8 Jan
2019
8 Jan
'19
3:03 p.m.
About two hours ago, I received an email to the address I only use for
cctech/cctalk.
It claimed my email account had been hacked and threatened all sorts of
dire consequences if I didn't deposit $1000 in bitcoins in some place within
48 hours.
I am 100% certain that the claims in the message are completely bogus and
none of the threats will be carried out.
It is likely that email addresses belonging to other list members are also
to be found wherever my email address was scraped from so I just wanted to
warn other list members about this scam in case they receive similar emails.
(I received the scam email directly, not via the cctech listserver).
Regards,
Peter Coghlan.
8 Jan
8 Jan
3:19 p.m.
I?ve been getting those messages for a few months now and nothing bad has happened yet.
;-)
TTFN - Guy
On Jan 8, 2019, at 12:03 PM, Peter Coghlan via cctalk
<cctalk at classiccmp.org> wrote:
About two hours ago, I received an email to the address I only use for
cctech/cctalk.
It claimed my email account had been hacked and threatened all sorts of
dire consequences if I didn't deposit $1000 in bitcoins in some place within
48 hours.
I am 100% certain that the claims in the message are completely bogus and
none of the threats will be carried out.
It is likely that email addresses belonging to other list members are also
to be found wherever my email address was scraped from so I just wanted to
warn other list members about this scam in case they receive similar emails.
(I received the scam email directly, not via the cctech listserver).
Regards,
Peter Coghlan.
3:20 p.m.
Delete it don?t respond and ignore it.. been getting them too.. change your password
If your that concerned.. it?s a fishing trip..
Cheers
?On 08.01.19, 21:19, "cctalk on behalf of Guy Sotomayor Jr via cctalk"
<cctalk-bounces at classiccmp.org on behalf of cctalk at classiccmp.org> wrote:
I?ve been getting those messages for a few months now and nothing bad has happened
yet. ;-)
TTFN - Guy
On Jan 8, 2019, at 12:03 PM, Peter Coghlan via cctalk
<cctalk at classiccmp.org> wrote:
About two hours ago, I received an email to the address I only use for
cctech/cctalk.
It claimed my email account had been hacked and threatened all sorts of
dire consequences if I didn't deposit $1000 in bitcoins in some place within
48 hours.
I am 100% certain that the claims in the message are completely bogus and
none of the threats will be carried out.
It is likely that email addresses belonging to other list members are also
to be found wherever my email address was scraped from so I just wanted to
warn other list members about this scam in case they receive similar emails.
(I received the scam email directly, not via the cctech listserver).
Regards,
Peter Coghlan.
3:31 p.m.
On 1/8/19 12:20 PM, Kevin Lee via cctalk wrote:
Delete it don?t respond and ignore it.. been getting
them too.. change your password
If your that concerned.. it?s a fishing trip..
Yeah, I get the one occasionally that claims to have compromising video
taken with my PC's webcam. Except, of course, my computer doesn't have
and never has had a webcam.
About the most persistent spam that I receive on my cctalk email are ads
from an outfit offering cheap Canadian drugs.
--Chuck
4:11 p.m.
Chuck Guzis via cctalk wrote:
On 1/8/19 12:20 PM, Kevin Lee via cctalk wrote:
My concern is for anyone on the mailing list who finds the the outrageous
claims in these spams to be vaguely plausable and might be quitely sweating
and considering paying these slimeballs while embarrassed to ask for advice
first, thinking that they are the only ones receiving these emails.
Delete it don?t respond and ignore it.. been
getting them too.. change your password
If your that concerned.. it?s a fishing trip..
Yeah, I get the one occasionally that claims to have compromising video
taken with my PC's webcam. Except, of course, my computer doesn't have
and never has had a webcam.
This was the case with this particular spam, however, I don't even have a PC,
let alone a webcam so I too can be absolutely certain they are talking
nonsense.
About the most persistent spam that I receive on my cctalk email are ads
from an outfit offering cheap Canadian drugs.
I worked in the email field for about 15 years. I operate my own mail server,
I use lots of different email addresses for different purposes and I am very
careful with them. I receive almost zero spam on my cctech/cctalk email
address.
In case anyone doesn't know because they receive a lot of spam direct to
their email address, practically no spam at all is delivered through the
classiccmp listserver - Jay does a tremendous job in stopping spam from
arriving via that path.
Regards,
Peter Coghlan.
--Chuck
4:52 p.m.
On 01/08/2019 02:11 PM, Peter Coghlan via cctalk wrote:
My concern is for anyone on the mailing list who finds
the the outrageous
claims in these spams to be vaguely plausable and might be quitely
sweating and considering paying these slimeballs while embarrassed to
ask for advice first, thinking that they are the only ones receiving
these emails.
True.
I worked in the email field for about 15 years. I
operate my own mail
server, I use lots of different email addresses for different purposes
and I am very careful with them. I receive almost zero spam on my
cctech/cctalk email address.
Agreed.
In case anyone doesn't know because they receive a
lot of spam direct
to their email address, practically no spam at all is delivered through
the classiccmp listserver - Jay does a tremendous job in stopping spam
from arriving via that path.
I wish more mailing lists were as diligent. I see a LOT of spam come
through specific lists. More than I typically see in Usenet newsgroups.
:-/
--
Grant. . . .
unix || die
4:37 p.m.
There is a special place in hell for spammers. There is an even more
special place lower in hell for web site builders that store plain-text
passwords rather than a one-way salted hash of a password. You know,
the least a site can do for my password is use mid 1970s state of the
art technology. Some of the passwords given in these fishing emails,
while unique and uncompromising, reveal the site I've used them on that
was hacked. Like Monster.com. Every site is not immune from attacks
and eventually compromise. I can live with that. I just hope there are
no more that have !!!! USER'S PLAIN TEXT PASSWORD ----> HERE <---- !!!!
in the middle of the breached data.
-Alan
On 2019-01-08 15:31, Chuck Guzis via cctalk wrote:
On 1/8/19 12:20 PM, Kevin Lee via cctalk wrote:
Delete it don?t respond and ignore it.. been
getting them too.. change
your password
If your that concerned.. it?s a fishing trip..
Yeah, I get the one occasionally that claims to have compromising video
taken with my PC's webcam. Except, of course, my computer doesn't
have
and never has had a webcam.
About the most persistent spam that I receive on my cctalk email are
ads
from an outfit offering cheap Canadian drugs.
--Chuck 
6 p.m.
On 08/01/2019 21:37, alan--- via cctalk wrote:
There is a special place in hell for spammers.? There is an even more
special place lower in hell for web site builders that store plain-text
passwords rather than a one-way salted hash of a password.
Oh, there's a worse hell -- I hope -- for the sort of Unix sysadmin (I
won't mention Aaron's name ;-)) put in charge of a sizeable HPC cluster,
decided to password protect it to ensure only a certain set of users
would have access, somehow copied the passwords they used on the main
system, and stored them in plain text on a related machine for his
access control.
He no longer works for the enterprise in question.
--
Pete
Pete Turnbull
4:45 p.m.
On Tue, Jan 8, 2019 at 2:31 PM Chuck Guzis via cctalk
<cctalk at classiccmp.org> wrote:
Yeah, I get the one occasionally that claims to have
compromising video
taken with my PC's webcam. Except, of course, my computer doesn't have
and never has had a webcam.
If you want a video of the back side of a band-aid, go right ahead and
snarf video from my laptop.
-ethan
3:25 p.m.
I have received numerous such emails. They are all junk and not worth reading or being
concerned about. They compile lists of email addresses, usually from old hacks, and then
claim they have your password. Sometimes the password is included in the email - sometimes
it is an out of date password that was valid when a site was hacked(so you can see there
COULD be an issue with passwords that don?t get changed regularly, or that get re-used at
multiple sites/servers) - often a site password while they claim it to be an email
password. They claim to have hacked into your computer somehow using that information and
are threatening to release ?compromising information? that doesn?t actually exist.
That they found an address used only for a certain mailing list makes it more interesting.
Doing a quick Google search it looks like the list archives can be searched through, and
while the addresses appear to be slightly obfuscated using ?at? instead of ?@?, it?s
feasible that the address was picked up by a random email address scraping of web data.
On Jan 8, 2019, at 12:03, Peter Coghlan via cctalk
<cctalk at classiccmp.org> wrote:
About two hours ago, I received an email to the address I only use for
cctech/cctalk.
It claimed my email account had been hacked and threatened all sorts of
dire consequences if I didn't deposit $1000 in bitcoins in some place within
48 hours.
I am 100% certain that the claims in the message are completely bogus and
none of the threats will be carried out.
It is likely that email addresses belonging to other list members are also
to be found wherever my email address was scraped from so I just wanted to
warn other list members about this scam in case they receive similar emails.
(I received the scam email directly, not via the cctech listserver).
3:41 p.m.
On 01/08/2019 01:25 PM, John Rollins via cctalk wrote:
That they found an address used only for a certain
mailing list makes
it more interesting. Doing a quick Google search it looks like the list
archives can be searched through, and while the addresses appear to be
slightly obfuscated using ?at? instead of ?@?, it?s feasible
that the address was picked up by a random email address scraping of
web data.
I've wondered if some unscrupulous person has subscribed to the list so
that they can receive a steady stream of email addresses that they can
potentially send spam / phishing emails to.
I don't remember ever getting one of these types of messages. So I
can't comment about them with anything other than 2nd (or more) hand
knowledge. Though I run fairly tight anti-spam / anti-virus
configuration on my server.
I would actually be interested in seeing full messages source, including
headers, for some of the messages. (If anyone is willing and interested
in sharing.)
--
Grant. . . .
unix || die
4:09 p.m.
On 01/08/2019 03:41 PM, Grant Taylor via cctalk wrote:
On 01/08/2019 01:25 PM, John Rollins via cctalk
wrote:
I to have received that phishing attempt many times.
Its actually funny.? The password given is three yahoo (groups) hacks
ago (about 10 years) but the email address
used was a public one way reflector (arrl.net).? So all and all its a
crude phishing attempt.? I write down old
passwords to keep from reuse and I use long mixed ones.? So I know it
was from that and meaningless.
The source is useless as the address is a bogus hack as well.
Same claims of rude and crude caught off the camera save for the systems
use never had one or are
blocked/disconnected(laptops) and at best a stupid threat. I run linux
on multiple flavors/platforms so
typical M$ hacks don't fly either.
I was tempted to buy the smallest bitcoin possible maybe 0.1 cent (1
milliDollar) for laughs
and send that as they deserve the very least for a dumb hack.
Ignore the phoolz and if the password matches current change it consider
changing
them periodically.
A=
That they found an address used only for a
certain mailing list makes
it more interesting. Doing a quick Google search it looks like the
list archives can be searched through, and while the addresses appear
to be slightly obfuscated using ?at? instead of ?@?, it?s feasible
that the address was picked up by a random email address scraping of
web data.
I've wondered if some unscrupulous person has subscribed to the list
so that they can receive a steady stream of email addresses that they
can potentially send spam / phishing emails to.
I don't remember ever getting one of these types of messages.? So I
can't comment about them with anything other than 2nd (or more) hand
knowledge.? Though I run fairly tight anti-spam / anti-virus
configuration on my server.
I would actually be interested in seeing full messages source,
including headers, for some of the messages.? (If anyone is willing
and interested in sharing.)
4:29 p.m.
On 01/08/2019 02:09 PM, allison via cctalk wrote:
Its actually funny. The password given is three yahoo
(groups) hacks
ago (about 10 years) but the email address used was a public one way
reflector (arrl.net).
So you are (or were) a licensed ham. 73 to you. :-)
So all and all its a crude phishing attempt. I write
down old passwords
to keep from reuse and I use long mixed ones. So I know it was from
that and meaningless.
Hopefully you keep that list in a way that's not cleartext on your computer.
I too have lists of old passwords in my password vault.
The source is useless as the address is a bogus hack
as well.
I'm still curious. Mainly because I run my own mail server and wonder
if the messages would have been stopped by my filtering.
Same claims of rude and crude caught off the camera
save for the systems
use never had one or are blocked/disconnected(laptops) and at best a
stupid threat. I run linux on multiple flavors/platforms so typical M$
hacks don't fly either.
Scare tactics.
I was tempted to buy the smallest bitcoin possible
maybe 0.1 cent (1
milliDollar) for laughs and send that as they deserve the very least
for a dumb hack.
I would avoid doing anything good to the miscreants.
Ignore the phoolz and if the password matches current
change it.
Yep.
consider changing them periodically.
I thought there had been some research and reports, particularly from
NIST (?) about a year ago where /forced/ periodic password changes were
actually a bad thing.
--
Grant. . . .
unix || die
4:40 p.m.
On Tue, Jan 08, 2019 at 02:29:47PM -0700, Grant Taylor via cctalk wrote:
ditto. Unless the cops are doing it to catch the .... {fill in swear word}
I'd stay well away.
Correct. What happens is people start rotating passwords 12345 23451 etc.
that sort of thing. Bad. But not so bad if you are actually careful
to use good passwords you never re-use. Certainly never re-use a password
for more than one purpose.
On 01/08/2019 02:09 PM, allison via cctalk wrote:
She's not the only one. ;)
The one thing that does bother me about these scams is they do work
despite our best efforts at informing people of the scam.
Its actually funny. The password given is three
yahoo (groups) hacks
ago (about 10 years) but the email address used was a public one way
reflector (arrl.net).
So you are (or were) a licensed ham. 73 to you. :-)
> Same claims of rude and crude caught off the camera save for the systems
> use never had one or are blocked/disconnected(laptops) and at best a
> stupid threat. I run linux on multiple flavors/platforms so typical M$
FreeBSD on all my platforms. Same. The usual hacks don't bother me.
I was tempted
to buy the smallest bitcoin possible maybe 0.1 cent (1
milliDollar) for laughs and send that as they deserve the very least
for a dumb hack.
I would avoid doing anything good to the miscreants. consider
changing them periodically.
I thought there had been some research and reports, particularly from
NIST (?) about a year ago where /forced/ periodic password changes were
actually a bad thing. --
Grant. . . .
unix || die
73 Diane VA3DB
--
- db at FreeBSD.org db at db.net http://artemis.db.net/~db
4:45 p.m.
On 01/08/2019 02:40 PM, Diane Bruce wrote:
Correct. What happens is people start rotating
passwords 12345 23451 etc.
that sort of thing. Bad.
Yep.
I think people are also more willing, if not actually inclined, to
memorize a better password if they can use it for more than 90 days.
But not so bad if you are actually careful to use good
passwords you
never re-use.
True.
I would also think that the people that voluntarily change their
passwords will have a significant overlap with the users that use good
passwords.
Certainly never re-use a password for more than one
purpose.
True.
--
Grant. . . .
unix || die
5:04 p.m.
So all and all
its a crude phishing attempt. I write down old passwords to
keep from reuse and I use long mixed ones. So I know it was from that and
meaningless.
Hopefully you keep that list in a way that's not cleartext on
your computer. 
5:23 p.m.
On 01/08/2019 04:29 PM, Grant Taylor via cctalk wrote:
Cleartext on paper in my handwriting... ok, that may mean loosely encrypted.
Generally anything useful is walled off or encrypted.? I also maintain
an air gapped
archive.? Hardware is cheap and disk cheaper.? Someone hacks this
machine with
ransomware, I wipe and reboot as a 64gb disk is not big and not the
motherlode.
Better is the stuff on the VAX under VMS user account...? I put it on
the net on occasion and
the fun begins as the script kiddies try to log in.? Mind you need both
an account name and
a password longer than 15 chars.? Standard lockout after three fails is
15 minutes.? No Apache
and other webby stuff plus Decnet over IP messes with them.??? Once I
put up an VMS account
with the directiories all write-locked? with virus copies (maybe a few
megabytes of oldies) in it
and a guest password it was funny to watch the access and then nothing
Or hilarity!? As a women it was funnier to read.? Like, really!?!
A millibuck is a pFFT
(raspberry noise) to someone demanding kilo bucks.
I have mostly contempt for them.? Been at it longer too.
The usual is that that password accessed as many as a dozen or more
sites and accounts.
If one is hacked then which one of the many if even remembered.
Yes, many when forced to do that on 30 or 90 day rotations use poor
passwords (weak) or worse write
them down and tape them under the keyboard.?? The interval can be random
and long or anytime a hack
has been reported somewhere even if not the known systems. ? I worked
one place where "123" was a
low level password for a decade and still every Monday I'd get called
"did the password change?"
because they forgot it.? If used from outside it got you mostly nothing
and access to very slowest
machines if you made it through the firewall (discrete hardware).
Allison
On 01/08/2019 02:09 PM, allison via cctalk wrote:
Still am.? Hence the reflector as mycall at arrl.net.? But the reply if
there is one will be from
a different address.? Anyone with a functional brain can look that up.
Its actually funny.? The password given is three
yahoo (groups) hacks
ago (about 10 years) but the email address used was a public one way
reflector (arrl.net).
So you are (or were) a licensed ham.? 73 to you.? :-) So all and all its a crude phishing attempt.? I
write down old
passwords to keep from reuse and I use long mixed ones.? So I know it
was from that and meaningless.
Hopefully you keep that list in a way that's not cleartext on your
computer.
from that IP.
I too have lists of old passwords in my password
vault.
Like I said the reflector is public and they used the right call, easy
to look up and verify.
The source is useless as the address is a bogus
hack as well.
I'm still curious.? Mainly because I run my own mail server and wonder
if the messages would have been stopped by my filtering.
Same claims of
rude and crude caught off the camera save for the
systems use never had one or are blocked/disconnected(laptops) and at
best a stupid threat. I run linux on multiple flavors/platforms so
typical M$ hacks don't fly either.
Scare tactics.
I was tempted
to buy the smallest bitcoin possible maybe 0.1 cent (1
milliDollar) for laughs and send that as they deserve the very least
for a dumb hack.
I would avoid doing anything good to the miscreants. Ignore the phoolz and if the password matches
current change it.
Yep. consider
changing them periodically.
I thought there had been some research and reports, particularly from
NIST (?) about a year ago where /forced/ periodic password changes
were actually a bad thing.
5:33 p.m.
On Tue, 8 Jan 2019, allison via cctalk wrote:
SStandard lockout after three fails i 15 minutes.?
Howzbout:
a quarter second lockout after a fail;
double that for each subsequent fail.
Three tries to get it right will not be inconvenienced.
But, by 32 tries, it's up to a biillion seconds.
6:16 p.m.
They need to tune the pitch to the audience:
"We see that you ran 'EDITH' with three sense switches activated..."
9:56 p.m.
On 01/08/2019 04:33 PM, Fred Cisin via cctalk wrote:
On Tue, 8 Jan 2019, allison via cctalk wrote:
Interesting observation I made a few years ago. I run a web
store, and was being inundated with ssh login attempts.
About 1000/day! I decided this was serious, they'd
eventually get lucky.
So, searching available software, I found denyhosts. It
checks the logs for login failures, and after a set
threshold, it puts the source IP into the hosts.deny list,
and your machine effectively disappears from that source
IP's view. I set the rules very strictly, so that after 3
login failures over a 2 month span, that IP was blocked for
a year. Something very interesting happened.
The number of attempts did not diminish immediately, as the
botnets had a large number of compromised machines. But,
suddenly, two weeks to the EXACT HOUR when I set up
denyhosts, the attacks dropped from 1000/day to 3! Just
like flipping a switch! So, these hackers have a dark net
list somewhere where they trade IP addresses of machines
they would like to hack, and what they can figure out about
the security measures implemented on them. When they have
demonstrated by coordinated attempts that your lockout
horizon is over two weeks, they put out the word that your
site is not going to bear any fruit.
I currently have 9000-some blocked IPs in hosts.deny, I
wonder how much that slows down my store. Ugh, the stuff we
are forced to go through.
Jon
SStandard lockout after three fails i 15
minutes.?
Howzbout:
a quarter second lockout after a fail;
double that for each subsequent fail.
Three tries to get it right will not be inconvenienced.
But, by 32 tries, it's up to a biillion seconds.
10:39 p.m.
>> SStandard lockout after three fails i 15
minutes.?
> Howzbout:
> a quarter second lockout after a fail;
> double that for each subsequent fail.
> Three tries to get it right will not be inconvenienced.
> But, by 32 tries, it's up to a billion seconds.
On Tue, 8 Jan 2019, Jon Elson wrote:
IP's view. I set the rules very strictly, so that
after 3 login failures
over a 2 month span, that IP was blocked for a year.
3 failures is not enough for some legitimate human failings.
I occasionally will forget a password, and make 4 or 5 tries; and then, a
few days later, remember it.
So, I MUCH prefer the concept of a logarithmically increasing lockout,
starting small.
Maybe as little as a millisecond, to permit a REASONABLE number of "maybe
it was...", but thoroughly block brute force and dictionary/list attempts.
about two dozen tries would give that year.
10:47 p.m.
On 1/8/19 8:39 PM, Fred Cisin via cctalk wrote:
3 failures is not enough for some legitimate human
failings.
There's a high chance for false positives there.
I occasionally will forget a password, and make 4 or 5
tries; and then,
a few days later, remember it.
I wonder if it's three password attempts (likely in a single connection)
or three failed connections.
I could see how three failed connections would suffice, as that would be
nine password attempts.
So, I MUCH prefer the concept of a logarithmically
increasing lockout,
starting small. Maybe as little as a millisecond, to permit a REASONABLE
number of "maybe it was...", but thoroughly block brute force and
dictionary/list attempts.
I created a fancy IPTables rule set that used the recent match extension
to dynamically (in kernel without any files on the drive) produce back
out period. I don't remember the exact count of things, or the timings.
But I do recall that it was something like 5 minutes, 30 minutes, 1
hour, 1 day, 1 week, 1 month, 1 year. I don't think I had permanent.
(Maybe I did. It's been 15+ years.)
--
Grant. . . .
unix || die
10:42 p.m.
On 1/8/19 7:56 PM, Jon Elson via cctalk wrote:
Interesting observation I made a few years ago.? I run
a web store, and
was being inundated with ssh login attempts. About 1000/day!? I decided
this was serious, they'd eventually get lucky.
It's really hard for them to get lucky if you don't allow password based
authentication. ;-)
It's also even harder for them to get lucky if you move your SSH daemon
to an alternate port and / or put it behind port knocking / single
packet authorization. }:-)
So, searching available software, I found denyhosts.?
It checks the logs
for login failures, and after a set threshold, it puts the source IP
into the hosts.deny list, and your machine effectively disappears from
that source IP's view.
Yes and no. DenyHosts is a useful tool. But hosts.deny / hosts.allow
is TCP Wrappers. Your services needs to both support and be configured
to use TCP Wrappers. Not everything is compiled with support for, or
configured to use, TCP Wrappers.
I personally prefer to add reject route and enable reverse path
filtering. That operates at a lower level and protects EVERYTHING on
the system without requiring any feature, like TCP Wrappers.
I set the rules very strictly, so that after 3 login
failures over a 2
month span, that IP was blocked for a year. Something very interesting
happened.
I think that your rule logic could just as easily be applied to reject
routes.
The number of attempts did not diminish immediately,
as the botnets had
a large number of compromised machines.? But, suddenly, two weeks to the
EXACT HOUR when I set up denyhosts, the attacks dropped from 1000/day to
3!? Just like flipping a switch!
Intriguing.
So, these hackers have a dark net list somewhere where
they trade IP
addresses of machines they would like to hack, and what they can figure
out about the security measures implemented on them. When they have
demonstrated by coordinated attempts that your lockout horizon is over
two weeks, they put out the word that your site is not going to bear
any fruit.
Yep. Black hats communicate with each other just like white hats do.
Of course, it could have been one bot-net & bot-herder too. I've heard
tell of bots that 300,000 bots.
I currently have 9000-some blocked IPs in hosts.deny,
I wonder how much
that slows down my store.
I doubt much at all.
(Assuming that your web server supports and is using TCP Wrappers.)
Ugh, the stuff we are forced to go through.
Yep. Oy Vey comes to mind.
--
Grant. . . .
unix || die
11:43 p.m.
At 08:56 PM 8/01/2019 -0600, you wrote:
On 01/08/2019 04:33 PM, Fred Cisin via cctalk wrote:
I've been receiving the same 'hacked your account, sending this from your account,
send bitcoins' scam
emails for a while.
They are NOT from 'my account' (what does that even mean?) although the sender
email address is same as
one or more of mine. But that is spoofable. I ignore them.
I can see all the headers, which include lines like:
X-Mailer: Microsoft Outlook Express 6.00.2900.3022
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3022
Since I'd rather die than use MS Outlook Express, or even install it an any system of
mine,
I know they lie (and for other reasons.)
Recently one quoted 'my password' as evidence. It's a password I used on a
porn site long ago, and that
site changed hands and became a junk site sometime since. Maybe the new owners branched
into extortion scams?
I also at times receive a lot of scamming phone calls to my landline. Sometimes several a
day.
These have such a consistent format that I'm sure they must come from some group, even
though they
use different names.
The phone rings, I pick up, there's a variable duration interval of silence, then a
pooiip! popping
sound (their system connecting this call to one of their operators, now that I answered),
then a
usually very Indian sounding voice (M or F) says something like "Hello, this is
Microsoft security service"
or "Hello this is product testing group."
I never bother to go along with it to see what their intent is. Just hang up usually.
We all know the government has total surveilance of all electronic communications.
Don't argue, this
is not a 'conspiracy theory'. I've even had dinner with a guy who was my
interpreter wife's boss at the
time, as head of the Sydney branch of Australia's national crime commission's
intercepts division.
Discussed the Echelon system (as it was named then) system with him, which he acknowledged
existed.
I asked so, what percentage of ALL communications (voice and digital) does the system
capture and analyze
for keywords?
(Echelon used a 'dictionary' of keywords and phrases of interest, put together
each week by the NATO
powers, and shared among them all. Intercepts in each country are done on coms
backbones, with each site
existing as a diplomatic enclave, manned by intelligence staff who are acting on behalf
of 'foreign
allies' hence getting around local surveilance legal limitations. Any intelligence
of interest is passed
to local intelligence services as a diplomatic communication, so the local gov was not
'spying on
their own citizens.' Ha ha ha. It sucks, but that is how it worked nearly 20 years
ago. Certainly much
worse now. I don't know what the equivalent system is called these days.)
His answer: around 98%.
Now here's the thing. Another interesting observation one could make:
You'd think these kind of scamming emails and phone calls should be illegal, and
easily prosecutable.
You'd think it would require almost no effort at all from law enforcement and coms
carriers, to
identify the sources. Given that they have total transparency of the telecoms
infrastructure.
Not to mention that if Indian call centers are involved there would be international
carrier contracts
and national entry points that would stand out like searchlights in traffic analysis.
Same goes for Asian paid web click farms, etc. Even botnets with encrypted command
channels - I can't
believe it can be technically impossible to shut these down.
So, how does this bullsh*t continue?
One can only conclude that the large scale scamming operations are conducted with the
knowledge of,
and probably complicity of, government at some level.
The real question is why.
I can make guesses about that too. But doubt many here would find it comfortable. Or on
topic.
Guy
On Tue, 8 Jan 2019, allison via cctalk wrote:
Interesting observation I made a few years ago. I run a web
store, and was being inundated with ssh login attempts.
About 1000/day! I decided this was serious, they'd
eventually get lucky.
So, searching available software, I found denyhosts. It
checks the logs for login failures, and after a set
threshold, it puts the source IP into the hosts.deny list,
and your machine effectively disappears from that source
IP's view. I set the rules very strictly, so that after 3
login failures over a 2 month span, that IP was blocked for
a year. Something very interesting happened.
The number of attempts did not diminish immediately, as the
botnets had a large number of compromised machines. But,
suddenly, two weeks to the EXACT HOUR when I set up
denyhosts, the attacks dropped from 1000/day to 3! Just
like flipping a switch! So, these hackers have a dark net
list somewhere where they trade IP addresses of machines
they would like to hack, and what they can figure out about
the security measures implemented on them. When they have
demonstrated by coordinated attempts that your lockout
horizon is over two weeks, they put out the word that your
site is not going to bear any fruit.
I currently have 9000-some blocked IPs in hosts.deny, I
wonder how much that slows down my store. Ugh, the stuff we
are forced to go through.
Jon SStandard lockout after three fails i 15
minutes.???
Howzbout:
a quarter second lockout after a fail;
double that for each subsequent fail.
Three tries to get it right will not be inconvenienced.
But, by 32 tries, it's up to a biillion seconds.
9 Jan
9 Jan
12:15 a.m.
On Wed, 9 Jan 2019, Guy Dunphy via cctalk wrote:
The phone rings, I pick up, there's a variable
duration interval of silence, then a pooiip! popping
sound (their system connecting this call to one of their operators, now that I answered),
then a
usually very Indian sounding voice (M or F) says something like "Hello, this is
Microsoft security service"
or "Hello this is product testing group."
I never bother to go along with it to see what their intent is. Just hang up usually.
"Windows Technical Department"
"Windows Company" !!?!
I had one jerk, with a very heavy accent claim to be Paul Allen!
I said, "Is this about the money that you owe me?" and he hung up.
(No, Paul Allen doesn't owe me any money)
Oddly, they usually hang up if I say,
"What kind of computer do you think that I have?" or
"Do you think that I have a computer??"
1:21 a.m.
On 1/8/19 9:15 PM, Fred Cisin via cctalk wrote:
"Windows Technical Department"
"Windows Company"? !!?!
I used to get one of those calls every few days, but I'm using a
screening service, so I haven't gotten one in months.
Too bad! I used to have a lot of fun playing dumb. "Vindows" key?
Where is that (I'm using an IBM Model M)? Now, go to your start menu
and select "Run program". Huh? What do you mean "start menu"?
(I'm
running Linux) I have several more computers, would you like me to try them?
Sometimes I could tie the scammer up for 15-20 minutes before he'd hang
up, very often after uttering an obscenity.
--Chuck
7:32 a.m.
At 08:56 PM 1/8/2019, Jon Elson via cctalk wrote:
I currently have 9000-some blocked IPs in hosts.deny, I
wonder how much that slows down my store. Ugh, the stuff we are forced to go through.
Now you've increased your chances by 9000x that someday someone
will complain that they can't reach your site. You said "botnet" right?
- John
8 Jan
8 Jan
9:56 p.m.
I've heard quit a bit about that scam, but I haven't gotten that one.
The really sad part is that I'm not doing anything that I could be
blackmailed about.
THAT is depressing.
(Crypto-locker, etc. is EXTORTION, not blackmail)
9 Jan
9 Jan
6:28 a.m.
On Wed, 9 Jan 2019 at 03:56, Fred Cisin via cctalk
<cctalk at classiccmp.org> wrote:
I've heard quit a bit about that scam, but I haven't gotten that one.
Ditto on both.
The really sad part is that I'm not doing anything
that I could be
blackmailed about.
THAT is depressing.
Oh dear. Now I am feeling slightly depressed too.
--
Liam Proven - Profile: https://about.me/liamproven
5:02 p.m.
On 1/8/19 12:41 PM, Grant Taylor via cctalk wrote:
I've wondered if some unscrupulous person has
subscribed to the list so that they can receive a steady stream of email
addresses
why would they bother?
every cctalk message at
http://www.classiccmp.org/pipermail/cctalk/
has the poster's email adr
5:07 p.m.
On 01/08/2019 03:02 PM, Al Kossow via cctalk wrote:
why would they bother?
Laziness.
every cctalk message ...
has the poster's email adr
What's easier to do:
1) Go find and repeatedly scrape mailing list archives for sending
email addresses.
2) Subscribe one email address to the same mailing lists and have the
messages delivered to you where you can have an automated process scrape
the incoming messages.
I know what I think has the better RoI and lower TCO.
--
Grant. . . .
unix || die
5:20 p.m.
On Tue, 8 Jan 2019, Grant Taylor via cctalk wrote:
What's easier to do:
1) Go find and repeatedly scrape mailing list archives for sending email
addresses.
2) Subscribe one email address to the same mailing lists and have the
messages delivered to you where you can have an automated process scrape the
incoming messages.
I know what I think has the better RoI and lower TCO.
--
Grant. . . .
unix || die
Um, it's easiest to write one script which can scrape and harvest
thousands of email archives everynight. So, 1 it is...
--Jason
9:39 p.m.
On 01/08/2019 02:03 PM, Peter Coghlan via cctalk wrote:
About two hours ago, I received an email to the
address I only use for
cctech/cctalk.
It claimed my email account had been hacked and threatened all sorts of
dire consequences if I didn't deposit $1000 in bitcoins in some place within
48 hours.
They usually say "this message was sent from your account"
as proof you've been hacked, but at least for me, the
received-from address is NOT mine. So, I know the thing is
bogus.
This particular scam is quite common right now.
Jon
9 Jan
9 Jan
7:30 a.m.
At 08:39 PM 1/8/2019, Jon Elson via cctalk wrote:
This particular scam is quite common right now.
Another variation shows your MySpace password from a decade ago,
as proof they know your password - gambling that many people have
used the same password for years and/or in many contexts.
There was a leak of the MySpace passwords a few years ago.
- John
2026
days inactive
2027
days old
34 comments
19 participants
participants (19)
-
aek@bitsavers.org -
alan@alanlee.org -
allisonportable@gmail.com -
cclist@sydex.com -
cctalk@beyondthepale.ie -
cctalk@gtaylor.tnetconsulting.net -
cisin@xenosoft.com -
db@db.net -
elson@pico-systems.com -
ethan.dicks@gmail.com -
fritzm@fritzm.org -
ggs@shiresoft.com -
guykd@optusnet.com.au -
jason@smbfc.net -
jfoust@threedee.com -
kd7bcy@kd7bcy.com -
kevin@128.ca -
lproven@gmail.com -
pete@dunnington.plus.com