Tech Lessons From the Bad Guys

Chris Lindquist writes "Organized crime, porn peddlers, gambling sites — they all use technology to make a killing. CIO.com has posted several stories that spell out how the seedy side uses IT for profit. From the online techniques of penny stock scammers to innovation lessons from a pair of 'accidental pornographers,' to what you can do to fend off cybercriminals, find out what they do right when they're doing wrong."

Accidental pornographers?

[eviloverlordx]

How does one become an accidental pornographer? 'Oops! I took a full color spread of you nude by accident last night'?

Re:

[QuantumG]

RTFA and find out.

Sheesh.

Re:

[eviloverlordx]

I did. Way to not get the joke.

Obligatory

[Andrzej Sawicki]

RTFA and find out.

You must be new here.

Re:Accidental pornographers?

[Captain Splendid]

Actually the link to the 'accidental pornographer's' story is quiute interesting, not least for the fact that they claim to have a solid way of watermarking digital video content.

Re:Accidental pornographers?

[twistedsymphony]

It was very interesting, while I knew that the porn industry was fairly in-tune with technology the article left me with the impression that they drive tech advances more then we realize... The one bit on open source software really caught my eye:

Another red light best practice is to look for vendors that use open source. Since sites are open 24/7 (late-night hours are extremely profitable on the red light Web), "if we ever run into critical issues we need them solved now, not two hours from now," says Bodog's Ayre, who has learned that if he wants his people to be able to fix something, they need to have access to the source code. "We absolutely could not get a couple of our vendors to address an issue that was crippling us," says Ayre. "Under peak loads, the entire site became nonresponsive. We had no choice but to decompile the systems in question and fix the problem ourselves. This was probably one of the biggest drivers pushing us to adopt open-source solutions for our most critical systems."

Probably one of the best arguments for a corporate adoption of open source software I've ever heard. I know, at least at my company, we're in constant struggle with our software vendors to fix bugs that are critical to us but maybe not critical to their other clients. This is particularly frustrating when we have the knowledge necessary to fix the problem ourselves... just no access to the source.

Re:

[aicrules]

I find a high probability of bullshit in the idea that they decompiled some binary to fix an issue. While I know it's possible, I *REALLY* doubt that you could find and fix a decompiled code related issue and recompile to a point where it would work with any success.

Re:

[jmyers]

The tech that tripped over the power cord and unplugged the server told his boss "I got it going, but I had to decompile the binary code and fix the bug because I could not get hold of the vendor."

Re:Accidental pornographers?

[radish]

I'm not sure if the article specifies the platform in question, but I've done exactly that a number of times with Java app servers, the decompiled code is quite readable. C/C++ of course would be a different story, but I'm sure it's possible (and in fact the rapidity with which copy-protection systems are broken suggests it's not _that_ hard).

Re:

[jlarocco]

I'm not sure if the article specifies the platform in question, but I've done exactly that a number of times with Java app servers, the decompiled code is quite readable. C/C++ of course would be a different story, but I'm sure it's possible (and in fact the rapidity with which copy-protection systems are broken suggests it's not _that_ hard).

But does the resulting Java code compile? It's been a little while since I had to decompile any Java, but last time I tried, stuff like exception handling, inner c

Re:

[radish]

But does the resulting Java code compile?

Sure, but I have to admit that last time I tried it was with Java 1.3 code so a lot of the stuff you mention wasn't around. JAD is the one I'm most familiar with and yes, it can sometimes get a little confused but it's usually pretty obvious what the code's trying to do and you can fix it enough for compilation. I wouldn't recommend decompile/recompile as a normal working practice but for making the odd tweak to something like Weblogic it's been helpful for me in th

Re:

[Feyr]

decompiled java can be recompiled most of the time

one could argue that java isn't really compiled, but that's the term they use

Re:

[Knara]

Yeah, I imagine that what they really did was break down and get a contractor to look at the source of whatever CMS app they use and figure out that some var wasn't at a proper value or a flag was turned on/off when it should have been off/on, etc. Decompile sounds so much more "hi-tech" tho!

Re:

[russotto]

You don't need to re-compile. You can find the bug by reverse-engineering the binary, then make a binary patch without recompiling.

Re:

[geekoid]

Simple with Java.

other languages are harder, but not impossible. Depanding on the bug.

Example, The theoretical person once had a bug in a game they had. The damn thing kept asking for some sort of ID or code. Can you believe the nerve? anyways, this person fixed the bug by removing the hex code that cause the jmp to the ID/Code check.
Viola, bug was fixed.

Re:

[aicrules]

Okay, so if they were somehow able to locate the exact point in memory where the bad code was being called, and just do a jump around that bit of code, then maybe they could pull off such a thing as they described. The same level of "decompiling" is what it takes to crack most of the older serial # checkers on games. That's quite a bit different than having an issue, determining which module is the cause, decompiling it, finding the bug in decompiled version of the code, FIXING the bug, and the recompilin

Re:

[XCondE]

It was very interesting, while I knew that the porn industry was fairly in-tune with technology the article left me with the impression that they drive tech advances more then we realize...

Just look back on the history of media and you will see that every single one was pushed forward by pr0n. Newspapers? Check. Magazines? Check. Beta/VHS? Check/check. DVD? Check. Internet? Doh.

Re:

[geekoid]

No, they do not drive tech advances at all.

They are in all techs and when one wanes they just stop using it.

They have used every for of failed media as well as successful media.

In hindsight, it makes them look like some know all technology driver, but they're not.

There were plenty of Porn laser disk movies, nut that didn't make it successful. Even though laser disk players had many more options the even the current DVDs have.

Re:

[Jens Egon]

And, of course, using DRM is why they are lumped with the bad guys?

Re:Accidental pornographers?

[anticypher]

Do you want a serious answer? Well, I'm going to write one anyways.

There are basically two kinds of guys in the internet porn industry. The serious pornographers who can convince all the scarily slutty women to get dirty for a small amount of cash, and the webhosting guys who realise they need some higher margin content to pay the bills.

The pornographers don't particularly have much technical skills, at least not for setting up websites and payment processing schemes. They may have tremendous photoshop skills, because the women they shoot tend to have a heinous amount of scars, tattoos and piercings. The porn producers are always looking for ways to set up web sites to make money, but they tend to not have much money to invest in development.

The website guys are the ones who have built up a business with a few hundred or thousand web servers, with all kinds of low margin mom-and-pop static websites. They can code in Ruby or PHP, but can't really live off margins of a few euros per month per site or a few thousand euros for web design job. After a year or two, they come to the realisation they're not really earning the big money like founding a new google. That is the point when they put their morals aside and decide they could really make some good money from building porn websites. What they are missing is social skills to convince women to fuck for money in front of a camera.

Put the two sides together, and you have a fairly good model of the online porn industry today. The "intentional pornographers" make the content, the "accidental pornographers" make and run the sites. The buzzword is "Ecosystem"

the AC

here's another tip: the print link

[smitty97]

money making tip: get slashdot to link to your pop-up ridden pages

ad free print links:
http://www.cio.com/article/print/117150 [cio.com]
http://www.cio.com/article/print/117050 [cio.com]
http://www.cio.com/article/print/117201 [cio.com]

Re:

[celcxo]

Sorry about that. The current popup on the site is only suppose to show on first arrival, but it's coming back for repeat visits on some browser versions. We're looking to fix the issue now. Chris

Re:

[mrjohnson]

Sorry man, I use Firefox and NoScript. What's a popup?

I nominate CIO.COM....

[WebCowboy]

...for worst commercial website of the year!

I remember way back in the mid 1990s stumbling on "the web page from hell" joke site--it was full of blinking text and animated GIFs, all arranged in tables (I think they were nested 5 levels deep) in a hundred or so cells. It made a reasonable machine of the day (a P90 running ancient Netscape Navigator) cry in protest. In a tiny box in amongst all the glitz was "This is the actual article, brought to you by all or generous sponsors. Please read on for some re

Follow the Money

[Slashdot Parent]

Online crimes all tend to face the same obstacle: payment.

At some point, you'll want to spend your ill-gotten gains. Don't be surprised if there is an FBI agent waiting for you at the bank.

Re:

[QuantumG]

Yep, and that's what all those "earn money using your computer" ads you see taped to telephone poles are all about.

Patsies.

Here's how it's done

[Opportunist]

Do you know that Western Union doesn't require you to legitimate yourself when withdrawing money if it's not more than (IIRC) 6k bucks? So all you gotta do is find some gullible moron, who'll "work" for your "international financing company" by offering you his account for a transfer. You have your target transfer the money to this moron's account and have him transfer the money via WU, and inform you about the transfer code. He can keep, say, 20% of the stolen money, and hey, who'd turn that offer down, about 1k bucks for 2 hours work? Almost too good to be real!

Then you (or if you're a larger organisation, one of your goons) goes to WU, hands in the transfer code and heads out with the money.

Of course the "financial agent" gets caught. But that's no loss, you know, there's an idiot born every minute, you'll find others.

Re:

[Slashdot Parent]

Do you know that Western Union doesn't require you to legitimate yourself when withdrawing money if it's not more than (IIRC) 6k bucks?

I was not able to substantiate that claim at Western Union's website [westernunion.com]. Care to provide a link?

Anyhow, perhaps you can do that trick once. But if you want to make more than $6,000.00 (assuming your claim turns out to be correct), you'll have to repeat the process again and again.

Then, it has become a game of Russian roulette on which of your subsequent visits the friendly We

Re:

[Opportunist]

That's why withdrawals are rarely if ever done at the same office twice.

It's not just WU, though. There are a few money transfer services in existance that offer this or a similar service.

Re:

[Slashdot Parent]

I think you missed part of my response, so let me be more direct: I do not believe your statement, that you can pick up $6,000.00 at WU with no ID. Please substantiate.

The only link that I found at WU that mentioned ID requirements implied that ID would require to pick up money in any amount.

Re:

[Opportunist]

Yes, I agree, there's nothing about it on the website. I know for a fact, though, that it did work last Summer. They changed their policies in February, I don't know if it still works. At best I can offer you to try it.

Re:

[Slashdot Parent]

Ok, good deal. Thanks for clarifying.

Re:

[Opportunist]

With "try it" I mean to send money through WU or other finance service providers, not to try the rip off scheme! :)

I don't want even more people to do that, we got enough criminals who make a killing with the insecurity of user boxes. My goal is that with more pressure on financial transfer providers, they'll finally stop being a drive through for money laundering.

Re:

[Torvaun]

I've got a friend who works at a WU place. He tells me the number is $3k without identification, which is somewhat misleading, because there's still a process to go through to have money waiting for you. You don't just get to walk into a Western Union and say "3,000 dollars, please."

Re:

[Opportunist]

The question is, do you have to present an ID or is it "Here's the transfer code, hand me my money"?

Re:

[Saxerman]

A friend of mine works at a place that handles WU money orders. The various cash limit (for picking up without ID, maximum allowed withdrawal, etc.) depends on a number of things and tend to vary depending on which WU franchise you're at. This specific chain of locations does allow pickups without an ID, instead you need the sending party to provide you with merely the transaction ID and the Test Question [westernunion.com] which will net you a WU Check for the transfer amount. The friend in question recalls providing at l

Re:

[Slashdot Parent]

What was the maximum amount you could have sent, if you remember? Was it $6000, as a previous poster claimed?

Re:

[evilviper]

Then, it has become a game of Russian roulette on which of your subsequent visits the friendly Western Union teller turns out to be an FBI agent.

There are 15 Western Union "Agent Locations" within 10 miles of my current location.

Let's say I have 2 accomplices... That makes $18,000 per branch, and $270,000 total, picked up consecutively in just a couple hours. And it's easy enough to drive a few miles to the next city and at least double that amount easily in the same day, before the FBI even knows anythin

Re:

[Opportunist]

It's easy enough to pay a few hobos to pick-up your money for you, and give them a small cut.

Well, take a wild guess how it's done. Some of those picking up the money have actually been caught because of observant WU clerks. Invariably it was someone who was pretty obviously not involved any deeper in the organisation and usually picked up on the street to get the money for a cut of the loot. 100 bucks is pretty much money for a homeless guy...

Re:

[Anonymous Coward]

Bullshit. I cashed my first WU check at Kroger a couple of months ago. It took two trips back home before I got my $300. Here is what I had to provide to get my $300.

1. Photo ID
2. Address of Sender
3. Full name of Sender
4. Exact amount of transfer I was looking to receive
5. Phone number of Sender
6. My phone number
7. My full name
8. My address

I went to two different places that dealt in WU and both had the same forms requiring all of this bullshit.

Re:

[evilviper]

Here is what I had to provide to get my $300.

1. Photo ID
2. Address of Sender
3. Full name of Sender
4. Exact amount of transfer I was looking to receive
5. Phone number of Sender
6. My phone number
7. My full name
8. My address

You didn't have to provide any of that. You only need the Wester Union transfer code (given to you by the sender), and they won't ask you another damn thing.

It's only if you DON'T have that important information that they'll still allow you to get the money only upon verifying your ID.

Re:

[guruevi]

Well, what you're suggesting is usually a scam and not a way to transfer money to one another.

There are different (good) ways of doing it:
-Bank accounts outside your home country - (say, Cayman Islands, Switserland, Farawayistan)
-Hardware (as in guns & ammo or even tech gear) or software (people, sex) - (usually used as change, not for large sums)
-Gifts (used a lot in political business - sometimes called 'campaign contributions')
-Just plain salaries - (you are 'employed' by a shill company)
-Non-cash va

Re:

[Opportunist]

Hmm? How is it not a transfer fo money?

A is forced by trojan to transfer money to B, B is "hired" by some company to send the money through a finance service provider that doesn't verify the withdrawer's ID and C cashes it in.

Re:

[Opportunist]

Yup, those are the mails. When you reply, you get detailed information that you can expect money to trickle into your account which you're then supposed to forward.

Appearantly now PayPal is the new WU. Well, gotta check how that works now...
Thanks for the information.

Re:

[geekoid]

that only a problem if you are stupid.

A)FACT: the IRS does not report how you made your money to any government agency,. except in 2 cases.
1, you haen't paid taxes so the IRS contacts the proper authority telling them so.
2. An agency goes to the IRS and asks if a specific person is behind on their taxes.

So report your taxes.

B) If you deposit large sums of money into an American bank, they may report you(it's how the FBI gets around certain pesky constitution problems).
There are many other banks in the world

I'm shocked....

[8127972]

.... That people actually paid for porn so that these guys could make a buck!

Re:

[Anonymous Coward]

That is as stupid as paying for water! Wait a minute...

Re:

[ookabooka]

Yeah, cuz I have no idea how else porn sites would make money, not like they have ads or popups or anything.

Can I use this information for personal gain

[Trigun]

Without becoming a spammer/pornographer? Click-links don't pay what they used to.

Value judgment error

[Red Flayer]

Petty stock scams? Organized crime? Sure, I can see that as being 'wrong', though calling "organized crime" wrong is a tautology.

I, for one, do not believe peddling porn or hosting a gambling site are 'wrong'.

Sure, some porn is created in a manner that is harmful to the participants (such as taking advantage of drugged/underage/unwilling subjects). And some people cannot handle gambling -- and fixed games, or games where the players are misled as to their chances of winning, are wrong.

But to generalize that they are all bad? If they are, I don't want to be right.

Re:

[computational super]

I, for one, do not believe peddling porn or hosting a gambling site are 'wrong'.

One man's trash is another man's treasure... and if you're throwing any out, let me know where you left it.

Re:Value judgment error

[QuantumRiff]

And some people cannot handle gambling

Hell, some people can't handle creating laws that follow a certain Constitution guaranteeing our rights... Maybe we should outlaw lawmakers.. or make them pass a 8th grade civics test...

An extra thought

[Moraelin]

Exactly. Reading the summary left me scratching my head too. You've nailed the moral judgment excellently already, so I won't repeat that.

But I'll add another thought there: regardless of the moral judgment, exactly what is to learn from porn or gambling sites anyway?

No, seriously. Spammers, scammers, DDOS extortionists, etc, actually face some technical challenges. They need zero day exploits to maintain their army of zombie machines. They need to circumvent or disable protections. (See the many viruses or trojans that disable the major antiviruses and firewalls.) They need to dodge the law, at _least_ in that they need to transfer the ill gotten money abroad without leaving _too_ many obvious traces. Etc.

Those are real technical challenges. Antiviruses for example are getting so defensive against being disabled, that it's sometimes hard to fully uninstall them even as the legit owner of the machine.

You can learn something from that, and (in response to other posts) there _are_ legitimate uses for that knowledge too. E.g., whatever techniques they use to automate looking for buffer overflows, should be mandatory testing techniques for new software.

But porn and gambling sites? Gimme a break. I dare say most of the porn sites are actually just a plain old normal web site. There's nothing particularly high-tech about them, really. Just some thumbnails linking to a video or larger picture. In really "high tech" cases, they might open a popup via javascript for the page with the embedded movie. But that's about it.

Exactly what's to learn there.

Sure, a number of sites use porn as a bait to get one virused. But even then it helps to realize that that's not primarily a porn site, it's primarily a script-kiddie site and the porn is just the bait there. Just because the porn is the bait, doesn't make porn itself some high-tech black-hat thing.

To use a metaphor, there have been cases where people have been lured in a RL (non-internet, back-of-the-van kind) scam with such promises as a cheap second-hand laptop or whatever other cheap no-questions-asked good. Yet that doesn't make laptops themselves some evil bad-guy kind of scam. It's just the bait, the scam is a completely different half of that incident.

Wanted: Linux systems administrator.

[Anonymous Coward]

For those of you wondering about the pr0n stuff.

I was looking for a job and had posted my resume on line (monster.com I think) and got a call from a guy looking for an admin with web server skills. The third or fourth question was if I minded the fact that they would be pr0n servers.

I had to turn them down, and no I don't remember the company name.

So, if you have the right skill and are in a big city market, who knows. You might just get a call.

Re:

[BlueMikey]

They sure pay well. I know a girl who put herself through college by designing a porn site. It's like stripping for the 21st century.

Re:

[JDHannan]

I was looking for a job and found one that had a HUGE list of "wants" and "needs" for their systems developer or whatever. It had atleast 9 major areas of knowledge required. Everything from Java to SQL to Server setup... The job was to work at a porno production company! I don't know what kind of porno company needs such a complicated setup or whatever, I'm convinced that they were just trying to bring in the nerdiest guys they could find and then have them interviewed by the porn girls and film it.

Re:Wanted: Linux systems administrator.

[Overzeetop]

just trying to bring in the nerdiest guys they could find and then have them interviewed by the porn girls and film it.

And you had a problem with this because...?

Re:

[abb3w]

And you had a problem with this because...?

Probably put off by the company's mandating a blood test even before the job interview. Some people just don't like needles.

Re:

[Deliveranc3]

It's a reality show, beauty and the geek.

Hilariously trajicly funny.

Re:

[merreborn]

It had atleast 9 major areas of knowledge required. Everything from Java to SQL to Server setup... The job was to work at a porno production company!

Sounds about what you'd expect from a small company with a high-volume website. I'd imagine, for a lot of positions like that, you're a one-man IT department -- you'd be responsible for software development, deployment, database administration, and administering the production servers. When you work for a really small company, you wear a lot of hats.

Re:

[Fulcrum of Evil]

It would be funny to be interviewed by Asia Carrera, especially if you didn't know she was a consumate geek herself.

Re:

[merreborn]

I received the following, recently:

Subject: A year ago you were looking for work

I got your name from one of your dads blogs. I am CTO of a
site called www.redlightcenter.com a new and rapidly
growing MMOE. And we are looking for some good web
developers to help design our money and inventory systems.
Send me a reply and we can talk.

That's probably the first time I've had someone try to personally recruit me while I was already employed. Guess it's hard to find good people when you're in that business.

OH NO.

[Mockylock]

You mean to tell me that people actually get paid for porn, and it's not real?

And all this time, I thought they were just really good actors with big boobs and genitals.

Innovation from the Web's Red-Light District

[spamking]

Streaming video: YouTube made it famous; adult movies made it economically viable.

Thank you YouTube?

Videoconferencing: Businesspeople increasingly use online chat and embedded video rather than conducting face-to-face meetings. Before that, it was used to communicate with Live! Girls! Now!

Face-to-what?

Digital rights management: Through their disregard for intellectual property rights, adult sites helped spur the music and film industries to apply DRM to their online content.

Wait. So we've got the pr0n industry to thank for DRM?

E-commerce: The content on adult sites was so compelling (to some), it helped people overcome their fear of using a credit card online, according to Frederick Lane, author of Obscene Profits: The Entrepreneurs of Pornography in the Cyber Age.

First DRM and then identity theft . . .

I wonder if my boss would go for me doing some cross-training with a pr0n site developer . . . hmmmmmm.

Re:

[suggsjc]

Well do you want to know what I'm wondering...

How long its going to be before referring to porn as "pr0n" isn't cool any more...hmmmmmmmm

Re:

[Tim C]

Through their disregard for intellectual property rights, adult sites helped spur the music and film industries to apply DRM to their online content.

That's utterly laughable. Of course it had nothing at all to do with Napster or Kazaa, it was all those disgusting filth-mongers...

Re:

[Bent Mind]

OK, I know I'm a geek that has been on the Internet for far too many years. However some of these examples are questionable.

Streaming video: YouTube made it famous; adult movies made it economically viable.

Porn sites had streaming video before YouTube existed. It evolved from video conferencing.

Videoconferencing: Businesspeople increasingly use online chat and embedded video rather than conducting face-to-face meetings. Before that, it was used to communicate with Live! Girls! Now!

My first experience with video on a computer was a black and white security camera. It was hooked up to a Tandy CoCo3 and saved in GIF format. However, it wasn't exactly real time, so probably doesn't qualify as video conferencing. This one started by voyeurs being connected to peeking toms via

More fun quotes

[halcyon1234]

But Valenti and Lindberg saw potential. On a whim, they started Nakedsword.com, an adult site for gay men..."mainly as an experiment," ... Then something unexpected happened

{snickergiggleteehee}

To that end, New Frontier is obsessive about metadata, watching every frame of every video it digitizes and recording as many attributes as it can.

Obsessively watching porn-- for Metadata tagging. That's they're excuse and they're sticking to it.

"Mobile brings immediate gratification. With the Internet, you

2 Simple advantages on their side

[Opportunist]

First and foremost, user stupidity works for them, not against them. And second, they don't care jack about any rules or regulations, since they're breaking the law already anyway, so why bother with privacy laws or possible damage claims when you're already scamming the stock market or doing a virtual bank robbery?

You cannot apply that "information" to legal businesses. Or at least, you definitly shouldn't.

Re:

[QuantumG]

Sometimes it takes people with nothing to lose to try something that everyone else is too afraid to try because it is questionably legal. Once they do it, however, and the laws have some time to decide whether what they are doing is legal or not, then the rest of the sector who want to be in that business can move in.

Bad guys... Banks? Oil companies? Diamond mines?

[xxxJonBoyxxx]

CIO.com has posted several stories that spell out how the seedy side uses IT for profit.

Bad guys... Banks? Oil companies? Diamond mines? Televised church services? (There are plenty of IT-using "legit" businesses that display questionable moral values too.)

Great! Now we'll get the MAFIAAA

[Tatisimo]

A random sampling of 400,000 queries on the early peer-to-peer file sharing network Gnutella in 2003 found that 42 percent were looking for porn (compared to only 38 percent looking for music)

How long till pr0n industries get organized and start pulling off mafia style lawsuits against file sharers? Pornographers Association of Wasted Nudes (PAWN)

"PAWN accuses 7 year old of browsing porn sites" "PAWN seeks $8 million in damages from dead man (Died of a heart attack while looking at bootleg pornography)"

Re:

[Opportunist]

You are one evil man. Can you imagine what you've just done to my heart? The media crowd and the thinkofthechildren crowd yelling in unison against P2P networks?

YOU, you alone, are responsible for my loss of sleep tonight!

Re:

[Tatisimo]

Nah, I missed out on a great joke. I forgot to change the title from the original comment and ended up messing it up. Oh well. Hope we all know I'm merely trying to warn against that horrible pr0nless and musicless future.

Re:

[Aqua_boy17]

Suggested headling: "PAWN pwns surfers in lawsuit"

Great... as if these problems were'n bad enough...

[CaptainPatent]

But now you've gone and given lessons to the entire Slashdot community!

Re:Great... as if these problems were'n bad enough

[Opportunist]

Don't think of it as a problem. Think of it as job security. The more bad guys, the more jobs for IT security experts.

And the biggest lesson is probably...

[JamesP]

Quote:

I don't have vendors paying the freight to conferences at swank resorts to convince me to invest in something that's half-developed and overhyped. I never use jargon. I spend zero time doing PowerPoints.

Makes me wonder why these people are so much more smart than the average CIO that only knows how to "deploy" the latest crap that comes from that city in Washington.

Maybe because it's really their neck on the line, that's what I call responsibility.

Re:

[Fulcrum of Evil]

Makes me wonder why these people are so much more smart than the average CIO that only knows how to "deploy" the latest crap that comes from that city in Washington.

Amazon is in the city (they have stuff you want, like cameras and gadgets). MS is in the burbs.

Hard to Feel Pity...

[BlueMikey]

I know there are some cybercrimes which the victim couldn't have done much to prevent (or could prove too costly to implement defenses), but (from the third article)...

As the sophistication of the attacks continues to improve, the percentage of consumers who click where they shouldn't has risen from 18.6 percent in 2004 to 24.9 percent last year, according to Gartner.

25%?!? That's insane. If computer users were more intelligent, more computer savvy, we wouldn't have all these problems. It's like going to a party and getting so drunk you don't know where you'll be in the morning...or who will be able to have their way with you in the evening.

Re:

[Jhon]

25%?!? That's insane. If computer users were more intelligent, more computer savvy, we wouldn't have all these problems. It's like going to a party and getting so drunk you don't know where you'll be in the morning...or who will be able to have their way with you in the evening.

People are not "smart" 100% of the time. Hell, look at the other drivers on the roads? I'm sure the bozo on his cell phone who almost side-swipes me isn't "dumb" all the time. Most people KNOW they shouldn't click on EVERYTHING.

Re:Hard to Feel Pity...

[Opportunist]

I've been preaching that for years and the usual response was "you can't require people to study computer science before you allow them on the 'net".

All I want is people to take responsibility for their actions. When I hand my car keys to a person I don't know and he uses the car for ill, I get sued. When I let a stranger into my house and he knocks me out and robs everything in sight, my insurance would laugh at me. When you note your secret number on the back side of your ATM card, your bank won't cover the loss.

Just in the computer area, everyone's free to be as careless and irresponsible as he wants to be. It does NOT take a lot of brain power to know that offers that are too good to be true usually are. It doesn't require a lot of computer knowledge to NOT click on an attachment coming from someone identifying himself as "lawyer" (literally "lawyer", not some name). And it for sure does not require a lot of tech study to install some kind of antivirus tools.

Don't get me wrong. I would not require an average user to hack his windows box to tighten security to the maximum. But why is it still asking too much if I ask people to

- Use a router and disallow incoming syncs (most routers do that by default, so the "it's too technical" argument doesn't count).
- Enable Auto-Update on your Windows box (most Linux distributions can that now, too).
- Install some Anti-Virus tools
- Keep the brain turned on when opening mails and unknown software.

What's so problematic and impossible to do about this?

It's certainly not a 100% secure solution. Granted. But it is "good enough". Just like nobody requires you to have iron bars in front of your windows and steel bolts in your high security door, I wouldn't require people to have 100% "hack proof" boxes. There's no such thing as an unhackable box as soon as it has some kind of connection to another box that can be used by a malicious user (i.e. the standard setup for a box connected to the internet). But at the very least this would thwart almost 100% of the standard trojans currently in circulation.

What's so impossible about it?

Re:

[cayenne8]

"It's like going to a party and getting so drunk you don't know where you'll be in the morning..."

That pretty much sounds like every successful party I've every gone to.

:-)

Please repost in engineer friendly terms

[Weaselmancer]

It's like going to a party and getting so drunk you don't know where you'll be in the morning...or who will be able to have their way with you in the evening.

I'm sorry, but I'm an engineer and I don't understand this comparison. Could you please rephrase it?

How much of this is real, how much utter BS?

[Vellmont]

After reading the first "fictional CIO" article I have to wonder how much of this article is the fantasy of a journalist trying to sell subscriptions.

The article makes it all sound so slick and organized. I have to wonder how much is made up nonsense, and how much is real. It's not that anything in the article is all that unbelievable, it's just that it's all written from the perspective of someone inside. Something said journalist likely has little to no clue about.

Nitpick alert!

[smooth wombat]

From the porn article:

Building the games with Flash means that users can play them without having to download anything.

Last time I checked, every time I visit a site which uses Flash, I get a message telling me I need to download Flash to view their site (I don't have Flash on my systems).

I'm not sure what their definition of "without having to download anything" is, but to view a site which uses Flash, you need to download something.

Ok, nitpick over.

The Obvious Question

[Anonymous Coward]

Organized crime, porn peddlers, gambling sites -- they all use technology to make a killing.

Are they hiring?

Why are pornographers "the bad guys"

[phorm]

Unless they're peddling illegal porn, or through dubious methods such as spam or popup-flooding, what makes pornographers bad guys, except that perhaps they don't fall under certain groups' moral or religious views of good.

The rest: penny-stock scammers, cybercriminals, are just that... criminals. There's no crime in porn, so long as the proper laws are observed.

Re:

[nick_davison]

OK, let me see if I can help:

Porn displeases the moral majority so it's bad.

Killing and torturing people displeases the moral majority so it's also bad.

However, killing and torturing people in the name of religion however was good when the moral majority were for it (Spanish inquisition, crusades, etc.)

But it's bad again now the moral majority has moved on and doesn't support it anymore. Hence we look at the inquisition as a bad thing. We see it even worse when Muslims kill and torture the current moral maj

Re:

[phorm]

Whacked out "moral majority" of N. America and other countries+continents that read this site aside, I think that the "moral majority" here would agree that porn by itself is not bad.

In fact, I would be very very surprised to find it less than 50% readers (51% being a majority, but probably a lot higher than that) who do (or have) viewed/watched/etc some form of internet pornography (or other pornography).

Thus, the "moral majority" on here would likely be in favour of porn, so it's rather odd that the s

MOD PARENT UP

[Nicolay77]

This is probably the best coment I have read this year in /.

I can only add: People don't change. Old people die and they're replaced by other people with different values. That's the only way to evolve.

Go shove your morals and RTFA, kdawson

[bADlOGIN]

"Tech Lessons From the Bad Guys"

Excuse me?!?! Hey kdawson, if you don't like porn or gambling, then don't indulge in them. On-line or in the real world. If you had paid attention, you would find there is NO reference in the article to Organized Crime and nowhere does it call anyone or anything "bad". At best, there's links the site shoved in to other articles regarding cybercrime and the mob. Furthermore, the article passes no judgment in terms of depicting porn or gambling as bad (it's a business article- they're just forms of business after all). So the next time you approve an article, how about bothering with at least an accurate assessment? And lay off the criticism of porn. This is /. after all, it's the only lovin' some of the loyal readers get..

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[BlueTrin]

That's exactly what I thought when I read the headline ...

Take a look at this article [wired.com] which tells us how the US porn webmasters have to hide from the public ...

Re:

[chochos]

Horrific, deplorable violence is OK as long as it doesn't have any naughty language. That's what this is all about. - Cartman's Mom

Re:

[geekoid]

Studies have shown that an early exposer to sexual activities can cause emotional stress later in life.

Lets not kid ourselves here, most porn is not people fucking missionary style. It can be very graphic.

Our society as dictate the age of consent 18. Some people have taking that too far by going after to teens having consensual sex. Naturally it's always the boy that goes to jail, bit I digress.
Overall I think it's a good rule.

Just to be perfectly clear:
I have nothing wrong with two consenting adults having

Re:

[freedom_india]

Yup. I agree with you.
Its because these neocons and the right-wing republicans got elected in first place...
Making money off these is NOT a crime or morally wrong...
Point to these neocons that even Jesus said: " let who is without blame cast the first stone..."

Number one lesson

[geekoid]

Crime pays.

fend off cybercriminals ..

[rs232]

SPAM: "the sender's name on this particular e-mail sent a shudder down his spine .."

PHISING: "The e-mail claimed in convincing detail that there was a problem .."

FAKE WEB SITES: [and] "urged customers to click on a link--to a phony website .."

DDOS ATTACKS: "Dougherty's website lay in a coma from a devastating distributed denial-of-service (DDoS) attack that"

Well the root cause of the problem is the above so to fend off cybercriminals you would have to ...

01. Create an email infrastructure that provides end-to-end authentication and encryption.

02. Create a web identity infrastructure that provides end-to-end authentication and encryption.

03. Make a desktop computer that can't be compromised to be used in a DDoS attack, merely by clicking on an URL or opening an email attachment.

04. Design the upstream network infrastructure to mitigate against DDoS attacks.

Why are we still talking about all this in the middle of 2007. What are all those innovators and security experts doing to earn their salaries.

'These are not attacking any kind of vulnerability in the computer .. They are attacking the vulnerability of people's brains, Sophos

Re:

[mcvos]

Why are we still talking about all this in the middle of 2007. What are all those innovators and security experts doing to earn their salaries.

Working for spammers, phishers and porn sites, obviously. That's apparently where the real money is.