Tag Archives: Internet connections

Who Is Really Behind The Rogue Dialer Scams?

A tip from a reader (thanks, James) indicates we’re back on the trail of the rogue dialers. (Rogue dialers are pieces of software usually downloaded without the user’s knowledge, which then disconnect existing Internet connections and dial fresh connections via high-cost usually international numbers. The user doesn’t know much about it until the monthly phone bill arrives with a hefty jump.) A piece on TheWMURChannel (via AP) says Missouri’s attorney general has filed suit against a New Hampshire man, Michael Walczak,  and his businesses —  Phoenix One Billing LLC and National One Telecom Inc — accusing him “of charging Missourians for accessing pornographic Web sites they never visited”:

The suit accuses Walczak of demanding payment from at least 59 Missouri customers for long-distance calls to foreign countries that weren’t made and for accessing pay-per-view adult Web sites. Nixon said it appeared the charges sometimes came from auto-dialing software installed on people’s computers without their knowledge.

Walczak is accused of deception, fraud and unfair trade practices. Nixon wants the Jackson County Circuit Court to order the people wrongly charged be paid back, to block Walczak from engaging in unfair trade practices and to impose a fine of $1,000 per violation.

Walczak doesn’t sound like a big fish, although National One, one of the companies he is allegedly involved in, did catch some big ones. This article in the Union Leader describes him thus (go here for the full piece; the January original has been archived):

Walczak is a 2000 graduate from Manchester West High School and uses his parent’s Horizon Drive address in Bedford as his business address. He graduated from Daniel Webster College last year with a degree in information systems. John Zahr, a class officer of the West 2000 class, said Walczak was a smart kid who took advanced-level classes. “All I could really tell you, without trying to sound too harsh, was that he was perceived as your stereotypical high school ‘nerd,’ if you will,” Zahr said in an e-mail message.

In other words, if this account is correct, he’s barely into his 20s. Someone of his name is also behind this website, Candid Publishing, based in the same area, with the following DNS registration data:

 Walczak, M. webmaster@candidpublishing.com
 PO BOX 10007
 Bedford, NH 03110
 US
 1-866-422-6343

Different postbox, but same ZIP as Phoenix One Billing. And the company name happens to be the name by which National One Telecom’s DNS is registered. Candid Publishing’s website has nothing on it, but it looks cool, and promises services including “traffic auditing”. But it does seem to have been around a while: the Walczak of Candid Publishing has been using that company name since at least 2000. Oh, and there’s an interesting exchange here on the Tech Support Guy forums between angry users and a National One Telecom “customer service manager“. It’s more than a year old but entertaining and may shed some light on what this is all about. Could this particular scam have been dreamed up and carried out by small fry?

InspectorBrown Responds

Here’s what Rick Brown said of his Inspector Brown anti-phishing toolbar in response to my questions about its failure to catch the cross scripting phish mentioned here:

Our software works to protect our community of users and allow each user the ability to fight back against spam, phishers and online fraud.

Yes, its true, not all smart people will care to report bad links or websites, but a percentage of users will gladly do so.

The idea is simple, when a member of our community gets an email from a known spammer or phisher, they report it, either by sending an email to reports@inspectorbrown.com or clicking on the “Report a Site” button from the Inspector Brown toolbar. Immediately, once the site is reported, our software goes to work analyzing the site for clues. How long has the site been active/registered online? Is it IP based, does it show certain patterns that make it stand out?

The toolbar was also designed as a marketing tool. Financial institutions and any large corporation wanting to protect and promote their image can benefit from a branded toolbar that shares a common database with other businesses. If certain smart employees or users report to our system every user using our software gets the same protection. The toolbar was designed to allow additions such as links to certain departments within a company, information tickers for stocks or weather, the options are endless.

Our software differs from spam blockers as they are what we call “band aid” approaches. Spam is still sent to the users and may end up in spam folders, however some emails such as your message to me, was sent inadvertently to my spam folder even though it was legitimate email. All this traffic affects the ISPs and corporations and users who rely so heavily on email.

What if you went to the grocery store and bought 100 dollars worth of food, brought it home only to find out that $70 of the food was bad? You would be pretty upset. However, ISPs constantly send all of us unwanted e-mail that makes up the majority of traffic sent via our Internet connections.

Our software intends to weed out the bad traffic. If users can’t access the websites of spammers and phishers, they can’t purchase their goods or fall victim to their crime. The criminals will have to resort to other methods. The more users who become part of our community increases the chance of a percentage of users who will be vigilantes and want to fight back, stopping the bad guys from invading our lives. The more users who join our community increases the speed at which the sits are reported. Each user is given a score to determine the trust level we have with each user. This prevents the bad guys from using our software to “punish” their competition.

There is no perfect method to stop spam and phishing scams, but our software adds one more layer of protection in a unique way.

Thanks, Rick.

The Price of Worms

How damaging are worms?

Very, says Sandvine Inc, a Canada based Internet security company. It says that the main damage is on ISPs who lose bandwidth to them, and face daily Denial of Service attacks. “In fact,” Sandvine says in one new report (PDF, registration required), ”Internet worms and the malicious, malformed data traffic they generate are wreaking havoc on European service provider networks of all sizes, degrading the broadband experience for residential subscribers and imposing hundreds of millions in unplanned hard costs directly related to thwarting attacks.”

Worms, Sandvine says, consume “massive amounts of bandwidth as they replicate. And depending on the number of vulnerable hosts in a given network environment, a worm can create hundreds of thousands of copies of itself in a matter of hours.” The company’s research shows that between 2 and 12% of all Internet traffic is malicious. Even on a well-run ISP network, that figure is about 5%. And if that doesn’t sound very much, consider the warped effect worms have on processor power, when they propagate and probe for weak spots.

All this means that residential subscribers are going to feel the hurt, partly because it’s their Internet connections that are being targeted by worms, and partly because their connections are going to slow down with all this extra traffic, Sandvine warns. Then of course there are infections: The dirty secret of worm infections is that if you’ve got one, the only sure way to get rid of it is to reinstall everything.

For now, ISPs keep quiet about these things; they don’t want to scare off subscribers, and they don’t want the bad guys to get any fresh ideas about their vulnerabilities. But it seems to me that worms and bots are a topic that needs to be researched, reported and resolved more than it is.

 

Keeping Out The Worms

Can we really keep out worms?

An interesting piece from Information Security Magazine takes a look at a range of “antiworm” products which promise to contain worms by weeding out bad traffic. Among them: Mirage Networks, ForeScout, Check Point Software Technologies, Silicon Defense and IBM.

They use different approaches, from looking for unfulfilled Address Resolution Protocol requests, to anomaly detection, while others automatically isolate compromised hosts, the article says. Others redirect worm traffic to a quarantined area to buy time to isolate the worm and keep systems available. Others try to limit the spread of a virush by ‘throttling it’, i.e. limit the number of Internet connections an infected computer can have.

Interesting article, but in the end we don’t know exactly what the next worm will do, so aren’t we back at square one, of always being wise after the event, like all anti-virus software? Or am I missing something?

A Way To Stop The Keyloggers?

Here’s a program that may help you if you worried about the recent spate of viruses and phishing tricks that focus on keylogging — small, often invisible, programs that secretly capture what you type, especially when you’re entering passwords .

System Mechanic 4, a collection of software tools from iolo technologies, includes parasite-fighting tool called SpyHunter(TM) which “seeks and destroys annoying and dangerous spyware, malware, adware, and other notorious malevolent applications, plug-ins and ActiveX controls that fly under the radar of antivirus solutions”.

SpyHunter also “protect users from keyloggers”, although the press release I got doesn’t say how. I will check out the software and get back to you.

System Mechanic 4 Professional includes Panda Antivirus Platinum 7.0 antivirus and firewall, System Shield, Search and Recover, and DriveScrubber. There’s also a Popup Stopper tool, a disk defragmenter and something called NetBooster, which claims to speed up Internet connections by up to 300%. The whole kaboodle costs $70.

Loose Wire: The State We

Loose Wire: The State We Could Be in

By Jeremy Wagstaff
from the 28 March 2002 edition of the Far Eastern Economic Review, (c) 2003, Dow Jones & Company, Inc.

Voting in your underwear? Sounds an appealing proposition: the chance to exercise your constitutionally protected right without actually having to leave your home. You could be watching Frasier while working out which candidate you want to mess things up for you for the next three/four/25 years, based on criteria such as which one most closely resembles a Teletubby/Frasier’s brother Niles/your Aunt Maudlin.

Yes, the lure of Internet voting is coming around again. In May, soccer enthusiasts will be able to vote for their favourite players in the World Cup via a joint South Korean and Japanese project (mvp.worldcup2002.or.kr; the site is not fully functioning yet). This is just an on-line poll, of course, and doesn’t add much to the mix except to try to introduce a new social group (soccer fans) to the concept of on-line voting. Elsewhere, however, on-line voting is already kicking in: Some towns in Britain are undertaking pilot projects allowing voters to choose their local councillors via the Internet, or even via SMS, in borough elections in May.

I don’t want to be a killjoy, but this kind of thing gives me the heebie-jeebies. The arguments in favour of on-line voting make sense — faster counting, less human error, attracting younger, hipper voters with handphones and Internet connections in their hatbands, higher turnouts, you can vote in your underpants, etc., etc. — until you actually think about it. Computers, we’ve learned since we plugged one PC into another, are notoriously insecure. Viruses are now so sophisticated and prevalent that many security consultants advise their clients to update their anti-virus software every day. What are the chances of a voting system not being a juicy target for people writing these nasty little vermin programs?

Another argument wheeled out in favour of Internet voting is this: The Web is now managing billions of dollars of transactions successfully, so why can’t it handle voting? There’s a simple answer to this, as security consultant Bruce Schneier of Counterpane Internet Security (www.counterpane.com) explains: The whole point of voting is that it’s supposed to be anonymous, whereas any financial transaction has attached to it details of payee, recipient and other important data. This makes it much, much harder to protect any voting system from fraud, much harder to detect any fraud and much harder to identify the guy conducting the fraud. What’s more, if there was evidence of fraud, what exactly do you do in an on-line vote? Revote? Reconduct part of the vote? Chances are that faith in the overall ballot has been seriously, if not fatally, undermined.

Some of these problems could be done away with via ATM-style machines that print out a record of the vote. That could then be used in any recount. But it’s still not enough: As on-line voting expert Rebecca Mercuri points out, there is no fully electronic system that can allow the voter to verify that the ballot cast exactly matches the vote he just made. Some nasty person could write code that makes the vote on the screen of a computer or ATM-machine printout different from that recorded. This may all sound slightly wacky to people living in fully functioning democracies. But (political point coming up, cover your eyes if you prefer) democracies can be bent to politicians’ wills, and one country’s voting system may be more robust than another’s.

Scary stuff. Florida may seem a long way away now, but the lesson from that particular episode must be that any kind of voting system that isn’t simple and confidence-inspiring gives everyone stomach ulcers. The charming notion that the more automation you allow into a system, the more error-free and tamper-proof it becomes, is deeply misguided. The more electronics and automation you allow into the system, the less of a role election monitors can play.

Internet voting, or something like it, may well be the future. I’d like to see it wheeled out for less mission-critical issues, like polling for whether to introduce traffic-calming measures in the town centre, or compulsory kneecapping for spitters, say. But so long as computers remain fragile, untamed beasts that we don’t quite understand, I’d counsel against subjecting democracy to their whim. Even if I am in my underpants.