Bogus "account hacked" message
Guy Dunphy
guykd at optusnet.com.au
Tue Jan 8 22:43:11 CST 2019
At 08:56 PM 8/01/2019 -0600, you wrote:
>On 01/08/2019 04:33 PM, Fred Cisin via cctalk wrote:
>> On Tue, 8 Jan 2019, allison via cctalk wrote:
>>> SStandard lockout after three fails i 15 minutes.�
>>
>> Howzbout:
>> a quarter second lockout after a fail;
>> double that for each subsequent fail.
>> Three tries to get it right will not be inconvenienced.
>> But, by 32 tries, it's up to a biillion seconds.
>>
>Interesting observation I made a few years ago. I run a web
>store, and was being inundated with ssh login attempts.
>About 1000/day! I decided this was serious, they'd
>eventually get lucky.
>So, searching available software, I found denyhosts. It
>checks the logs for login failures, and after a set
>threshold, it puts the source IP into the hosts.deny list,
>and your machine effectively disappears from that source
>IP's view. I set the rules very strictly, so that after 3
>login failures over a 2 month span, that IP was blocked for
>a year. Something very interesting happened.
>The number of attempts did not diminish immediately, as the
>botnets had a large number of compromised machines. But,
>suddenly, two weeks to the EXACT HOUR when I set up
>denyhosts, the attacks dropped from 1000/day to 3! Just
>like flipping a switch! So, these hackers have a dark net
>list somewhere where they trade IP addresses of machines
>they would like to hack, and what they can figure out about
>the security measures implemented on them. When they have
>demonstrated by coordinated attempts that your lockout
>horizon is over two weeks, they put out the word that your
>site is not going to bear any fruit.
>
>I currently have 9000-some blocked IPs in hosts.deny, I
>wonder how much that slows down my store. Ugh, the stuff we
>are forced to go through.
>
>Jon
I've been receiving the same 'hacked your account, sending this from your account, send bitcoins' scam
emails for a while.
They are NOT from 'my account' (what does that even mean?) although the sender email address is same as
one or more of mine. But that is spoofable. I ignore them.
I can see all the headers, which include lines like:
X-Mailer: Microsoft Outlook Express 6.00.2900.3022
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3022
Since I'd rather die than use MS Outlook Express, or even install it an any system of mine,
I know they lie (and for other reasons.)
Recently one quoted 'my password' as evidence. It's a password I used on a porn site long ago, and that
site changed hands and became a junk site sometime since. Maybe the new owners branched into extortion scams?
I also at times receive a lot of scamming phone calls to my landline. Sometimes several a day.
These have such a consistent format that I'm sure they must come from some group, even though they
use different names.
The phone rings, I pick up, there's a variable duration interval of silence, then a pooiip! popping
sound (their system connecting this call to one of their operators, now that I answered), then a
usually very Indian sounding voice (M or F) says something like "Hello, this is Microsoft security service"
or "Hello this is product testing group."
I never bother to go along with it to see what their intent is. Just hang up usually.
We all know the government has total surveilance of all electronic communications. Don't argue, this
is not a 'conspiracy theory'. I've even had dinner with a guy who was my interpreter wife's boss at the
time, as head of the Sydney branch of Australia's national crime commission's intercepts division.
Discussed the Echelon system (as it was named then) system with him, which he acknowledged existed.
I asked so, what percentage of ALL communications (voice and digital) does the system capture and analyze
for keywords?
(Echelon used a 'dictionary' of keywords and phrases of interest, put together each week by the NATO
powers, and shared among them all. Intercepts in each country are done on coms backbones, with each site
existing as a diplomatic enclave, manned by intelligence staff who are acting on behalf of 'foreign
allies' hence getting around local surveilance legal limitations. Any intelligence of interest is passed
to local intelligence services as a diplomatic communication, so the local gov was not 'spying on
their own citizens.' Ha ha ha. It sucks, but that is how it worked nearly 20 years ago. Certainly much
worse now. I don't know what the equivalent system is called these days.)
His answer: around 98%.
Now here's the thing. Another interesting observation one could make:
You'd think these kind of scamming emails and phone calls should be illegal, and easily prosecutable.
You'd think it would require almost no effort at all from law enforcement and coms carriers, to
identify the sources. Given that they have total transparency of the telecoms infrastructure.
Not to mention that if Indian call centers are involved there would be international carrier contracts
and national entry points that would stand out like searchlights in traffic analysis.
Same goes for Asian paid web click farms, etc. Even botnets with encrypted command channels - I can't
believe it can be technically impossible to shut these down.
So, how does this bullsh*t continue?
One can only conclude that the large scale scamming operations are conducted with the knowledge of,
and probably complicity of, government at some level.
The real question is why.
I can make guesses about that too. But doubt many here would find it comfortable. Or on topic.
Guy
More information about the cctalk
mailing list