Modern Mischief and the Digital Prankster
As a teenager, I played my share of lame practical jokes and stupid pranks. I can remember a spate of midnight ring-and-run missions, and more than a few prank calls -- usually involving heavy breathing or asking if there was a John in the house. But as technology makes it easier than ever to reach out and annoy someone, it's also easier than ever to cross the line between immature stunts and criminal acts.
Yesterday, I heard from Leslie, a Security Fix reader in Washington who recently had more than $200 worth of pizza delivered to her house from two different local establishments. Naturally, she had not ordered the pies, and proceeded to quiz the managers at the respective pizza places as to the source of the orders. In each case, the managers said the orders had been placed via IP relay services -- Internet-based call services used by the deaf and hard of hearing.
Last month I wrote about how the government is trying to figure out how to cut down on the growing amount of fraud and abuse being perpetrated with the help of these taxpayer-funded services, but that's not the focus of this column. While Leslie was on the phone with the pizza joint, her credit card company called, asking if she approved the purchase of all the pizzas. She explained that she hadn't, but then was taken aback at how the pranksters obtained her credit card information in the first place. Switching back to the pizza place, she was told that someone from her residence had ordered pizza from there before, and so the establishment had simply stored her credit card number in their database. So when the pranksters ordered the pizzas, they were automatically charged to her card.
I wonder how many companies store credit card numbers like this? On the one hand, the business may see storing such information as a convenience for the customer -- but on the other hand, not having to protect and safeguard that data would seem like an attractive option for businesses in an era when hackers are trying harder than ever to break in solely to steal that information.
Some companies online will ask you if you want them to store your credit card information for future purchases. One of my favorite online stores -- Newegg.com -- does this, and even though I am fiercely loyal to their excellent customer service and great bargains, I've never asked them to store my data. It would be nice if more companies gave customers this option; my gut tells me that most companies who do not are simply storing the numbers in a database somewhere.
Anyway, back to the story. So Leslie had just gotten the delivery guys to take back what she never ordered, and asked Visa to remove the charges from her account. Meanwhile, the pizza stores were out a lot of dough from the orphaned pies that were now congealing in a mass of cold grease. A few hours later, while at the supermarket, Leslie received a call on her cell phone from her daughter. Apparently, a suggestively clad woman answering to the name of "Precious" was at the door asking for her son by name.
Leslie said she then called Gerald -- we'll generously call him the "human resources manager" at the escort service that employed Precious -- and learned that Precious had also been summoned to her address through the very same IP relay service out of Minneapolis that was used in the pizza fiasco. (Thankfully, the escort service did not also have her credit card number on file from a previous transaction.) Needless to say, Gerald was none too pleased to hear that Leslie's son would not be needing an escort, a precious waste of time indeed at $220 an hour.
Gerald also was interested in finding out who might have been responsible for the phony order, but alas he was at a loss for what to do other than contact the police. Leslie said she filed a report with the cops, but added she is not sanguine that anything will come of it. She thinks the person responsible might be a reclusive local boy who may harbor a grudge against her son.
"I suspect it is another kid, one who knows my son, and I want whoever it is to know that I know who he is, and subsequently his parents and the school, as well," Leslie said.
At any rate, this type of fraud certainly ranks below cyber crime, cyber stalking, and even cyber bullying (the US-CERT this week put up a set of tips on how to deal with cyber bullies). I don't know if there's already a term for this type of behavior (cyber harassment?), but nonetheless it is certainly illegal on a number of levels.
Does any of this sound familiar? Have you, your family, or anyone you know been the target of cyber harassment? Drop us a line in the comment section below.
By Brian Krebs |
June 1, 2006; 12:35 PM ET
Latest Warnings
Previous: Redmond Derby: Microsoft Meets NASCAR |
Next: Circuit City Support-Site Hack Installed Spamming Program
Posted by: Don | June 1, 2006 2:11 PM
There's a group called Perverted-Justice.com that works with NBC's Dateline "To Catch a Predator" show. Sounds great, right? But when you take a closer look, the group itself is pretty scary. After a "bust", members make a point of posting personal information not only about the suspect, but about his family members too. Here's an example post by someone calling herself "Doodler." (I removed the family's last name.)
------
Geez, I've been searching for this thread. I was so proud of Antiperv for getting this bastard.
My husband and I were friends with the M***'s here in Shreveport, LA. We BBQed with them, went to their church because they both taught Sunday school, celebrated Christmas and Mardi Gras, and used to go bowling on the base with them. Our daughters are in the same class together...until tomorrow since his wife decided to home school their daughter next year (since they won't have any money to pay for private school). Anyway, his wife, another woman, and I were really good friends when we first moved to S'Port in December 2003. That is when we all did things together. Then a year later my friend and I had a falling out with his wife but we just couldn't figure out why. She just started distancing herself from us. Since my husband is also a pilot in the AF, he had heard rumors about him getting into some trouble in Vegas. We weren't sure of the details. We didn't think it was that bad since he was still hanging out with us. We kinda thought he cheated on her or he gambled too much and might have lost a ton of money. Little did we know he was chit chatting with a 14 year old girl! Oh yeah, both my husband and I read the whole conversation! What a sick "Christian."
Soooo, the past few weeks his daughter has been "sharing" in class (I'm friends with her teacher and my daughter is in the same class so I hear EVERYTHING-ha, we've been keeping our ears open). His daughter was talking about family in town, a big yard sale last weekend, and her dance recital that was coming up. She listed all the people that would be at her dance recital and didn't even mention her dad. Another student asked why her Dad wouldn't be there and she said, "I'm not allowed to talk about it." Hmmmmmm, she knows something but I'm not sure how much she knows. OK, so then I ran into his wife today at a birthday party. We talked for about 20 minutes. She was talking about her hubby like he was at home mowing the lawn... I asked if they had travel plans this summer and she said they were "just hanging out at home, just the usual trips to Dallas." She doesn't know that I know about her perverted husband, but we do and we are spreading the word. I think people should know about this man since he does have a daughter and she has friends. I don't want him to ever be able to touch any of them!!!
So, I'm wondering details about his arrest. I'm so happy you got him and am still in shock. When did he get arrested the first time? Was he caught in Vegas or here in Louisiana? All I know is he went to jail last week. When did his wife find out? Anyone know more about this sick bastard?
BTW, she still is wearing her wedding ring. I would've throw that POS away a long time ago...
PS You are all right about his address and phone number. I e-mailed it to Antiperv...
------
Cyberbullying? Sure looks like that way to me. In fact, Perverted Justice has a bulletin board dedicated to attacking its critics at http://www.corrupted-justice.net/forum. I think it pretty much speaks for itself.
Posted by: Allison | June 2, 2006 12:43 PM
I'm in cybersecurity hell at this very moment. Last week, someone hacked my PayPal account, changed all of the profile and login information, and stole every penny I had from my bank account. Paypal is a nightmare to deal with. I've spent hours fighting to get my money back with people who sneer and insist that I MUST have given my ID to someone. I did not, and I always delete spoof email (read ANY email from ANY company) without opening it. Two days later, the thief hacked my Yahoo! account which I'm now blocked out of (I'm an independent contractor and do all my business from that account)and it's impossible to get anything other than a form letter from their "help" (really?) center.
Posted by: Lissa | June 2, 2006 5:59 PM
While on the Credit Card subject.do YourSelf me and your readers a favour by checking this site with card warnings related to (OFFLINE) use of cards.(IS THE CARD IN YOUR WALLET STILL YOUR CARD?).
http://www.users.bigpond.com/tullymore2/pr.htm
We all worry about online card safety and we tend to forget about the oldest tricks in the book.now made easier with the use of modern day items like cell phones.
thanks for the space.kind regards. auscom.....
Posted by: auscom | June 13, 2006 5:11 AM
The comments to this entry are closed.
Around 1985 when I ran my high school computer club I received a spat of daily calls from modems- as many as a dozen a day- from hacked U of MD conference call lines. Back then no one was arrested. Kids from that club later sadly blew themselves up building a pipe bomb. People who don't like people always cause problems no matter what technology is used. And being the president of the computer club merely made me the most functional of a group of weirdos, hardly someone people should have been jealous of.