Baiting 419 scammers

[rconner]

Today on the NPR (radio) show "This American Life" they had a segment describing the exploits of some of the folks at 419eater.com, who apparently tricked a 419er or "lad" into wasting several weeks and traveling 1400 miles to one of the most dangerous regions on earth in order to scam a church (which he did not know was a fake, concocted by the baiters). The story was more than a bit squirm inducing, but most of all it was very depressing that the target was simply too stupid to realize that the very same tricks he used to fleece others were being used against him (at the end, he gets righteously indignant about having been scammed). The segment captured some of the moral ambiguity involved with baiting, although it has to be acknowledged that the scammer started the process by sending the original 419 mail, and then stringing along with the baiters in hopes of eventually consummating his crime.

I think you can download the audio of this segment for free at http://www.thisamericanlife.org/Radio_Epis...spx?episode=363

-- rick

[Miss Betsy]

Yes, it is morally ambiguous to scam the scammer, but so much fun to think about! My favorite was years ago (published somewhere on the web). The intended victim's response to the 419 scammer was written in the same style. "My wife said, WE MUST HELP those poor people!" In this particular one, he managed to get the 419er to send him a money order for $6.

Miss Betsy

[Lking]

I agree rick, as I listened to NPR yesterday I too was ambiguous. With some (not much) reflection some points:

1. Vigilantism - There is no question that the 'processes of law appear inadequate' in the case of international internet scams. Although no evidence is no proof, I do not know of an example of vigilante law stopping before extremes were committed in the name of good (pick your definition). I do agree with what Miss Betsy said in regards to the VA spam law, 'the web is an open forum and should not be controlled by government.' (am I close Miss B?) Although I do listen to NPR I am somewhat right of center - my daughter doesn't think I even know if my left turn signal works. There are lots of places I don't want my government and "my" internet is one of them. I don't need the gov. protecting me from myself. On the other hand, as I help my 80 year old aunt tip-toe into the 20th century the presents of spam, scams and phishing sits give me pause. Contrary to some posters here SpamCop provides a tool to help people keep spam out of "their" corner of the internet, not from using the internet.

On the other hand do we, the 'internet savvy', have a social obligation to help protect others/make the world (internet) a better place to live and work? Gee that sounds right but can lead to vigilantism and deciding what is "right" for others to do or see.

2. Putting the 419 scammers in harms way. Not sure its a laughing matter. Of course if the law could it would put the 419er in jail. Not exactly keep them from harms way. Not a laughing matter either.

3. Poetic justice. Yes Miss Betsy when I first heard the story about getting money from the 419er I did LOL. Keeping the 419ers busy does have its merit and I suppose there is a need for more reward than just keeping them busy, one at a time. Which leads us to $6 and sending them to Chad. Just goes to prove there are no truly altruistic. - well except for me and thee.

4. Dumb. That they fall for the same scam that they pull on others just proves a variant of the rule "Spammers are dumb." Now sure where the fun is in out smarting someone that is, by definition, dumb. Isn't that the definition of a schoolyard bully? They pick of the weaker/dumber.

This could go on but the prospect of the thread being hijacked by current politics or religion seem high. On second thought, that is where we discuss right and wrong/good and bad.

[Miss Betsy]

<snip>

On the other hand do we, the 'internet savvy', have a social obligation to help protect others/make the world (internet) a better place to live and work? Gee that sounds right but can lead to vigilantism and deciding what is "right" for others to do or see.

No, the 'internet savvy' do NOT have an obligation to protect others, IMHO! That's why spam is lingering on and on, again, IMHO.

They do have an obligation to provide choices and education to make those choices. Not everyone is going to make the 'right' choice - that's why the 419 scammers are in business and have been for years. But the beauty is that one can make a choice (not about email as it stands now because the chicken/nanny/bottomline only ISPs decide what spam filtering is used), but we still can surf - and there are some tools for non-technically fluent users (not many, but some).

The major problem, that I see, is that techies just don't have the patience or the expertise to explain how one can use the internet and email safely and responsibly so they resort to technical solutions to do what their customers want (the various filtering systems). (also, see Wazoo's and my complaints about end users not defining what they want in a product).

And, fortunately, the 'law' can't control the internet so that the techies, (who are, for the most part, more honest and considerate of others), are in charge and while we may have idiot dancing images on our screens (to pay for it all), for the most part (aside from the idiots who click on the idiot dancers), we can use the internet safely. You just can't protect people from themselves.

And, if online businesses need to hire techies in order to provide a safe environment to do business, that's the way the world works.

Miss Betsy

[rconner]

Dumb. That they fall for the same scam that they pull on others just proves a variant of the rule "Spammers are dumb." Now sure where the fun is in out smarting someone that is, by definition, dumb. Isn't that the definition of a schoolyard bully? They pick of the weaker/dumber.

I never found myself particularly interested in baiting, even though I probably have the skillset for it. Maybe this is why. I think the argument that "we do it to stop them/take up their time" doesn't quite hold water.

Since listening to this broadcast, I've suddenly realized something that may have been obvious to others but not to me: if 419 rackets are armies, then the people we hear from in these messages are the grunts. They are like grunts in every war: they don't know much beyond the things they've been trained to do, they aren't shown a "big picture," and they don't understand everything that goes on. This would explain the fact that they are unable to recognize when they themselves are being scammed, or why their messages are often so flamingly bogus and dim-witted.

-- rick

[Farelf]

...They are like grunts in every war: they don't know much beyond the things they've been trained to do, they aren't shown a "big picture," and they don't understand everything that goes on. ...

Totally O/T but - while I take your point - that is a terribly steroetypical characterization of the infantryman. Still, stereotypes can be useful if you don't, through repetition, forget what is being simplified by way of over-emphasizing the 'central truths'. In truth, 'grunts' know more than most will credit. It's remarkable how the real threat of imminent dissolution will focus the intellect and sharpen the senses. And yeah, they bleed too. No big thing, I understand no disrespect intended, just making a small point.

[rconner]

Totally O/T but - while I take your point - that is a terribly steroetypical characterization of the infantryman.

Of course, my bad -- apologies to any current or former grunts in the audience. I've watched too many Hollywood war movies, perhaps. It might have been more apt to use another analogy -- the people who send us the 419 mail are like the phone solicitors who are trained mainly to engage prospective customers and get them ready for a closing, at which point the more seasoned sales folks take over. This might account for the new characters who tend to keep showing up as these scams go forth with hot prospects.

-- rick

[Wazoo]

Of course, my bad -- apologies to any current or former grunts in the audience.

Although it might be true that I should have taken umbrage, your comments actually had me reflecting back on some of the various idiots soldiers I'd served with, met, had the joy of dealing with while serving my time. Pretty much as HBO's Generation Kill series showed that some things hadn't changed since the Viet Nam days .. heck some situations could be directly compared to the Korean conflict as represented in the MASH series.

I'll even admit to still enjoying watching Combat, Rat Patrol, 12 O'clock High etc.

[Farelf]

... I'll even admit to still enjoying watching Combat, Rat Patrol, 12 O'clock High etc.

Yeah, love all of those and Mash, they're entertainment - but the wry, desperate, humor of the "How to stay alive in Vietnam" episode of China Beach (the Sarge's rules, 29 November 1989 Google tells me) probably contained some actual vet input. Just occasionally a hint of realism creeps in, though slightly improbable when put into the mouth of a transport Sergeant. Not that there's anything wrong with Transport Sergeants (as a class). Anyway, enough of the O/T from me. No harm, no foul Rick - no-one who spent more that 30 seconds looking at your public postings would believe otherwise.

[showker]

There are lots of places I don't want my government and "my" internet is one of them. I don't need the gov. protecting me from myself. -- snip -- if online businesses need to hire techies in order to provide a safe environment to do business, that's the way the world works.

So, let me make sure I'm understanding what you're saying...

If a telemarketing firm calls your phone every 8 minutes, around the clock, 24/7 ...

You're saying it would be YOUR responsibility to change your number to provide a "safe" environment to operate your phone. Is that what you're saying?

And, then when the SAME telemarketing company picks up your NEW telephone number and begins calling you every 8 minutes 24/7 .... and a second telemarketing begins calling every 10 minutes, and a third telemarketing company begins calling every 6 minutes...

is that "the way the world works" ... ?

People discovered quite a while ago that the telecommunications industry needs some kind of regulation.

There's no way individuals could hire enough geeks to protect themselves from such criminal activities. (If you can actually find a geek who's not already working for online crime)

But perhaps I still miss your point.

What if the local low-lifes are crowded around your children's school yard, handing out pornography -- and luring them away into cars.

Is that "the way the world works" ... ?

You're saying that it would not be "your" government's place to protect "your" school yard?

That the school should hire their own "geeks" to keep the low-lifes out?

And who ultimately pays for that? Either way?

Who is more appropriately equipped to deal with it?

Both scenarios seem a little crazy -- but both can be applied to the internet. Not "your" internet... "our" internet.

But then again, perhaps you enjoy paying your cash for their stolen resources. I don't.

Sometimes I just have to ask ... "What were they thinking???"

:angry:

[Miss Betsy]

So, let me make sure I'm understanding what you're saying...

If a telemarketing firm calls your phone every 8 minutes, around the clock, 24/7 ...

You're saying it would be YOUR responsibility to change your number to provide a "safe" environment to operate your phone. Is that what you're saying? <sniP>

One has to lock one's doors nowadays. I have lived in places where people even left their keys in their cars. It is an imposition on me to have to lock my door. If I have to block (using blocklists) to prevent email from known spam sources, it may be an inconvenience, but it keeps the email out - unlike offline where thieves can force their way in. They can't force their email on me. Filters are pretty good at keeping unwanted email out. Even if it sneaks in, unlike the offline thief, I don't have to respond to it.

There's no way individuals could hire enough geeks to protect themselves from such criminal activities. (If you can actually find a geek who's not already working for online crime)

One would only have to hire geeks to filter one's email if one wanted to make sure that one didn't miss an unsolicited email that might result in a sale or, in some cases, to provide assistance as a non-profit. Most businesses do have an IT department. The small businesses that everyone thought would be so wonderful for everyman online are not going to be able to survive without IT expertise, but that's not such a terrible problem. What else do they need protection from?

But perhaps I still miss your point.

What if the local low-lifes are crowded around your children's school yard, handing out pornography -- and luring them away into cars.

Is that "the way the world works" ... ?

Yes you do miss the point. I can't stop the low-lifes without physically assaulting them from handing porn to my child or luring my child into a car. I can stop the low lifes online without force by ignoring them. I am talking primarily about email, but there are 'parent services' that prevent children from accessing certain websites. I don't have to force the lowlifes to stop what they are doing, but I don't have to allow them to continue doing it in my 'space.'

You're saying that it would not be "your" government's place to protect "your" school yard?

I don't need the government to protect my inbox. And I don't want the government to be scrutinizing my email without a warrant. I also do not want the government to decide what I cannot post on a website. There are plenty of laws on the books now for the criminal activity on the internet.

<snip>But then again, perhaps you enjoy paying your cash for their stolen resources. I don't.

The way I understand it, if you block email, you don't pay for the bandwidth to accept it. It requires more hardware and software to block at the server level, but I have to pay for locks and shredders offline. There is no reason why the internet should be cost free. I already have to pay for anti-virus software (one way or another).

And, yes, I would like to forcibly restrain spammers from spamming. I would also like to forcibly restrain those who play loud music in their cars. However, I can ignore the spammers a lot easier than those with loud music. I would also like to forcibly restrain those who make spamming worthwhile. If I were an ISP, I would charge extra for anyone who didn't use my spam blocking at the server level service. That would take care of some of those who think they can get something for nothing and cut into the profits of a certain segment of spammers.

But, as I said before, the way the internet is designed is that anyone who is decent and honest can simply ignore those who aren't unlike offline where those who want to force whatever on me, can do so. That makes it unnecessary for me to 'force' them to stop or to ask governments to 'force' them to stop. And that is a good thing, because giving governments the power to force others to stop doing certain things always lets in the possibility that the government will force you to stop doing something you believe is right.

Miss Betsy

[turetzsr]

<snip>

<snip>

But then again, perhaps you enjoy paying your cash for their stolen resources. I don't.

The way I understand it, if you block email, you don't pay for the bandwidth to accept it.

<snip>

...Well, there are direct costs and indirect costs. If you pay only per message or per kilobit or megabit downloaded, then if you don't download it, you don't pay for it. But if, as I understand is true for most, you pay a flat rate (perhaps plus per <whatever unit of measure>), then you are indirectly paying a share for the resources expended in processing or rejecting the spam. In fact, even if you only pay per <unit of measure>, a part of your cost is undoubtedly there to help defray the cost of the spam.

[rconner]

The way I understand it, if you block email, you don't pay for the bandwidth to accept it.

<snip>...Well, there are direct costs and indirect costs. If you pay only per message or per kilobit or megabit downloaded, then if you don't download it, you don't pay for it. But if, as I understand is true for most, you pay a flat rate (perhaps plus per <whatever unit of measure>), then you are indirectly paying a share for the resources expended in processing or rejecting the spam. In fact, even if you only pay per <unit of measure>, a part of your cost is undoubtedly there to help defray the cost of the spam.

For my 2c worth, I think rejecting mail saves you from having to store it, filter it, or pass it to customers. It doesn't necessarily stop the spammers from attempting to deliver, so you still have to have a lot of mail hosts on some big pipes to do a lot of rejecting. Could be the spammers might get the message after awhile if they find themselves consistently unable to deliver to certain hosts, but this assumes they are monitoring rejection rates (which they may not be).

-- rick

[Lking]

Yes, blocking avoids some of the costs of spam, but only some of the costs.

By blocking spam at your door step, you do avoid the costs Rick listed. However, the internet backbone must have the capacity to handle wanted data in addition to the capacity to get the spam from the spammer's ISP to the point of rejection.

Those internet costs of course can be avoided by moving the point of blockage closer to the spammer until he is squashed like the bug he is. But the farther from you the blocking takes place the less control you have and the higher the cost to your freedom and the freedom of others. Just moving the blocking/filtering from your PC up to your ISP causes you to loose some freedom, and emails. = I assume I am not the only one to have found an email I wanted in the bit bucket of my ISPs spam filter.

Its a pain, its costly, but I prefer to pay for the larger internet pipes and larger capacity of (my) ISP than to pay by letting someone else decide which emails I can receive. As the old saw goes 'its emails first then slowly it becomes others internet content until it is your internet content.'

The interjection of a specific topic being blocked or similes of spam to rape or other 'button' issues only distract from the central issue of personal internet freedom. The law is ripe with examples of efforts to try to write laws for everyone, with exceptions/inclusions for everyone, and they seem to satisfy only a few.

Yes I am sure all here could agree there is 'no social redeeming value' to XYZ spam (insert you pet peeve). However, if the judging group is expanded, at some point someone will disagree with the majority (we know the spammer is out there somewhere). On the other hand I'm sure I could select an email topic, ABC (select your pet peeve) that not all here will agree should be sent to 'improve general welfare' i.e it has social redeeming value. My point being as soon as we handover to the majority our rights to send email each of us loose. And yes you have the right to decide whether my email to you does or does not have value to you.

So keep you government/restriction out of my SMTP and in you POP3.

[Miss Betsy]

IIUC, blocking at the server level ensures that a legitimate sender gets a NDR. At the server level only blocklists of IP addresses are used. I believe that, perhaps, one can also use spamassassin at the server level, but, again, IIRC, it was way beyond my non-technical head.

spam can go in the junk folder for lots of reasons because once it is accepted, it goes through content filters as well as blocklist filters. I had a Word file from me sent to the junk folder when I sent it to myself at another email address. My ISP was not on any blocklists and I had sent Word files numerous times with no problems before. My guess is that there was a rash of older Word applications getting infected and it went there because the filterers were being proactive. Subsequent Word documents have not been sent to junk folder.

If end consumers allowed their ISPs to reject at the server level email that was on blocklists - even if, occasionally, a legitimate email was returned marked as coming from a spammy mailserver - it would go a long way towards 'squashing' the spammers. I think I have heard that a huge percentage of spam comes from compromised computers (which don't send real email anyway). I know that when email is forwarded from a non-filtered account to my hotmail account - almost none of the spam gets through to my hotmail junk mail box - it just disappears and my hotmail junk level is the lowest I can make it. I have only found one legitimate email not to make it to hotmail and that was years ago - I think ISPs are a lot more careful now about getting on blocklists. And, again, if the sender knows that his email didn't go through, he can make sure that his ISP fixes very quickly.

I don't want to babysit for the people who want to buy cheap watches or watch cheap pictures. If they want to accept all that junk and pay for it, they can. Anyone who emails me should the kind of person who would be appalled at being on the same mail server as a spammer and do something so it doesn't happen again. Of course, if I were running a business, or for some other reason wanted unsolicited email (which I do for some other reason), I would have to pay more also, but that's the price of doing business.

But I don't want any government agency setting the standards for filtering my email. It is bad enough that I can't set my own filters, but have to rely on my ISP who won't tell me how he does it. At least most of them allow you to turn it off and for many end users simply being careful with a new email address takes care of spam for a long time.

Miss Betsy