Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam

Taking On A Spammer 286

_QED was the first of an onslaught of users to submit a story about a programmer who got his domain forged by a spammer and took action. I don't know if this is real and I'm certainly not suggesting doing this yourself, but this is an extremely interesting story.
This discussion has been archived. No new comments can be posted.

Taking on a Spammer

Comments Filter:
  • I don't see any obvious reason to believe that this site is fake. People here are complaining about it not having enough technical details, but they don't seem to realize that the spammers are out there reading this site as well. Now what do you think would frighten your average spammer (they aren't known for being too bright) more? A detailed explanation of exactly how this guy socially engineered his way into these computers or a menacing but vague description of his "stealthy hacking" full of colorful adjectives and small words? In the first case, Billy Joe Bob Spammer will just say to himself "Well gee-whiz, I'll just be sure not to fall for [fill in the blank]!" while in the second he's left thinking "OH NO!! HACKERS ARE JUSS LIKE IN THE MOO-VEES!!"

    As for the people who are wondering why he doesn't publish this on his own web site under his own name, e-mail address, home telephone number and social security number -- have you even for one second considered the fact that what he did was CLEARLY ILLEGAL?

    Anyway, this spammer DOES exist. I actually first found out about this page from a recent post to the SPAM-L mailing list. Here is the first and third posts on that thread:

    Subject: Nuke: from alts.net
    Date: Mon, 5 Jun 2000 09:51:47 -0700
    From: "Hart, Andrew"
    To: SPAM-L@PEACH.EASE.LSOFT.COM

    4601 W. Sahara looks very familar, but I didn't find
    an abundance of recent NANAS hits against it.

    -----Original Message-----
    From: Technical Support [mailto:support@alts.net]
    Sent: Wednesday, May 31, 2000 7:02 PM
    To: *******@aol.com; TOSspam@aol.com; abuse@verio.net; abuse@alts.net;
    tech@connectcorp.net
    Cc: nanas-sub@cybernothing.org; spamrecycle@chooseyourmail.com
    Subject: Re: [Email] Spam: Free Rate Quote!

    Thank you for notifying us of this spammer. Our policies do NOT allow bulk emailings in any way. The account free-cybermarket.com has been terminated effective 10:00PM EDT 31 May 2000.

    Best Regards
    ALTS, LLC ABUSE
    abuse@alts.net

    At 08:50 PM 5/31/00 , *******@aol.com wrote:

    URL: http://www.free-cybermarket.com/m/index.html
    Dropbox: mailto:ulistsrvcs@fr.fm?subject=unsubscribe

    FROM mail-abuse.org TO www.free-cybermarket.com.

    traceroute to free-cybermarket.com (161.58.232.252), 30 hops max, 40 byte
    packets
    ...
    7 vwh0.dca.verio.net (129.250.30.166) 89.765 ms 91.406 ms 89.846 ms
    8 free-cybermarket.com (161.58.232.252) 89.429 ms 89.517 ms 89.734 ms

    Query: free-cybermarket.com

    Sunrise Beach Inc. (FREE-CYBERMARKET-DOM)
    4601 W. Sahara
    Las Vegas, NV 89122
    US

    Domain Name: FREE-CYBERMARKET.COM

    Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
    Enterprises Inc., SunRise (SE4175) sunrise@CONNECTCORP.NET
    SunRise Enterprises Inc.
    4601 W. Sahara
    Las Vegas , NV 89102
    NONE GIVEN (FAX) NONE GIVEN

    Domain servers in listed order:

    NS1.ALTS.NET 192.41.1.48
    NS2.ALTS.NET 161.58.9.48

    Details on NANAS

    =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ =
    J. Andrew Hart

    Subject: Re: Nuke: from alts.net
    Date: Mon, 5 Jun 2000 10:50:18 -0700
    From: Jay Hennigan
    To: SPAM-L@PEACH.EASE.LSOFT.COM

    On Mon, 5 Jun 2000, Hart, Andrew wrote:

    > > 4601 W. Sahara looks very familar, but I didn't find
    > > an abundance of recent NANAS hits against it.

    Seems to me that address turns up in the ICQ logs of Rodona Garst,
    the posting of which kept me up all night reading. Fascinating stuff.

    http://belps.freewebsites.com/
    http://premier.cluelessfucks.com/

    --
    Jay Hennigan - Network Administration - ***@****.***
    NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
    WestNet: Connecting you to the planet. 805 884-6323
  • The only combat we have against Spammers, is the capitalist approach. Spammers would not be in business, if not for all of the nullheaded PR people who feel they need to mass-market the internet cheaply. And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people.

    You can't really blame those PR people - maximizing your exposure for a minimum of expense is a basic goal of any marketing campaign. Spam is an example of a market failure, wherein otherwise beneficial free-market forces encourage behaviour which causes negative externalities (just like a manufacturing plant has an incentive to dump pollutants cheaply). Sure the spammer gets their message out, and might generate some revenue off that, but everybody else carries the expense of unnecessary traffic, pissed off users, etc.

    The question is, how best to deal with this situation. Sure, this guy probably should have "changed the names to protect the (presumed until proven guilty) innocent," but would anybody have believed him in that case?

  • Sure, it's possible.

    Not to turn Slashdot into a cracker training school, but here's one way.

    Assume the Windows box has file sharing turned on and is poorly secured. Prepare yourself a back orifice binary, and place it in C:\WINDOWS\Start Menu\Programs\StartUp. OK, now you say, "But that doesn't take effect until she reboots." Fine, use one of the many readily available "Ping of Death" type tools to freeze up the machine. Bingo. She hits the reset switch and your nice little "remote admin tool" is now up and running. (since she's on AOL, take the appropriate steps to ensure that her new IP is made known to you when she reconnects.)

    That's the simple version. Believe me, I've been in the position of defending machines and networks against similar attacks, and the things he's claiming to have done would not be that hard to pull off on the typical home users unsecured machine.
  • Maybe...but it takes a lot of skill and imagination to make up something like this. The photos, the back story, writing in several people's voices...

    If he knew how to do that he'd be a novelist, not a hacker.

  • Can't remember though if it will start immediately on installation, or if it needs to wait for a Windows restart (like everything else !)

    Well, since you can execute code on the taget machine (that's how you got BackOrfice installed, right?), what's to prevent you from executing BackOrfice immediately after installation?

    Kaa
  • I thought a lobotomy was a prerequisit of using MS products! :)
  • I have to agree with you. I am suspicious of how he hacked them... he provided all other details, why not these?

    Now I didn't recognize one of the icons in the systray, I believe it was second from the left. The computer one with some kind of slice thingy. None of those others provide remote access to screen/keyboard. I didn't see any VNC Server there, nada. Now that icon may be a PC/Anywhere icon but I don't use that software and don't recognize it.

    Anyway I'd like to see some more proof.

    BTW: If this story is true: Great. I hope the spammers have a lifetime of grief bundled into the next couple weeks. They deserve every measure of it. If it's untrue, however, this "Man in the Wilderness" should be subjected to a swimming pool full of double-edged razor blades.

  • Unless "She" had her C drive shared with no password, which is unlikely

    Not only is it NOT unlikely, it's actually quite common.
  • even if it is, you have to admit - a lot of effort would be put in making up those icq logs [100xs of pages]
  • So the spammer's machine just happened to be running BO/NetBus/PCAnywhere? That sounds too convienient, and why did he word it that he "hacked" into the computer?

    This story sounds something like you'd see on TV or the movies, where everybody's computer is "hackable" and you can see what they are doing on their computer in realtime.

    Let me guess, he typed a command on the spammers computer saying "ACCESS ALL OF THE SECRET FILES" in huge letters and got everything he needed.
  • With apologies to Tom Lehrer.

    . When you show up in a country that (despite what anyone says) is run like the Wild West, stealing a few horses is going to get you in trouble. No matter how normal it is in any other place you've done business.

    What is disturbing to me is that all we have is this guy's word. Now I happen to believe him, but what if this whole thing turned out to be a clever and malicious hack taken out at these folks' expense?

    Where there is no justice, I have no problem with the quickest gun carving out his own revenge. But it would be better if there were something like due process and independent review of evidence, and impartially and uniformly implemented punishment, rather than a system of self appointed judge/jury/executioners. That way the little guy and the inexperienced get justice too.

  • To elaborate on this point:

    there are 95 icq logs, spanning over 2.5 megs, all of text. This is *51000* lines of text! This would take huge amounts of time and effort to forge in any consistent manner, which they seem to be. I agree the methodologies that he described are pretty vague, but he got these logs somewhere, as well as a ridiculous amount of email. And if they are all real, the person who wrote them is obviously a hardcore spammer.

  • by milliyear ( 132102 ) on Wednesday June 07, 2000 @05:33AM (#1019796)
    Did you even READ the ICQ logs???????

    These low-lifes routinely INSTALLED PCAnywhere on their machines so they could work from their laptops in bed!!!! Getting in was a no-brainer!! And they didn't know sh*t about the technology!!! They had a revolving door of script kiddies that had to set up their systems!!! They only knew what the script kiddies taught them!!

    And check out some of the other URLs mentioned - they are all there! (like silver-shamrock.com)

    "We have heard the BS alarm.....and it is you!!!"
  • PCAnywhere, Back Orifice (classic & 2000), Windows 2000's Remote Terminal (I forget the "proper" name), Netbus + any screen grabber, and a whole host of other such software.

    If you have a problem with spam, FIRST, secure the domains with Nessus.

    THEN, configure your mail server to bounce mail with broken headers.

    THEN, follow the Advanced Networking HOW-TO to set the queue for TCP connections to port 25 to a much smaller value.

    Finally, only accept connections from hosts with a valid IDENT response.

    Chances are, your average spammer won't be capable of forging any e-mail that can pass through even rudimentary security, such as this, without having to reveal their true name & true e-mail address. Something your typical spammer is unlikely to do.

  • It was PC Anywhere that did her in.
  • she's using icq

    and left sharing open

    simple install subseven on her machine

    not heard of it?

    nvr mind
    .oO0Oo.
  • Yeah, these losers have been filling my mailbox up with crud, too.

    I was looking forward to e-mailing the creator of this website to congratulate him for his wonderful efforts, but when I pointed the mouse over the e-mail link, I noticed I'd be e-mailing myself. D'Oh!

    Oh man, I don't think I've ever laughed so hard while being so angry. It's the weirdest combination of emotions.

    I can't get over what illiterate schlump she is, especially from her screen shots. (I guess Windows' poor security is a good thing after all...)

    Dude, I know you're out there, and I'm sure you probably read Slashdot at least occasionally. Thank you for taking the risk to stand up for what is right... even if it's technically illegal.

    I suggest that we set up a legal defence fund for this guy, just in case he ever gets caught. How's a little Slashdot charity sound? If we combine our resources, I'm sure he could hire OJ's lawyers - and if they could get OJ off, they can get anyone off.

  • it's a bit strange he didn't reveal a little more tech on how he got some of the info. but, he did do all many of the same steps i'd use. directory lookups (whois, whitepages, 411, etc) and sniffing on a major mail server with a pager feed.. seems real enough. but the way it is written is strange.

    anyway, here's a bit of extra fact:

    "Pump & Dump" Claim [freewebsites.com]
    Mark Rice Insider Info [yahoo.com]

    So he does exist, and he did want to trade 50,000 shares. Of course the problem with good lies is they are often half-true.

  • Well, it depends on how strictly you want to define "right after". I'd say within 5 minutes would still qualify, and that's plenty of time to copy the binary into the startup folder and hit the machine with a ping of death to force a reboot.

    Not that the PC Anywhere theory is implausible, I'm just making the point that it wouldn't be too much more difficult to get the same access even without getting lucky.
  • Actually, I reported a spam routed through his new services last year... Sent a long note to his ISP, explaining that I thought providing him bandwidth was foolhardy.

    Got a message back from the "Great Man" himself, with his claims of being anti-spam, &c., &c., blah, blah, blah. Truth be told, I never heard from that spammer again -- nor any other that I could trace through Wallace, since then. (This is in the context of 300+ confirmed kills for 1999, and over 200 so far this year.)

    Kinda cool, though, putting a tick-mark on my SPAM can to represent that kill. :-)

  • Whenever we receive SPAM mail, I send this reply:

    The Windmill e-Mail Parsing System(c) indicates that the message you have sent is an advertisement, commonly known as SPAM mail. If your message is NOT Spam, please click your e-mail program's "Reply" button and re-send your message.

    If your message IS Spam, be advised that this is a Business E- Mail address, and and as such costs money to maintain.

    Your e-mail costs us money.

    Any further advertisements sent to this address will be invoiced to your firm at $5.00 per message. The act of sending further e-mail messages to this address is considered acceptance of this billing arrangement.

    MIS Department
    Accounts Receivable


    If they send us more SPAM, I send them this:

    Please consider this your invoice for $5.00.

    Reply promptly with information regarding your preferred payment method. You will not be invoiced for any e-mails exchanged regarding your account.

    Your Customer Number is SPM23975, please use your customer number in all correspondence with ETS, Inc.

    Have a nice day.

    Accounts Payable

    Nothing has ever come of it, but it makes me feel better.


    Matthew Miller, [50megs.com]
  • it's not that unlikely? a quick scan with a smbscanner will come up with a bunch of open hard drives waiting to be poked around on. You'd be amazed how much porn (in hidden subdirs), warez and mp3's the average dsl user keeps on their hard drive.

    sometimes they even have their printer shared so you can send them messages
  • Regardless of whether or not it's fake, it's entertaining in two ways -- once as a fantasy tale of someone taking revenge on spammers, and once as a badly written overly dramatic technical article from an advanced TCP/IP know-how provider who can use advanced tools like NSLOOKUP and WHOIS...

    And it looks like they're using Windoze and haven't got their DNS set up properly:-

    C:\>nslookup *** Can't find server name for address 192.168.0.1: Non-existent domain *** Default servers are not available Default Server: UnKnown Address: 192.168.0.1
  • Better yet, go find yourself a copy of Stevespam [lycos.com], one of the best .mod files I've ever heard!

    I guess I'm kinda dating myself here... I was deep into BBSes when this song came out. Wow I kinda miss "Dial attempt #322..." on Telix. :-)

  • There does seem to be too much hype and too few details to the story. A questionable point in my mind: Just how does one track a user to an IP address based on email? Unless you control the originating SMTP server (hence you could cull the logs), it must be very difficult to resolve a user down to an IP... in this story, the return domain was forged but the originating SMTP was stolen from an unrelated service, so how is the spammer IP address resolved?

    Discovering the originating IP address from the headers of a given message is trivial. Most SMTP MTAs record the IP of the client connection in a Received: line. All one need do is examine the first non-forged Received: line in the message header.

  • If you took a screenshot of my game machine right now, it would show ICQ Netdetect offline and AIM offline. Why? I use GAIM and LICQ, but they're installed on the 98 machine, and it is connected right to the net right now. Maybe she was offline by choice? M'kay.
  • I'd have thought people could set up an entire business catching spammers. ISP's spend a lot of money blocking spam. If there were enough people working full time the problem could probably be reduced quite drastically.
  • It's a nice "story"... but it reads like a copy of Takedown - all sensationalism. Anybody else notice this? It's gotta be a fake, or at least exagurated (sp?).
  • by BoLean ( 41374 ) on Wednesday June 07, 2000 @05:39AM (#1019816) Homepage
    We need a technological solutions to this problem, not a legislative. If there was no method to fake e-mail then this wouldn't be a problem.
  • Freewebsites.com is slashdotted already. Already! Anybody mirrored it?
    -russ
  • Spam used to really annoy me, but over the years, I have gotten used to just deleting it every day. It takes me a few seconds. However, there are some facts to consider about spammers:

    • The cost of that few seconds multiplied by the number of employees in a large corporation or customers of a large ISP can justify a full time anti-spam position responsible for build filters. Spam does cost recipients money.
    • Many of the schemes that spammers are involved in are illegal in some of the jurisdictions they send to: cable descramblers, pump-and-dump stock scams, chain letter pyramid schemes, pirated software, etc.
    • Their headers are frequently forged, doing collateral damage in what sometimes amounts to an indirect DOS attack.


    As for anonymity on the net, I'm actually for it. I also for a more secure network. And I have no problem with blocking sites and users that break the rules without needing to find out who they are. However, if this story is true, the spammers in question made no attempt to be anonymous. They revealed who they are through publically accessable information. Too bad.

    I have read a couple of suggestions for persistent anonymous identities on the net. People can decide whether to do business with you based on the reputation of your anonymous identity. That would require a couple of important components:

    • Cryptographically secure authetication
    • Trusted sites for maintaining a record of those reputations


    Certainly, there would be nothing to stop people from maintaining multiple identities or creating new ones on a whim. However, if your reputation was your ticket to transactions on the net (buying, selling, possibly even working), it would be worth a lot. Set your threshold at 2 and refuse to talk to the ACs and new users. The choice would be yours.

    The bottom line on anonymity is that in a sense, true anonymity is impossible. To achieve that, it would have to be impossible to link anything I say or do to anything else about me. That would mean that every e-mail message, every web page, every Usenet post would be a disconnected entity. That isn't useful, and probably isn't possible.

    What is useful is when I can go online and seek information about a medical condition I think I may have without leaving a trail that insurers can link to me as a customer. If they want to know something about my medical history that's fine. They should have to ask me. They can refuse to insure me if I refuse to divulge it. Limits on the scope of legitimate questions are a matter for the legal system.

    Anonymous identities are most useful when they allow two-way communication. That requires persistence. And that means that they are subject to retaliation for their actions. The retaliation is simply limited to what you can do to an anonymous ID. You can wreck its reputation so that others won't do business with it. With a strong mechanism to accomplish that, imagine what would quickly happen to spammers. If we could identify them as spammers within minutes of the first offense, and nearly everyone used filters that would then refuse mail from them, how much of a business could they build?

    Imagine if it became public knowledge that they had engaged in a pump-and-dump scam before the markets opened the morning after they sent their e-mail. Would you want to be a spammer holding 100,000 shares eVapor.com when NASDAQ halts trading on it because the pump-and-dump is reported before the opening bell? Watch the $80,000 you put into it turn into a complete loss.
  • by / ( 33804 )
    The blurb for this story didn't contain any warning about "the usual hacker/cracker misnaming applies". Does that mean slashdot has grown up and moved on to more important matters, or is CmdrTaco asleep at the wheel?
  • It is a really good story, though!

    But here's a potential loophole (unless I'm totally wrong in my figures, which I could be...someone please recheck):

    The screenshot says she was sending 3,522 e-mails per hour. That's just under 58 e-mails per second. She was supposedly using a throwaway AOL dial-up account. (The frac T1, it was said, was not used for sending spams.) Even if the laptop had dual-channel ISDN, the maximum she could spew just under 16 kilobytes per second. This would mean the size of the e-mail would have to be 282 bytes. That's enough for maybe just over four lines of text. The examples provided on the site had multiple paragraphs of text and bulleted-item lists in the spam-mails.

    It doesn't add up. She **might** get 58 spams per second if #1) there was no bandwidth wasted to pesky things like TCP/IP headers and SMTP commands, #2) there were no rejected spams, #3) she had a dual-channel ISDN connection with compression for her AOL dial-up, and #4) the spam-mails were very small.

    I really find it hard to believe that AOL offers dual-channel ISDN with compression and that Rodona coincidentally has an ISDN adapter for her laptop and the spams she happened to be sending when the screenshot was taken were uncharacteristically small.

    But I absolutely **love** the story. Should've been a book. I really, really hope that it's true!
  • I find it interesting that no one has mentioned that this information could not be used to prosecute because of how it was obtained. Turning the goods over to a prosecuter would do no good since such information must be given to authorities by someone who had permission to access the files or are obtained by a search warrant.

    Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    carlos

  • by Yekrats ( 116068 ) on Wednesday June 07, 2000 @08:10AM (#1019839) Homepage
    You say "Nothing has ever come of it..." I don't think so.

    Your idea about sending a fake bill to spammers is a very BAD idea. By sending them email, you verify your existence. Once your address is verified as "legit", what happens? You get more spam. For the same reason, never click on their "click here to opt out" links!

    I'd advise using Spamcop (spamcop.net [spamcop.net]) The free part of SpamCop un-obfuscates the email header information, then allows you to automagically send a letter of complaint to the appropriate authorities. Personally, I've seen several accounts (email and website) disappear after I've used Spamcop against them. It's quite satisfying. Spamcop also has a fee-service for filtering email (which I haven't tried yet).

    I hope this helps!

  • What is disturbing to me is that all we have is this guy's word.

    Do you really think anyone would take the time to forge a 20 pages long ICQ conversations? We seem to have a lot more than just his words. Yes, this is "vigilange justice" web style. You are the due process and independent review of evidence. All this guy has done is organize and present it.
    --
  • > ..she's on AOL you .... It's OBVIOUS that she's online.

    Duh.... unless the "screenshot" is faked, a point you were obviously too dull to catch on to...

    -- Your Servant,

  • by llywrch ( 9023 ) on Wednesday June 07, 2000 @08:22AM (#1019851) Homepage Journal
    Oh boy, just what we need: a new way to discourage Spammers. I can see it now.

    Spammer's phone rings.
    ``Hello?"
    ``Yeah, hi! Is this $SPAMMMER?"
    ``Why?"
    ``I got a copy of your spam, the one about the web site that promises ``Real Time Lezbo S&M Action". I gave it to a nerd buddy, who tracked you down. I decided to come on over & see you perform."
    ``If you come over here, I'm gonna call the police on you."
    ``I already talked to the chief of police in your town. He's pissed that you sent his child a spam advertising that web site about ``Old MacDonald & His Cow", so he's coming over too. In fact, that's his car sitting in the driveway. If you perform well with Mistress Domme, he's willing to drop the charges. Be sure to ice down the beer!"

    Jeez, I'm about to blow all of my karma on this one sick joke.

    Geoff
  • Thanks for the compliment. Another week or so and I'll probably take the link out of my .sig and put it on my user page or something so it doesn't look like I'm crying over spilt milk forever. Thanks, though.
  • Assuming this is true (and he's apparently gotten enough accurate information about these individuals that he's either convinced he's right or willing to risk a libel suit) this is a perfect example of why all spam, no matter how interesting the product or service may be or what company it's from, must be deleted without response.

    These people are willing to steal other people's AOL accounts (OK, let's all laugh at the AOL users, but it could have easily been a local/regional ISP) to send their spam, the "pump and dump stock scam" probably damages both the hapless investors and the company in question, all in the name of making money.

    I say we mega-Slashdot this site -- send a copy of this URL to everyone you know (_especially_ if they use AOL) and tell them to look at it(*). Point out that just because it's comes from a *koff* "trusted" site like eBay or Microsoft doesn't mean it's any more welcome or desired. Make sure that people start using a company's or site's "opt-out" policies for junk mail.

    I don't know at what point spam becomes "unprofitable" but the more people who refuse to cater to spammers or their clients, the better.

    Jay (=

    (*) Okay, maybe not everyone you know. No point in spamming in the name of anti-spam. But at least tell people about the site.
  • Ponder this: If he never had been able to crack the machine, you would never had heard of the story.
  • I'd have thought people could set up an entire business catching spammers.
    Hmm, could be fun. Spam bounty hunter - "Have traceroute, will travel."

    Would be even more fun if I got to administer the clue-by-four to the spammer personally, though...the criminal justice system is so impersonal.

  • I made the list of people whom this company is afraid to spam my old email address of "lordkano@sgi.net" is on the list download the list of people whom they fear from...
    http://homepages.manawatu.net.nz/~alanjb/misc.ht m

    LK
  • My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal

    Whether this spammer (the "poor dork Rodona Garst") is stupid or not is really irrelevant. By the fact that she is able to use a computer to send spam, con naive AOL users into providing their usernames/passwords, participate in illegal stock schemes, etc, she has demonstrated that she has sufficient mental capability to be considered mentally competent (i.e. not mentally retarded or insane), and as such is responsible for her actions. And as they say, don't play with fire unless you're willing to get burned. This time, she got burned, and I feel no sympathy for her. If she was unwilling to take the risk of her (immoral, and some illegal) actions being exposed, she should not have performed those actions, and *further* should not have framed innocent people for them.

    Now, I might be swayed by your argument about stirring up a "lynch mob", had this simply been a case of political disagreement, or someone doing something unpopular/controversial, etc. But the problem here, to me, is that not only did do it, but then framed an innocent individual for her spams. If that individual then comes back and kicks her in the ass, well then c'est la vie. She can deal with it. If she was spamming people without forging her IP (or forging it to be restricted numbers, thus not implicating innocents), then maybe publishing her information would be too extreme. But in this case, I think it is appropriate.

    All in all, I think she and her associates got off rather easy. If the story is true, and the Man In The Woods did indeed gain access to the computers of Garst et al., then he could have easily destroyed everything on their disks rather than simply publishing the information about her deeds on the Web. Or perhaps he could have discovered sufficient personal data to cause more personal havoc in her life. Given the hassle that she caused, I think he showed remarkable restraint :-)
  • that this is a spoof.

    This guy claims to be such an important security expert, yet in addition to reading all of the "Hacker books", visiting "Hacker webpages", reading all of the traffic from the "Hacker mailing lists", and earning a living he STILL has time to hack his way across the internet and steal a hundred megabytes of information from these people.

    I think that he even throws in the negative comments about AOL users in an attempts to curry favor with people like us.

    Rodona, or whoever she is, has some decent nipples but I doubt the veracity of his story.

    LK
  • That list is probably at least partially a list of posters to news.admin.net-abuse.*.

    I never reply to spam. I often followup spam to originating site's postmaster/abuse. I occasionally post to nana*. I'm on the list.

    Oh, and to those who say "the whole story of hacking in is impossible!", bite me. People are really that dumb---I've known lusers who

    1. Indiscriminately share their drives so their friends can get files (and everyone else on the planet can rape their machine)
    2. Log all their juicy chat sessions (and leave netsex logs lying around with nice obvious filenames).

    I'm not convinced this story is real, but I'm sure it's not impossible.

  • >Another datapoint: on the site there is a list of "anti-spammers that they won't send spam to".

    I took a look at this list. A number of the names are obvious spam-blocks, abuse@*, etc.

    And I found my own name. Four times, different variations. Wow, & I haven't complained about spam in years. (Could it be that I'm just a cheap SOB who won't buy anything advertised in email? Naw.)

    But I'm saddened that they didn't include my favorite spamblock of all time -- the one where I used ``cyberpromo".

    Geoff
  • Is it just me, or did this account read a lot like the book "The Cuckoo's Egg"? (Has anyone read this phenominal book?)

    It seemed to me to either be a very similar situation, or a fairly blatant rip of the story.

    -------
    CAIMLAS

  • This is absolutely REAL information. I checked out the list of anti-spammers that he got off her computer, and MY NAME WAS ON THE LIST.

    You can see for yourself. pdrap@ctp.com, pdrap@concentric.net and pdrap@cris.com are all on the list. Those addresses are no longer active, but at one time I did a helluva lot of spammer killing with those addresses.

    I was skeptical too, but after considering it all night, it makes much more sense that he snagged the info using Back Orifice than the notion that he made it all up. Particularly so since the data appears to be accurate.

  • BackOrifice or NetBus-style monitors would give you this kind of info, allow you remote (at least command-line) control of the victim's computer (even at the same time they're using it!), collect screenshots, and conceal themselves from the "usual" methods of determining what's running on their own machine - that's what they were designed to do.

    As for WHY he doesn't say how he did it - maybe he's anticipating being able to "get" them again, and doesn't want them cutting off his access?
  • I agree. The complete lack of any technical information on the hacking seems pretty suspicious. I do know of at least 6 different ways to get into a windoze machine and do this, but all of them take a little time and effort. Given the detailed amount of other info, I'd expect a little bit on the hacking.

    There are other incorrect technical details which would point to this poster being more of a user (ex-spammer) rather than a system administrator. The "blank Bcc: line" comment is wrong, because Bcc: is a function of the MUA, once it gets sent to the MTA over SMTP, every one of those addresses is converted to an RFC821 RCPT command.

    I got the exact same feeling from this whole affair as you have, an ex-spammer disgruntled he didn't get paid for something. He/She had some time alone with Rodona's laptop, and copied a bunch of stuff onto some floppies or ftp'ed. With a little fixing up to appear as an agrieved sysadmin to throw his ex-employers off the scent.

    Spammers and telemarketers are all fair targets for retribution, whether through hacking or social engineering (the sex survey, FBI hotline, others)

    the AC
  • He hacked his way across the internet and into that computer and captured a screenshot? Please! If he knew how to do that, he'd be far too busy to do what he's doing with it.

    BTW, I host my own domains and email and I monitor spam closely. The problem is getting worse: There's even a spammer operating over the last few days who is mailing to "postmaster@" and that is a huge no-no. They are shameless.

  • I don't know if it's legal; that's one of those debates that's still up in the air (see here [slashdot.org] for the last /. article about such). But this seems to be justified at the very least. The crimes he KNEW these people were comitting (to say nothing about what he found out) are sufficient. Now, IANAL, but I don't think what he found is admissable as evidence for prosecution, but it would serve as a great reason for conducting civil and criminal investigations, wouldn't it? Then they can get the same info legitimately, and can the spam for a few years, or hit them in their pockets, where it hurts. :)
  • by IanO ( 21302 ) on Wednesday June 07, 2000 @03:51AM (#1019885) Homepage
    There are mirrors at:

    http://elias.rhi.hi.is/premier.cl uelessfucks.com/ [rhi.hi.is]
    http://cow.org/~noise/belps.freewebsi tes.com/ [cow.org]
    http://homepages.manawatu.net.nz/~alanjb/ [manawatu.net.nz]

    There is also some interesting posts at an old mirror here:

    http://premier.cluelessfucks.com/ [cluelessfucks.com] (gotta love that domain name!)

    This is great information... where else could you find out how many freckles are on a spammer's ass :)

    ------
    IanO
  • Do you really think anyone would take the time to forge a 20 pages long ICQ conversations?

    As I said, I believe this guy is telling the truth and that this little piece of frontier justice is justified, in absence of any other kind of protection.

    However, I'd like to ask you why you think it is so implausible that somebody who wants to trash somebody's reputation badly enogh wouldn't go through the trouble of forging 20 pages of dialog. Here's a true example from my circle of acquaintences: Woman A get's involed with a man whose ex-girlfriend (Woman B) was emotionally unstable. Woman B fixates on woman A as the source of her problems, and begins to intercept some of her mail. Woman B begins to send change of address notices Woman A's creditors, and eventually begins to apply for credit cards and record club memberships, ignores important legal notices etc. Woman B successfully trashes (at least temporarily) Woman A's credit rating and causs no end of hassle.

    The world is full of fruitcakes with too much time on their hands.

    The problem with frontier justice is that everyone, the reasonable folks and the kooks thinks what they do is justified. If you think this is a good way to run a society, check out the movie, The Ox Bow Incident.

  • Im sorry, but this sounds like John Markoff wrote this. I really don't believe it. Also, This is not the first time a domain controller sued a Spammer, Matt Seidl from localhost.com [localhost.com] sued a spammer [colorado.edu] for using his domain name in their spam. Which I hate to say, was thrown out.
  • See those messages encouraging mass spamming in order to get stock volumes up? That's pump 'n dump. A credible public company on the market does *NOT* need to behave like this, PERIOD. There is *NO* reason to do this.
    Smallcap (penny) stocks that are basically scams (those with many shares are 'pumping' the stock by all this spam, hence creating volume, and an increase in price, and an increase in demand for the stock, and then dumping what they own for moremoney.)
    That is not what stock is about, and it's illegal.
  • There is a reason he didn't put up his email address.

    Of course. I wouldn't put my main e-mail address on a webpage like that, much the same way I don't put my main e-mail address up on Slashdot. Web-based e-mail is wonderfully anonymous (when you kill all browser cookies), and since you only end up downloading the message from the server if you click to open it, you don't waste an hour waiting for a day's worth of spam to be fed down the pipe from your POP3/SMTP mail server. That was probably the easiest option available to him.

    Given that the subject matter was illegal and it's not impossible for Hotmail or Yahoo or others to trace IP addresses, my next tactic would be to use an cyber cafe or some other similar place to create the e-mail address. Probably, I'd upload the webpage to the server from another cyber cafe to assure greater anonymity, just in case they're logging IP addresses, too.

    Further, it's easy enough to write a Javascript that breaks your e-mail address into two pieces so that webspiders don't find it and spam it, and yet when a user clicks on the link, it gives you the correct and complete address. I'd pass you the script you can add to your own websites to do this but I don't have it handy right now. It's common enough knowledge, I didn't write it.

    Subj: Your an idiot. (Score:0)

    Hmmm. Generally, if you wish to insult someone effectively, it's better to have a thorough and proper command of the language you are using.

    Pursuant to the above paragraph, you will note this convention, used every day in common English:

    "your" = possessive. ie. "It's your brain that doesn't work."

    "you're" = contraction of "you are". ie. "You are about as intelligent as a tsetse fly."

    To combine the two into an impressive demonstration of your new-found (though, ironically, remedial) English skills, you could use a sentence like the following:

    "It's not your fault that you're not very intelligent."

    Along those same lines, you should be aware of tricky words like "there", "they're" and "their". And "its" vs. "it's" never ceases to confound.

    Since I suspect English is your first language, I would expect you to demonstrate a more thorough command of the language than was demonstrated in your post. One's second and third languages are generally expected to display grammatical and contextual errors; but I would doubt you have either the tenacity or the requisite breeding required to learn a second language. I have nothing but respect for those who learn several languages, since it's not an easy process. (I know, I speak several fluently.)

    I hope that you get to use this tidbit of information to avoid being marked down on your high school freshman English tests.

    Now, isn't there a nice and warm Sony Playstation waiting somewhere for you? Or maybe you prefer a little Jerry Springer?

  • Doesn't mean it's offline... though it may.

    The computer sitting next to me was moved from dialup to DSL... and as long as the modem is donw, icq netdetect still thinks the machine is 'offline' (even though ethernet link is up)
  • What sort of cruel parents would name their kid "Rodona"? And that face, eeeuuuooow. . .
  • The kind of anonymity that Napster users do is the home version of intellectual property theft, with copyright violation (artists songs are their work, right?) and so on thrown in.
  • Heh okay I think I responded before I thought too much about the site. I am in agreement that I think it's fake too. I did a look up on Rodona's supposed ICQ number and there is no such user.

    http://wwp.icq.com/3483645
  • I tend to think it is someone they know also. As much as I like to think it was a BO attack, there is another perfectly acceptable hack... gaining physical access to the machine!

    Notice that the author only shows ICQ stuff from a few machines. That ain't a lot. In fact, two of the machines were prolly sitting next to one another. Simply email/ftp all the icq message files/.jpegs/.txt files and ya got lots of ammo. Getting near three machines is pretty easy. Hell, look at how Kevin got all his passwords - he just called people on the phone and said "what is your password?" They gave it to him.

    However the site author did it, it is pretty damned wicked.

  • Well, the WHOIS info he lists for PREMIERSERVICES.COM is accurate. Check out http://www.networksolutions.com/cgi-bin/whois/whoi s?STRING=PREMIERSERVICES.COM&S TRING=Search [networksolutions.com]


    Matthew Miller, [50megs.com]
  • His claim of capturing a screen shot of the spammer's computer is just outrageous...Windows may be full of networking holes, but c'mon...

    Don't confuse your ignorance with technical impossibility. BackOriface is similar to pcAnywhere or Microsoft's SMS, all of which give you remote GUI access to a Windows box. Want even more? According to the Back Oriface feature list [bo2k.com] BO2k supports Multimedia support for audio/video capture, and audio playback.

    Note that BO is pretty easy to install. A shared drive with no password or a weak one or a trojan horse email or website (ActiveX can work for you!) would all allow you to break into a clean Windows box. One with dozens of insecure programs installed (e.g. ICQ, some IRC clients, some email clients, etc.) would be even easier.


    __
  • Well, From the screenshot showing, there are a number of things that could have allowed this to happen..

    First, apparently all the people of premiere services used ICQ to communicate and possibly send files and other gimmicky junk around. Tag BO onto a funny Flash animation or something...... send it to two of the premiere services people as coming from each other.. do a little social engineering so they wont suspect that it wasnt the other person that sent it.... BO is installed and running in about 30 seconds and blammo you take a screenshot. How long does it take to send 500K emails over a dialup? You have plenty of time here.

    Presumably, a trojan would have been used as he's just gotten too much information off of those computers not to have used one. Either that or a problem with Windows shares..

    ~GoRK
  • by nharmon ( 97591 ) on Wednesday June 07, 2000 @04:07AM (#1019945)

    You know something. I find it very disgusting how so many people who advocate an anonymous internet when it comes to file sharing on Napster, and so forth, but the MINUTE they get spammed, they are all shouting about accountability and how we need better records of who is using the internt.

    People, the internet is both accountable and anonymous. Basically, if you want to be anonymous, it's not that difficult to do so. And, if you want to be accountable, you can do that too. The point is, spammers will always fake headers in some way, and "illegal" mp3s will always move anonymously through non-logging proxies, and people will continue to put up webpages showing off their new Corvette, including exactly where it's parked at night, and where in the garage the keys are stored.

    The only combat we have against Spammers, is the capitalist approach. Spammers would not be in business, if not for all of the nullheaded PR people who feel they need to mass-market the internet cheaply. And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people.

    At my company, we urge our marketing department to stay away from companies who want to send out spam on our behalf. And we've batted 1000 so far (thank god). I feel that we're doing our part by not supporting companies whose only product is unsolicited email. So if you ask me about the "big picture" of stopping SPAM, my answer is simply, stop paying them to do it.

  • Basically your describing using anonymity as a tool for Free Speech, not anonymity to escape prosecution. Anonymity is a tool, not a basic right of being human like we take Free Speech to be. 'nuff said.


    Bad Mojo [rps.net]
  • Well, there's always NetBus and BackOrifice. But yeah, it's highly unlikely.

    -------
    CAIMLAS

  • True, I can see a Samba network being wide open, but that doesn't mean that they could get a screenshot of the desktop. Unless this guy was the actual spammer and wrote the story to cover himself ;-)
  • well... there's more to it.. http://cow.org/~noise/belps .freewebsites.com/joejob.html [cow.org] someone in salt lake city took it upon themselves to try to pin the "man in the wilderness" id on ravi pina who owns cow.org. why? revenge, etc, we don't know. we do know that ravi certainly didn't do the hack, and several of the things the poster mentioned just dont ring true -- as steve sobol so eloquently points out. the existance of the joe job really does alot to harm any possible credibility that rodona may have had -- it will, hopefully, result in the termination of two throw away dialups and may implicate another member of the premier services cadre. rule: spammers are dumb. so there you have it.. i really dont think its fake now.
  • by Garpenlov ( 34711 ) on Wednesday June 07, 2000 @04:16AM (#1019972) Homepage
    Just reading the first page causes me to shudder at the way it's written.. Take this quote, for example:

    By carefully examining the email headers and message body of previously sent spams I was able to identify a unique signature that appeared in every email the spammer sent. I designed an email filter to detect this signature, and placed it on the mail gateway of a high volume Internet mail server ... Finally on the fourth day my digital pager went off. The message on the LCD read; "Spammer is on-line!"

    The above just makes me laugh, if you ignore the question of, "how'd you get that filter program on the 'high volume internet mail server'?" Did you use your h4x0ring sk1llz, or was it your own for your business of providing advanced TCP/IP know-how?

    Once I had escalated my remote access to that of a full privileged local user

    We're talking windows 95 here.. At least judging from the screenshots. EVERY user is fully privileged.

    There was only one way to find out how many of them were forging my domain. I was going to have to hack them all!

    I love that quote. It sounds like it came straight out of "Hackers."

    Regardless of whether or not it's fake, it's entertaining in two ways -- once as a fantasy tale of someone taking revenge on spammers, and once as a badly written overly dramatic technical article from an advanced TCP/IP know-how provider who can use advanced tools like NSLOOKUP and WHOIS...
  • there are 95 icq logs, spanning over 2.5 megs, all of text. This is *51000* lines of text!

    Not to mention a file of 200,000 addresses of "confirmed anti spammers" that should never be mailed. Since I found my own address on that list, I have reason to believe that they weren't just randomly generated.

  • I tend to like the disgruntled ex-boyfriend theory. The T&A photos are part of it. Would Rodona keep scanned GIFs of her own cheesecake pictures on her disk? Possibly, but unlikely. However, she or her boyfriend would certainly have the developed pictures sitting around. That's why someone with intimate access seems more believable.

    But for all that, I didn't find the "hacking" story all that implausible, details or no details.
  • my point was that he is not the judge or executioner, just a very good detective providing evidence of all the
    concerned party's actions (both his and theirs). They are more than free to respond, although at most that
    would warrant a slashback blurb. This is the proverbial "head on a spike" to warn the others. "Brutal" indeed.


    Sure, I agree with almost everything you've said, conditioned on the premise that he is telling the truth. I believe he is telling the truth as he sees it, but clearly he is not a disinterested party. The animus he bears to these people, while understandable, makes me view what he says with caution. The "brutal" material he posted was in my mind uncalled for, as it had nothing to do with what they did to him or other people. It was disproportionate and mean spirited. Enough to uncover their illegal actions and leave it at that. The desire to hurt and humiliate another human being (even under some provocation) does no favors to a man's credibility, at least in my book.

    And I'll check out the movie. This one right?

    Yep, with Henry Fonda. Enjoy.

  • A long time ago I got pissed off with someone who was posting a series of unpleasant posts on usenet groups under a variety of assumed identities, and was able with a little research to identify him by name as a serving Royal Navy orricer and identify both his work and home phone numbers, which I published on one of the newsgroups concerned.

    This was a long time ago, and I don't feel good about it now. I don't know what happened to the guy, but given what he appeared to be up to he might easily have been disciplined or even sacked. In some senses he deserved it, but...

    My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal.

    There may be many people in Clarkesville, TN reading this story now - /. is widely read, and, significantly, is widely read by journalists who may take up the story. By publishing personal details about them we risk stirring up something like a lynch mob - not necessarily in this case, but the potential is there.

    Don't get me wrong - I dislike spammers and scammers and borderline criminal sleazoids as much as anyone, and there's no doubt that this Rodona is a sleazoid. The issue is the power of the medium which is being used against her. Yes, sure, it's the same medium that she has been using against others; but it is also a very powerful medium.

    It is, I think, appropriate to make evidence of this sort about this sort of people available to their local police office if you think a crime is being committed (as appears to be the case here); but given that sleazoid lowlife are often not the best balanced of people psychologically, we may be whipping up a storm of hatemail and hate phone calls which may cause harm out of proportion to the crime.

  • Gaaaack! I just found the nudie photos as well, now that the /. effect is over. So the ex-boyfriend theory floats as well as the ex-employee theory.

    Either way, it was someone with physical access to the machines.

    the AC
    [thats put a damper on my sex drive for a while]
  • If it is fake, then he's stupid for using valid names/addresses:Rodona Garst [switchboard.com] and Varnjeet Khalsa [switchboard.com]. I'm going on the assumption that he doesn't want a libel lawsuit, and so it's at least mostly true.
  • Of course, if he had fully explained everything he had done, everyone on this forum would be slamming him for publicizing how to break in and providing a road map to 31337 script kiddiez to do this kind of thing to naive people across the country and around the world. So either he's faking it if he gives too little information, or he's being a menace if he gives too much. Sorry, you've just squeezed the ratchet of logic a bit too far there. If you want information and detail, look at the two *years* worth of ICQ logs he provided. Who in their right mind would fake up something like that?
  • by HardCase ( 14757 ) on Wednesday June 07, 2000 @04:51AM (#1020022)
    One of the reasons that I liked The Cuckoo's Egg was that Cliff Stoll didn't pump himself up to be some kind of superhero. But more importantly, he actually explained what he did.

    All that I can see in "Man in the Wilderness'" claims are a few addresses and phone numbers that anyone could come up with using WHOIS and one of the gazillion phone directory web sites. His claim of capturing a screen shot of the spammer's computer is just outrageous...Windows may be full of networking holes, but c'mon...

    I don't doubt that he was spammed...and I don't doubt that he was spammed by the spammers that he's claiming to have cracked. But I think that almost everything on that web site is made up.

    Sure, he probably feels good that he could associate some names to the pages that he posted, but the text reads like a really bad detective story.

    Maybe I'm wrong, but looking at the story with an impassioned eye sure makes it look like some guy with an ego and an axe to grind needs to take a creative writing class.

    -h-

  • > There may be many people in Clarkesville, TN
    > reading this story now - /. is widely read, and,
    > significantly, is widely read by journalists who
    > may take up the story. By publishing personal
    > details about them we risk stirring up something
    > like a lynch mob - not necessarily in this case,
    > but the potential is there.

    I agree. And furthermore I really think slashdot
    should have done a little more research before
    posting this one. I mean, these people's lives
    are likely to be completely hell for a long time
    now because of this slashdot post. What if the
    story is not true or only partially true?

    Don't get me wrong, I love slashdot and read
    daily, but "the slashdot effect" is a damn
    powerful thing. I would like to think you folks
    would stop to think and make sure you are using it
    wisely.
  • by Bad Mojo ( 12210 ) on Wednesday June 07, 2000 @04:57AM (#1020026)
    "My 'victim' (and this poor dork Rodona Garst) are low-life - nasty, but also pretty stupid. Many of the new generation of Net users simply don't appreciate how the net's resources can be used to collate information about them, how much about themselves they reveal."

    I submit that ignorance of `the law' is no excuse. When you show up in a country that (despite what anyone says) is run like the Wild West, stealing a few horses is going to get you in trouble. No matter how normal it is in any other place you've done business.

    The wider you spread the spam, the more likely someone is going to do something about it that isn't legal. You're asking for trouble.

    Is it so hard to build legitimate e-mail lists of people who want info about your products? I have no problem with that type of e-mail solicitation.

    Bad Mojo [rps.net]
  • I covered this in another reply, but feel this bears mentioning again because you UNIX kids don't take the time to consider what a weak security model like win9x offers. The victim was sharing her entire C: drive over a LAN that was connected to a high speed link of some type (read the story, don't just stare at the middle-aged pr0n). With this share wide open, the "hacker" can place the trojan .exe anywhere on the victim machine, then simply tell the machine to run the trojan on the next boot by placing the command "run=c:\pathtoexe\trojan.exe" in the c:\windows\win.ini file.

    This is part of the problem: a lot of people think that win9x has some security. It was never meant to.
  • by Senior Frac ( 110715 ) on Wednesday June 07, 2000 @04:38AM (#1020032) Homepage
    I would tend to agree with the consensus that although it's a cool story, it is probably not true. I would just think that if that many AOL usernames were snagged, we would have heard about somewhere else. Anyone have any more info? As an active member of the anti-spam community. I would like to attest that everything here checks out. It's legit. It's also outrageous and amazing, but none of the anti-spammers has managed to poke any major holes in it; and they're a very suspicious bunch. Premier has been on the anti-spammers' radar, but hasn't drawn any abnormal amount of attention up to now. However, that has changed now that this information was released. I suspect the spammer's ICQ accounts are going to have to be changed from the sheer volume of anti-spammers giving them grief. I've seen quite a few logs of post-hack discussions; they're making all sorts of lawyer threats. Which would be suicide, of course, because that would bring even more publicity, something they can't afford.

    --
  • by Stonehead ( 87327 ) on Wednesday June 07, 2000 @04:59AM (#1020036)
    First off, this story was on k5 [kuro5hin.org] yesterday. At that time, the site was still accessible. I wonder whether all mirrors have got antifile.zip - which includes 4 MB of email addresses of people who replied to get off Rodana Garst's mailinglists. I would never have put that file online.
    By the way, the archive didn't shock me because of Rodana's pictures, but because of the size of antifile.zip - if those people are only the ones who hoped to get removed from Garst's List (I found five of my co-students on it), how big must the full archive be?? Twenty million email addresses? Forty? One billion?
    We are just some toy in the spammer's hands. I'm never going to reply spam again "to be removed". Deleting is the only thing that helps. Well, I could put up a .procmailrc filter on the headers.. :)
  • by Anonymous Coward
    A qoute from http://elias.rhi.hi.is/premier.cluelessfucks.com/T heStory.htm "At that moment I silently came across the Internet from thousands of miles away, and hacked my way in to the spammer's computer. The following screen-shot is a picture of the spammer's Windows desktop caught in the act of forging my domain. " http://elias.rhi.hi.is/premier.cluelessfucks.com/p ictures/Rodona-Garst-in-Action.jpg Now comes the weird thing, look at the bottem right of the desktop in the systemtray, icq netdetect if offline, that means there is no internet connection, how the hell did he make that screenshot ?????
  • What seems more likely is that *she* took pictures of her tits, and had them on her hard drive. Why? Shit, I don't know, people do stranger things than that in my breakfast cereal.
    -russ
  • by Bad Mojo ( 12210 ) on Wednesday June 07, 2000 @04:42AM (#1020044)
    "You know something. I find it very disgusting how so many people who advocate an anonymous internet when it comes to file sharing on Napster, and so forth, but the MINUTE they get spammed, they are all shouting about accountability and how we need better records of who is using the internt."

    "You're making a common mistake. You're confusing insanity with style." - Quintin Stone

    Basically, if someone wants an anonymous internet, too bad. No one (who is sane) wants that. What people want (that you don't seem to grasp) is Free Speech and privacy. These are not the same as anonimity. A handle or nick is not the same as being anonymous. The only time anonimity is good is when it contributes to Free Speech. Something spammers will try very hard to argue in their favor, as they have in the past.

    Anyone who cries out to be anonymous on Napster or Gnutella is just wanting to not be held accountable. They are not trying to be anonymous to protect their rights.

    In the end, a spammer is no different than a person who sends out 5000 faxes to people who didn't ask for them. Instead of paying for 5000 sheets of paper, the spammer is relying on someone else to foot the bill and pay for the fax paper their ad is printed on. This is nothing short of theft of resources in order to make a profit.

    *DISCLAIMERS*
    1) Yes, I know I make some assumptions in this post. I'm sure there are some people who want the internet to be totally anonymous. I think those people are crazy.
    2) I know I can't spell. Sorry. I try.

    Bad Mojo [rps.net]
  • ... but it's entirely possible. Ever heard of Back Orifice? There you go. It will allow you to take nice screenshots.
  • by carlhirsch ( 87880 ) on Wednesday June 07, 2000 @04:44AM (#1020046) Homepage
    That's my theory. There's a strange mix of truth/technical vagueness that makes some of the hacking implausible but the reality of the company irrefutable. Now - do these folks actually spam? Who knows. But the phone numbers are certainly valid. Most of the names are probably real, so who knows?

    So I'm gonna say that this is some ex-employee who pulled a bunch of stuff off of his co-workers' drives before bailing. All in all, a pretty admirable example of workplace sabotage. Bob Black would be proud.

    -carl

  • What about the following scenario: he finds a Windows file sharing wide open, he replaces one of their often used files with a BackOrifice trojan, the clueless spammers double click on it, et voila. Sounds perfectly possible to me! Now the whole story could be a hoax, but it's still completely possible. Never underestimate the stupidity of a spammer!
  • What's so hard to believe?
    1. He never says the name of his employer because he doesn't want to get fired and get them sued. Probably did a lot of this on company time.
    2. No contact info for someone who maliciously cracks into a machine? Imagine my surprise.
    3. He didn't convince them to trojan the machine. They shared their C: drives to anyone on their LAN. Anyone. No authentication. And the LAN was connected to a high speed link. So he placed the trojan and the command to install it himself(either thru win.ini or some registry merge).
    4. Why "hack" an entire site into existance? Let some free server handle the load. It's anonymous and free. Plus, the guy probably (hell, most likely) doesn't have the skill to hack a site into creation.

    My guess is that people suffer from some form of envy for his simple prank, and have deemed it "impossible" based on their jealousy.
  • That would definately explain the hokey account of how he got the information. I hear a lot of people saying "This is fake" and "Where are the details". I'm guessing they didn't read past the first page, because there are REAMS of incriminating information on those pages- ICQ logs, emails, URLs, passwords. If this is a hoax, someone spent a LOT of time creating it. I'm pretty convinced that this is real information from the spammers' computers. How it was obtained may be questionable.

    Perhaps the story writer was not the actual cracker, but a friend of said cracker, and got the details skewed.
  • by jd ( 1658 ) <imipak AT yahoo DOT com> on Wednesday June 07, 2000 @05:12AM (#1020055) Homepage Journal
    Bull. If systems used host and server authentication the way that they're supposed to, it would be impossible to forge headers or IP addresses. The system would automatically reject them.

    Capitalism is no better or worse than dealing with this problem than any other philosophy. In the end, the only guaranteed solution is secure authentication and compliance with standards. Do that, and spam would cease to exist.

  • He never says the name of the ISP he claims to work for.

    Maybe because what he (supposedly) did, while understandable, is actually illegal?

    No contact info provided for him at all as far as I could see, no name, no email, no icq, nothing... not even a fake hotmail email address or something...

    Maybe because what he did is illegal?

    He is hosting this site on some crappy free web server.

    Maybe because what he did is illegal?

  • "And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people." Unless you happen to be:
    • An ISP whose mail server goes down because of the sudden rush of out going mail
    • An unfortunate user whose valuable paid-for connection time is used downloading spam (think European telecom costs)
    • The unfortunate ISP who receives a half-million bounce messages.
    Spamming is criminal, or should be. Anyone who does it deserves the full penality of law. Since law seems to not be able to deal with it, vigilantism is our only recourse. :-/
    ---
  • Ever heard of something called BackOrfice?

    Heard of it. Can't remember though if it will start immediately on installation, or if it needs to wait for a Windows restart (like everything else !). This is not only a screenshot (which isn't impossible), but it's (allegedly) a screenshot made very soon after the white-hat first connected to the Spammer's machine.

    Any BO experts around ? - How quickly can you bring it up and functioning ?

  • "Finally, only accept connections from hosts with a valid IDENT response."

    How exaclty are people who use Win32 supposed to send mail through the SMTP server then? What about machines which have been rooted, or otherwise have identd installed to fake responces?

    Relying on the client to provide valid data is a trivial security flaw. Perhaps you mean to say, "only accept mail to a non-local domain from an explicit set of IP addresses," and make sure that your machine has anti-spoofing enabled to its highest level via

    echo -n "Setting up IP spoofing protection..."
    for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
    echo 2 > $f
    done
    echo "done."

    You'll also want to use the Postfix [postfix.org] mailer, as you have to misconfigure that to relay spam.
    ---
  • The Windows 2000 one I mentioned comes with Windows 2000 and is installed with it, I believe, whether you want it or not.
  • Agreed. It's one thing to take private action and eliminate a threat to oneself, it's quite another to play one-upmanship and create a larger threat against the supposed attacker.

    As for the pro-life group & the doctors, people got upset with the pro-lifers because it affected their freedom. But a lot of the same people are probably pro this hacker, because it doesn't affect them at all, and a lynching makes for a good show to such minds.

    IMHO, people generally act out of self-interest, but defend their actions through some "after the fact" pseudo-principles.

    I'm going to say the same thing a guy said, about 2000 years ago, before he got nailed to a tree: Don't be hasty to judge. Nobody's perfect, and we are all going to tread on other's toes. It doesn't have to be a capital offence, it just means that we might want to talk things out, honestly, with no protecting one's back. Inside every Ogre, there is a wounded kid. Is kicking him some more going to make him any less wounded?

...there can be no public or private virtue unless the foundation of action is the practice of truth. - George Jacob Holyoake

Working...