Prosecuting Spamming Crackers? 51
lnixon asks: "As a recent Slashdot article mentioned, the latest trend in spamming is to use cracked Windows machines for sending spam and hosting spamvertised web sites, 'spacking', as Wired terms it. A couple of weeks ago, I started tracking one of these cracker rings down, carefully documenting the trail as I went.Mostly through luck, I actually found the originating server. This information should seriously put a crimp in their activities...if only I could get the law interested. I have tried to get the attention of CERT, of FBI and of my local police authorities, but nobody seems to be interested. Now, what should I do? Organize a posse?"
What's the street address? (Score:2)
If it is near me I can scrounge up a few buddies with the promise of beer afterwards and make the spacker an offer he cannot refuse.
Re:What's the street address? (Score:1)
"spacker" means "spastic".
So - you wanna confine these spackers to wheelchairs?
YAW
Re:What's the street address? (Score:1)
I got spacker from the article where the author said that Wired used the term "Spacking" to refer to spamming hackers.
Although confining these folks to a wheel chair is not a bad idea.
Post a URL on /. (Score:1, Funny)
1. get their attention
/.
2. be the end of their spam operation (for a while)
3. ???
4. profit
So, whats the url/IP of this/these clowns...
...as I prepare the morality guage for
Re:Post a URL on /. (Score:4, Informative)
Here's how to get law enforcement's attention (Score:5, Funny)
Re:Here's how to get law enforcement's attention (Score:3, Insightful)
Re:Here's how to get law enforcement's attention (Score:2, Interesting)
Hell, crying "terrorism" is working for everything else nowadays,
Re:Here's how to get law enforcement's attention (Score:4, Insightful)
However, getting law enforcement to take you seriously on something like this might be a real challenge anwyay - they don't know you from Jack, and so why should they trust you?
I don't mean you're not trustworthy - I'm just pointing out that there's no trust relationship there, and you're putting yourself forth as an investigator, not a crime victim. It will be very hard for you to get them to think of you as legitimate.
mmm, prosciuto, spam, and crackers (Score:1, Funny)
Alert the media (Score:5, Insightful)
Re:Alert the media (Score:3, Funny)
Coming up after the break, weather and the world series, but first let's go out to Field Reporter Trisha Takinowa with this report on a man and him crusade... Trisha..
Thanks Don. We are here to interview a man who used nmap and DNS records to trace down a serial.. um, emailer. Please tell us how you did it, knowing that the community
Use the Back Door ( Using leverage (media, etc.)) (Score:2)
Read what I have below, but I think that your best bet is to go to the local university and find a Computing Science professor who's willing to listen to what you have to say. Once you can get the backing of someone like that and their willingness to walk into a meeting with you, then you should be able to go to almost anybody and get their
Posse? (Score:3, Funny)
I'll get the pitchforks, you get the caffeine...
MS Piracy (Score:4, Funny)
Easy solution (Score:1, Funny)
This is why Anti-Spam laws are meaningless (Score:2)
Re:This is why Anti-Spam laws are meaningless- NOT (Score:2)
Well, if you'd been paying attention, you'd notice that the anti-spam laws in most states make it a civil penalty, not a criminal one. So enforcement would be up to the victim.
And (again, if you'd been paying attention, you'd also realize) these spammers are cracking machines - so the submitter is not trying to get them prosecuted under anti-spam laws, but under computer crime laws.
Spamming Crackers (Score:2)
Post the information to slashdot (Score:1)
But seriously folks, if you can discover and take down the master host hiding behind all these proxies, you have a much better chance of taking them down.
Another idea, subvert their own network, let a machine or two get into their network of proxies so you can track their future activities.
This kind of computer fraud (yes fraud, there are pretending to be something they're not) needs to be taken much more seriously by t
Lemme see.. you want me to click where? (Score:3, Funny)
Thanks in advanced.
posse (Score:2)
Why not? Worked for Andre the Giant.
Congresscritters (Score:4, Insightful)
that actually sounds good (Score:2)
ObHomerism (Score:2)
Now, what should I do? Organize a posse?" (Score:1)
Post to Bugtraq (Score:2)
Re:Post to Bugtraq (Score:2)
State attorney generals and the FTC (Score:1)
Put it on Paper (Score:4, Insightful)
Bureaucrats hate paper trails. It's very easy to blow off a phone call. A written report has to be handled more carefully.
Pre-emptive Strike (Score:3, Interesting)
It is tempting to think that simply closing off the known holes in the target machines should suffice. That's just wishful thinking. There will always be other ways for the spammers to enter, not yet discovered. The only way to keep the spammers out of those hosts is to wipe them clean. Eventually the owners will either leave them disconnected from the internet, or wiped, or will install something secure. Until then, they need to be wiped as many times as needed to get the message across.
This level of conflict was inevitable once the spammers encountered enough interference in their old methods. Now there's no going back. We need to ensure, positively, that any host that is connected to the net really is secure enough not to be hijacked by the spammers, and there's only one way to do that.
The only practical problem with this method is that the spammers have a vector available that anti-spammers don't. Spammers can put their viruses in their own spam, and booby-trap their own web pages referenced by their spam, but anti-spammers can't use those vectors without themselves spamming. Fortunately there are so many holes in the target systems that it will be some time before that difference actually protects the target hosts.
Shoot the Hostage? (Score:1)
Let me make sure I'm understanding you correctly. We should illegally hack into innocent users machines to "teach them a lesson" in security... repeatedly, until they either disable their network connection or disable their
Re:Shoot the Hostage? (Score:3, Insightful)
I don't recall suggesting to kill anybody. Anyhow, every vulnerable host, sooner or later, will be hijacked by a spammer, or worse. The owners typically neither know nor particularly care if their machines have been hijacked that way, so long as it doesn't interfere too much with their own surfing, e-mailing, or file-sharing. Their ISPs, if they are responsible, do care, but can do little.
There's a legal term for op
Re:Shoot the Hostage? (Score:1)
I wasn't trying to insinuate that you advocated killing people; I was making an analogy. The point I was trying to make was that your method for solving the problem is to punish the theoretically innocent and uninformed, rather than teaching them. Perhaps there should be a method for informing them instead, such as tracking their IP (which is legal), and letting their ISP know of the problem, who then contacts the user/subscriber.
There are many "attractive nuisances" in this world, but an unsecured mach
Re:Shoot the Hostage? (Score:3, Insightful)
I don't expect
Investigate the bejeebers out of them. (Score:1)
clear, the goal is to investigate, to obtain information. No threats are
to be made, and no physical harm-inducing action to be taken. Just a big
fat trainload of investigation. Spamming itself, though highly objectionable
socially, is not per se illegal, but given the stigma attached to it, there's
an excellent chance that spammers, *especially* ones that also use cracking
techniques, may have the kind of morals that may lead them to vi
How are we doing so far? lets see... (Score:1)
- bubra.biz, down
- vhost01.768men.info, down
- hosthype.com, down
- ucp6.biz, 127.0.0.1 huh?
Looks like posting to slashdot gets results.
The IE exploit exe file should be posted to all the anti-virus companies, at least then some windoze lusers will be protected. Leif has left it on his website here [nsc.liu.se].
Re:How are we doing so far? lets see... (Score:1)
Actually, bubra.biz seem to be doing fine;
$ ./bubrawatch.py -v
ns1.bubra.biz is 81.203.73.17 (81-203-73-17.user.ono.com)
ns2.bubra.biz is 80.138.221.95 (p508ADD5F.dip.t-dialin.net)
ns3.bubra.biz is 80.11.243.45 (AMarseille-102-1-2-45.w80-11.abo.wanadoo.fr)
ns4.bubra.biz is 80.46.141.109 (dsl-80-46-141-109.access.uk.tiscali.com)
ns5.bubra.biz is 82.65.110.228 (lns-p19-16-82-65-110-228.adsl.proxad.net)
$
bubra.biz just handles the nameserver stuff, not web hosting.
Lots of hardcoded information in there (Score:3, Informative)
As to the law enforcement agencies, spam is simply not a serious crime in their eyes, especially given the amount of effort they need to effect a successful prosecution. Sure, the network is being used for spam now, but a simple change to the .exe being hosted by FDCServers (or whatever hosting company the spammer is using at the time) could change that into *anything*. Make sure that you make that clear. Give them a list of any compromised IPs you have identified and suggest that they see if any of those IPs have also been used to launch DoS attacks, etc (likely, given the lack of patching). If you can establish a link to a high profile case then that might be sufficient to kick start an investigation.
Good hunting!
Only way to get law enforcement to help... (Score:3, Interesting)