How to Thwart Chinese Hackers

I enjoy being wrong.

The most I have ever learned has always been from the realization that something I believed was really not true at all.  It always causes evaluation and introspection which is needed so as to not become an “Archie Bunker” like character as years go by.

I had a moment like this a while back sometime after my Dear Abby parody post, and that was that the Chinese Government is Really attacking Government and business networks and websites.  I know most of you are thinking “Just now?  Its been all over the news for years”  I know this, but the fact was I did not really believe it then because I saw Spammers based in China doing scripted attacks in order to get an unwilling machine to host a website selling pills or providing backlinks to “SEO” nonsense that complimented their message board and social media SPAM posts.  So I had good reason to believe others were misidentifying the pattern that I had correctly identified.

Until I started seeing patterns myself.

The first patterns I saw were coming from 210.75.192.0 – 210.75.223.255 owned by the Beijing Information Highway Corp (love that name) but they followed the ones I see from all over the world; random times, pointless visits and attempts to register and attempts to post.  Successful posts are done in poor English and it is clearly the model of spammers using compromised computers that likely have pirated software installed on them so they never have security patches.  This is what made me believe that there was no Chinese Government conspiracy.  Then from the same IP blocks I started seeing things differently.  I still saw the spammers but I also saw attempted logins to ssh, ftp and telnet.  I even saw port 25 get lots of VRFY attempts.  The pages searched for on port 80 and port 443 involved wp-admin and another for chef/common.rb and chef/cookbook/cookbook.rb which seemed to be a directory traversal attempt or perhaps looking for an error message.  What was odd about these attacks was that they started at about 8:30pm EST and ended  about 4:30am EST.  I blocked one particularly annoying IP that was doing the weird directory traversal thing looking for Chef Configuration Management software (I suspect one would really like to get a hold of configuration management software to configure your own compromised machines) and trying MySQL injection with attempts like '1'='1-- and admin'/* and as soon as I did that the same stuff appeared again from an IP in Bogota Colombia that turned out to have been an Adtran 904 that had a default setting of admin and password for its security credentials and a VPN to the IP in China I had just blocked and a few others on the same Beijing IP block as well.

So I did what any sane person would do and didn’t touch anything and instead blocked the Colombian IP (I was very tempted to remove all VPN configurations and change the password but I did not).  After that I just got the same old spammy probes from China and visitors to index.html that just hung around until their sessions timed out.

What I checked out later is that Beijing switched government hours from 8:30 to 5:30 to 9am to 6pm.  This, to me, meant that people showed up for work 13 hours ahead of EST in Beijing, checked e-mail and assignments for maybe 30 minutes and then started working on their 9 hour day and then around 30 minutes before leaving they stopped working and perhaps wrote summaries of their day and went home.  What is odd is that I did not see what appeared to be a “lunch” hour.  This tells me they are either being worked very hard or (more probably) love their jobs attempting to break into stuff.

I wish I had more IP addresses to fool around with.  I could then make a virtual machine as a honeypot but really customize it.  Maybe with some poorly written php that would make MySQL vulnerable and a separate virtual machine for logging.  But I do not have those kind of resources.

I would really like to write a script to focus on timestamps between commands and see what commands are made when they do get in. I could then judge whether they are using a script like Metasploit or perhaps even have to get approval from a supervisor before privilege escalation and even be able to judge their language proficiency based on spelling and grammar mistakes.  In a way I am not sure why we are afraid of them when we can use them to actually understand them since they do not really hide (or not the one’s I saw anyway).

Now..How to Thwart them.   I do not know why they use directory traversal maybe just testing to see if a web application forgot to check for ../../ and unicode type strings or maybe there is another vulnerability out there?   But I think I would avoid writing my own web applications to go live right away for a while especially when so many more secure CMS exist today.

I also would make it so Configuration Management Software such as Puppet or Chef is never available to remote administration (that could be one of those disasters no one knows about until it is too late).

The other steps are normal security best practices like good passwords, never putting in a DVD or pen drive that you find just laying around somewhere.

I believe the main key to thwarting hackers from China (I really should not say “Chinese hackers but you all know that I mean “Sponsored and employed by the government of China” when I say that) is studying their bureaucracy from what clues they give us by their online presence.  Right now I know from my experience with them is that they show up for work, put in about 8 hours and then stop working.  I also am pretty sure they are based in Beijing and they attacked routers in countries other than the nation where their target exists. (perhaps we have compromised Adtran Routers here in the US that are used to attack Iran, Venezuela or Russia).

More exploration is needed and I am quite sure this is what they are saying about us as well.

 

Dear Downton Abby,

DEAR DOWNTON ABBY: My boyfriend and I are in a long-distance relationship and agreed to split our visits 50-50 between our cities. Initially, it worked great. Unfortunately, his work schedule has changed, and for the past year he has come here to visit me only once every month or so, while I frequently drive for hours to see him.

He says that because he’s away from home for work, it’s only fair that I travel to see him since it’s “less trouble” for me. I understand that he puts in a lot of time with travel for work, but at what point does the ratio become unbalanced and unfair?

I miss weekends in my city with my friends, and it makes me sad that he won’t make the effort to see me. What do you think is right in this matter? — UNCERTAIN IN SAN FRANCISCO

DEAR UNCERTAIN IN SAN FRANCISCO:  Iron the newspaper every morning it is delivered so the Lord of the manor can enjoy reading the news without being distracted by creases.

——————————————————————————————————————————–

DEAR DOWNTON ABBY: My wife of 32 years has delusional jealousy. It is so bad that she has checked my genitals and questioned the neighbors’ wives. I have stayed in this marriage only because of our children, who are now adults.

I am at a crisis point where I want a divorce. I detest throwing 32 years away, but I have no love for this woman. We have sought counseling three times. However, once I start describing her delusions, the sessions quickly stop. — WANTS OUT IN COLORADO

DEAR WANTS OUT IN COLORADO: My dear chap, just because your daughters are suffragettes is no reason to consign them to the brothel in Ripon and self expire honourably  in the Moore with your grandfather’s dueling pistol.  We must adapt to the times.  Have some sherry.

—————————————————————————————-

DEAR DOWNTON ABBY: My sister is engaged to a severe alcoholic. I host the annual Christmas dinners and I feel stuck. When he was here last year, he broke a wine glass that held special meaning for my husband and me and generally made a fool of himself.

Should I invite my sister and tell her that her fiance isn’t welcome? (They live together.) He has gotten even worse this year. He broke three bones because he was so drunk he fell, and he left rehab three times in one month. I’m a cancer survivor and do not need the stress in my life. — NERVOUS IN NEW YORK

DEAR NERVOUS IN NEW YORK:  To start a Renault, one must first take the beast out of gear and pull the brake. check the oil and fill if needed.  You should be able to view the oil from the glass portal while the engine is running to make sure it is circulating, but for now fill the brass container and top it up.  Next retard the ignition.  One does not want to start a cold motor with a rich fuel mixture.  Next, locate the hand crank and insert it underneath the radiator.  Next double check to make sure you jolly well took it out of gear and set the brake.  Nothing more humiliating for a chauffeur than to be driven over by his own automobile!  Now with your left hand gently grip the crank but with your thumb on the outside.  If it catches you don’t want your thumb broken now do you?  At least if it does it will only be your left hand and since no right chap is left handed that will not be a concern.  Next you turn the crank and jump out of the way in case the brake cable breaks and the engine vibration knocks the auto into gear, you do not want to die under a Renault.  Finally proceed to wipe off any dirt from the motor, check to see that oil is circulating.  Give the fuel a pump or two and advance the ignition to give it a richer mixture, a suitable church going fuel to air ratio would be splendid.

 

More on Dodgy Recruiters

A problem I have is that when I get interested in something, even if it is unimportant and not vital to my well being or even that entertaining I will spend a stupid amount of time on it.  This is a good quality to have in most ways.  It means I have an attention span, it means I can stay focused and it means I can solve problems and enjoy doing so.  But the down side is that sometimes I forget to eat lunch.    Sometimes I will be looking up and classifying obscura instead of washing my clothes and then I will have to go down to The Gap to buy underwear and socks because The Gap is open later than the laundry room in my building.

I did this the other day while looking up fake recruiters and I believe I have various Modus Operandi classified for them.

The first part is psychology.

When you are looking for a job you must be positive in your outlook and your interactions with people.  This serves two purposes in that it helps to have a cheerful demeanor just to make your period of unemployment more pleasant and it also serves others as well so you do not subject people to complaining all day.  Also being positive right away during a phone call or an e-mail exchange makes potential employers at least want to continue correspondence with you, and that increases the chance of employment later.   The fake recruiter exploits this by increasing the chance that you will communicate with them just because that is your demeanor with everyone.

If you say something like “I do not deal with Indian / Russian recruiters” to them and it turns out it is a legitimate agency with a legitimate employee who happens to be from the same country as one of the fake recruiters then you will look (deservedly) like an ass.  But the fake recruiter will exploit this, both to keep getting information from you and keep that e-mail correspondence happening.

So, what do they do with the information?

First I heard that they keep on cutting your pay rate lower and lower so they can give a cut down the recruitment chain.  If you ask for $50 an hour they will ask later if you can go down to $48 and then to $46  and finally down to $30.  This is supposed to reflect their unwillingness to take a cut out of their money to pay down the recruitment chain.  So a job that is $75 would mean a $25 cut for the recruiter but if a number of people sent you to that recruiter they need to be paid so instead of cutting out $10 from their take they cut $10 out of yours but at $2 a phone call or e-mail.  Then when it comes to pay, they get you to switch from W-2 to 1099 and then never pay you keeping it all for themselves.  This has a logic to it but I have not found any evidence for it.  When people do not pay someone for work there is always some sort of evidence of a rant online or a lawsuit filed in small claims court but I have not seen this.

So, what are these fake recruiters doing?

As far as I can tell they really never want to get you a job.  They want one thing: An e-mail with a resume in word format attached.  They use this for two things.  They take your information (and sometimes your name) and tack it on to another person wanting an H1B visa.  Then they take your e-mail, re-edit it to make it seem like you are giving them permission to exclusively represent them for the job.  This enables them to submit your edited resume, which has been edited to make you unqualified, to the HR department of a company.  When they tell the HR department not to take duplicate entries of their client resumes the HR department complies, since they have better things to do than to check to see which recruitment companies are legitimate or not, and then they submit their own candidates who may have your real qualifications listed as their own to see if the company will sponsor a H1B visa for them.

If they sponsor one, then the fake recruitment company gets a large payment from the hopeful immigrant and continues to get a kickback from original company.

Like SPAMMING operations, these recruiters rely on volume, cheap foreign phone banks, VOIP numbers that correspond with the location of their corporate mailbox in the USA or Canada and they do not get that many “hits” from corporations.  When they do it is one from an area that needs filling right away, so they hobble real candidates by getting e-mails and maybe resumes from them while promoting their own H1B visa candidates.

How do you tell if a recruiter is fake or not?

It can be tough, these people go through great lengths to mimic real recruiters.  Their websites will have corporate giants on as “clients” (usually just a logo) but try to contact G.E and ask them if some small website that claims them as a client actually is their client.  I tried for about one hour and it seems impossible to get someone who knows about these things on the phone.  One thing I realized is to look at the headers of the e-mails.  If they give a North Carolina location but the IP address in the headers is from Hyderabad India or Murmansk Russia, then you should assume they are fake.

The earlier post I gave the example of Rabindranath Tagor being changed to “Bob Smith” and I claimed that they just changed the name to sound “more American” but now I realize that though some people do this, others actually assume the name in India (legally change it or take on the identity but not the citizenship of a resume sender) and sometimes a “Bob Smith” from Mumbai comes to America on an H1B visa.

One of the best ways to check
myvisajobs.com

This is a website that I think is used by people wanting H1B visas to check which recruiter gets a good portion of them.  So if you enter your recruiter name there you can see how many Visas they got and what the average salary was for them.  Remember that legitimate recruiters get H1B visas too.  You can check Robert Half on that site and see they have had over 200 H1B visas granted since 2001.  That is expected for a global recruiter.

Now check the name of some company that actively solicits your information from you.  My target company (name not being mentioned yet) has a one room temporary office on the outskirts of a Research Triangle town in North Carolina and an office in Hyderabad India.  Their calls frequently drop do to bad VOIP connections.  Anyway, they have 30 more H1B visas accepted in the USA than Robert Half international with a salary for H1B visas being $40,000 less a year than the ones granted to Robert Half (I am not trying to suck up to Robert Half but good work on not being sketchy!)

In conclusion, do research, be wary, and if you get suckered (like I have) try to go on damage control by contacting the HR of the company that the phony recruiter claims to represent and explain to them that no one but you is exclusively representing you and ask what recruiter they use (if any).  Or get a legitimate recruiter to advocate for you, because they will have a stake in your career as well as their own business.

—–edit——

To clarify before more comments are attempted to this post:

1. I am not anti-immigration.  I just oppose people pretending to be recruiters for jobs in the USA when they are really using it as a front for immigration services.    So please do not use me in some kind of anti-immigration spiel you have going on in your head because I will likely oppose it.

2. I am not racist or “anti-Indian”.  I should not even have to deny this but this is one of the tactics I suspected is used to prevent discussion of fake recruiters and their tactics.  I will continue to discuss them whether they are Indian, American or Russian companies.  If they do tech recruiting in the USA but that is not really what they are doing, then they will be discussed.

I am amazed at how fast I got responses to this post.  I hit a nerve with both the anti-immigration crowd and the Pro-Sketchy-Recruiter Crowd but I am going to be vigilant with moderating the responses since I want this site to be a one-way conduit of information…from me 🙂

 

 

 

Recruiters who say they are from America but are not at all

Anyone who thinks they are immune to scams and frauds will usually be taken by a scam or fraud.   This is how people make money for nothing, by relying on people thinking they are too clever to fall for something so they fall for it harder than ever.

This has happened to me more times that I care to recall.  Its embarrassing.

One time I had a person approach me with the “Hey, I lost everything but I can get it back if you give me a large sum of money and you give me your address so I can mail the money back to you”.  He said he was American, but had married a Norwegian but he and his wife lost everything in their luggage and he could not stay at the youth hostel on Amsterdam Avenue on the upper West Side because they did not allow Americans to stay there (which is true…Americans, Canadians and Mexicans cannot stay there…which is probably in the tourists best interest).  And I ended up quizzing him about Norway, a place I am familiar with, and let him know he failed miserably and gloated over the fact he asked the wrong person.

Then one year later I gave $40.00 to a guy in a bar because he made me feel his calloused hands and showed me a Union Card and he promised he would pay me back.

He never did.  It dawned on me later that his calloused “workingman’s hands” were really just hardened by years of holding a hot crack pipe.

I got suckered because he sized me up as someone who knew what it was like to work and get screwed over and I felt sorry for him and gave him drug money thinking it would get him back home to New Jersey so he could be among his loved ones and some proper hand lotion.

I have been looking for a job lately.  The environment has changed since I last had to look.  Back in 2006 I met a recruiter who I swore up and down she had been sent to me by god.  She got me a great job that I loved, we hung out and often had dinner together and enjoyed pleasant conversations and good food.  She advocated for me with my employers if needed and I reviewed resumes for her to make sure she had the most trustworthy candidates possible.   I know I probably just got lucky and ran into an exceptional recruiter but my experience with her has perhaps made me overly trusting and vulnerable with others.

I am very suspicious of someone who uses a name that is not theirs during any kind of transaction.  If your name is Robert and you go by “Bob” then that is fine.  If you have a name that Americans easily forget because you or your parents were not born here then it is perfectly fine if you want to simplify and use “Bob” instead of Rabinidranath (Bob Tagore wrote the national anthem of India) but if your name is Rabinidranath Tagore and you go by the name “Bob Smith” then there is something wrong with you.  If you have a Voip phone that claims you are based in the US but its connection drops at the same time there are network outages in Mumbai then I am really suspicious.  I have had run ins with folks from the Indian subcontinent who have done this before and it always seems to be a way to cover their butts when their business plan goes belly-up.

But, in spite of my experience, successful lawsuit against someone using a similar tactic in a different field I have fallen for a recruiter who claimed to represent a company as an Anglo-Named businessman but really was just a resume combing person who tried to get me to sign away on not applying for another job.

From what I can gather the method seems to be designed to get H1B visas issued but I have no idea if it really works or not.  The trick is this:

1. Be a recruiter with a PO box in the USA but do not be based in the USA.

2. Contact job applicant.

3. Get them to agree to be exclusively represented  by their company.

4. Get enough qualified people to make this agreement.

5. Try to convince the company to sponsor H1B visas since no other qualified applicants can be found.

6. If you succeed, get one of your “recruiters” back in India to take the job and then get a big cut.

I am not naming real names because I have no proof of this.  It is pure speculation on my part.  But I did fall for another scam I should not have fallen for.  I will probably always be vulnerable to a degree but I assume everyone else is as well.

 

 

A quick observation on “Get Paid To Take Surveys Online” scams

I am fascinated with what I call the “Sucker Circuit” section of the online economy.  The disparity of traffic to income of Sucker Circuit is high, only those at the very top of the chain make the money and those at the very bottom are the ones who fill social media with nonsense to generate “traffic” in the form of clicks,  These coveted “clicks” just hope to get a small percentage of income generated hoping another sucker joins the Sucker Circuit.  Because of this message boards and blogging software has registration counter measures, most free blogging websites are filled with keyword garbage to generate google ranking so that more “clicks” are obtained that they hope will lead to more suckers.

And so on and so on.

I found one sucker on LinkdIn.  He posted like he was a job recruiter (they use photographs of pretty, young women) to lead people to his website.  The fact he owned the website made me think he was more of a middle man in the Sucker Pyramid, but still I was curious about him.

I googled his e-mail address and found out he had been ripped off last year for about 100,000 rupees (almost $1900.00) when he joined a “Get Paid For Surveys” website called aeroliteonline.us.  In fact a lot of people from India got ripped off by them.

What that website offered (it is no longer up) was valid “survey identities” from Western nations because members of those nations get paid small amounts to take marketing surveys (apparently…I know nothing about this as it is really out of my world) but those small amounts are not so small to poor people in India and elsewhere but they do not have valid rich nation identities.  So these sites offer to sell them these identities, and aeroliteonline.us was selling identities for 6500 rupees ($120.00) with the promise of earning 4000 ($74.00) rupees a month per ID.  That means after two months of surveys per ID you make a profit.

The LinkdIn spammer bought fifteen IDs and lost them.  other lost amounts either greater or lesser.  One fellow lost 66 IDs that he was managing in his own pyramid scheme that he made with his friends and family members but unlike the owners of aeroliteonline.us everyone knew where to look for him to ask for their money back.

Needless to say aeroliteonline took everyone’s money and vanished, likely to a similar scam and they will likely prey on the same people, who are perhaps some of the more defenseless people in this world.  I would like to find the people who ran this scam and post their contact information here but I really do not know who they are.  They did not make the common mistakes others make when trying to hide their identities online but rather just blatant mistakes that lead me to nowhere, like claiming to be from Geneva, Ohio in the country of Switzerland.

Remember that the next time you are annoyed by spam or asked to follow a pointless link that there may be someone on another keyboard who paid the equivalent to one year’s wages in their own country for the opportunity to bother you and will probably never get their investment back.  Perhaps if we could learn to do better at thwarting this spam, these people would get out of the Sucker Economy and  join the real economy.

Cyber Information Super Smart Virtual Drug Highway: The Bee’s Knees of the 1990’s

I enjoy old things and using them today.

I have a watch from WWI that is filled with some sort of radioactive material so people could see what the time was in a trench.  I wear it too.  I am not sure if this is a good idea.

Did you know that in Medieval Europe that spices were used in such a way that the food was more akin to Ethiopian or Indian food?  We were taught that spices in the middle ages were used to cover up the taste of rancid meat, but how did a culture live  for over 1000 years on a diet of rotten food?  The answer is it didn’t.  If you recreate Medieval European food like I do you will find it is delicious and the spices and herbs were used for flavor, not obfuscation.

That is why I like using old things today, you learn about the past and the present.  Sometimes the cost might be wrist cancer in the future but the rewards are immediate.

I also like the old terms for the internet.  Like Cyberspace, Information Super Highway (actually I hate that term) and Virtual Reality.  I like them because they are so optimistic.  Virtual Reality at its peak was text hosted by some student on a University computer talking about “Smart Drugs”. I still like using them when I can because of that optimism.  Never mind that smart drugs like Piracetam taste like the smell of burning plastic and doesn’t make you smarter or that at best Virtual Reality was a cumbersome glove that showed up as a robotic hand when you wore expensive goggles and at worst it was nothing like reality at all but we still felt like smart people with narrow sunglasses and short hair would be the protectors of the world someday.  It did not happen exactly that way of course.  But I would love to some “old” ways of communicating come back again even if just for the use of understanding our recent past a little better and explaining how we got where we are today.

Odd how I am speaking about 1990 to 1995 like it is the steam era before Brunel.

Part I: “Low tech hackers” are nearly impossible to stop

When an organization or an individual has a security or privacy breech from the internet we often assume it was done either by a young male with intimate knowledge of computers and the networks they are on or by a “script kiddie” who got the equivalent of a skeleton key that someone else has made so they can let themselves into your life in some way.  When these people do attack it is often just once and then they are off.  They are best stopped by “locking the doors” because how they get in to where they are not supposed to be is by wandering around and trying doors to see if they have been left open or using old key cards that should have been changed ages ago.

We know about these people.  Books have been written on stopping them.  Businesses have been formed based solely on stopping them.  Software has been written to seek and destroy their tools but yet there are more of them than ever before.  One thing people keep as a secret in the security world is this:

Breaking into computers is fun.

Most of us can thank VMWare and Xen for both keeping our skills up and keeping that money making “white hat” on our heads as we ride off into the sunset having saved the day and taken home a check but we had fun doing it and the person whose work we were mitigating had fun giving us work.  It is like that Warner Brother’s cartoon with Sam and Ralph, with both sheepdog and wolf working for the same company but one to protect the sheep and one to try to eat them.

Not all  hackers have skill.  Not all hackers even know that they can go online to get tools that they need to break in to places.  Not all hackers have fun doing what they do.  They do it for reasons that make computer security people, firewalls and anti-virus software useless.  They do it because they have a compulsion to do it.  They do it because they feel they have to.  They do it because they are often mentally ill.  They are also impossible to stop using conventional methods.

The “low tech” security risk can be especially difficult because often these people have all the time in the world.  When you have an obsession and unlimited free time you can get creative in ways a more technological savvy person will not bother with.

One group I did work for had a problem.  They had a fellow who used their website to send messages to a women he had “fallen in love with” but who had rejected his advances.  He decided that she visited this website (she didn’t..it escalated to the point of me talking with her by phone) and that he would send out communications to try to get her attention.

What he did instead was disrupt the website that he used as a “stalker pulpit”.  He was denouncing the woman and all other forms of injustice against him and slowly turning the focus of the site away from it’s intended purpose to be about him and his failed love life.

Then he started to solicit users of the website to contact the woman through her place of business and that was when I was contacted to stop him.

What logs did I have to look at?  None.  What did he break into?  Nothing at all? But imagine you run a burger place and someone comes in and decides to set use your booth as a space to promote their religion.  If you do not move to stop it, you risk having your customers going elsewhere to get away from being preached to.  In a burger place that is easy, you kick them out, and maybe contact the police if needed.  On a website with open registration that is more difficult.

The first thing I did was try to block the IP addresses this person posted from.  He then moved from his home to cyber cafes.  I even found a cyber cafe with security cameras in their IP block that were open to the internet.  I remember this well because this cafe had a giant tree growing in the middle of it.  So when he would log on from that IP I would type in the IP of the camera with my browser and see him sitting at a computer logging into the website he was banned from.

I then decided I needed more information so I contacted the woman who was the object of his obsession.  She had never met him but she did have a restraining order and he had his own case officer with the RMCP.  She then told me a creepy story about how one night she had heard rustling in the bushes near her house and she thought nothing of it but when she went outside the next day on her porch was a picture of her stalker dressed in an all white suit (like Mr. Roark from Fantasy Island).  I should have kept my mouth shut but I told her that he kept on posting pictures of himself dressed in all white with cryptic messages which must have meant he still thought she read the website.  I should have known this would frighten her.  I had forgotten that to her this was person trying to invade her life but I was seeing everything as just facts and coincidence and forgot myself and I still feel bad about doing that.

She contacted the RCMP case worker (I don’t know what the official title is since I am not Canadian) and suddenly website activity stopped, but six months later it started again.

(more later)

 

 

I once saved my life with social engineering

Normally when someone says something dramatic like the above statement they go on and you realize that they were just speaking metaphorically like “Read this book, it will change your life” and then you read about the book and find out it is written by a smiling man who either wears a tie with no jacket or a jacket without a tie and his words are used in the same manner as his fashion.  He will not change your life at all.  It is just a scam written by the heartless for consumption by the gormless.

When you are in the business of computer security a side project is always tackling scam artists because the twains often meet and sadly you also learn that no matter how poor and desperate someone is, they always have $20 to spend on a book and they always have $200 to spend on a “turn-key” business.

Unlike hucksters, when I say something like this it is really true.  If I had not been a social engineer I would be dead right now.  I suspect my remains would be somewhere in the Port Au Prince bay or perhaps laying in Cite Soliel but I would not be typing this and I don’t want sad and needy people to give me money.

It all started almost ten years ago.  I was at the Gare Du Nord train station in Bucharest Romania.  Gare Du Nord is probably the most notorious train station in Europe and for good reason.  Lots of petty hustlers, large areas of the station are unoccupied and you can quickly find yourself being shaken down by someone with a badge.  In Bucharest, they give everyone at the train station a badge it seems.

Anyway, I got a train ticket to Istanbul and I had to wait a few hours for my train to leave.  I sat with my back to the wall so no one could sneak up behind me and just watched people.  Nature called and I lost my place because I had to pack up all my things and take it to the toilet with me and when I returned I had to stake out a new seat.  I was approached by a man pretending to be a policeman.  He told me that he had to check my money for counterfeit bills.  This meant that the bill he found would indeed be counterfeit and he would give me a receipt for it and then he had 100,000 lie for just the cost of a fake badge.  For some reason I decided to pretend he spoke very poor English.  No matter what he said and how clearly he said it I pretended he had said something else.  He asked for my passport and I offered him a potato chip.  He asked to see my train ticket and I showed him a photograph of my parents.  Finally he stopped speaking and resorted to hand gestures and he made a certain motion with his hand, mouth and head that I took to mean “do you want a prostitute?” but it also looked similar to how one would quickly eat an ice cream cone so I got up and bought one.  He threw up his arms in frustration and left me alone.

That did not save my life really, but it taught me that I always had to the power to cause doubt in people.  He lost his pretend air as an authoritative policeman and quickly degenerated into a stammering, confused man prone to making obscene gestures.  The next time I encountered that was when I went to the Haitian slum of Cite Soliel the next year.

Cite Soliel is a flat outcropping that juts out into Port Au Prince bay and it is the poorest slum in the western hemisphere.  It is not even made out of “land” as we know it, it is made out of shells and detritus.  The shacks there are made of metal and string and when the wind blows you cannot hear anything because the whole place rattles with loose corrugated metal and flattened 55 gallon oil drums.  There are children everywhere.  It is like a “where is Waldo” game but with real people…you stare at any given area long enough and suddenly your eyes adjust and you start seeing children.  Lots of children.  You never see any old people because they are dead.

There are also street gangs.  I hired a gang of pro-Aristide thugs who were followers of a gangster named “Tupac”.  I found it ironic that a real Haitian gangster had himself named after a fake American gangster.  It would be like a real General naming himself after Donald Rumsfeld.  These guys were about 14 to 18 and kept guns in their underwear.  One fellow had the gun go off in his shorts and blew part of his foot off.  My body guards main rival was another Gangster named Billy.  Billy and Tupac were supposed to be brothers in films that are made about them but that is not true, they were foster brothers.  Orphans are numerous in Cite Soliel and their foster mother (I met her, her name is “Mom”) raised them to be gangsters simply because that was her best hope for prosperity.  In Cite Soliel a woman does not take care of others children to be charitable.

At the end of my tour this fellow in a red bandana and riding a BMX bike showed up.  My bodyguard on crutches said “Billy’s soldier!” to me before he started hobbling away.  This was a gang of people whom everyone in Cite Soliel was terrified of, but here they were, clucking like hens about to be eaten by a fox just because a kid on a bicycle showed up.  While my bodyguards were cowering I approached the guy on the bicycle.  I walked up to him and looked him in the eye and said “Hello, my name is Erik.  It is nice to meet you.” and he stared at me, looking at me like I was a pinata and all he had to do is figure out where to hit me to cause candy to come spilling out and said “Gimme da money” and I said “sure” and I reached in my pocket and pulled out a stick of Wrigley’s Spearmint Gum.  As he and I both chewed he had a confused look in his eyes and he said “da money.  gimme da money.” and I gave him another stick of gum and walked away.

I went over to my cowering bodyguards and said “thank you, this money is for all of you to share.” and I gave them about $100 in Gourdes in bills so large that they had to fight over it.  I then jumped into a an old Honda Civic and sped off.  I looked in the mirror and saw that Billy’s Soldier was following me on his bicycle and trying to shoot me.  He missed the car completely thanks to pot holed roads screwing up his aim.

It is very likely I would have been killed had I not distracted him by causing his own doubts about his English ability to surface.

Later that day I was caught in the middle of a gunfight and then briefly kidnapped by a voodoo priest in Petionville.

But that is a story for another day.

Unix interview questions and what is never answered by asking them

Many years ago I was an “anti-globalization” activist.  I hated that term.  I was not anti-globalization at all, in fact I love being connected to the world and I want there to be more connection with others, not less.  I also do not oppose “Free Trade” at all, If Bob from London wants to sell a shirt to Randy in Winnipeg there is no reason at all that Randy in Vancouver should object and try to get Kate in Ottawa to make it more difficult for Randy to buy one of Bob’s shirts. (in my world all Canadians are named Randy and Kate).  What I was opposed to and still am is treaties dealing with commerce.  NAFTA and GATT were so big that people hardly read them.  The Congressmen did not read these because they were huge.  I remember reading that GATT, when printed out, would have required a member of congress to push a wheelbarrow filled with GATT so he could read it and know what he was voting for (which never happened).  We in the United States are obliged by our Constitution to adhere to treaties and anything that takes up a wheelbarrow full of paper is not something designed to set us or anyone else free.

For some reason police were really afraid of us.  We never hurt anyone.  Many people were vegans or “strict vegetarians” and they did not want to hurt anything that breathed at all.  I can therefore say that the Police, the FBI and all of those people did very poor work simply because they did not know what to ignore.  They treated everything as a “job” and that included harmless people who didn’t eat meat and whose biggest crime was refusing to wear deodorant in my rental car.  If they had ignored us perhaps they would have noticed men in flight schools across the United States wanting to learn how to fly, but not caring if they learned how to land, but they didn’t.

I thought about this scenario when doing phone screens for my job hunt.  Phone screens are needed as they filter out the fakers in the tech world but lately the questions have not been “what do you do in this situation?” which a real IT professional will be able to rattle off real anecdotes and examples, instead they want to know commands.  Unix and Linux have a lot of commands.  I have used commands for years, then not used them for a year and completely forgotten them.  This is fine when I am at a keyboard because all I do is enter “man -k” or “apropos” and then the topic of what I am looking for  and do a quick scan and then see something that triggers my memory like:

“man -k duplicate”

chkdupexe (1)        – find duplicate executables
dup (2)              – duplicate a file descriptor
dup2 (2)             – duplicate a file descriptor
dup3 (2)             – duplicate a file descriptor
FcPatternDuplicate (3) – Copy a pattern
FcStrCopy (3)        – duplicate a string
msguniq (1)          – unify duplicate translations in message catalog
strdup (3)           – duplicate a string
strdupa (3)          – duplicate a string
strndup (3)          – duplicate a string
strndupa (3)         – duplicate a string
wcsdup (3)           – duplicate a wide-character string

I would then remember that I used chkdupexe once to halt two executables from running at the same time and causing the CPU to be running at 99% and 100%.  My fingers are faster than my phone voice.  I can concentrate better when I am not taking an oral examination that requires specific answers.  If this question was asked on the phone and it required an exact answer from memory I would have hemmed and hawed and that would have been followed by failure.  If I was asked “how do you handle a race condition?” then I could talk on the many details of this subject and fill it with boring anecdotes.  But this is not a common problem. If a data center had to deal with race conditions all day long to the point where their IT staff had memorized how to handle this situation they would have much bigger problems looming in their future.

One question I would like to see asked everywhere is “How do you decide what to ignore?”.  Choosing to ignore something seems like an anathema since admitting you actively choose to ignore things is akin to sloth, but we ignore things all the time and all day long.  Right now I am ignoring my carpet and my sink, but that is passive ignoring.  If the doorbell rang now I would actively ignore it.  Not to be rude but because I know that the only people who ring my doorbell at this hour are members of this strange church who only speak Spanish and think that “Laying of hands” will cure me of my monolingualism.  I have better things to do than to open my door and have old women touch my face.

So twelve years ago we had law enforcement paying attention to terrorists who were not terrorists while ignoring the terrorists who really were terrorists and we probably also have people being hired in data centers who just know how to do well on tests but do not know how to work in a data center.

 

A dissemination of “comment spam”

Many years ago I was managing the website of comebackalive.com which is owned by my friend Robert Young Pelton.  We were running a phpbb forum and for about one year when it seemed that “comment spam” started happening.

I was curious about this.  A few years before I had tracked down a Romanian hacker and eventually became friends with him (Eastern European Hackers used to be really easy to catch since they always provided their photograph and their address and phone number on whatever website they frequented under their nom de guerre ) and in 2003 I visited him and his family in Cluj Napoca and had a wonderful time (we went fishing and I used maggots for bait)  I asked my hacker friend what the deal was with this comment spam and he told me that he did not know much about it except that it was from the Ukraine.

I eventually started doing research and I found out that most of it was from a guy named Alex from Sebastopol on the black sea.  Later “Alex” would write the comment spam program called XRumer.  I still never found out the last name of Alex and it has always bothered me that I did not pursue this with more vigor because I surely had time back then.

Now XRumer is a mainstay of spam.  It is now run like a Multi Level Marketing scheme in Eastern Europe that I like to call “Spamway”.  It produces annoyances here and makes people think that by investing a few hundred dollars “over there” that they stand to become rich.