Jump to content
Sign in to follow this  
Apogee2012

Ancient joe-job story brought back to life

Recommended Posts

Moderator Edit: extracted from http://forum.spamcop.net/forums/index.php?showtopic=9086 and made into its own Topic.

Hi, new member so this will be my first post.

A while ago (3-4 years) there was a rash of "joe-jobs" that attacked certain carding sites, such as shadowcrew.com, carderplant.com, darkprofits.com and similar. These joe-jobs would make asinine claims like "your credit card has been charged..." or offered all sorts of illegal services, the point being to bring"heat" on these sites. Whoever were responsible for the joe-jobs were themselves guilty of spamming and operating "bot-nets" to perpetrate the spam.

Then it was revealed the person (or one ofthe persons) responsible for the joe-jobs was an FBI informant who turned criminal, one "David Renshaw Thomas" who went by the moniker "El Mariachi". This person operated a crime forum named "Thegrifters.net." He made the claim the joe-jobs were being done in tandem with the efforts of anti-carding organizations in order to shut down the (competing) carding sites, with the exception of Thegrifters.net.

Has there ever been a follow up to these joe-jobs? What is the law regarding joe-jobs targeting carding or criminal oriented web sites?

Edited by Wazoo

Share this post


Link to post
Share on other sites
Hi, new member so this will be my first post.

Fine .. but I'm still wondering what the link is between this Topic/Discussion and your new post.

These joe-jobs would make asinine claims like "your credit card has been charged..." or offered all sorts of illegal services, the point being to bring"heat" on these sites. Whoever were responsible for the joe-jobs were themselves guilty of spamming and operating "bot-nets" to perpetrate the spam.

Hard to trust anyone involved in illegal activities .... nothing new there. So still wondering what your point is.

Has there ever been a follow up to these joe-jobs?

Are you saying that you can't use the thousands of search engines available for some reason?

What is the law regarding joe-jobs targeting carding or criminal oriented web sites?

That would depend on the actual circumstances, what part of the world is involved, actual provable/documented losses, etc. And none of this even begins to try to skirt around the "clean/dirty hands" issue.

Share this post


Link to post
Share on other sites

What is a 'carding' website?

Though there are discussions here sometimes about criminals, laws, and justice, the focus here is on blocking spam. Someone might know - people know all kinds of things - but, as Wazoo said, you might find more information somewhere else using the names to search.

Miss Betsy

PS to Wazoo - the connection is that the criminal person was spamming for an innocent party's website the same as the subject 'spam on behalf of [innocent]my site'

Share this post


Link to post
Share on other sites
What is a 'carding' website?

As mentioned a few times earlier in this Discussion, the sale/distribution of credit-card data .... most typically, done without the consent or knowledge of the actual credit-card owner.

Though there are discussions here sometimes about criminals, laws, and justice, the focus here is on blocking spam.

I was trying to go with that this is the Lounge area, open to most things, But yes, this kind of activity is definitely not condoned.

PS to Wazoo - the connection is that the criminal person was spamming for an innocent party's website the same as the subject 'spam on behalf of [innocent]my site'

Actually, I'm still struggling with the word "innocent" thus far with the subject matter involved. It seems a bit silly to be involved with a criminal activity and then complain about someoe else's alleged criminal activity ... which is where the "clean hands" issue comes up within a court-of-law (heck for that matter, even trying to find a lawyer to take the prosecution side of the case to begin with. One notable exception was where "dad" was an attourney, so away those idiots went with their lawsuits.)

Share this post


Link to post
Share on other sites

What I was trying to say was that while people may discuss criminal activity and how to stop it on this forum - in the Lounge - it is not what most posters are interested in. Therefore, finding another place through the search engines (as you suggested) might give him more information. Though some posters to this forum do have some knowledge about criminal activity and how to stop it and might be able to give him some information.

Though law enforcement sometimes does get involved in 'turf' battles among criminals when crimes are committed, usually neither side really wants them!

I guess, in this case, 'innocent' is kind of a technical term to indicate that the site is not directly connected to the spam, rather than the general use of being blameless. IOW, if a criminal is the target of a hit from a competing gang, is he acting in self defense if he kills the hit man before the hit man gets him? Technically, yes. But, outsiders tend to see it as gang warfare where both parties are guilty.

Miss Betsy

Share this post


Link to post
Share on other sites

Wazoo, you seem rather accusatory and unhelpful. I introduced myself in this topic because I had information related to the subject of joe-jobbing, in particular joe-jobbing of criminal websites such as "carding" forums. That was the point of my post, and I can't understand how you managed to fail to see that. You suggest I turn to the "search engines" - well my search for "joe-jobs" on this forum turned up few relevant posts, except this one titled " 'Spamcop can do no wrong' attitude" - http://forum.spamcop.net/forums/index.php?showtopic=1206 , sadly it's a common malady on many forums where it's staff openly dismiss new members simply because they're "new."

Back to this original posters topic, "spam on behalf of my site", I would think it extremely egregious that spamvertizing someones website, whether they are your competition or because you disagree with their opinions or the legality/morality of their site, should still be treated as an illegal act. After all its every bit as illegal as spamming itself. For those not aware of what "joe-jobbing" is, it is where a spammer will issue spam using the name of a competitor as the originator of the spam. This leads the site to being targeted by anti-spam groups, as well as their being shut down by their ISP or upstream provider. Most host/ISP will turn off a site just under the hint they might be spamming. So joe-jobbing is an effective, if underhanded way to take out your competition or destroy an "enemies" web site.

Where it becomes a grey area is when the site being joe-jobbed is, in all likelihood, a criminal website. Should such joe-jobbing be tolerated? A previous case of joe-jobbing similar to this one involved an undercover informant, an individual who was caught committing credit card fraud, to go to work for the FBI running an undercover "crime forum" who then attacked other carding sites with joe-jobs. Should we simply except some joe-jobs/spamvertizements because they cause some crime forums to be shut down, even though the joe-jobbing itself is a crime? How would you feel if it was your computer that was part of the "bot-net" that was used to commit the joe-jobbing? Or your email server that was infected with malware and used to commit spamvertizing? Would you feel better knowing that the FBI or an informant working for the FBI may have been partially responsible for it?

This is what I wanted to shed some light on, as the original poster appears to fit the same modus operandi that occured in 2004 when a crime forum by the name of Shadowcrew was also the target of a joe-job. You can still find hits in Google for "joe-job" and Shadowcrew. NANAE was inundated with complaints about Shadowcrew and Carderplanet spam, which, after some investigation, were revealed to be a joe-job campaign conducted by the FBI informant listed above, one David Renshaw Thomas. This was later admitted to in a series of articles by that informant, when he decided to go public. He implicated that it was himself, working with his FBI handler, and certain security agencies like Cyota (now RSA security) and the NCFTU based out of Pittsburgh PA., as conducting "stress tests" to determine if a crime forum, like any one of the dozens of "carding" forums out there, were in actuality ran by another branch of government as an undercover operation. Thomas, an FBI informant, attacked Shadowcrew, which was being run by the Secret Service as a separate undercover operation, and as he admitted, used the joe-jobs to determine that ONLY a government supported forum could have remained online following the spam backlash. Well that was true, the Secret Service did indeed rely on AT&T to keep their undercover operation Shadowcrew online, when many of the other carding forums that were "true" criminal forums were knocked offline by the joe-jobbing.

This is very likely what if happening here, with a round of joe-jobbing being conducted against the original posters web site. There's no debate over the nature of this individuals website, but one thing should remain clear is that the joe-jobs attacking it are illegal. I can only hope that organizations that police spam go after the spammers, and do not attempt to "pass judgment" as Wazoo has.

Share this post


Link to post
Share on other sites
Most host/ISP will turn off a site just under the hint they might be spamming. So joe-jobbing is an effective, if underhanded way to take out your competition or destroy an "enemies" web site.

Oh if were so. All the evidence I have seen would indicate that most bot-net control and spamvertized sites have migrated to ISPs that tolerate/support their activities. I'm sure you remember the example from last November where the CA organization and ISP that were cut off from the rest of the web resulting in a 60% drop in spam. This was not done by the ISP but by security groups convincing the up stream net to cut the links to the ISP.

How would you feel if it was your computer that was part of the "bot-net" that was used to commit the joe-jobbing? Or your email server that was infected with malware and used to commit spamvertizing?

Not sure what 'how I would feel' has to do with the facts. This type of retorichal questions is just an argumentative trick. Its like the on-the-seen news man asking the women standing in front of her burning house "how do you feel?" No facts just go theater.

Would you feel better knowing that the FBI or an informant working for the FBI may have been partially responsible for it?

I must admit that when you dropped into conspiracy theory I really stopped reading.

This is very likely what if happening here, with a round of joe-jobbing being conducted against the original posters web site.

Don't you think this is quite a leap from a long description of what a joe-job is to that's what happened without providing any evidence?

After reading your post and the FAQ glossary entry for Joe-Job, I'm not sure what I've gained.

Edited by Lking

Share this post


Link to post
Share on other sites
Wazoo, you seem rather accusatory and unhelpful.

Your call, of course.

I introduced myself in this topic because I had information related to the subject of joe-jobbing, in particular joe-jobbing of criminal websites such as "carding" forums. That was the point of my post, and I can't understand how you managed to fail to see that.

I'll repeat the same question I asked in my initial response to your first post .. what is the specific relevance to the actual Topic/Discussion you chose to post into? A conspiracy story from three or four years prior doesn't relate directly to "spamcop caused my web-site to disappear" especially when the only facts available do point out that the site in question was dealing with illegal data. Again, it was the ISP/Host that toasted the site, more than likely due to AUP violations.

You suggest I turn to the "search engines"

In response to a specific question .... to remind you;

Has there ever been a follow up to these joe-jobs?

Are you saying that you can't use the thousands of search engines available for some reason?

- well my search for "joe-jobs" on this forum turned up few relevant posts,

And as the usual use of that phrase here was actually wrong, a Dictionary, Glossary, and Wiki entry was made to actually define that term in hopes of putting a stop to the mis-use of the term.

sadly it's a common malady on many forums where it's staff openly dismiss new members simply because they're "new."

Replies and continuing discussion doesn't seem to marry up with your 'dismiss new members' in my eyes.

Back to this original posters topic, "spam on behalf of my site", I would think it extremely egregious that spamvertizing someones website, whether they are your competition or because you disagree with their opinions or the legality/morality of their site, should still be treated as an illegal act.

I can't help but think that you left out a word or two in that sentence.

After all its every bit as illegal as spamming itself.

And to carry on a response to your initial post, exactly what laws (where) are being broken by 'spamming' ...??? In reality, the major stumbling block for spammers and spam seems to be the guidelines and Acceptable Use Policies of the various ISPs/Hosts involved.

For those not aware of what "joe-jobbing" is, it is where a spammer will issue spam using the name of a competitor as the originator of the spam.

The only thing you defined there is the use of a "forged From:" address. Again, a misuse of the term joe-job.

Rest of the conspiracy rant and Wazoo characterizations basically ignored. There is some contemplation going on about splitting this out into its own 'new' Topic/Discussion ... again, I don't see the specific/direct relevance to the Topic starter's issue.

Share this post


Link to post
Share on other sites

Well, as I am not interested much in shutting down websites for any reason, I didn't read the original part of this topic very carefully.

The reason I am not interested is that I think that websites should be closed down per TOS or AUP of the provider and not law enforcement. And, obviously there are providers who, for whatever reason, do not include spamming as part of their TOS/AUP. The reason that I don't think that websites should be closed down by law enforcement is because there is the possibility of law enforcement closing down sites for political reasons.

IMHO, providers should cut the connection of computers that are harboring bot-nets until the owner gets them cleaned. However, it would be hard to get a law for that since stupidity is not illegal.

I do agree with the new poster that there is a connection to the original discussion, but since the new comment doesn't really address the OP's problem, I can see why Wazoo thinks that it is a separate discussion.

As I said before, this is basically a forum for solving problems. Occasionally, we do get into discussions about general or specific anti-spam issues that don't deal with blocklists or spamcop specifically. However, while some people who post here might know something about the subject brought up by the new poster, most are not particularly interested since our solution to spam is based on the netiquette of 'my server, my rules' (or in the case of end users - 'my computer, my rules'). The solution to spam is to block (or identify email from) spam sources - the email servers (or, in the case of bot-nets, the computer) sending the spam. If one does that, then one doesn't see anything illegal.

If law enforcement entities want to go after criminals by setting up sting operations, that's probably a good idea. The purpose of law enforcement is to capture the criminal, not to shut down a website. Closing the website is secondary effect since if the criminal is caught, there is no owner anymore.

There was a poster a while back who was very interested in getting criminal websites shut down by the providers in order to protect the gullible. I don't have time to figure how to find him (he claimed to have been in on the creation of the internet when they were deciding whether to open it up to the public). If you read that discussion, you will see the same reactions - Yes, it would be nice if all providers were law-abiding and protective of the gullible. No, that's not the way it is. Yes, people could avoid nasty websites. But, it takes education and common sense to avoid them. And, yes, there are quite a few people who think that it is their duty to protect the 'innocent' by finding and trying to get these websites shut down as well as the theory that if there is no place to buy it, there won't be any spam to send.

While it is an arms race between good and evil programmers, generally there is a 'fix' that people can use to avoid any contact with the evil program. Even 'joe-jobs' are fixable. In fact, it has been a long time since I have even heard of a real one being successful. Of course, if the site truly were a carding site, it would be successful!!

So, again, while I don't despair of someone frequenting this forum being able to answer your question, I think you would probably find more information and discussion at some other forum. I wish I could remember the poster's name or topic (mentioned above) so you could find him. He'd probably love to discuss this subject with you.

Miss Betsy

Share this post


Link to post
Share on other sites
Oh if were so. All the evidence I have seen would indicate that most bot-net control and spamvertized sites have migrated to ISPs that tolerate/support their activities.

True, IF the web site being spamvertized was designed to withstand any spam backlash. But the vast majority of NORMAL websites, hosted on your typical shared server account, are not on a "spam tolerant" ISP. A joe-jobbed site is not one that wanted to have spamvertizement in the first place. That is what the original poster in this thread is complaining about - someone spamvertized his site, in his own words "spam on behalf of my site." That is a joe-job.

And to carry on a response to your initial post, exactly what laws (where) are being broken by 'spamming' ...??? In reality, the major stumbling block for spammers and spam seems to be the guidelines and Acceptable Use Policies of the various ISPs/Hosts involved.

Not exactly sure what you mean by "what laws (where) are being broken by 'spamming'" but ever hear of the CAN spam act? Since a joe-job is another form of spam then it is illegal. Should not matter if the site being joe-jobbed is a "carding forum" or not, the joe-job targeting it is still illegal. I posted information that should help the original poster decide if he is being targeted by a joe-job from the same individual who targeted carding forums 4 years ago. That is not a "conspiracy" as one pointless commentator felt like posting, since it's been published in an interview with the perpetrator of those joe jobs. Proof?

I Was a Cybercrook for the FBI

http://www.wired.com/politics/onlinerights...s/2007/01/72515

Cybercrime and Punishment

http://sandiego.indymedia.org/en/2006/07/116608.shtml

Has Shadowcrew charged $149.95 to your credit card?

http://www.snopes.com/inboxer/hoaxes/joejobs/shadowcrew.asp

The link above shows the similarity between the original posters complaint about his site and the Shadowcrew site from 4 years ago.

For those not aware of what "joe-jobbing" is, it is where a spammer will issue spam using the name of a competitor as the originator of the spam.

The only thing you defined there is the use of a "forged From:" address. Again, a misuse of the term joe-job.

What are you talking about?? I defined a joe-joe exactly right - spam issued in someone else's name in order to get THEM in trouble.

Here is the Wikipedia definition: "online, a joe job is a spam attack using spoofed sender data and aimed at tarnishing the reputation of the apparent sender and/or induce the recipients to take action against him."

Do you have a problem with my definition of joe-job? Since this original poster is complaining about spam issued on behalf of his site then it stands to reason he is not the sender of that spam. Making this a case of joe-jobbing. Now, if it's some criminal competitor of his, he is out of luck. If the joe-jobber is the same joe-jobber that targeted several carding sites in the past few years, then he can pursue that lead. A joe-jobber is a spammer. Shut down a joe-jobber and you will be shutting down a spammer.

There was a poster a while back who was very interested in getting criminal websites shut down by the providers in order to protect the gullible.

Absolutely - however you have to abide by the law in getting them shut down. Complaints to the Internet Crime Complaint Center (IC3) will be far more effective then joe-jobbing. Most criminal web sites don't want any publicity or visibility, they prefer to operate in the underground. I'm sure that is why the informant above targeted them in joe-jobs. It caused those fraud forums to be shut down and leaving his own crime forum online to pick up those members who lost their home. Personally, I find the act of joe-jobbing despicable, even if the sites it targeted were themselves despicable.

Not sure what 'how I would feel' has to do with the facts.

I asked this because most spam comes from "bot-nets", zombied home computers people leave on and connected to the web via broadband. People can pick up a trojan anywhere and once that happens there personal home computer becomes a source of spam emails, without their knowledge. Now how would you feel if it were your computer issuing all that spam? Obviously you would not like it. Should the FBI, Cyota/RSA Security, NCFTA, or any informant in their employ engage in joe-jobbing, even if it helps their undercover investigation into carding web sites? Personally I feel disgusted that a police agency or security company should betray the public trust like that, and compromise any home users PC for their ends. Of course they could spam/joe-job using their own networks, but then it still becomes part of the flood of spam clogging mail servers across the web.

Share this post


Link to post
Share on other sites

I am still not sure what you want to get from posting to the spamcop forum. So far no one has an answer to your original question. and Yes, joe-jobbing is not playing nicely with others. Not usually done by nice people. But, I don't know that it is illegal anywhere.

Spamming is not playing nicely with others either. And while there is a CAN spam act, it has not been very effective in stopping spam, particularly criminal scams.

Many people, including myself, think that it is just as bad to forge my email address in a spam email so it looks as though it comes from me - even though very few people think that it does anymore. I even think that it is sexual harassment to get unsolicited porn email, but again, I don't think that it would hold up in a court of law.

You think that the OP should be warned that maybe this 'joe-jobber' you were inquiring about, might be the same one who 'joe-jobbed' his site? IOW, supposing that the OP really meant that someone was sending spam which advertised his site, rather than simply forging his email address in the FROM - which many people do feel is 'spam on behalf of my site', then he was targeted because he was a carding site by this character who was eliminating competition. Or there is no honor among thieves - not a big surprise to the OP if he was also a criminal, you would think.

Again, you are talking to people who, in general, prefer to block (or ignore) the unsavory elements on the internet rather than reform them or arrest them or take vigilante action against them. Though there are some people who do think that reporting spamvertised websites with the aim of getting the provider to shut them down is valuable. However, most of them realize that one has to be sure that one is reporting the 'real' website since spammers do try to avoid detection by a number of tactics - including using absolutely innocent websites in spam to make it look more real (and that is not called 'joe-job').

And I don't know what how a computer owner would feel about allowing hir computer to be used by someone else has to do with this discussion. Some people might even feel good about being part of a sting operation, I bet. The fact that many people who have infected computers would be appalled by what their computers were sending doesn't seem to inspire them to be more careful computer users.

Miss Betsy

Share this post


Link to post
Share on other sites
Not exactly sure what you mean by "what laws (where) are being broken by 'spamming'" but ever hear of the CAN spam act? Since a joe-job is another form of spam then it is illegal.

Links to the actual text of the CAN-spam (I refuse to violate Hormel's request) Act are provided in the SpamCop FAQ found here via links at the top of this very page. If you take the time to read it, there is nothing in that text that says "spam is illegal" .... taken in the best possible view, it does say "every spam will contain .... and wil not contain ...." To make it illegal, it has to be prosecuted as being in violation of said act.

For those not aware of what "joe-jobbing" is, it is where a spammer will issue spam using the name of a competitor as the originator of the spam.
The only thing you defined there is the use of a "forged From:" address. Again, a misuse of the term joe-job.
What are you talking about?? I defined a joe-joe exactly right - spam issued in someone else's name in order to get THEM in trouble.

Interesting in that you quoted your own words, my words, then tried to redefine your original words, using 'more' words. Please take a stand back and read things as literally as I read and responded to them.

I asked this because most spam comes from "bot-nets", zombied home computers people leave on and connected to the web via broadband. People can pick up a trojan anywhere and once that happens there personal home computer becomes a source of spam emails, without their knowledge. Now how would you feel if it were your computer issuing all that spam?

Actually, I fix/repair these types of systems on a daily basis. I've even documented a few situations right here in this Forum section. None of those folks are happy about the infection/compromise situation, they are happy at getting back a system that runs much faster, fewer crashes, etc. in addition to being allowed to get back on-line in some situations.

Getting a but bored with this Discussion actually. Way too much traffic available from other more-informed sources dealing with the investigation and research into "current" problem areas, of which the hosting of illegal activity web-sites is but a small portion of the bad things going on.

Share this post


Link to post
Share on other sites

I know this is an old post but this Apogee is actually "El Mariachi" AKA as David Thomas, he's the one who did these interviews

I Was a Cybercrook for the FBI

http://www.wired.com/politics/onlinerights...s/2007/01/72515

Cybercrime and Punishment

http://sandiego.indymedia.org/en/2006/07/116608.shtml

Has Shadowcrew charged $149.95 to your credit card?

http://www.snopes.com/inboxer/hoaxes/joejobs/shadowcrew.asp

he's a pretty unstable man lol

Share this post


Link to post
Share on other sites

WOW ... what an incredible thread! WOW.

I found it searching for "joe-job' since we've (www.SafeNetting.com) discovered GOOGLE being joe-jobbed by someone ???? for SEO, their Penguin rules, and "Link Removal Requests" ... which actually turns out to be the perfect joe-job because they're nearly 100% effective ... of course until our spam-trackers get hold of them.

So, while the Lounge may not be for discussing "joe-job" stories ... I thought the Lounge was for stuff people wanted to bring up that does not have an "official" topic . . . and besides, I've seen a lot stupider topics in the lounge before.

:D

Share this post


Link to post
Share on other sites
In fact, it has been a long time since I have even heard of a real one being successful. Of course, if the site truly were a carding site, it would be successful!!

Gosh, Miss Betsy . . . that's a lot of typing!

Yes, but recently, the "Link Removal" joe-jobs are nearly 100% successful because everyone is scared-sightless of Google's Penguin and getting banned or dropped from Google ... so a joe-job attacking sites carrying the "adversary" links under the guise of Google gets results because the site owner removes the links without asking questions.

I'm a part-time volunteer in the User Group community for Safenetting.com and UGNN.com and spent quite a few hours tracking a set of "link removal" requests to known spam and botnet providers in Romania and the middle East. Never figured out why or what was going on, except they were NOT initiated by Google.

I do know it all but ruined one printing company because the joe-job was so successful. Problem is everyone is SO afraid of Google killing them in the search engines, nobody will utter a single word against Google or Penguin. Except me. Google has already killed me in the search engines, so I have no reason to be afraid of the truth.

See:

http://www.graphic-design.com/60-seconds/l...emoval_requests

Share this post


Link to post
Share on other sites

Hi Fred,

Yes, as Spamnophobic says, we lost Miss Betsy.

And you have posted a live link to your commercial website 89922[/snapback]. Usually we would remove the link, converting it to plain text, and perhaps gently admonish you, pointing to the helpfile http://forum.spamcop.net/forums/index.php?...E=01&HID=18 - but of course you DO reciprocally support SpamCop on your site and, under the circumstances of supposed Google throttling of your web presence, the question of search-engine opimization would anyway be superfluous.

So "we" let it stand (and it's an interesting article, webmasters reading it might care to add some of their own comment and context, not all will be in agreement as you know). Just to let OTHERS be aware we haven't gone soft generally on live links (and, honestly, the frequency with which even the most dedicated spamfighters here sometimes post even spamvertized links in their enthusiasm - no, no, NEVER do that folk, think about what that does - means we should omit no opportunity to re-iterate that message).

Always good to hear from you, hope you don't mind us jumping in like this.

Steve S

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×