to successfully infect a fax.

Re:Few Questions

[NFN_NLN]

A) Did these people not scan there computer reasonably enough to detect the malware.
B) Did these people run a completely insecure OS allowing them to be infected
C) DId these people have enough common sense to run firewall software to prevent the infection
D) Did they not notice there modems dial out to a number they didn't authorize

That's why I never leave the house without wearing a bullet-proof vest, a lead helmet and a condom... too many crazies out there.

Re:people still fax even in 2011

LMGTFY

May 5, 2000 - "Love" virus accidentally targets fax machines

http://news.cnet.com/2100-1001-240143.html

Re:people still fax even in 2011

[FatdogHaiku]

Precisely. Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.

It's also still used where visual content approval is required. Monuments, headstones, printing runs, etc don't get done until someone signs and FAXs back the proof page. Likewise many construction operations send proposals and bids, and receive signed, accepted bids by FAX. Many medical operations like FAX because the transmission can not easily be rerouted or duplicated (without other office workers noticing the half ream of photocopies someone just made).

Yes, you could set up a scanner and hope the people can handle attachments and graphic formats, but for the time being FAX is the most cost effective way to deal with many situations.

Re:Modem Tax

[wvmarle]

Nowadays modems are really rare; it's hard to find one. My server has one connected, which I bought about seven years ago, just to receive faxes. Not easy to find a shop selling them back then; will be harder now. It has never been used for a data connection. Nonetheless they are still available. Dial-up internet is even still available.

This story started in 2003, when modem use was quite common at least in Europe. In 2001/2002 I worked for about half a year at the telephone help desk of a major Dutch ISP, dial-up was for many people the main way to connect to the Internet. I recall even a serious reorganisation of the telephone system to accomodate all those dial-up users. At the time probably still more dial-up users than ADSL or cable users. By 2003 dial-up must still have been very common. And people that switched possibly simply had their modem still connected. Indeed nowadays this kind of fraud would not work anymore.

What I encountered very often when talking to people was that they had multiple dial-in icons in their network settings. One from our ISP, sometimes one or two from a previous ISP, and a handful of icons that they didn't even realise are there. Most were porn dialers, installed by malicious sites (usually porn sites), that would try to dial expensive numbers. This sounds very much like what these people have been sentenced for.

Anyway it's not surprising that it worked in those years, as modems were simply a really common way to connect to the Internet. It wasn't fast but it worked, and it worked on existing infrastructure. Add to that the plethora of security issues in Win98 and WinXP and these things happened - and happened a lot.

The most remarkable part of this story, besides that such a common crime even appears on the /. home page, is that the culprits have been caught and sentenced.

If you can't do the time, don't do the crime.

[westlake]

Gotta love the punitive vs retributive approach to justice in the West.

Some lessons are only learned the hard way.

Re:peopel still fax even in 2011 so some modems in

[JWSmythe]

    That's legal requirements versus policy.

    There are still a lot of places who's policy states they require fax authorizations.

    Where I work, we have a rather nice fax/scanner/printer. We usually scan and email to ourselves. A huge number of places require faxes to be sent. Many of those places insist on sending fax responses. They aren't allowed to email, nor give results verbally. The excuse is usually that it's "not secure". I can't quite comprehend how telling someone on the phone is less secure than sending a fax, and hope the minutes or hours later the intended recipient is standing by the fax, and the fax won't be left in a box, on a desk, and will be properly disposed of, rather than just leaving it laying around.

 

Fax

[devnullkac]

I don't have a modem, but I do have a USB-attached multi-function printer/scanner that includes fax capability, which I'm pretty sure a piece of malware could trick into calling any number it wanted (might be difficult to keep it from turning on the annoying speaker as it dials). Which reminds me... I should cancel my plans to get a network-attached version that would be vulnerable to such an attack without having to infect any of the PCs on the network; just breaching the firewall or wireless encryption would be enough.

Re:people still fax even in 2011

[JWSmythe]

    Aw.. Next you'll tell me teletype is antiquated. Bah. That's how I post here. I load it up on paper tape, and wait 20 minutes for it to send. EOT

Re:Few Questions

[andrewla]

A) Did these people not scan their computer reasonably enough to detect the malware.
If the scanner was able to pick it up.

B) Did these people run a completely insecure OS allowing them to be infected
Should MS Windows users be banned from using the Internet ? Well yes they should, but I cannot see that happening.

C) DId these people have enough common sense to run firewall software to prevent the infection
What good is a firewall, the hardware port to the modem needs to be open to use the Internet. End of story.

>D) Did they not notice there modems dial out to a number they didn't authorise
Not if the malware waited till there was no keyboard activity, or the melware turned off the modem sound before it called.
Even if you were using the phone line when it tried to call you might not spot it, just a couple of clicks while the modem tried to get a dial tone.
The only indication is if you tried to make a call in the middle of the malware call, and even then, a lot of people might blame the phone company.


Yes it is entirely his own fault.

Re:Modem Tax

[isopropanol]

Over the last couple of years here (not europe) there's been a big push by the Cable (TV coaxial) company introducing their own phone system. a couple of months after switching many people find their computer won't POST. I remove the PCI winmodem and it POSTs OK... most of them didn't even know they had a modem until I handed it to them. I don't know what's causng it but it's too common to be coincidence.

Re:Modem Tax

[Mastacheata87]

There are some (pretty big) rural areas here in Germany, where people can't get xDSL or cable even if they wanted.
I know of at least 5 villages with about 100 citizens each in 20km radius that don't have any chance but dialup networking for Internet Access.

In some areas you can get Networking via UMTS/(E-)GPRS, but mostly it's not faster than POTS or ISDN Dial Up.

That's also why some of the lower frequencies used for LTE/4G Networks were given to provider with the prerequisite to install networks in those areas before the frequencies may be used in cities.

Do that many people still have modems attached?

[Tux2000]

Do that many people still have modems attached?

Yes. While DSL, UMTS and DOCSIS are quite common in urban areas, there are still several areas (villages) where dual-channel ISDN is the fastest way to get into the net (2x 64 kBit/s), and many people in those areas still use analog modems (V.90) simply because ISDN lines have a higher monthly fee and dual channel ISDN doubles the costs of each internet connection.

Of course, there is also satellite internet access, but it is expensive, overloaded, slow (despite opposite claims of the operators) and has a high latency. Plus, you need a free line of sight to the satellite and the permission to install a(n additional) satellite dish from the owner of the house. LTE is the latest promise for fast internet access in non-urban areas, following WiMAX. WiMAX exists only in prototype areas, it still is not commonly available in Germany. LTE is only planned, no prototype area exists, and despite legal restraints to install LTE first in areas without high speed internet connections, the first prototype areas will be big cities.

Another reason to use a modem is the ability to send and receive faxes, as others already posted.

Costs for 0900 calls are very high compared to other numbers, and the 0900 owner can define how much is charged. There are two mutually exclusive limits: Either max. 3.00 EUR per minute, or max. 10.00 EUR per call independantly from the length of the call. (Source: http://www.teltarif.de/i/sonderrufnummern-0900.html) So if you use the second option (charge 10.00 EUR per call) and distribute a dialer that makes one-second calls to your 0900 number, you gain 10.00 EUR per second and call. Gaining 8,000,000 EUR (roughly approximating 1 EUR = 1 $) requires 800,000 calls. If you can make 10 calls before getting caught by the modem owner, you need only 80,000 users. If you can make 100 calls before getting caught, you need just 8,000 users.

ISDN users are even more attractive than modem users. The V.90 handshake needs about 10 to 20 seconds, and it is noisy due to the modem speaker. Plus, the V.90 modem blocks the phone line. So it is very likely that the dialer is found very fast. The ISDN handshake takes much less time, about a second, it is silent, and ISDN offers two lines, so you can still use your phone while your computer is busy wasting your money with one second calls to a 0900 line. If that goes unnoticed for one hour, and each call lasts four seconds total, you have 900 calls from one user, 9,000 EUR. Trick just 900 users into using your dialler for one hour on an ISDN line and you gain 8,100,000 EUR.

Tux2000

What about voip, Skype and Magic Jack?

[goombah99]

Presumably Skype and Magic Jack allow Voip calls from your computer to premium lines if you have signed up for the right kind of outbound service.

Additionally most people with voip have their voip modems as their frontline firewall on the internet. If anyone manages to either breakinto to those or otherwise sniff their handshaking then presumably one could make loads of calls and bill them to the voip plan (again assuming one has a plan that allows calls to premium numbers.)

Re:Few Questions

[gsslay]

I don't care for your (oligatory) car example. Here's a better one.

You leave your car parked while you go to the store. It has a new shiny red paint job and looks glorious. You come back and someone has scratched their key all the way up the side of it.

The vandal is still guilty and everything, but you are stupid for going out in a shiny red car. You should know, if not completely ignorant, that there are vandals who get pleasure out of damaging shiny paintwork. So you should paint your car blotchy matt puce green, or not drive it.

Ask your friends, they'll tell you how stupid you were being. You're tempting otherwise innocent citizens to get their keys out and commit a crime they would never dream of otherwise. Stay at home, and for god sake, cover that car up. We don't care how great it looks, have you no shame?

Re:people still fax even in 2011

[Sique]

Or, to be more specific - if I want to send a fax from an arbitrary number to you, I create a new office code in my phone switch for that number, create a single station with the number I want to sent the fax from, put the target number as diversion on a second station within my normal number range and then call from my first station the second and start sending the fax. The phone switch then will sent the fax as a diversion out to you with the arbitrary number as sending party, and the phone provider will transmit that fax with the faked sender ID.

The same goes for an altered fax: I catch the SIP data stream on any network switch, extract the RTP data stream, alter the part of the fax I want to alter and resend the fax again - you get two faxes than, one original, and one faked. If I don't want the original fax going out, I do the same on the Border Gateway Controller, and I cut off the called party as soon as the fax negotiation has finished.

The takeaway: Don't pay cash for a Lamborghini

[itwbennett]

The best part of the story really is that might not have been caught except that he was 'flagged by federal authorities after paying cash for his second Lamborghini.' http://www.itworld.com/networking/138664/man-gets-7-years-forcing-modems-call-premium-numbers

Can't believe nobody has posted this yet

[Yvan256]

"Hello, this is Homer Simpson aka Happy Dude! The court has ordered me to call every person in town to apologize for my telemarketing scam. I'm sorry. If you can find it in your heart to forgive me, send one dollar to : Sorry Dude, 742 Evergreen Terrace, Springfield. You have the power!"