Another Spectrum

Personal ramblings and rants of a somewhat twisted mind


1 Comment

Come on then, I dare you…

I am reasonably tech savvy. I worked in the I.T. industry for 35 years providing technical support in the banking and retailing sector, and although I retired from the industry almost 20 years ago, I have retained an interest in it, and in computing in general.

So when my Spam filter catches an email such as the one below, I sigh, knowing every claim made is absolutely false. I don’t need to fear that there might be a chance that what I view online will be disclosed to anyone I might (or might not) know.

While I prefer to keep my online browsing preferences private, there is nothing that would be terribly embarrassing or worse if others were to discover them. And to ensure that I don’t stumble across websites I’d rather not see, my home network makes use of DNS filtering through OpenDNS.

It’s not perfect. I stumbled upon copies of the Christchurch shooter’s live streaming of the event when it appeared on popular social media sites in the days after the incident, even here on WordPress. But for me personally, I appreciate the high level of selective filtering it provides, so the chances of any user on my home network being able to view an online pornographic video are remote.

Leaving aside the remote possibility of anyone watching porn from my home network, let alone my computer, and for the benefit of the scammer, here’s why the email can safely be ignored:

Hello,

Hello to you too. If you had access to my computer as claimed further below, I’d expect you to know my name, and to use it to prove the legitimacy of your claim. Using a salutation without my name is the first indication that you really know nothing about me

As you may have noticed, I sent this email from your email account (if you didn’t see, check the from email id). In other words, I have fullccess to your email account.

No you didn’t. Spoofing the from address is an extremely simple and trivial process. Every email client (even Outlook Express)  provides an easy means of doing so. Besides, a quick check of the email header, provides all the information I need to know that the message originated somewhere other than my own email account. In this particular case you relayed your email via a Yahoo mail server located in the USA.

I infected you with a malware a few months back when you visited an adult site, and since then, I have been observing your actions.

Really? Even on the very remote chance that I accidentally came across an “adult” site and that the site contained malware you had inserted, the odds of it being code that could infect my computer are orders of magnitude smaller. I don’t use a popular Web browser and I don’t use a popular operating system. While no operating system is perfect, any vulnerabilities discovered in Linux are patched almost immediately. This is one of the advantages of using an open source operating system. So unless your code is targeted specially towards Linux, and is using some as yet unidentified vulnerability that you discovered more than a year ago, it’s simply not possible to install malware at the operating system level.

The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphon and you won’t even notice about it.

Even in the extremely remote chance that malware has been installed, and that it had managed to gain root access when my logon user ID hasn’t, nor do any of the applications, including web browsers, have root access, your claim that the malware was capable of manipulating my camera and microphone is laughable, You see, there needs to be a camera or microphone for you to manipulate. There isn’t. But ignoring that inconvenient truth, shall we continue?

I also have access to all your contacts.

Aside from having access to a nonexistent camera, your malware, you would need to have an intimate knowledge of my operating system, and the software installed. Your malware would have to know what software I use for my contacts and where on the system the information was stored. Give me that information and I might believe you.

Why your antivirus did not detect malware?
It’s simple. My malware updates its signature every 10 minutes, and there is nothing your antivirus can do about it.

As I run Linux on my computer, I have no need for antivirus software. You also clearly don’t understand what a signature is. It is not something within your malware. It’s something antivirus applications create from information gleaned from malware. It doesn’t matter how much your malware modifies bits of its code, the antivirus folk are clever enough to figure out how the modifications are made and build in a suitable method of identification. And as you have been sending me identical messages for more than a year, I have every confidence that if in fact there was any malware at all, every antivirus application would have long ago figured out how to identify it. So I have every confidence that even if I did run a version of Windows or MacOS, which I don’t, I would be well protected by any antivirus program I chose.

I made a video showing both you (through your webcam) and the video
you were watching (on the screen) while satisfying yourself.
With one click, I can send this video to all your contacts (email, social network, and messengers you use).

I’m rather fascinated by your claim. In fact I look forward to viewing said video. I’ve looked and looked, but for the life of me, I cannot find this web cam. Can you enlighten me?

You can prevent me from doing this.
To stop me, transfer $989 to my bitcoin address.
If you do not know how to do this, Google – “Buy Bitcoin”.

My bitcoin address (BTC Wallet) is 1Hmn2KAK2Z3VjkpMz26nmh9KVAV6KqYiYp

If you have access to my computer, could you not have simply accessed my bank account and my credit card details?  The username and password for my online banking are stored in encrypted form within my web browser and surely it would be a trivial matter for you to obtain it, especially if you have access at the operating system level. You wouldn’t even need to decrypt the password. With your supposed knowledge it should be a trivial exercise to fool the browser into decoding it for you.

After receiving the payment, I will delete the video,
and you will never hear from me again.
You have 48 hours to pay. Since I already have access to your system
I now know that you have read this email, so your countdown has begun.

As it’s been close to 9000 hours since I received your first email, and I have received around to 200 subsequent messages, why should I believe this 48 hour deadline is any more final than all the others? It’s quite obvious that you have no idea whether or not I have read your message. The most common technique for knowing if an email has been read is by embedding web link to a transparent 1 x 1 gif. My email application does not display linked images by default. I have to explicitly enable it for each message. The other common technique is to include a flag requesting an acknowledgement when an email is read. My email application is configured to never send an acknowledgement. Besides, I read the contents of your email from within my online Spam filtering system control panel, which, not being an email client, can not open links nor send acknowledgements.

Filing a complaint will not do any good
because this email cannot be tracked.
I have not made any mistakes.

You fail to understand how emails are sent. I can tell exactly the last server and location that the message passed through before it arrived at my mail server (yes, I have my own mail server). Armed with that information and the cooperation of email server hosts, I can track the message to a vpn and beyond, or to a compromised computer. I’ll concede that I’m unlikely to find your identity, but that’s of little concern.

If I find that you have shared this message with someone else, I will immediately send the video to all of your contacts.

Well, as you can see I have shared it. Come on then, send the video. I dare you.

Take care

Of what?

Some further details for those still reading: Some of the messages contain a username and password that I possibly did use many years ago, but not in the last ten years. Over the three decades that I have had online access (does anyone remember NCSA Mosaic?), I have been notified a few times that a website I use has been hacked and and there’s a remote chance that user credentials might have been compromised. This is the most likely source of the user credentials included in some of the scam attempts. In most cases, they have been sites that I had stopped using, but even in the two cases where I am still an active user, I’m not particularly concerned.

You see, I never use the same username and password on more than one site. Yes folk, I’m one of those nerds that use a different user ID and password for every website, and for every computer login. Perhaps I’m fortunate in that I also own several domain names, and can create an unlimited number of email addresses. So even though a great many websites now require an email address as the user ID, I can still create a unique email address/user ID for each and every site.

What the scammer probably doesn’t realise is that every Spam filtering system worth its salt, now recognises such messages as Spam, and will have done so for many months. The intended recipient is unlikely to even see these blackmail attempts.

Advertisements


8 Comments

Believe the Internet

I’ve always known the Internet to be a rich and accurate source of information. Today it revealed something that I wasn’t aware of, or had forgotten:

I have a PhD in history.

I don’t actually recall studying for it, but according to this test, my 100% correct result came about because of my education level; that being the said PhD. As more than half the questions were about American history, I presume my thesis was related to that, or perhaps I studied in an American university. I have no recollection of either, but a perfect score is unequivocal evidence of my great intellect.

Now where did I put my certificate and my thesis?


Leave a comment

Update Aotearoa – 11th April 2019

NZ’s environmental watchdog challenges climate policy on farm emissions and forestry offsets

The greenhouse gases methane and nitrous oxide, from burping and urinating livestock, account for about half of New Zealand’s total emissions. These agricultural emissions have been the elephant in the room of New Zealand climate policy for some time.

report released by the Parliamentary Commissioner for the Environment (PCE) this week suggests New Zealand should treat biological emissions differently from carbon dioxide emissions. It also says afforestation is a risky approach to combating climate change if planting trees is used to offset carbon emissions.

The report threatens to turn environmental policy and its principal policy tool, the New Zealand Emissions Trading Scheme (NZ ETS), on its head.

Read more…

New Zealand’s Pacific reset: strategic anxieties about rising China

China’s expanding influence is complicating strategic calculations throughout the Asia-Pacific region.

Small states, dependent on maintaining high levels of trade with China to secure their prosperity, are loathe to criticise or take actions that Beijing could find objectionable. This is creating a dilemma over how small states can protect their national interests at a time when China’s growing influence threatens the status quo.

New Zealand illustrates this dynamic. It watches China extend its influence into the microstates of the South Pacific, a region where New Zealand (and its ally Australia) have long enjoyed a position of prominent influence.

Read more…

New Zealand’s new gun law: What you need to know

Politicians have almost unanimously passed a ban on high-power guns in response to the Christchurch mosque attack.

So what will change, what won’t, and how did it happen?

ALMOST UNANIMOUSLY?

Of 120 members parliament, only one opposed the changes: the libertarian Act party’s sole MP, David Seymour. He argued the laws have been rushed through too quickly and without enough consultation.

By legislative standards, the process has moved at lightning speed. Lawmakers often mull bills for at least six months. Friday will mark four weeks since the March 15 terror attack that killed 50 people in Christchurch.

Read more…

Why A New Zealand Official Insists ‘Facebook Can’t Be Trusted’

Rachel Martin talks to New Zealand’s Privacy Commissioner John Edwards, who criticized Facebook after last month’s attacks on two mosques in Christchurch were live-streamed on Facebook.

Read more…

 


Leave a comment

Hacked router follow up

I was hoping for an interesting episode this morning following yesterday’s fake Spark call regarding a hacked router. It was rather a let down.

The call didn’t come until 10:30 am – an hour late. The caller seemed to be unaware of yesterday’s call, while I stuck to role playing a continuation from yesterday. I kept interrupting their prepared script to tell the caller that I was fully aware that why they were calling and could they just cut to where they could fix it. Eventually I got put through to the “national router specialist” who would help me. As he started through his script, I continued to interrupting to virtually repeat what he was about to say. This would totally confused him and he would start off from the beginning again each time I fell silent. I’m sure his ability to understand what I was saying was almost zero, but hey, I’m an elderly guy with a strong Kiwi accent and I played the role of a bloke that is rather short of patience. He struggled for around 15 minutes to make headway, but it was blindingly obvious that he was not able to deviate from his prepared script. I reminded him that someone from Spark called yesterday, which he denied, so I asked how I knew what he was going to say before he said it. Then he hung up.

I’m sure they’ll call again in a few weeks. and I’ll try to play a more patient personality. Today’s effort only wasted little more than fifteen minutes of their time. I do hope it was sufficient to keep at least one person out of their grasp.


1 Comment

Fellow Kiwi Blogger Bill Peddie provides another example of how Trump’s unilateralism has the potential to cause more harm than good.

And while Trump might have a point that Russia has not followed the letter of the INF nuclear treaty, it can also be argued that America has not followed the spirit of it by developing drone technology as an alternative nuclear weapons delivery system.

Although I follow what President Trump is trying to give as his real reason for pulling out of the current long-standing INF nuclear treaty with Russia, it is more than a little worry that we are left to puzzle why he comes across as one who talks as if he is unaware of some recent history of nuclear treaties. […]

via WHAT PRESIDENT TRUMP FORGOT TO MENTION — Bill Peddie’s website


3 Comments

Internet? What Internet?

As I mentioned in my previous post, accessing the Internet in Japan was problematic. On board the cruise ship, WiFi was free, but that only provided access to on board facilities. Internet access was expensive. I made the decision to purchase 10 hours of access which set me back US$200. I shouldn’t have bothered. Communication by smoke signals would have been faster and more reliable. Frequently the network went down, and while down it was impossible to log off, meaning the clock kept on counting down the time I had left.

On board, the transfer rate was very slow. Who remembers dial-up internet of the early 1990s? That was fast compared to what I could get, even when the ship was in port. I found it better to go onshore and seek out a WiFi hot spot. But even then I frequently ran into problems.

WiFi hot spots are to be found everywhere in Japan, but most seem to require a subscription with a service provider to use for anything other than a very short trial period. Often the amount of personal information that had to be divulged even to use the trial period was too much for my comfort, and I’d abandon the sign up process. Those that really were free often had very little bandwidth, and weren’t much better than on the ship. I noticed too, that many of the hot spot providers required the use of a smart phone that had been purchased in Japan. Foreign purchased phones simply would not work.

The best connections I found were in restaurants, shopping centres and railway stations. Hotels and inns were a mixed lot. It seemed that the bigger the place was, the less reliable the Internet connection. There were two factors here. In large establishments the WiFI signal strength could be patchy, and while it might be strong in the lobby or dining rooms, it frequently was very weak in our room. The other issue was bandwidth.

I swear that the larger the establishment, the smaller the capability of the router. We stayed at a number of small inns with as few as five guest rooms. Here I could get speeds approaching the ADSL speeds at home. But in larger places, data transfer slowed to a snail’s pace, especially in the evenings. Even achieving 1KB/sec in some places was an achievement. Talk about being frustrated! I abandoned all hope of blogging, and managing my part time online business became a nightmare.

I use Google Photos to automatically sync pictures and videos taken on my phone to the cloud and my other devices. By the time we left Japan, less than 5GB of the 32GB I’d taken had been uploaded. A similar amount uploaded while we waited for a connecting flight at Auckland Airport. The rest uploaded by the time we woke the next morning.

We don’t have a fast connection at home: 10MB download and 1MB upload, but it still seems fast compared to what I experienced in Japan. I don’t know how unique my experience with the Internet in Japan is, but both my daughter and her husband had similar experiences. Perhaps we were just unlucky.

Speaking of Internet speeds, I really must hurry up and choose a high speed fibre provider. After all, there’s been fibre running right past out gate for more than a year now. Most providers charge no more, and frequently less than I’m paying for my copper ADSL service. The only problem I’m having is choosing which provider to go with. Soooo many of them, and every one of them has numerous plans. Contract or no contract? With or without phone line? 100MB or 1GB? With or without Netflix? Metered or unmetered? According to one comparison website, I have 1,960 different plans to choose from. Help!!