loose wire blog

Courtesy of ABC Australia IT guru Paul Wallbank, the source of my chat with Veronica Sexy may have been discovered: an automated sex talk service called CyberLover.ru. Paul points to this story from Conor Sweeney of Moscow's Reuters bureau:

A Russian website called CyberLover.ru is advertising a software tool that, it says, can simulate flirtatious chatroom exchanges. It boasts that it can chat up as many as 10 women at the same time and persuade them to hand over phone numbers.

The service, on the surface, appears aimed at guys who aren't able to win over girls online any other way: "It's happened - a program to tempt girls over the internet!" Reuters quotes the site as claiming. "Within half an hour the CyberLover program will introduce you to ... girls, exchange photos and perhaps even a contact phone number," it states. Woohoo. 

But is that all it does? Antivirus and software developer PC Tools says it's much more dangerous than that. “As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” a company press release quotes Sergei Shevchenko, Senior Malware Analyst, as saying. “It employs highly intelligent and customized dialogue to target users of social networking systems.” The goal, Sergei says: to gather personal information about users and also to lure them to websites, possibly to infect them with malware (a generic terms for software that infects their computer which can then be used as what is called a bot to grab data, infect other computers or send spam.) That doesn't sound like the Veronica I know. 

The website itself denies this, according to the Reuters report. "The program can find no more information than the user is prepared to provide," one of the site's employees, who gave his name only as Alexander, said in an emailed reply to Reuters questions. "It maintains a dialogue with a person, but is not engaged in hacking or any other such schemes, I think this should be obvious," he said.

Well, there's hacking, and there's other stuff that comes close to it. The company or individual behind this product appears to be the same as that which runs Botmaster.Net, both of which are registered to one Alexander Ryabchenko. Botmaster sells a $450 piece of software called Xrumer, which spams websites, forums and blogs to build up a website's profile on search engines (it claims to get past CAPTCHA screens, where users are asked to identify letters in images.) Given the name of the website is botmaster you can't help wondering what else it does. 

So was Veronica Sexy an early prototype of of CyberLover? Well, they're both run by Russians, but beyond that it's not clear. I hope to find out more. What is clear, though is that SkyperSex, the website Veronica was trying to lure me to, is an affiliate of Streamray, a sex website that is one of several just bought by Penthouse Media as part of its purchase of Various Inc (for $500 million). It should make for an interesting bit of research. 

Oh, and if you're looking for automated online chat that's a bit more real, check out My CyberTwin.

Russian computer program fakes chatroom flirting - Yahoo! News

Maybe this is commonplace for others, but I've just got my first sex-chat-spam on Skype. It's from someone called Veronica Sexy, whose profile indicates that it's unlikely to be someone I've met and just forgotten about (as if I would):

Just in case you can't read that last bit, it reads:

can't wait to get real nasty and show off :) IM REAL MISS WEB CAM!

Reply to the message and immediately you're asked to share your contact details (a la Skype.) I didn't risk having Veronica spam all my friends (not sure how that would work, but I've got some nice people on my list, and I'd hate for them to be upset.) But I did reply to her message, and her responses were quick, and, dare I say it, felt a trifle automated:

[8:53:55 AM] Veronica sexy says: Hi are U busy?
[9:03:43 AM] Jeremy Wagstaff says: hi
[9:03:50 AM] Veronica sexy says: How are u ?
[9:04:30 AM] Jeremy Wagstaff says: i'm great. who are you?
[9:04:31 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:36 AM] Jeremy Wagstaff says: no thanks
[9:04:37 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:45 AM] Jeremy Wagstaff says: i'm a bit busy. really
[9:04:47 AM] Veronica sexy says: My internet connection  is very bad come on http://www.SkyperSex.com !!!

[9:04:54 AM] Jeremy Wagstaff says: my internet connection is great!

That was the last I head of Veronica, although her scent lingers on.

The web address, by the way, is pretty much what you expect it will be -- lots of alleged clips of ladies cavorting. The administrator of the website is one Alexandrof Tiberiu in Moscow, who also owns www.yourlivecams.com.

I guess what's interesting here is that Skype don't seem to do much policing of this kind of thing. This could be a sex site spam, or it could be something worse.

(If you want to prevent Veronica getting in touch with you, go into Skype options, Privacy settings, and click on the Show Advanced Options button. Make sure the Allow chats from... option is only people in my Contact List:

Chances are Veronica won't come calling. Frankly, your life won't be the poorer for it.

I've lately been looking for a way to listen to Internet radio away from my computer. This looks like a good, albeit somewhat expensive, answer: the WiFi Radio from Acoustic Energy (about S$600, that's $415ish).

The WiFi Radio connects to your router and stores more than 5,000 radio stations by country, updated each time the machine is switched on, which you can scroll though via the somewhat pokey LCD display on the top. There's a buffering delay but once the station kicks in the sound is great. You can also use it to stream music from your computer.

It's a classy solution to the problem. But I think there might be a simpler one, if you've only got a handful of stations you want to listen to, and just want a small device you can carry around the house with you. Perhaps I could even use an old PDA with WiFi built in? Where's that Tungsten T3 I saw lying around?

wifi radio - further information : acoustic energy

It's somewhat scary that more than 10 employees of a laboratory that works on security issues (including phishing) could fall for a phishing attack. The Oak Ridge National Laboratory, or ORNL, managed for the U.S. Department of Energy by UT-Battelle, works on science and technology involved in energy production and national security. In late October the lab was targeted from Chinese websites, according to eWeek:

All of the phishing e-mails instructed lab employees to open an attachment for more information or to click on an embedded link. ORNL's investigators now believe that about 11 staff fell for the come-ons and opened the attachments or clicked on the links. That was enough for the attackers to install keyloggers or other types of malware that gave attackers access to systems and the ability to extract data.

The interesting thing here is whether this was a "coordinated attack" and a "cyberattack" as has been suggested in the media. The Knoxville News Sentinel, for example, quotes lab director Thom Mason as saying, involved the thieves making "approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven phishing e-mails, all of which at first glance appeared legitimate." Meanwhile this AP article quotes Mason's memo to employees:

The assault appeared "to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions" in the United States, lab director Thom Mason said in a memo to the 4,200 employees at the Department of Energy facility.

The key here may be that the attackers were after personal information, not military secrets. As John C. Sharp writes:

The headlines keep coming about the news that several high-profile military labs - including some of the world's leading nuclear research labs - have been compromised by phishing scams. Unfortunately, many of these headlines are missing the point.

Example: In one story published today, PC World claims that Chinese Hackers "launched" a coordinated "major attack" on two US Military Laboratories.

This is almost certainly *not* what happened. According to most of the published data, this was a phishing attack, plain and simple.

The fact is that China's computers are so insecure that more or less anyone could use them to do more or less anything, from relaying spam to launching phishing attacks. So it's not proof that China, or even Chinese, were involved just because the IP addresses are Chinese.

Of course, we don't know for sure what happened yet. But if the attack was enabled by employees clicking on an email attachment or link that originated from a Chinese server, you've got to question a) the security training at a place like that, and b) wonder what kind of security filters they have on their servers that would allow such emails to get through, especially given the sheer number of emails that were sent.

Sometimes "China" is a great excuse for all sorts of incompetence and inefficiency, and "sophisticated cyber attack" is just another way of saying "sorry, we haven't got a clue about all this Internets stuff."

Oak Ridge Speared in Phishing Attack Against National Labs