Security, Trust, Uncategorized

thing one

“Fasten your seatbelts, it’s going to be a bumpy night.”

A multi-part series… 

Thing One

I remember my very first 419.

I had the (mis?)fortune of having posted on Usenet before any but the most incredibly prescient, experienced, or paranoid of us had figured out that we shouldn’t use our real email addresses. My earliest postings date to around early 1991, although the earliest ones you can still find in google groups were from 1992 (and what a cornucopia of geekdom they are! I really liked the early 90’s…).

One of the places my MSFT email address was listed was one of the early rec.martial-arts FAQs, and after that FAQ got broad distribution, I simultaneously heard about “daemons” and “spiders” and I got my first spam from a FL martial-arts gear distributor.

I switched most social postings to a non-work address, and changed my .sig to disguise my email as peterb7@m7crosoft.com, figuring, incorrectly as it turns out, that most people who would want to reach me would be able to figure that out, because usenet had been invaded by hoards of AOLers who Just Didn’t Get It.  

All of this meant that my official MSFT address became part of the fabric of the interwebz, where it lives to this day, along with some of my posts. I’ve been on the bleeding edge of spam management (solely as a user) as I was getting spam before many people knew what it was, actually since well before most of us associated the word “spam” with “unsolicited broadcast email”, although the term has been in use since well before then

Because my work email addy was so easy to find, eventually I was  inundated with waves of spam that were then thwarted by the mighty engineering forces deep inside the bowels of the MSFT email system.  It was interesting watching this war. The waves would hit, I’d get 100s of spam in just a few minutes, and I would read some of them to try to figure out what counter-measures they were using to get around the MSFT filters. Fairly quickly (props to whomever was doing that work!) the spam would be stopped again, with the cycle to be waged anew days or weeks later.

My first 419 came after I started getting spam but before anyone I knew personally had ever gotten one. I remember calling people into my office and showing it to them. Someone wanted me to actually email them, and give them my bank account information…

I printed it and put it on the wall outside my office. Why? I had never done that with spam before. 419s felt interesting and different somehow from spam… I’m not sure I really understood why then. I realize now that it’s because they attempt to lead me down a road that ultimately has a very intimate connection with an adversary who wants to take things from me, ideally wants to take everything I possess, everything I own, doesn’t care if it destroys me or not, just wants wants wants. 

All 419s are variants on “The Spanish Prisoner”, which dates back to at least 1910, however I personally believe that as a scam, it must date back to cavemen. 

“I is Thag! I make for my tribe 1000 flint spear heads, but I no like dem no more! Chieftain is total wanker! But I not able to carry 1000 spear heads! How ’bout you loan me some beasts can carry 1000, I bring them back here, you take 25%?”

“What 25% mean?”  

“It mean you be loaded in spear heads!” 

“Sound like good deal to me!”

So, why did 419s feel so different from spam? Why did those go up on a wall outside my office, where spam never had? For a 419 to work, someone needs for me to believe that they are someone they aren’t, and they need to use my belief to string me along a path, interact with me, talk to me… 

I think it’s because 419s are personal and deceptive, whereas most spam is impersonal and transparent.

To be continued… 

Standard

3 thoughts on “thing one

  1. Jeffrey Lemkin says:

    Peter, you’re right on about the personal nature of this type of deception. In fact – though it’s something I preach the gospel of regularly – I shamefully confess that I was recently taken in by exactly this type of scam – a personal plea from a hacked FB user account “Is Iz strandyd in Londen, having been Robed – need UR help too get my filte home”.

    Apparently, the part of my brain that says, “Oh-oh, trouble in my tribe – gotta help out.” was way more potent than the part that was saying, “WTF – OK sure, call me collect and we’ll talk.”

    I suspect that most successful scams are based on this principle – as you note – “…someone needs for me to believe that they are someone they aren’t, and they need to use my belief to string me along a path, interact with me, talk to me…”

    And – even though I’m generally reasonably sophisticated about this sort of exploit – I was totally blindsided. I *believed* that the communicator was somebody they weren’t!!

    Great post, look forward to seeing more in this series.

    Cheers

    -Jeff

  2. Pingback: Thing Two « Obsessed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s