Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Child Porn Accusation As Online Extortion Tactic

timothy posted more than 9 years ago | from the sounds-like-an-fbi-method dept.

Security 321

Glenn writes "There's a story on silicon.com about a new twist in the tactics used by online extortionists trying to blackmail ecommerce sites with denial of service attacks. Yesterday one blackmailer threatened to send out child pornography emails in UK gambling site Blue Square's name if it didn't pay up 7000 Euros." This sounds even worse than simple DoS threats.

cancel ×

321 comments

It's all SMTP's fault! (5, Insightful)

LostCluster (625375) | more than 9 years ago | (#10643784)

Using SMTP as our default e-mail system has got to go...

SMTP is wide open to the kind of attack that is being discussed here. Since there's no authentication of the sender, anybody can send out messages with the "From:" address of the desigated victim, and can smear their reputation into being anything from a spammer to a pornographer.

The only surprise to me is that it took the bad guys this long to make the connection into this being something to make extortion threats over. It's not like this was a well-hidden problem with SMTP, sender spoofing has been done by spammers and phishers for years.

We need to retire this standard and find a better way to move e-mail with the ability to authenticate that the claimed sender is the real sender. It'd solve this problem and a whole bunch of other ones at the same time.

Re:It's all SMTP's fault! (4, Insightful)

DaHat (247651) | more than 9 years ago | (#10643847)

I'm all for the retirement of SMTP... but don't you think it would be wise to have a well known, well supported and well used standard already in place before throwing out SMTP? Such a plan would go something like...

Phase 1: Retire SMTP
Phase 2: Panic
Phase 3: Develop, implement and distribute new e-mail sending system (maybe profit)

Personally, I fear Phase 2!

Re:It's all SMTP's fault! (1)

miscGeek (594829) | more than 9 years ago | (#10643993)

You're missing part of Phase 3.

Phase 3: Develop, implement and distribute new e-mail sending system (maybe profit) (with possibly as bad or worse holes).

Re:It's all SMTP's fault! (4, Funny)

Zangief (461457) | more than 9 years ago | (#10643995)


Phase 1: Retire SMTP
Phase 2: Panic
Phase 3: Develop, implement and distribute new e-mail sending system (maybe profit)

Personally, I fear Phase 2!


But...your fear is developing according to your plan...so it is good, isn't it?

Re:It's all SMTP's fault! (1)

DaHat (247651) | more than 9 years ago | (#10644059)

Fear != Panic

I fear the panic that would be caused by SMTP being retired one day without a working replacement in place and a seamless transition between the two.

So long as we don't try to throw out SMTP all together... the panic can be avoided.

Re:It's all SMTP's fault! (3, Insightful)

suso (153703) | more than 9 years ago | (#10644170)

Really, there should never be panic before development. That is when bad implementations happen. Look at the panic that led to the Patriot Act.

Re:It's all SMTP's fault! (0)

Anonymous Coward | more than 9 years ago | (#10644149)

What about XMPP [xmpp.org] ?

Re:It's all SMTP's fault! (5, Insightful)

terraformer (617565) | more than 9 years ago | (#10643880)

Actually, this could be done with the world's postal systems as well... Although it would cost more. The problem is not with SMTP itself, but people reliance on it for authentication, which it was never designed for. What needs to happen is the widespread adoption and use of technology like SMIME. A technology that was designed to be used for authentication.

Re:It's all SMTP's fault! (1)

terraformer (617565) | more than 9 years ago | (#10643984)

And on a related topic, these sended id schemes bolted onto SMTP or attached in one way or another are horrible for people, such as myself, who have one or more user@alumni.almamata.edu addresses. I have two and both sender id schemes require the domain holder to bless the sending mail server to be considered not spam. That means people who send email through their ISP mail server (because the ISP shuts down 25) would be SOL and have to resort to using REPLY TO: headers again. There are good reasons for spoofing of the sender. It's an email system, not an authentication mechanism.

Re:It's all SMTP's fault! (0)

Anonymous Coward | more than 9 years ago | (#10644062)

Actually, this could be done with the world's postal systems as well...

Ridiculous. Not without travelling in person to the victim's physical post office, it can't. See, postal mail uses these things called postmarks which are useful on occasion.

Re:It's all SMTP's fault! (0)

Anonymous Coward | more than 9 years ago | (#10644234)

Like anyone habitually checks the postmark. You wouldn't fool police, but whoever opens the letter would certainly be too busy freaking out or calling 911 to check the postmark.

Sigh, so many scumbags and thugs. (4, Interesting)

turnstyle (588788) | more than 9 years ago | (#10643889)

It just makes me wonder sometimes if anonymity on the Internet protects way more scumbags and thugs than it does free speech.

And, it scares me miserably that I would even think about that as a tradeoff.

Re:Sigh, so many scumbags and thugs. (0)

Anonymous Coward | more than 9 years ago | (#10643999)

Right now, anonymity does protect more scumbags and thugs than anyone else, because of stupidly-broken protocols like SMTP designed by morons who thought that the Internet would turn out to be kind of like a cable stretched between two machines in a lab.

What's amazing to me isn't that the Internet literati still supports anonymity, but that they still put up a fight when someone points out the need to replace SMTP. There are no valid excuses for continuing to use SMTP. Anyone who won't upgrade their existing installation doesn't get to send email. Boo hoo.

Re:Sigh, so many scumbags and thugs. (1, Interesting)

bconway (63464) | more than 9 years ago | (#10644060)

It scares me that you think scumbags and thugs are less worthy of free speech than you or I. Perhaps we should put them in a free speech cage like at the DNC.

Re:Sigh, so many scumbags and thugs. (2, Insightful)

liquidpele (663430) | more than 9 years ago | (#10644083)

It depends.
If a free country, it probably protects more scumbags by a margin of 100:1, but getting rid of it might turn it into a non-free country.
In a non-free country, its invaluable as a method to get information.

I think the main point of the anyonymity is to keep government tracking practically impossible to at least very very hard. If the FBI started tracking all online activity, it would be hell. I'd probably move out of the country. And you know if they could, they would.

I think things will fix themselves on their own though. The govt has even said if a standard can't be reached for smtp at least, they might impose one (even sender-id if they must). I think they recognize that Email is way to engrained in our busnesses and lives to make it anonymous anymore.

Re:Sigh, so many scumbags and thugs. (1)

hitmark (640295) | more than 9 years ago | (#10644090)

free speech should not need anonymity. the best filter for free speech is the requirement for name and face. just look at all the threats and other stuff that fly low over a system like slashdot. 99% of it comes from anonymous cowards. people are more likely to come out with weighted comments when they have to stand by it by name and face.

Re:Sigh, so many scumbags and thugs. (0, Troll)

bconway (63464) | more than 9 years ago | (#10644131)

"hitmark" is a name and face? Riiiiight. Just like Subject Line Troll. Or Klerck.

Re:Sigh, so many scumbags and thugs. (2, Insightful)

TrentTheWiseA (566201) | more than 9 years ago | (#10644236)

TRUE free speech requires anonymity, to prevent reprisals from the government or other parties that disagree with the speech. It's the same reason that we have anonymous voting. If you had to put your name and address on your ballot, then someone outside the voting area could use your past record against you to 'influence' you (usually with a heavy object or projectile weapon). They also have a list of people to deal with before they get the chance to vote in the next election.

Yes, we may get a high noise-to-signal ratio by allowing ANYONE to say things and be anonymous, but otherwise we would end up with only those people speaking the party propaganda actually safe from harm. (Think PRAVDA, or other Soviet-era news outlets).

And 'filtering' free speech, by definition, makes it non-free.

Re:Sigh, so many scumbags and thugs. (1)

That's Unpossible! (722232) | more than 9 years ago | (#10644157)

I don't buy the "but SMTP protects free speech through anonymity" argument. If people want anonymous speech, post something anonymously to the internet in another format. There are various ways to do this. Why insist on holding progress back on SMTP when other mediums can fill the "anonymous free speech" gap, and do a much better job at that anonymity then SMTP?

It's like saying, well we need a way to keep phone calls completely anonymous to protect free speech -- even though a person could carry out their anonymous free speech in many other ways than a telephone. Thus the police and people with 800 numbers can always see who is calling (ignoring, for the moment, the flaws that star38.com exposes in this idea).

Personally, I am ready for something like SenderID + SPF.

Wonder sometimes? (1)

glrotate (300695) | more than 9 years ago | (#10644182)

I'd say that the scammer/pervert/pirate to free speech soldier is about 5000:1.

Re:It's all SMTP's fault! (2, Funny)

YetAnotherName (168064) | more than 9 years ago | (#10643897)

Mod parent up, certainly. But bear in mind also that SMTP was born in an environment that never foresaw such threats. DNS, TCP, UDP, and IP were also started in such an environment, and are also buckling under the abuses (address spoofing, SYN floods, etc.)

When do we have to replace the entire Internet? Or is IPv6 sufficiently robust?

Re:It's all SMTP's fault! (2, Funny)

isorox (205688) | more than 9 years ago | (#10643900)

Digital signing would solve that problem, but of course it's the chicken and egg.

Re:It's all SMTP's fault! (4, Insightful)

gl4ss (559668) | more than 9 years ago | (#10643941)

it wouldn't really solve anything.

because basically the threat is that their name would get associated with child pornography.

you can't really fight against such threats any other way than making it national news that someone is extorting you that way...

huh? (1)

MarcoAtWork (28889) | more than 9 years ago | (#10644123)

if digital signing was mandatory and everybody had certs (chicken and egg problem the poster was alluding to) their name would *NOT* be associated to anything untowards, as it would be impossible to spoof an email from somebody else (yeah, you could munge the 'from:' but your mail client would alert you that the email has an invalid signature (and possibly if this is the case the mail wouldn't even get routed in the first place)).

Re:It's all SMTP's fault! (5, Insightful)

Albanach (527650) | more than 9 years ago | (#10643901)

SMTP is wide open to the kind of attack that is being discussed here. Since there's no authentication of the sender, anybody can send out messages with the "From:" address of the desigated victim, and can smear their reputation into being anything from a spammer to a pornographer.

But we have technology that works almost perfectly with existing SMTP servers that combats this very threat. SPF, Sender ID et al are designed to confirm that the sender or sending domain is reflected accurately.

Why should we change every MUA & MTA, almost certainly handing control of email to big business in the process, when we hold a solution in our hands. If your ISP doesn't support SPF, point them to this and suggest they adopt it. If you don't publish SPF records, set some up. If you get a virus warning from another company where your email address was forged, email them and suggest they start SPF checking. There are alwyas going to be threats to internet protocols - this threat is one we can already deal with.

Re:It's all SMTP's fault! (1)

Have Blue (616) | more than 9 years ago | (#10644218)

You just mentioned part of the reason this doesn't happen in your own argument: "SPF, Sender ID et al". If there was ONE plan with the backing of the entire Internet community and every service provider on it, the migration could get under way.

Re:It's all SMTP's fault! (2, Funny)

Kenja (541830) | more than 9 years ago | (#10643917)

So a communications protocol made people collect child pornography to be used as an extortion tool? And how is removing anonymity and privacy from the Internet a good thing? I for one LIKE that I can send an email without the receiver getting my home address.

Re:It's all SMTP's fault! (1)

Dirk Pitt (90561) | more than 9 years ago | (#10644224)

Why not a caller-ID type model? - you can attach your authenticated mail address, or choose to be completely anonymous. As the receiver, I can choose to block all anonymous mail.

I don't think it's a basic right for anyone to *force* their communication on someone else without the sender revealing who they are. As long as the receiver has the ability to regulate anonymous data, you can maintain the sender's right to anonymity, as well as the receiver's need to protect him/herself.

Re:It's all SMTP's fault! (2, Funny)

hitmark (640295) | more than 9 years ago | (#10643972)

supposedly this is what sender id is supposed to fix but then the servers must allow for people hooked up by outside isps to hook up and send mail via the account connected to that isp. why? i more and more often get questions from people that have used a subscription-free isp to hook up via dialup but have now moved on to a isp that supply dsl or similar. then when they try to send a mail they get a error as the ip they are on are outside of the old isps range. usualy all it takes to fix the problem is to change the smtp to the one the new isp have set up. but if sender id comes online then this will no longer work. and email addresses have become connected to people just like cellphone numbers have in peoples minds...

Re:It's all SMTP's fault! (4, Informative)

ajs (35943) | more than 9 years ago | (#10643986)

There's nothing wrong with SMTP... The problem lies with the lack of consensus on authentication, authorization and reputation systems for electronic mail.

For example, using a combination of SPF and SMTP/AUTH you can easily prevent anyone who uses SPF from accepting invalid mail "from" your domain(s) while continuing to use the world's most pervasive mail transfer protocol.

Problem is that people aren't willing to apply the time and effort required to do this globally.

The next step is reputation, and as soon as you can be sure that the person claiming to be joe@example.com is in fact from example.com, you can begin assigning example.com a reputation. You'll see dozens of distributed reputation databases, just like IP-based blacklists, overnight.

Want to move the process along? Add an SPF record for your domain and add an SPF milter (or equivalent for your MTA technology) to your mail server. The sooner forgeries stop, the sooner we can start building reputation and end this.

Re:It's all SMTP's fault! (1)

liquidpele (663430) | more than 9 years ago | (#10644166)

I think random, short lived domain names would start clogging up the net then though for the purpose of sending spam for about 24 hours.
I think as a 'premptive stike' if you will, we should require all contact information for a domain name be varifiable so that actual people can be found and beaten with somethng large and wooden. I also think that an option to automatically drop any emails originating from outside your given country should be an option at least.

Re:It's all SMTP's fault! (1, Funny)

Anonymous Coward | more than 9 years ago | (#10644007)

This actually happened to my company a few months ago. They said that they would send out just pornographic material in my company's name. I asked to get on the list, but I got no reply. I just let the lawyer handle reporting it to authorities.

Seriously, who is going to fall for such ridiculous scams. Is someone really going to believe that a game company is going to email porn? Idiots.

It's all USPS's fault! (4, Insightful)

thisissilly (676875) | more than 9 years ago | (#10644050)

Using US Postal Service as our default mail system has got to go...

USPS is wide open to the kind of attack that is being discussed here. Since there's no authentication of the sender, anybody can send out messages with the "From:" address of the desigated victim, and can smear their reputation into being anything from a spammer to a pornographer.

The only surprise to me is that it took the bad guys this long to make the connection into this being something to make extortion threats over. It's not like this was a well-hidden problem with USPS, sender spoofing has been done by spammers and phishers for years.

We need to retire this standard and find a better way to move mail with the ability to authenticate that the claimed sender is the real sender. It'd solve this problem and a whole bunch of other ones at the same time.

Re:It's all SMTP's fault! (2, Insightful)

nolife (233813) | more than 9 years ago | (#10644211)

Since there's no authentication of the sender, anybody can send out messages with the "From:" address of the desigated victim, and can smear their reputation into being anything from a spammer to a pornographer.

On that note, all of the technical people already know this so the smear campaign will not work against them. I can not even make a guess about the percentage of "plain folks" that might be fooled but probably not as many as you think. I'm sure every person in the world with an email account has got and noticed email with a fake from field considering the amount of spam and worm artifacts flying around. Child porn is a different level when compared to a scam email, a virus, a security breach, a click me from your friend, m0Rtg4Ge L000an, or a phishing attempt. Child porn would stand out as something a business obviuosly would not send. I do not believe the impact would be that great, maybe some sour feelings by the business owners and employees but not much bottom line impact. Maybe I am wrong..

Oh the irony (0)

Anonymous Coward | more than 9 years ago | (#10643785)


one form of scum preying on another form of scum with threats to turn them into scum

Re:Oh the irony (1)

NotQuiteReal (608241) | more than 9 years ago | (#10643938)

one form of scum preying on another form of scum with threats to turn them into scum

Hey don't knock it - that's how we all got here, what with primordial soup, evolution, and all that ;-)

Re:Oh the irony (1)

Jeremy Erwin (2054) | more than 9 years ago | (#10644181)

Bookmaking is perfectly legal in Britain.

w00t (0, Offtopic)

elitebrad (581590) | more than 9 years ago | (#10643787)

first post

Re:w00t (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10644111)

Cunt.

Child pr0n0graphers unite! (1)

Ass, Ltd. Ho! (714400) | more than 9 years ago | (#10643788)

I think we need to stop persecution of pedophiles as we have tried to stop persecution of gays, niggers, and gayniggers.

If there's grass in the infield, play ball!!!

FIRST POST BITCHES!!!

Same solution as always (1, Insightful)

Anonymous Coward | more than 9 years ago | (#10643795)

Publicize that this is in fact a lie and the truth shall set you free.

In other words, once this scam is publicly known, it will be worthless for the scammers.

Re:Same solution as always (0)

Anonymous Coward | more than 9 years ago | (#10643845)

once this scam is publicly known
what ? internet gambling is the biggest scam going

legalised robbery is another description of internet gambling

Re:Same solution as always (3, Insightful)

93,000 (150453) | more than 9 years ago | (#10644018)

I disagree. Even though he was eventually cleared (but is still a dumbass), what comes to mind when you think of Pete Townshend? Sort of a different scenario, I know, but mud still sticks.

It's not so much about fear of actual jail/persacution as it is about fear of the shitstorm that arises in the time it inevitably takes for the truth to be found.

The charges were dropped against old Pete, but he still had his name mentioned in the same sentence as 'child porn' countless times in print and on the net.

Re:Same solution as always (0)

Anonymous Coward | more than 9 years ago | (#10644065)

Yeah, because that's worked SO well for Gates and his "64K ought to be enough for anybody" quote. Face it, 99% of the population will disregard all objective fact in the face of a good story. "SomeSite.com is sending out child porn!" Nobody will ever give it a second look. The business is done for, and let's hope the executives don't get lynched. Literally.

So, uh, does it work? (0)

Anonymous Coward | more than 9 years ago | (#10643804)

Because I could use the money.

Whatever happened to "Laws" and "Rules"? (4, Interesting)

Enigma_Man (756516) | more than 9 years ago | (#10643806)

I thought they were supposed to prevent stuff like this... or is it a matter of "once the crime's been comitted, the damage is done permanently" so the law can't possibly compensate enough for the loss? Also, does it being probably international screw up the judicial process?

-Jesse

Re:Whatever happened to "Laws" and "Rules"? (1)

DrEldarion (114072) | more than 9 years ago | (#10643856)

Wait... since when have laws always stopped people from doing things they shouldn't?

Anonymity did (1)

Anonymous Brave Guy (457657) | more than 9 years ago | (#10643961)

For society to work, with freedom must come responsibility. As long as you can effectively send anonymous information via the Internet, there is no way to hold someone responsible for this sort of action. Even if the laws are there, without any effective way to enforce them, what does it matter?

Re:Whatever happened to "Laws" and "Rules"? (1)

davesplace1 (729794) | more than 9 years ago | (#10644041)

If these people would spend half as much time thinking up ways to my a honest living as they do scams, they would be rich.

Re:Whatever happened to "Laws" and "Rules"? (2, Insightful)

gorbachev (512743) | more than 9 years ago | (#10644069)

Welcome to the world of international law enforcement on crimes committed over the Internet.

Perps: in Russia
Victims: UK and US

Victim contacts Scotland Yard or the FBI. If they have time, they'll investigate and figure out the perp is quite likely in Russia, but they can't be sure, because they used an anonymous proxy in South Korea. It's now about 3 months after the incident.

They contact the South Korean network with the open proxy. They answer after a month or two saying they didn't keep logs. Pass go, do not go to prison.

They then contact the Russian authorities. The Russians answer you have no proof this falls under Russian jurisdiction, and even if you did, you have failed to show how which Russian law was broken, and even if you did prove Russian law was broken, the punishment under Russian law is 5 months probation, and no, we will not extradite the criminal to the US or UK.

We're now at 5 - 6 months after the incident.

That's assuming it's not the Russian mafia, who really doesn't give a shit whether or not the Russian cops bust them for $7K extortion scam.

FP (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10643813)

First Porn! I should patent the idea!

Huh? (0, Flamebait)

Anonymous Coward | more than 9 years ago | (#10643818)

Since when do Catholic priests target gambling sites?

Re:Huh? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10644192)

Since when do Catholic priests target gambling sites?

Oh, I get it. You're implying that all child pornographers are Catholic priests. That's funny. Really, it is. I haven't heard that connection made before. See, you took a handful of publicized cases, and created a broad association between an entire religious group and a single criminal activity that has plagued society since long before Catholicism ever existed. You're really clever. How did you come up with that so easily? Boy, I bet it's fun to use humor to condemn an entire group of people based on the actions of a tiny percentage of them. Tell me, do you make similar jokes about blacks? Asians? Hispanics? Muslims? Jews? Homosexuals? Women? Humans? I bet you're a riot at parties.

Man... (0)

Anonymous Coward | more than 9 years ago | (#10643827)

That is crap. Couldnt they just find this suckers IP and track him down and get him fined or arrested?

Re:Man... (0)

Anonymous Coward | more than 9 years ago | (#10643950)

Wow! You must be one smart cookie!

Re:Man... (2, Insightful)

crimethinker (721591) | more than 9 years ago | (#10644001)

Couldnt they just find this suckers IP and track him down and get him fined or arrested?

RTFA. These are online gambling sites. Most gambling has a large amount of organized crime involved. I think that getting fined/arrested should be the least of these scumbags' worries. And whatever the mob would do to them, they would deserve it.

-paul

Distribution of child pornodraphy for profit (5, Insightful)

Scrameustache (459504) | more than 9 years ago | (#10643830)



It should, however, get the attentio of the authorities much more readily though.
These guys admit to having illegal photographic material in their possession and are attempting to use it to make a buck. Catching these would be much better publicity for the enterprising copppers than some two-bit hackers.

good luck with that (2, Insightful)

poptones (653660) | more than 9 years ago | (#10643988)

since they're probably in some flea bit FSU state. and given what many (if not most) in the US call "pornography" (when it comes to children) it wouldn't be hard at all to fill that promise by sending out a few pictures of the local kids playing on the beach.

You seem to have forgotten that the internet doesn't end at the coasts?

This isn't about framing them legally - it's about smearing their reputation further. Any competent website op is going to have logs, and their tiering partners are going to have logs as well. It would be almost trivial to prove to the FBI the "bad stuff" didn't come from them, but it would likely be a fair sight harder getting the luser recipients of said material to believe it.

Re:Distribution of child pornodraphy for profit (1)

GigsVT (208848) | more than 9 years ago | (#10644108)

Actually, you can have the parts you need to make illegal child porn, without actually possessing it.

All you need is a picture of a kid, and a regular porno picture. Photoshop the kid's head onto the pic and instant child porn, just as illegal as the real stuff.

That's the insanity caused by this hysteria in the name of "protecting the children".

Such tactics are also used by CIA (-1, Troll)

Synli (781075) | more than 9 years ago | (#10643834)

Not many people know, but such tactics are also used by CIA.

Re:Such tactics are also used by CIA (0)

Anonymous Coward | more than 9 years ago | (#10643946)

Note to meta-moderators: The moderator who assigned "Troll" does not obviously know what Troll means (and he should not be allowed to moderate Slashdot anymore).

Re:Such tactics are also used by CIA (0)

Anonymous Coward | more than 9 years ago | (#10644068)

Just what are you implying here, sir?

That the traffic in illegal drugs is an inadequate means of off-the-books fundraising?!!!

throw away the key (1)

unbiasedbystander (660703) | more than 9 years ago | (#10643836)

Lock those bastards up!

They should get what they really deserve. (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10643842)

Castrate and put all these jerks into Jail where Bubba's tell 'em to pick up the soap from the floor. Those damn dirty bastards. In the arabic world we would tie such dirt to a crane and let them dry for weeks in the hot sun.

pulp (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10643862)

-I love you pumpkin
-I love you hunny bunny
- EVERYOBODY CALM THIS IS ROBBERY
- EVERYFUCKIN BITCH MOVE AND I'LL DDOS WITH CHILD PORN EVERY MONTHERFUCKIN LAST ONE OF YA

This looks like the standard shakedown - online (0)

Anonymous Coward | more than 9 years ago | (#10643871)

It appears organized crime will be raising their online profile. The net is just another venue for rotten characters.

So, let the guy hurt himself (2, Insightful)

Dejohn (164452) | more than 9 years ago | (#10643875)

What, this extortionist thinks that people will honestly believe that a legitimate organization is now sending child porn? I think not. Let him send out all this child porn, thus not only proving that he has it, but also that he's willing to commit extortion and probably a number of other crimes. Good luck to him...

Re:So, let the guy hurt himself (2, Insightful)

Juvenall (793526) | more than 9 years ago | (#10644093)

That's the thing though. The same idiots who buy from spammers or open attachments titled "10_YEAR_OLD_SEX.jpg" will be the same to report the email to whatever authority in their country deals with this crap. It sucks, but it's an effective way to bring unwanted headlines like "Company XYZ under investigation for child porn mailing".

Slander hurts, even if your reputation is good. (2, Insightful)

adb (31105) | more than 9 years ago | (#10644227)

Like Lyndon Johnson said, it's doesn't have to be true; it's enough to make the poor bastard deny it.

Re:So, let the guy hurt himself (2, Insightful)

Spad (470073) | more than 9 years ago | (#10644238)

What, someone thinks that people will honestly believe that Hotmail wants them to forward an email to 20 people or their account will be closed down.

People will believe anything that they read on the internet - the fact that everyone is still falling for phishing scams and getting rooted via email tojans should be proof enough of that fact.

blackEmail (5, Insightful)

Doc Ruby (173196) | more than 9 years ago | (#10643876)

Blackmailers like this provide the test cases that clean up Internet law by building case history. A judge's decision showing the blackmailer is liable protects other victims later, diluting the force of unfounded accusations with trivially contrived evidence.

heh (5, Interesting)

JeanBaptiste (537955) | more than 9 years ago | (#10643879)

sounds just like an idea i had for a virus about 5 years ago. (no, I didn't write it).

The virus would load a couple of nastypics onto the victims machine, then send out an email to the FBI. The first virus that would get you arrested.

It was just an idea, I have never written a virus that has been let loose into the wild...

Re:heh (1)

Mononoke (88668) | more than 9 years ago | (#10643932)

It was just an idea, I have never written a virus that has been let loose into the wild...
You just did.

Re:heh (4, Funny)

JeanBaptiste (537955) | more than 9 years ago | (#10644009)

really? wow. I didn't even write a single line of code!

I'm going to have to use slashdot as a programming interface more often.

Right (0)

Anonymous Coward | more than 9 years ago | (#10643935)

Sure you haven't...

Existing problem, of course... (3, Interesting)

lukewarmfusion (726141) | more than 9 years ago | (#10643884)

People have been forging the From field for a long time, with varying reasons and consequences. In my university, a student sent a message to several thousand people pretending to be the head of the Student Affairs office. It was a very convincing text, but the user's AFS ID (not to mention his IP and room's port) were easily traced with the headers. He was picked up pretty quick.

It might be bad publicity for the company, but it almost certainly will have no legal ramifications for them.

Which brings me to the next question - is there an agency, organization, department, etc. that receives and processes these kinds of threats? If my company got something like this, to whom would I report it? And what would be done?

If there's nobody out there handling these, I suggest a bounty hunter system. The kind with bows and arrows.

It's not all bad (3, Interesting)

ObsessiveMathsFreak (773371) | more than 9 years ago | (#10643887)

The only major effect of this will be the mass blacklisting of emails from online gambling sites.

How will that be a bad thing?

If these guys were smart (1)

SallyMac (815623) | more than 9 years ago | (#10643899)

They'd send the emails first, and -then- blackmail.

This way they leave the victims with proof. Dumbasses.

But honestly, I agree with the getting rid of SMTP comment. But something better would have to be developed and become a proven technology before it even started to go anywhere, and I don't see that happening anytime soon.

People have said that. (3, Interesting)

www.sorehands.com (142825) | more than 9 years ago | (#10643903)

Peopla have told me that me that saying that spammers are one step above pedophiles is in exageration. This type of extortion shows that my statements are true. This shows that spammers are involved with child pornography.

Re:People have said that. (2, Insightful)

sn0wflake (592745) | more than 9 years ago | (#10644103)

What a load of crap. Spammers are in the game for profit.

One more reason... (1)

jmcmunn (307798) | more than 9 years ago | (#10643911)

...to clear your cache. Just what I need is some cached email shit from some spammer on my machine when the FBI comes to take back all of my Mp3's! Hahaha FBI, they are all legal from iTunes! (and then converted to Mp3 of course)

Dumbest Idea Ever. (2, Funny)

ntxb229 (542609) | more than 9 years ago | (#10643918)

I mean honestly... if you got an email with child porn, and it was from info@partypoker.com, is your first response going to be "Oh my gosh! What an awful company!!" Please... how stupid do you think people are? Well on second thought...

It really took this long? (4, Insightful)

Juvenall (793526) | more than 9 years ago | (#10643963)

..really, I'm shocked. The company I worked for a few months back on a contract basis was getting threats like "If you don't ____________ we'll spam in your name/send people fales rates for your service/send a virus from your accounts/send magic pixies to rearrange in your sock drawer". This really seems like the natural progression of things, as sad as that sounds. You can really only hope for one of two options. Either inform the media and hope if and when it goes down, enough people are "in the know" that you can avoid any backlash or keep your fingers crossed that one of the proposed email verification ideas takes off.

this reminds me... (3, Interesting)

to be a troll (807210) | more than 9 years ago | (#10643969)

...of something i was thinking about the other day after a couple weeks of hunting spyware on my PC. what if someone comes along and designs some spyware that actually functions quietly (without the random popup windows and other tell-tale signs of infection). And they are able to open a port and upload any sort of incriminating evidence they would like into your own home... what is there to stop this sort of thing from happening? remember the /. article about north korea waging a cyber war on americans? ITS ONLY A MATTER OF TIME

Interesting... (3, Informative)

Saint Aardvark (159009) | more than 9 years ago | (#10643980)

Compare and contrast with this editorial [guardian.co.uk] from The Guardian, which suggests a SETI@Home-like client to DDOS sites that host child porn.

OT discussion follows: My first reaction was, what a stupid idea -- all it takes is one faked entry on the list to turn it into a great weapon against whoever you hate today. Then I remembered Artists Against 419 [aa419.com] and its many clones. Funny how I'm willing to trust one but not the other...

This sounds really stupid. (1)

RealAlaskan (576404) | more than 9 years ago | (#10644011)

I predict that cops everywhere, including the extortionist's home countries, will be willing to cooperate (for once) to fix their wagons.

The article says the message was signed 'Bohan Krascevic'. Most of the old Eastern Block countries are really protective of their kiddies. Bohan better hope he gets extradited fast, if they catch him.

Getting your local cops angry is a really bad idea, and this sounds like a really bad idea. I don't think it'll catch on.

Re:This sounds really stupid. (0)

Anonymous Coward | more than 9 years ago | (#10644092)

Most of the old Eastern Block countries are really protective of their kiddies

WTF? Where in the world did you get that idea? [bbc.co.uk]

Sheesh (1)

HarveyBirdman (627248) | more than 9 years ago | (#10644016)

Will one brave company open Soldier Of Fortune and hire a mercenary already?

A few spammers in an open field killed execution style will rein in this stuff faster than any legislation.

There. Problem solved. You'd be suprised just how many problems violence CAN solve.

Re:Sheesh (0, Flamebait)

praxis (19962) | more than 9 years ago | (#10644063)

What did the soldiers killed execution style in Iraq last weekend solve? Did anything change? Was there a huge outcry? Will it change the political situation of this country?

I swear... (3, Funny)

indros13 (531405) | more than 9 years ago | (#10644030)

that sort of thing ain't my bag, baby.

nothing new. (3, Interesting)

Lumpy (12016) | more than 9 years ago | (#10644031)

Mothers angry at their soon to be Ex-husbands use the "child porn or Molestation" card all the time to try and ensure that the father can not get custody or even visitation. This is usually used as a way for her to "punish" him for what he may have done and is typically found in divorce cases where the husband was fooling around.

People have been using the boogymen like that for decades... Even when proven innocent it will haunt the accused for their life.

It's too easy to accuse without proof and be sure it will cause huge damage.

Could be wrong, but (1)

Dachannien (617929) | more than 9 years ago | (#10644045)

I could be wrong about this, but my guess is that the whole child pron thing is just a bluff. The extortionist already has enough zombie machines to do a DDoS attack, so there's no need to risk a more severe prosecution if caught when a lesser means will do the same job. The additional threat is likely just a kick in the seat of the pants of the target, to make sure the extortionist has their attention.

Joe Jobs. (5, Interesting)

SeanDuggan (732224) | more than 9 years ago | (#10644049)

Sounds like a fairly standard Joe Job [snopes.com] such as has happened with DarkProfits [snopes.com] . Only difference being here, they're actually extorting on the threat rather than simply trying to damage someone's reputation. Thing is, this could be very damaging. When it comes to child pornography, people tend to get very irrational and seldom check for any form of proof or second opinion. It's kind of like being accused of being a child molester IRL. Even once you prove your innocence, no one will quite look at you the same again and some people will never truly believe your innocence. Heck, the more squeaky-clean of life you lead, the more guilty you may seem to them. After all, you must have something to hide.

Solution is painful. (1)

tomstdenis (446163) | more than 9 years ago | (#10644057)

Don't pay under any circumstances and do your best to track down the people responsible. Paying or otherwise giving them the ego-stroking they want is just counterproductive.

This is also a good reason why companies should have gotten into the habit of using PGP/GPG to sign their emails as policy... But I guess they get what they pay for now...

Tom

Better yet.... (0, Troll)

Hamster Lover (558288) | more than 9 years ago | (#10644082)

Tell them you'd glady pay 7000 Euros for good quality child porn.

maybe it's just me..... (2, Insightful)

to_kallon (778547) | more than 9 years ago | (#10644151)

but if a company, and granted i don't gamble so i don't know what their typical mailings are like, that i do business with sends me an e-mail with pornography in it my first thought is not going to be, "sick bastards! i'll never gamble there again!" it's going to be "one more victim, how sad." i think this type of thing get's blown out of preportion, which if i might add is what the spammers are really looking for (next to money). no i'm not proposing that if we ignore it the problem will go away, find the useless scum and string them up, but i think people in general are smart enough to figure out that the companies they do business with aren't involved in the child pornography industry. i see this as a hollow threat because even if it is followed through with it's an annoyance at best (spoken as someone who has an effective spam filter). the worst part about this is the precedent it sets because i can garauntee this is not the last we've heard about this.

Oh look (2, Interesting)

Turn-X Alphonse (789240) | more than 9 years ago | (#10644169)

No officer I did not send that e-mail, it was spoofed.. I do not have any child porn no sir...

Anyone seeing a problem here? If we start spoofing things like this is becomes much harder ro prove person X did send e-mail Y..

"from the sounds-like-an-fbi-method dept" (1)

stratjakt (596332) | more than 9 years ago | (#10644172)

When has the FBI extorted anyone under the threat of spamming kiddy porn in their name?

WTF was that little comment supposed to mean? Anything deeper than "I hate the gummint"? Explain please.

In the absence of an explanation, then you, timothy, are now officially a bigger asshat moron than michael (albeit, not by much).

SPF helps here (3, Informative)

wayne (1579) | more than 9 years ago | (#10644193)

One of the things that publishing SPF records does is that it creates a public statement about which email servers are authorized by you to use your domain name and which aren't.

This is somewhat like posting a "no trespassing" sign, and a chain link fence around your property. It doesn't prevent the people from cutting through the fence and getting hurt on your property, but it lets you show to the courts that you took reasonable steps to prevent it.

This is also a good reason to check SPF records. If your company or ISP lets child porn email go through that the domain owner explicitly said should not be allowed, you may have to show why you aren't contributing to the libelling of the domain owner and why you didn't protect your employees/customers from preventable child porn.

Yeah, at this instant, SPF is not enough of a standard to give you strong protection, but in 5-10 years, I think that will change.

War (1)

flibuste (523578) | more than 9 years ago | (#10644237)

This scumbag by e-mail thing has got to stop somehow. This has just gotten too far with child porn.

This whole way of extracting money from people just reach an unacceptable point here.

There are many good techies in Slashdot, why not retaliate against those scumbags in an "open source retaliation scheme against scumbags". I am thinking of some sort of open source militia that would take down the systems from those criminals with the same kind of attacks (or more clever) that they do.

AskSlashdot::How can I contribute in stopping this electronic non-sense?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...