Gaming Idol With Dialers

If you’re wondering why Sanjaya Malakar has done surprisingly well in American Idol, here’s one possible answer: dialers.

Dialers are pieces of software usually stealthily installed on a victim’s computer to automatically dial expensive premium telephone numbers. The victim only finds out when they receive their phone bill. In this case, the dialer, openly available on a reputable download site, is a voluntary install designed to automate the voting process in Idol:

Sanjaya War Dialer uses your computers modem to automatically dial the American Idol voting number over and over and over again until you tell it to stop. Automatically cast hundreds or even thousands of votes for Sanjaya with the click of a button. Make Sanjaya win and help us ruin American Idol.

The Sanjaya War Dialer has its own MySpace page where users report on their votes — 600 a hour, for some. The show’s producers are aware of this, and have been lopping off blocks of votes if they seem to be coming from power dialers, as they call them, for several weeks.

Gaming the system by voting for inferior contestants is not new. Vote for the Worst claims to have been around since 2004. And DialIdol.com offers dialers for other shows, including Dancing with the Stars, So You Think You Can Dance, Canadian Idol and Celebrity Duets. DialIdol isn’t so much about gaming the system as predicting who will be voted off by seeing which hotlines are busiest.

Should we be surprised by this? No. It’s not easy to tell how many people are using these dialers, and it would need to be a lot to make it work. But we shouldn’t underestimate the number of people willing to do this, either for fun or because they have money riding on it. And of course they may not need to vote – they only need to stop other people from voting for other contestants. Do we believe American Idol when it talks of 35 million votes? That’s a lot of phone lines.

I would say this: Any kind of voting technology that isn’t transparent and clear is likely to be manipulated, either by smart hackers with something to gain, or by those arranging the voting.

(My colleague Carl Bialik talks about voting and power dialers in his blog a couple of days back. Thanks to Handoko for the Twitter tip.)

Who Is Really Behind The Rogue Dialer Scams?

A tip from a reader (thanks, James) indicates we’re back on the trail of the rogue dialers. (Rogue dialers are pieces of software usually downloaded without the user’s knowledge, which then disconnect existing Internet connections and dial fresh connections via high-cost usually international numbers. The user doesn’t know much about it until the monthly phone bill arrives with a hefty jump.) A piece on TheWMURChannel (via AP) says Missouri’s attorney general has filed suit against a New Hampshire man, Michael Walczak,  and his businesses —  Phoenix One Billing LLC and National One Telecom Inc — accusing him “of charging Missourians for accessing pornographic Web sites they never visited”:

The suit accuses Walczak of demanding payment from at least 59 Missouri customers for long-distance calls to foreign countries that weren’t made and for accessing pay-per-view adult Web sites. Nixon said it appeared the charges sometimes came from auto-dialing software installed on people’s computers without their knowledge.

Walczak is accused of deception, fraud and unfair trade practices. Nixon wants the Jackson County Circuit Court to order the people wrongly charged be paid back, to block Walczak from engaging in unfair trade practices and to impose a fine of $1,000 per violation.

Walczak doesn’t sound like a big fish, although National One, one of the companies he is allegedly involved in, did catch some big ones. This article in the Union Leader describes him thus (go here for the full piece; the January original has been archived):

Walczak is a 2000 graduate from Manchester West High School and uses his parent’s Horizon Drive address in Bedford as his business address. He graduated from Daniel Webster College last year with a degree in information systems. John Zahr, a class officer of the West 2000 class, said Walczak was a smart kid who took advanced-level classes. “All I could really tell you, without trying to sound too harsh, was that he was perceived as your stereotypical high school ‘nerd,’ if you will,” Zahr said in an e-mail message.

In other words, if this account is correct, he’s barely into his 20s. Someone of his name is also behind this website, Candid Publishing, based in the same area, with the following DNS registration data:

 Walczak, M. webmaster@candidpublishing.com
 PO BOX 10007
 Bedford, NH 03110
 US
 1-866-422-6343

Different postbox, but same ZIP as Phoenix One Billing. And the company name happens to be the name by which National One Telecom’s DNS is registered. Candid Publishing’s website has nothing on it, but it looks cool, and promises services including “traffic auditing”. But it does seem to have been around a while: the Walczak of Candid Publishing has been using that company name since at least 2000. Oh, and there’s an interesting exchange here on the Tech Support Guy forums between angry users and a National One Telecom “customer service manager“. It’s more than a year old but entertaining and may shed some light on what this is all about. Could this particular scam have been dreamed up and carried out by small fry?

Rogue Dialers Still On The Rampage

Seems that those rogue dialers are still out there: This from the Manchester Evening News: £8m net swindle

UP TO 300 internet users a day are targeted by a swindle which cost British consumers about £8m in a year, says BT.

The company has received more than 80,000 complaints from computer users whose machines are linked to premium rate or international numbers without their consent.

Up to 2,000 people a day are now signing up for new BT software which guards against the internet dialler scam.

Victims of the con have seen their BT bills soar by an average £100, with some customers being stung for up to £1,000.

Here’s the software site. The blurb says:

Once downloaded, the software automatically launches everytime you start your computer. It monitors internet dial-up connections and alerts you when unauthorised users attempt to dial restricted numbers. When suspicious activity is noticed a display window will warn “You are attempting to dial a premium rate, international or non-approved number. If you do not want to proceed with this call hang up. If in any doubt you should unplug your modem and check your settings before attempting to redial”.

Scams, Dialers And Urban Myths

When is a scam a scam or an urban myth?

Dinah Greek of Computeractive writes that Britain’s premium rate line watchdog is being inundated with calls from worried consumers about scams that turn out to be untrue.

One email warns of a scam that says people have received a recorded message on their phone informing them that they have won an all-expenses paid holiday. The email goes on to say people who receive these calls are asked to press 9 to hear further details and when they do are connected to a £20.00 per minute premium rate line. This will still charge them for a minimum of five minutes even if they disconnect immediately. It is also claimed that, if callers stay connected, the entire message costs £260.00.

Another email says some people receive a missed call from a number beginning 0709. It is then claimed that, if callers dial this number, they are connected to a £50.00 per minute premium rate line.

ICSTIS, the watchdog with a name that sounds like an unpleasant disease, point out that these emails are incorrect. But with the whole rogue dialers thing going on, people are scared. (What I like about this story is that the problem seemed to have started in my old hometown: “We believe these emails started off years ago from a neighborhood watch liaison office in Northampton who got the facts wrong,” an ICSTIS spokesman says. (This, based on my experience of that town, seems plausible.) Since then it’s blown out of all proportion: ICSTIS points out that “these scams just can’t happen. Premium rate tariffs of £20 per minute and £50 per minute do not exist – the highest premium rate tariff available is £1.50 per minute.”

Does the fact that we don’t really know what’s going on in our computer make us prey to these kind of myths? Ignorance, superstition and credulity rise in inverse proportion to our understanding of our environment. Do computers make us more superstitious?

Welcome To Wallon

Turns out I was wrong about the socially engineered spam I wrote about a few days back. Prompted by some readers’ comments, I asked Sophos about it. This is what Carole Theriault has to say about it:

This is mass-mailing worm. It is call Wallon-A.
Essentially, it goes to a dodgy website and downloads a dialler program. Diallers change your modem connection number to a premium rate number without your knowledge or consent…. This is essentially unsolicited mail with a dodgy link.

Roger Thompson of PestPatrol tells me: “it’s a mass mailer, but no attachment… just a URL. The URL goes through a bunch of redirections until it gets to the real website, where it downloads the payload using one of the current exploits.”

Anyway, apologies to everyone for getting it wrong before.