Spammers Using Students as Relays

Zendar writes "idg has an article about how students at the 151-year-old Tufts University were paid as little as $20/month to relay spam from computers in their dorms. Interestingly enough, the students approached the spammers about this scheme and not vice-versa."

Tracked using MAC address

[monkey_tennis]

Interesting that they tracked the individuals down using MAC addresses for computers in their dorms...

I've never heard of any other Uni having the foresight to record this and it seems like a valid piece of info to have to include in any registration document (as per cable modem setup)

plight

[Joe the Lesser]

An interesting look at one of the things students will lower themselves to do to pay for their $80 calculus book.

They got bought cheap!

[FunWithHeadlines]

It sure doesn't take much to compromise a person's self-respect or integrity. $20/month in exchange for contributing to a problem that everyone hates, and knowing full well that everyone hates it? They sold out cheap.

It's sort of like the trend for journalist majors to wind up in PR jobs for corporations doing nasty things. The lure of extra money covers over any hesitation they might have in moving from a supposedly neutral position to one that shills for money.

But $20/month? Man, that's some cheap principles. How about we pay them $21/month to turn against the spammers?
---------

Money for using the computer

[Gortbusters.org]

has always been a popular fad. Remember those programs you could install and you would get a 10th of a penny for every website you clicked and it had a banner-system (I believe)? Everyone thought they would make hundreds of dollars a month with that. I wish I could remember the name. People love getting money for doing their normal tasks, i.e. using the computer. If relaying spam could be done with little or no active participation by a computer user, who [average computer user] wouldn't turn down 20 bucks?

What does it matter...

[mjpaci]

What does it matter that Tufts is 151 years old? Would this be different if it were 310-year-old College of William and Mary in Virginia or 210-year-old Williams College in Williamstown, MA?

--Mike

Re:20 Bucks?

[phorm]

It's cheap, yes, but $20 is about 20 boxes of Mac & Cheese. For some students, this could probably feed them for 3/4 of the month.

Realistically though, profit depends on volume. Some few people probably masterminded the idea, and are taking part-profits somehow. If they skimmed $5 from 20 students with relays - that's $100/month. Still not a lot, but cheap for no work.

Students selling information

[brejc8]

I have been getting spam addressed to [my_unix_username]@[my_machinename].cs.man.ac.uk
My machine passes the mail to me but I have no idea how the people got this address.
The only way I can think of is if someone used finger @ on the machines in the department and then stuck the username with the machinename.
As far as I am aware the finger@ is blocked to people outside the department so I am starting to suspect that some students are behind this.
Especially as the spam is for local companies.

Re:Tracked using MAC address

[Pxtl]

My university (U of Guelph) attempts to record the MAC adress, but their registration program that you must use when you first log on is buggy as hell and often easier to circumvent then to actually use. So I'm not sure how many MAC adresses they actually record.

Follow the money?

[mjh]

The article mentions that they can't track the original spammers, that all the further that they can get is to the students computers. If they really want to track the spammers can't they track the money?

Which makes me wonder, how do the students get paid? Remaining anonymous is critical to spammers being able to continue doing their thing. How does a spammer actually pay someone w/out being trackable? I can't imagine that they send cash.

Re:Students selling information

[pibakic]

Same happened to me, my .cs.man.ac.uk started receiving spam during last semester. Struck me as very strange because my uni address doesn't get used anywhere (well, nowhere that I don't trust).

The irony of receiving "Get your diploma now..." spam on my university mail account...

Re:Tracked using MAC address

[garcia]

I was compromised at one point in time my freshman year and had a smurf attack originate from my machine. They were able to track it down in under 2 hours to my specific port. They shut me down immediately. I had to contact the head of IT directly for reinstatement.

Although it was pretty obvious who was using the most bandwith even w/a tool like iptraf.

Look! the 27th '20 Bucks?!? Outrageous!' Post

[teamhasnoi]

Everyone has said how 20 bucks isn't anything, but it's pure profit! I'm assuming these kids don't have to click 'Send' 1.6 million times, and they don't pay for bandwidth.

Another shining example of the 'me first' attitude that permeates society. (Especially in the US) -

Crap! It's free money, with no responsibillity attached, and poor college students would stand in line at the finger-smelling factory if they didn't have to work.

I'm surprised it took 20 bucks.

Re:Tracked using MAC address

[_xeno_]

Or, if you were a sys-admin at the overly-anal college I go to, you would require the MAC address at signup time, which would then be tied to an individual port in an individual room. Using an unregistered MAC would cause the port to immediately deactivate. So once you have the MAC, you wouldn't just have the room - you'd have the individual student and could immediately deactivate just their port.

This is quite annoying to students who find out the "MAC tied to port" bit by accidently misplugging their computers into the wrong side-by-side ports after rearranging their desks. Fortunately, it was a triple, and my desk stayed where it was. Heheh.

Blacklists work

[frankie]

The university I work for has found itself on various spam blacklists each September for the past 3 years. The reason has been the same each time: underclassmen in the dorms installing old RH distros or whatever that includes an open mail relay.

This spring SMTP will be restricted to only approved departmental servers. Anyone else gets dropped at the firewall. It's a shame (academic freedom and all that) but really necessary.

Re:20 Bucks?

[Anonymous Coward]

Eating nothing but ramen gets old after about day #3. 50 cent mac and cheese needs milk. I usually had to alternate with a meal of spagetti O's or 69 cent microwave pizza in order not to get sick. I kept a couple of cans of Raviolli around for when I felt like splearging.

At my University.

[MarvinMouse]

Where I am at now, they have a very strict rule on that. If you spam, or are caught spamming, or are caught passing on chain mail letters, or a whole list of rules. They'll punish you in one of three ways (likely)

Slap on the wrist. Basically translates into loss of marks for CS majors, or banishement from facilities for a short period, or a whole list of things.

Banishment from computing facilities on campus. Thus, if you are a CS major or basically any major that requires computer systems use. You pretty much just failed yourself out of university.

Expulsion. This has happened with a few people who were really abusing the system and even had warnings.

Personally, I think if anyone even considers sending a spam on the network to bypass the filters, that they should be expelled immediately, or at very least banished from the facilities permanently. It is a priviledge, not a right to use those facilities. If you abuse them, you should lose that priviledge.

Re:Tracked using MAC address

[TheCarp]

Youd like to think that wouldn't you.

Nope Tufts a nice database of Mac addresses and who owns them. Its really quite slick. You can't get a DHCP address without registering. Well you CAN but the only thing on all the net that you can get to is the registration server, because unregistereds end up on a private locked down net.

Its all pretty slick and I would like to say that Tufts is unique in it, however, about 7 years ago when I went to WPI they were quite swift about MACs themselves. I remember a fellow student bought a new NIC card and sold his old one...

about 10 mins after both people put their machines back on the net, they got emails from the network admins asking if it was a permanent change.

However your right, they wouldn't have needed such a slick setup to catch this, a simple managed switch (who still uses hubs?) could have done this.

-Steve

Re:Shocking, I say.

[cjsnell]

Interesting idea.

When I was a student at Vanderbilt University [vanderbilt.edu] back in 1995-1996, we had a student-run IT department. It was a very novel thing back then, dreamed up by an former student who worked for the school. What they did was give responsibility for some services (Web, mail, FTP, and some development) to student-run teams. These teams implemented these services on Solaris and Linux hosts and were responsible for their maintenance. I believe we were paid as work study employees but the wages were much better than what you could earn elsewhere on campus. I think I made around $9-10/hour.

What was really amazing is how they found around 12 *nix-saavy students in 1996 at a school mostly known for its liberal arts and pre-med curriculum. Somehow, they did. It spread by word-of-mouth and we all just drifted in. It was the ultimate student job.

Chris

Re:Flashbacks

[SomeoneGotMyNick]

I agree..... I used to sell them also....

However, I didn't have to spend any more than $150 to get started (I must have had a benevolent leader).

It didn't take me long to quit. I still don't care for their marketing practices. However, the products are great (more than I can say about Amway's product line). I still have mine 12 years since I got them. They're still as sharp and shiny as ever. I even have an inherited set that's over 20 years old. They're in great shape also.

I'm going to risk sounding like a hypocrite. I say if you never bought Cutco knives, and someone approaches you to buy them, give them a try. Money worth spending. However, don't jump at the first offer. Make it a hard sell for them and get the maximum discount you can. Even offer a single amount, take it or leave it, just slightly below their final offer. You'll get a good set of knives, but at the same time you'll effectively discourage the wayward soul from continuing on that dastardly path. You'd be doing them a favor. There's plenty of youth around for Vector Marketing to continue the practice, just don't allow someone get stuck in it.

Re:Flashbacks

[dubiousmike]

My mom sold them. My mother-in-law gave us a few "extra" ones she had lying around.

They are great knives and I have no complaints what so ever about their quality. If I had the money, I might even buy some myself.

But their tactics, not only for marketing, but especially recruiting is what p1ssed me off to no end. As a teen looking for a job, I called an ad for $15 an hour. They would not tell me what the job was. Perhaps this is a necessary tactic on their part as I NEVER would have bothered to waste my day to go to their seminar.

I likely would buy a couple of knives, but only when one of my friend or realatives corners me into buying them or risk bad feelings between us. Frankly, there are other high-end-ish knives out there that don't rely upon sales and lead generation by guilt.

:P

tufts ip address range

[Indy1]

i did a little WHOIS digging......
the most important part (CIDR:130.64.0.0/16) just made my firewall blacklist : )

OrgName: Tufts University
OrgID: TUFTSU
Address: 169 Holland Street
City: Somerville
StateProv: MA
PostalCode: 02144
Country: US

NetRange: 130.64.0.0 - 130.64.255.255
CIDR: 130.64.0.0/16
NetName: TUFTS
NetHandle: NET-130-64-0-0-1
Parent: NET-130-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.TUFTS.EDU
NameServer: NS2.TUFTS.EDU
NameServer: NS1.HIGHWIRE.ORG
NameServer: NS2.HIGHWIRE.ORG
Comment:
RegDate: 1988-06-10
Updated: 1999-12-06

TechHandle: TN2-ORG-ARIN
TechName: Tufts University
TechPhone: +1-617-627-3144
TechEmail: noc@net.tufts.edu

interesting, but

[ptrangerv8]

no big suprise... When I was in college, not that long ago, I'd have sold just about anything... True, I'd have asked for more than $20 for it, but I'd have done it...
To me it's no suprise that peopel would do that... as stated a ways above, $20/ mo is a lot of food money!!!

**** sig ****

Why do all my comments get modded down?

Re:Crappy Student Jobs

[Hott of the World]

yeah, I cant donate or sell my blood!

I think they banned anyone living in the UK from 1980 onward from donating blood

Link Here [bbc.co.uk]

and some HTML http://news.bbc.co.uk/1/hi/health/423344.stm

Re:Crappy Student Jobs

[CharterTerminal]

Haha! I did that. Twice. First was a year-long stint in Portland, OR for a company that did political stumping thinly disguised as a survey. (My favorite question, still etched in my mind ten years later: "Would you be more likely or less likely to vote in favor of triple trailer trucks if you knew they were three times more likely to roll over and separate?" Three times more likely than WHAT, I always wondered.)

Second was a two-week stint setting appointments for a vacuum cleaner salesman to come over to your house and throw stuff on your carpet, then vacuum it up while gesticulating wildly and loudly declaiming the many virtues of THIS vacuum over the OTHER vacuum you already own.

I sat down in a folding metal chair, my supervisor dropped a copy of the phone book on the card table in front of me, handed me a script, and told me to get to it. I was pretty much the worst appointment-setter EVER. After two weeks I picked up my check and walked out, never to be seen again.

I'm not proud of having been one of those people who pestered people at dinner. But then again, "being one of those people who pestered you at dinner" ranks pretty low on my list of things to be ashamed of.

Simple solution

[sik puppy]

This incident has happened once. All new and returning students should be given an updated school policy with the following addendum:

Any use of the schools network for the purposes of aiding or supporting spam will result in immediate expulsion. No exceptions.

Simple, brutal, efficient. No more problem.