Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Government Spam The Courts News

Prosecuting Spamming Crackers? 51

Posted by Cliff from the shutting-them-down dept.
lnixon asks: "As a recent Slashdot article mentioned, the latest trend in spamming is to use cracked Windows machines for sending spam and hosting spamvertised web sites, 'spacking', as Wired terms it. A couple of weeks ago, I started tracking one of these cracker rings down, carefully documenting the trail as I went.Mostly through luck, I actually found the originating server. This information should seriously put a crimp in their activities...if only I could get the law interested. I have tried to get the attention of CERT, of FBI and of my local police authorities, but nobody seems to be interested. Now, what should I do? Organize a posse?"
This discussion has been archived. No new comments can be posted.

Prosecuting Spamming Crackers? More

Prosecuting Spamming Crackers?

Comments Filter:


  • If it is near me I can scrounge up a few buddies with the promise of beer afterwards and make the spacker an offer he cannot refuse.
  • That would:

    1. get their attention
    2. be the end of their spam operation (for a while)
    3. ???
    4. profit

    So, whats the url/IP of this/these clowns...

    ...as I prepare the morality guage for /.

  • Here's how to get law enforcement's attention (Score:5, Funny)

    by El ( 94934 ) on Wednesday October 22, 2003 @07:03PM (#7285535)
    You're mistake was referring to them as "spammers" instead of "terrorists". Isn't anybody who cracks a system now official considered a "digital terrorist"?
    • Too true, write something like: Cyber Terrorists have gained control of a large number of machines that could be used to attack critical infrastructure and are cracking machines via use of email and web browsers. Then let the news media know.
    • Modded funny, but you've got a reasonable point there. Call up your local FBI office with reports of "an unknown organization that has illegally compromised computer systems for the purposes of anonymously sending subversive and possibly terrorist communications." Try to get transferred to an Electronic Crimes Unit, if your FBI office has one. Toss them the IP and detail how you tracked it down. Trust me, they'll unleash the dogs of war.

      Hell, crying "terrorism" is working for everything else nowadays,

      • Re:Here's how to get law enforcement's attention (Score:4, Insightful)

        by mellon ( 7048 ) * on Wednesday October 22, 2003 @08:18PM (#7286084) Homepage
        This is a funny idea, but filing a false report of a crime is itself a crime. So you really don't want to play this game. However, I agree that using the term "spammer" is a bad idea - you can just call it "for the purposes of distributing fraudulent messages," or some other accurate statement that doesn't mention the word "spammer."

        However, getting law enforcement to take you seriously on something like this might be a real challenge anwyay - they don't know you from Jack, and so why should they trust you?

        I don't mean you're not trustworthy - I'm just pointing out that there's no trust relationship there, and you're putting yourself forth as an investigator, not a crime victim. It will be very hard for you to get them to think of you as legitimate.

  • mmm, prosciuto, spam, and crackers (Score:1, Funny)

    by Anonymous Coward
    You guys are making me hungry!

  • Alert the media (Score:5, Insightful)

    by splattertrousers ( 35245 ) on Wednesday October 22, 2003 @07:05PM (#7285547) Homepage
    Give the information to your local newspapers and TV news programs. The spotlight might spur the authorities into action, and the reporters will love you because you saved them from doing any pesky work for themselves.

    • Give the information to your local newspapers and TV news programs. . . and the reporters will love you because you saved them from doing any pesky work for themselves.

      Coming up after the break, weather and the world series, but first let's go out to Field Reporter Trisha Takinowa with this report on a man and him crusade... Trisha..

      Thanks Don. We are here to interview a man who used nmap and DNS records to trace down a serial.. um, emailer. Please tell us how you did it, knowing that the community

    • Somebody else pointed out that your problem is that the authorities don't know you from a hole in the ground, so they have a hard time trusting what you've got to say.

      Read what I have below, but I think that your best bet is to go to the local university and find a Computing Science professor who's willing to listen to what you have to say. Once you can get the backing of someone like that and their willingness to walk into a meeting with you, then you should be able to go to almost anybody and get their

  • Posse? (Score:3, Funny)

    by Atzanteol ( 99067 ) on Wednesday October 22, 2003 @07:06PM (#7285549) Homepage
    One slashdot posse, coming up!

    I'll get the pitchforks, you get the caffeine...

  • MS Piracy (Score:4, Funny)

    by m0rph3us0 ( 549631 ) on Wednesday October 22, 2003 @07:10PM (#7285587)
    You said their servers are distributing the MS Proxy Server. Why not let MS know about this, I'm sure they'd fire off a memo to the hosting companies letting them know that the sites are hosting pirated software.

  • Easy solution (Score:1, Funny)

    by Anonymous Coward
    Hack the source web site and turn it into an Al Quaida home page. The terrorist reports will flood in and the spammers will be shut down. That is, until tomorrow when they start up again from somewhere else.

  • "...if only I could get the law interested. I have tried to get the attention of CERT, of FBI and of my local police authorities, but nobody seems to be interested."
    You can pass all the laws you want, but what good are they if nobody wants to actually ENFORCE them?
    • what good are they if nobody wants to actually ENFORCE them?

      Well, if you'd been paying attention, you'd notice that the anti-spam laws in most states make it a civil penalty, not a criminal one. So enforcement would be up to the victim.

      And (again, if you'd been paying attention, you'd also realize) these spammers are cracking machines - so the submitter is not trying to get them prosecuted under anti-spam laws, but under computer crime laws.
  • Yuh, it's always them Midwest crackers spamming my Inbox.
  • Im sure there are enough vigilanties hanging around here to finish the job for you....

    But seriously folks, if you can discover and take down the master host hiding behind all these proxies, you have a much better chance of taking them down.

    Another idea, subvert their own network, let a machine or two get into their network of proxies so you can track their future activities.

    This kind of computer fraud (yes fraud, there are pretending to be something they're not) needs to be taken much more seriously by t

  • Lemme see.. you want me to click where? (Score:3, Funny)

    by glassesmonkey ( 684291 ) * on Wednesday October 22, 2003 @07:30PM (#7285742) Homepage Journal
    So I got out my Internet Explorer (cause that's what the article says the website needed) and clicked on all those websites mentioned in the article, but nothing loaded... The page was just blank. Oh, my firewall did ask me something about something called DNS, so I clicked 'OK'.. Could someone please email me what was on the site that I was supposed to look at? He said it might be pron ;)

    Thanks in advanced.
  • Now, what should I do? Organize a posse?"

    Why not? Worked for Andre the Giant.

  • Congresscritters (Score:4, Insightful)

    by linuxwrangler ( 582055 ) on Wednesday October 22, 2003 @08:00PM (#7285962)
    Contact the congresscritters for your local district. They certainly know that any effort to fight spam will look good come re-election and they have the power to "make a couple calls".
  • Mmmm... spam and crackers...
  • Mmmm... Spam and crackers.... :)
  • That would be great. I always wanted a posse. If you get one together you should make them all wear MC Hammer pants. .... And everytime you say something a bunch of them should go "Word!" Then you could give them shout outs and stuff.
  • A lot of folks who might know some folks watch the list. Plus, your analysis is the best one I've seen so far on what's going on - this is of interest to others doing security, if nothing else.
    • Well this might be better suited for the incidents list, but yes securityfocus probably has the list this should go to. I actually considered posting a message my self to the incidents list as I haven't seen this discussed there.
  • These sorts of cases can be prosecuted by the attorney general of any state in which part of the criminal activity takes place. For example, if any part of the crime took place in New York, even if it's only that some New York residents received the spam, then you would contact the Internet Bureau of the New York State Attorney General [state.ny.us]. They have a complaint form you can use, or you could call them up. They'll know what you're talking about. If you follow that link, you'll see press releases about spamm

  • Put it on Paper (Score:4, Insightful)

    by Detritus ( 11846 ) on Wednesday October 22, 2003 @11:25PM (#7287441) Homepage
    Write up a report, print it out and mail it to the appropriate agencies.

    Bureaucrats hate paper trails. It's very easy to blow off a phone call. A written report has to be handled more carefully.

  • Pre-emptive Strike (Score:3, Interesting)

    by Markus Registrada ( 642224 ) on Wednesday October 22, 2003 @11:40PM (#7287531)
    The only way to deal with these distributed attacks is pre-emptively: any host that is susceptible to attack by a spammer must be attacked first by an anti-spammer. The most effective way would be via worms, but that does not suffice. Spammers also enter via booby-trapped web pages and e-mail viruses, so anti-spammers must use those vectors as well. Anti-spammers have to attack first, because otherwise the spammers will plug up the holes behind them, making it progressively harder to root them out after they have installed their own malware.

    It is tempting to think that simply closing off the known holes in the target machines should suffice. That's just wishful thinking. There will always be other ways for the spammers to enter, not yet discovered. The only way to keep the spammers out of those hosts is to wipe them clean. Eventually the owners will either leave them disconnected from the internet, or wiped, or will install something secure. Until then, they need to be wiped as many times as needed to get the message across.

    This level of conflict was inevitable once the spammers encountered enough interference in their old methods. Now there's no going back. We need to ensure, positively, that any host that is connected to the net really is secure enough not to be hijacked by the spammers, and there's only one way to do that.

    The only practical problem with this method is that the spammers have a vector available that anti-spammers don't. Spammers can put their viruses in their own spam, and booby-trap their own web pages referenced by their spam, but anti-spammers can't use those vectors without themselves spamming. Fortunately there are so many holes in the target systems that it will be some time before that difference actually protects the target hosts.

    • The only way to keep the spammers out of those hosts is to wipe them clean. Eventually the owners will either leave them disconnected from the internet, or wiped, or will install something secure. Until then, they need to be wiped as many times as needed to get the message across.

      Let me make sure I'm understanding you correctly. We should illegally hack into innocent users machines to "teach them a lesson" in security... repeatedly, until they either disable their network connection or disable their

      • ...we'll have no terrorists taking hostages if we kill all of the potential hostages

        I don't recall suggesting to kill anybody. Anyhow, every vulnerable host, sooner or later, will be hijacked by a spammer, or worse. The owners typically neither know nor particularly care if their machines have been hijacked that way, so long as it doesn't interfere too much with their own surfing, e-mailing, or file-sharing. Their ISPs, if they are responsible, do care, but can do little.

        There's a legal term for op

        • I wasn't trying to insinuate that you advocated killing people; I was making an analogy. The point I was trying to make was that your method for solving the problem is to punish the theoretically innocent and uninformed, rather than teaching them. Perhaps there should be a method for informing them instead, such as tracking their IP (which is legal), and letting their ISP know of the problem, who then contacts the user/subscriber.

          There are many "attractive nuisances" in this world, but an unsecured mach

          • You miss the point. There is no longer any such thing as "innocent and uninformed". Plugging an insecure host into the wide-open internet is, now, itself a hostile act. Your gentle information distribution has already been demonstrated a near-total failure. (Certainly my parents would have no idea what to make of your advice, and would necessarily ignore it.) Insecure hosts are not just vulnerable to misuse themselves, they are weapons for the misuse of all hosts, secure and otherwise.

            I don't expect

  • You'll want to get a whole team of volunteers in on this. Make sure it's
    clear, the goal is to investigate, to obtain information. No threats are
    to be made, and no physical harm-inducing action to be taken. Just a big
    fat trainload of investigation. Spamming itself, though highly objectionable
    socially, is not per se illegal, but given the stigma attached to it, there's
    an excellent chance that spammers, *especially* ones that also use cracking
    techniques, may have the kind of morals that may lead them to vi
  • nslookup: - drugstorepharmacy.biz, down
    - bubra.biz, down
    - vhost01.768men.info, down
    - hosthype.com, down
    - ucp6.biz, 127.0.0.1 huh?

    Looks like posting to slashdot gets results.

    The IE exploit exe file should be posted to all the anti-virus companies, at least then some windoze lusers will be protected. Leif has left it on his website here [nsc.liu.se].

    • Actually, bubra.biz seem to be doing fine;

      $ ./bubrawatch.py -v
      ns1.bubra.biz is 81.203.73.17 (81-203-73-17.user.ono.com)
      ns2.bubra.biz is 80.138.221.95 (p508ADD5F.dip.t-dialin.net)
      ns3.bubra.biz is 80.11.243.45 (AMarseille-102-1-2-45.w80-11.abo.wanadoo.fr)
      ns4.bubra.biz is 80.46.141.109 (dsl-80-46-141-109.access.uk.tiscali.com)
      ns5.bubra.biz is 82.65.110.228 (lns-p19-16-82-65-110-228.adsl.proxad.net)
      $

      bubra.biz just handles the nameserver stuff, not web hosting.

  • Lots of hardcoded information in there (Score:3, Informative)

    by Zocalo ( 252965 ) on Thursday October 23, 2003 @06:14AM (#7288856) Homepage
    This does not seem a very resiliant spam net to me; a lot of the binaries you have examined seem to contain hardcoded values of hosts in the domains "768men.info", "bubra.biz" and "ucp6.biz". You even imply a hardcoded IP address (66.227.96.168) currently being hosted by FDCServers.net. One angle of attack might be to talk to the registrars and ISPs responsible for those domains and try and get them delisted under any AUP they might have. If you can get the domains delisted, then the entire spam net falls apart and the operator will have to start over. Clearly there is criminal behaviour going on here so you have some leverage, albeit not much, to try and convince them to take this course of action.

    As to the law enforcement agencies, spam is simply not a serious crime in their eyes, especially given the amount of effort they need to effect a successful prosecution. Sure, the network is being used for spam now, but a simple change to the .exe being hosted by FDCServers (or whatever hosting company the spammer is using at the time) could change that into *anything*. Make sure that you make that clear. Give them a list of any compromised IPs you have identified and suggest that they see if any of those IPs have also been used to launch DoS attacks, etc (likely, given the lack of patching). If you can establish a link to a high profile case then that might be sufficient to kick start an investigation.

    Good hunting!

  • Only way to get law enforcement to help... (Score:3, Interesting)

    by macdaddy ( 38372 ) on Thursday October 23, 2003 @01:12PM (#7292202) Homepage Journal
    ...short of being a corporation that makes millions each year, is to get the media involved. The best thing in the world to make law enforcement do something is bad PR. I know a couple reporters at a few large newspaper that might run a story about it. Let me know if you want me to put you in touch.

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close