Minor-League hacking in the MLB

So, about a year ago, the Houston Astros announced their internal player database had been breached. This week, more details emerged, pointing right at the St. Louis Cardinals.

It wasn’t a terribly sophisticated attack. You knew I’d write about this, but I’ll explore it from an IT security perspective more than from a baseball perspective.

Read more

Identify bad guys through writing style

This month’s Social Engineer podcast discussed a tactic to identify bad guys through writing style, something the hosts expressed surprise was possible.

This won’t be news to anyone who minored in English or Communications or Journalism. A lot of factors go into style—where we grew up, where our parents are from, what we read growing up, our life experience, and it really is like a fingerprint. Fitzgerald’s Gatsby called everyone “Old Sport,” and we all have something like that, it’s just usually more subtle. I’ll say, “taste this,” when my wife or mother in law will say “taste of this.” That’s a regional thing. I pick up on that because I’m interested in language. A really good linguist can pick up on a lot more than that, and machine learning can potentially pick up on still more.

If you recall, it was the Unabomber’s long manifesto that brought down Ted Kaczynski.  Other forensics proved it, but the investigation began with his brother’s observation that the manifesto “sounded like Ted.”

Read more

The Ferguson race riots: An outsider’s perspective from not far outside

A Ferguson police officer shot and killed Michael Brown, an unarmed 18-year-old African-American man, on August 9, 2014. The night after, riots broke out.

Ferguson is an inner-ring suburb in north St. Louis County. As such, Ferguson is now approximately 67% African-American, although the power structure remains mostly white.

I am a native of Kansas City who has lived in suburban St. Louis for a little more than 20 years. As a quasi-outsider, St. Louis has some quirks that I recognize and understand. It helps to understand that St. Louis is very divided, both along the lines of race but also along the lines of class. One of the first questions many St. Louisans will ask you is what high school you went to. This conveniently tells people how much money you grew up with. If you went to a private school, you’re good. If you went to a public school in an affluent area, you’re good. If you went to a public school in a poor area, I hope you’re living in a more affluent area now because there are people who will look down on you.

Sometimes the lines are fuzzy but sometimes they’re very stark. In north St. Louis, there’s an east-west street called Delmar. On the south side of the street are expensive houses. I won’t say they’re all millionaires on that side of the street, but many undoubtedly are. On the north side of the street, the houses that aren’t vacant are occupied by people who have minimum-wage jobs. The haves and have-nots can stare at each other from their windows, separated by five lanes of traffic. This oddity has even caught the attention of the BBC.

Ferguson is a step up from the wrong side of Delmar, but many St. Louisans would have jumped to conclusions about Michael Brown and his Normandy High School diploma for the rest of his life, regardless of how long that might have been. Read more

Some tips for trolling fake technical support calls

I did a little more digging after getting yet another fake technical support phone call last week, and I’ve done some thinking on my own. If you want to troll these criminals when they call you, here are some ideas. Read more

Mr. Genius Man from “Windows Technical Support” gets nasty

I got another “Windows Technical Support” call on Friday evening. My caller ID said Minneapolis, and since I have coworkers in Minneapolis, I answered. But the guy on the other end was a long way from Minneapolis and probably doesn’t know diddly about ice hockey.

I’m pretty sure it was the same criminal as last time, but over a better VOIP connection. I remember the voice pretty well, because his parting lines from last time, “Enjoy your broken computer, Mr. Genius Man!” struck me as funny. And he started the conversation with, “I’m calling you again about your Windows 7 computer.”

My conversation with him revealed a few things about why this scam is likely to be profitable.

Read more

This “Computer Maintenance Department” sure doesn’t know much about computer maintenance

“Peggy” from “Computer Maintenance Department” (1-645-781-2458 on my caller ID) called again. Lots of people are aware of these phone calls. They call, make vague claims about receiving a report that your computer is running slow and giving you errors, and are very careful not to say who they are or who they work for. Usually I just do whatever I can to get them off the phone.

But after having lunch with some other computer security professionals last week, a couple of them talked me into finding out how these guys operate. So I fired up a PC that turned out to have a real, legitimate issue. After resolving that issue myself, I turned the caller loose on my semi-functional PC so I could see what these scammers actually do. He had me connect to Teamviewer.com and run their remote access software. I followed his instructions, watched him connect, then slyly unplugged my network cable.

When my network connection dropped, “Peggy” quickly transferred me to a “senior technician” who used the name “Roy.” Read more

No, the government isn’t going to come take your trains

Friday’s news that the Department of Health and Human Services have added formaldehyde to the list of known carcinogens and styrene to the list of potential human carcinogens caused a rumble in some of the circles I run in.

Let’s calm down, everyone. This doesn’t mean the government is going to send FBI agents to your door, guns in hand, confiscating your plastic trains and toys. The bottom line is that there is some danger for industrial workers who are exposed to the raw chemicals, but comparatively little danger to the consumers who posses plastic products made from those chemicals.
Read more

Secret Service BBS raids from the other perspective

I’ve written in the past about the Feds busting people using BBSs for nefarious purposes in the early 1990s. But the only stories I’ve ever heard were from the perspective of the people who got busted, often second or third hand.

Here’s a story from the side of someone who helped the Secret Service for three days in the 1980s.

The short version of the story: the Secret Service was busting the owner of a BBS who was using his board to collect and distribute credit card numbers and Sprint long-distance codes.

This particular bulletin board ran on an Atari 800 computer. An Atari 800 certainly would be up to the task, but Apple and Commodore computers were more common.

Jack Tramiel, the then-owner of Atari, had collected a favor from the Secret Service a few years earlier. Faced with an unfamiliar computer, the Feds called in the favor. So Tramiel loaned him one of his engineers: the author of the blog entry I linked.

It’s interesting to me that he said he wouldn’t help them again. He believed the Feds had a strong enough case without his help, and seizing computers didn’t really accomplish much.

Having spoken at length with people who got caught up in this kind of behavior, it got me thinking. I suspect the Feds took the computers not so much to collect evidence, but to keep the computers from being used for that purpose for a time at least, and to try to scare people away from that behavior.

The question is, did it work?

I can’t speak for anyone else in any other time or place, but in the 314 area code in the early 1990s, the intimidation tactics didn’t really seem to work all that well. People talked about it in hushed tones, but it wasn’t much of a deterrent. It seems to me that everyone thought they could get away with it, that they knew something the other guys didn’t. Or they thought they learned something afterward that they didn’t know before.

So they’d get out of juvenile detention (in all the cases I’m personally aware of, the perpetrators were minors), and they might or might not keep out of trouble for a while, but the allure was strong, and in most cases they got back into the same things again.

This raises a personal question too. I knew what these folks were up to, at least to some extent. So why did I talk to them?

Curiosity, really. Growing up in the ’80s, I’d seen the Hollywood portrayal of hackers, and the news portrayal of hackers (which wasn’t very different). This was the closest thing to a real hacker I’d seen, and I wanted to know what the real story was like.

The reality wasn’t as glamorous as the media made it out to be. By and large these were bored teenagers who tried to use their computers to fill that emptiness in their lives. Some of them had some genuine talent, and are now using those skills to make a decent living. Some had very little talent but were willing to pull an all-nighter chipping away at whatever stood in the way of what they wanted.

And for the record, I never stole long-distance time or credit card numbers. I knew the difference between right and wrong, and this was clearly wrong. But besides that, pulling all-nighters would have killed my grade point average. I wanted to go to college, and I knew I would need my grades.

I guess to some people, this illegal activity was a way for them to get things they could never afford on their own. I figured I could go to college, get a good job, then buy whatever it was I wanted or needed.

I guess it’s ironic that I’m typing this on a computer I built, as best I can tell, in 2003 from parts that weren’t exactly new then. Oh well. My priorities have changed.

But the main thing that fascinated me about this account from the other side is that it confirms much of those decades-old rumors are true. Except now I know it was the Secret Service beating on the door, not the FBI.

WordPress Appliance - Powered by TurnKey Linux