Modern Internet Fraud
Saturday, December 6, 2008
I once heard a story about a scheme to defraud people out of money. The scheme worked on the principle of embarassment and went something like this.
“Start a company with an innocuous name which places ads for something no one wants to be known for buying. When an order comes in reply that you are out of stock. When the customer demands their money back issue a check from a different company with a really embarrassing name printed in bold. The customer will never cash the check because they don’t want people at the bank knowing they tried to order from such an embarrassing company.”
I’ve toned down the retelling but you get the idea. While investigating some other leads today I came upon a newer version of this scam which adds the element of fear via destroyed credit rating. It is an interesting twist to this old theme.
People who are searching for popular downloads online will end up with search results from various torrent trackers. Somehow, likely through SEO manipulation, sites such as DownloadNova dot com are returned as valid search results. When a user clicks on the link they will be presented with a series of servers to download from. All of the links will say that you need to provide an email address to join the site. Once a user has submitted an email then the site will direct them to pay some nominal fee for full membership. According to various reports [1,2,3,4,5] the range is somewhere between $3-$5. Buried in the fine print are details of the actual membership.
It now said that I had activated three day trial memberships to three sites. One called ‘MegaDownloadPass dot com’ another called ‘Vipbookmark dot com’ and one called ‘DiscountVideoPass.’
Other versions of this scam exist like baydownloads dot com. According to the same source once your trial membership expires you graduate to full membership for all three sites and billed for $30 per month. Most of the reports I read showed people who cancelled their memberships by using the chargeback mechanism of their credit card company. This is the obvious way to go. Here is where it gets interesting though. I researched the phone number listed for support:
1-800-934-1875
I called this number posing as a web site owner who was looking to add support to my own websites. The support rep informed me that they had about 100 people working there and that they handled multiple websites. After a while he decided that he couldn’t answer my questions and should get the manager on the line. While I patiently waited he explained the situation to his superior. As it turns out the manager wasn’t willing to talk with me and instead directed me to email the company with any questions I might have. This was good enough for me as it gave me a central website to work from. The website findsupportonline dot com has this dire warning on its front page
A billing chargeback will place your name, address, zip code, and credit card number into an Internet fraud database. ALL INTERNET CREDIT CARD COMPANIES USE THIS DATABASE. We DO NOT have any control over this fraud database.
If you chargeback your membership, the billing company WILL add your information to the ban database. If you get into this database you will not be able to use that billing company again. It is impossible to get off the ban lists.
BE SMART! DON’T DESTROY YOUR INTERNET CREDIT BY BEING ADDED TO THIS LIST AND INVESTIGATED FOR FRAUD!
I doubt the veracity of this last statement. It is amusing to see this twist though. Get the user to pay a nominal fee and then spring new fees justified by fine print. Then assault them with a warning that their online credit will be ruined before they can even think about using the appropriate mechanism to stop the fraud. I really have to wonder how well this company is doing.
The support rep was not very talkative when he came back from his manager. Maybe it was because I called from a payphone. Maybe it was the questions I was asking. He did admit to servicing Megadownloadpass dot com but claimed they “stopped supporting them … two or three days ago”.
I also doubt the veracity of this statement however I don’t think the two companies are related at all. findsupportonline’s whois information points to an address in New York. Unfortunately novadownload hides their true registry information but megadownload and vipbookmark uses a false Delaware address in their whois registration. The email address in the registrations list marketingx dot com which has an address in Cyprus. This listing has an email address for prolastlimited dot com which points to the same address as does customersupporthelp dot com. So the update to this age old scam is to entice the user with warez downloads and then bill them for pornography. Then make sure that the support representatives are trained to intimidate anyone who tries to cancel their membership.
Why RIAA tactics are unconstitutional
Saturday, November 29, 2008
Charlie Nesson explains in this article just how far the RIAA has perverted the American legal system.
It should be noted the $750 statutory minimum is just that. A minimum. It can go as high as $30,000 per infringement.
The defendant in this trial has had to endure 7 years of legal troubles over allegedly downloading 7 songs. This is something to think about. The RIAA is asking for over $1M because of downloaded songs which have a market value of roughly $7. I have to agree with Paula Samuelson that at most damages of 3x should apply to crimes of this nature. Not only is this proportional to the actual crime but would force RIAA to go after higher stakes players who are actually reproducing physical copies of CDs.
A summarized version exists here.
Hpricot Workaround for ASPX viewstate
Friday, November 28, 2008
I’ve switched over to Hpricot for HTML parsing in my various ruby projects. This was a long time coming and the performance is impressive. I happened to catch a page with ASPX viewstate on it and was faced with the following error:
ran out of buffer space on element
There are various pages out there which detail the work around and the rumor is that the memory cap is to ensure that the script doesn’t end up consuming everything on the machine. The work around is as follows:
Hpricot.buffer_size = 262144
Federal Judge holds that people can not be identified by IP address
Friday, November 28, 2008
Judge Nancy Gertner held that a person can not be readily identified merely by an IP address with any “reasonable degree of technical certainty”. This is something that most of the technical community has claimed for years as the RIAA made countless fishing expeditions using universities as unwitting accomplices. It is refreshing to see a judge at the Federal level understand this concept.
“[T]he Court finds that compliance with the subpoena as to the IP addresses represented by these Defendants would expose innocent parties to intrusive discovery,”
Crime does occur on the Internet. However for the last few years many of us have watched with horror as the RIAA violated due process and reasonable expectations of privacy while trying to prosecute these crimes. It is hoped by this author that in the near future the RIAA will conform to the laws of this country by using actual law enforcement instead of unlicensed private investigators and petitioning the court with actual evidence instead of the equivalent of a “lead”.
Clearly the weight of the judicial system is starting to tilt back in favor of the people but it is too soon to celebrate. No judge has yet stepped up to declare 17 U.S.C. § 504(c)(2) to be unconstitutional. With maximum statutory damages set at $30,000 per infringement the defendants absolutely must have representation in the courts. Yet the RIAA end run around this crucial aspect perverts that which is “fundamental to the American scheme of justice.”
Soulja Boy gets called out
Tuesday, November 25, 2008
Fellow Free Culturist Kevin Driscoll calls out Soulja Boy in this Youtube recording after he received a takedown notice for a video entitled “Crank dat ROFLCon” (I think this is another copy). The irony here is that Kevin is also a grad student at MIT studying hip hop and music video. The video in question literally shows part of his ROFLCon presentation where Kevin explains the phenomenon of Soulja Boy and his rise in popularity due to spreadable media. Has Soulja Boy truly forgotten his roots? Kevin makes the claim that Soulja Boy would never have risen to fame without the thousands of remixes created showing people dancing to “Crank dat” and posted virally all over the Internet. For evidence see [1,2,3,4,5] as a very short list of the thousands out there. Does Kevin have a point? I have to agree that the takedown of his particular video seems strange and could in fact be the result of his label taking actions on his behalf. If Soulja Boy reads this he should email Kevin and let him know that he doesn’t intend to be played by his label and will tell them to back down from aggressive takedowns.
Boston Judge finds RIAA denies defendants meaningful access to our courts
Wednesday, October 29, 2008
In a 1963 Supreme Court decision Justice Hugo Black opined that every defendant in a criminal case must have access to a lawyer. The right to a fair trial in an adversarial system such as US law depended on both sides having competent representation. Today a story broke about the recent RIAA cases here in Boston where a judge is mirroring the same sentiments. What is interesting about this is the cases in question are civil and not criminal. The RIAA has opted for civil prosecution in the majority of the file sharing lawsuits and for good reason. Civil cases have lax rules surrounding evidence and the defendant is not guaranteed a right to counsel. Judge Gertner remarked that “there is a huge imbalance in these cases. The record companies are represented by large law firms with substantial resources. [The] … counsel representing the record companies have an ethical obligation to fully understand that they are fighting people without lawyers… to understand that the formalities of this are basically bankrupting people, and it’s terribly critical that you stop it….” [warning: pdf]
Maybe its time for another “Gideon” to petition the US Supreme Court. How many thousands have capitulated to the RIAA because they can’t afford an attorney? Despite being tried in a civil court aren’t these cases criminal in nature? Judge Gertner seems to suggest that defendants in RIAA cases are not receiving fair trials which is supposed to be guaranteed by the 6th Amendment. While the 6th Amendment is about criminal law the spirit of it seems to suggest cases where the defendants lives are on the line. At the time of the framing I doubt any civil case could deprive citizens of all their money and possessions. The RIAA’s end run around our legal system is denying defendants “meaningful access to the courts”. How long will this country allow the RIAA to make a mockery of our legal system?
SourceBoston 2009 Announcement
Tuesday, October 28, 2008
[disclosure] I’m on the board of advisors for this conference
SOURCE Boston 2009 is taking place on March 9th-13th at our new location,
the Seaport Hotel in downtown Boston.
—====/ Confirmed Speakers /=========———
// Keynotes //
Marcus Ranum
Peter Kuper
Amit Yoran
// Sessions //
Dino Dai Zovi
James Atkinson
Adam Shostack
Jeremiah Grossman
Rich Mogull
David Mortman
Ero Carrera
Joe Grand (aka "Kingpin")
Chris Hoff
Marty Roesch
Bruce Dang
Jose Nazario, PhD
Lee Kushner
Peiter "Mudge" Zatko
Call for Papers for SOURCE Boston 2009!
Speakers wishing to participate should complete a proposal by
November 30th.
—====/ Training /=========———
This year, we will be adding two days of training (March 9th-10th)
1. Hardware Hacking – Joe “Kingpin” Grand
2. Mobile Device Programming – Christien Rioux
3. Practical Security Architecture – Rob Cheyne
4. Applied Security Visualization – Raffael Marty
—====/ Extras /=========———
Security Business Competition Professional Networking Events
Hardware Hacking Competitions Security Trivia
Round Table Discussions Product Educations Talks
Student/Mentor Program Live Podcasts
Lightning Talks Expert Panels
EA could help end DRM
Thursday, September 25, 2008
The backlash over DRM has finally started to gather serious momentum. Everyday consumers started a campaign to give the highly anticipated game Spore one-star ratings on Amazon. Thousands of Amazon users labeled Spore a poor choice because of the SecuROM DRM system that is forced onto PC users machines that purchase the game. EA has backpedaled a bit and eased the restrictions on the number of installs per machine. They have even made a verbal (but unenforceable) promise to disable the DRM system by patch should they ever end of life the product. But so far EA refuses to give in to consumer demand that they simply get rid of the DRM system. They hold on to the claim that DRM helps reduce piracy. Yet 30 seconds of searching on a popular torrent site shows not only Spore but a cracked copy that totally removes all DRM from the game.
This is possibly the most insulting bit for consumers. People who are pirating the game actually enjoy more freedom in the sense that their system does not have SecuROM permanently installed onto the hard drive. In the recent class action suit the defendants publicly document how the DRM used in Spore remains installed even after the game has been removed from the users computer. SecuROM also operates at “Ring 0″ which is to say the core of the kernel layer which is clever in that it is hard to bypass the program yet dangerous because anything that goes wrong will completely destroy the users session. All of these facts are not made plain to consumers before purchasing the game. Only after they have purchased the game and start installation will they have the chance to read about the DRM system in the EULA. [warning: pdf] Retailers almost never allow returns on software once opened which leaves consumers who don’t agree with the surprise DRM in a very bad position.
So how can EA help end DRM? They can look at what is happening around them and try to understand how miserable their own customers are with the DRM choices they are making. If recent events are any indication they will either start pirating the games or simply stop supporting EA with their purchases. EA can also look at recent history and see the reactions of consumers to retailers who renounce DRM. When online music retailers started renouncing DRM (Amazon and Apple) consumers responded very positively. Not only that but the entire industry started to follow their lead. It is wonderful when smaller producers like Stardock announce intentions on these matters but it will take someone the size of EA to make it an industry trend.
hi, botnet Jack here
Thursday, September 18, 2008
I received what was obviously spam this morning with the subject “VideoTube.com: The Best!”
Because I work on the Youtomb project this sort of caught my attention. The message simply read “eX-eX-eX girlfriend!” and there was a zipped attachment. I detached the file and moved it to one of my test boxes. Once there I unzipped it and ran “strings” on it.
It is definitely some sort of windows based botnet package but I don’t have the time to really investigate it. Leaving behind the strings output to help anyone who runs into this today or in the near future. The first line of intelligible strings output did make me laugh
hi, botnet Jack here
CloseHandle
CreateProcessA
ExitProcess
GetEnvironmentVariableA
GetModuleFileNameA
GetShortPathNameA
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcpyA
KERNEL32.dll
