Re: why do people waste their time doing this

On Aug 12, 11:16 am, Auriga <brada...@xxxxxxx> wrote:
Perhaps we are not giving Joe Smith enough credit. I think he is
responsible for this!

I would prefer not to leap to any conclusion without evidence, plus I
doubt that Joe Smith would intentionally act to destroy his own
"playground." Whoever is doing this evidently has an act to grind
with both rec.pyrotechnics and sci.crypt (check the posting history of
each of the machine randomized poster names). Unless the inclusion of
sci.crypt is simply a red herring, a good start might be to learn what
poster is/was active on both of these very dissimilar newsgroups.

The sadest part is that since the Internet was created out of the Unix
community, like Unix, the basic system design was predicated on the
assumption of a benign user community, so the original built-in
security precautions were minimal. As a consequence, Internet services
like Usenet remain very vulnerable to this type of trivially
implemented attack.

Were I the detective on this case (without revealing my reasons), I'd
look for someone that know a little about programming, but believes
himself to be very clever and gifted, but frustrated because he is not
accepted as a professional system programmer and likely has no college
degree. I'd look for someone who has late night access to the
facilities of an ISP or similar facility, likely a second or 3rd shift
computer operator. Someone has spent more time comparing ideas with
others of the hacker mentality, than actually focusing on learning how
to create software for new and useful applications.

I took a quick look at the timing of these posts and learned that they
usually start after 11:00 pm and cut off abruptly at around 4:00 am.
They are posted at a rate appraching 3 per minite, and are obviously
composed of computer randomized content including randomized poster
names. Programs that do things like this are commonly available within
the hacker community, however....and here is the gotcha...you cannot
run them through a convention Internet link supplied by an ISP since
after about the first 5 rapid posts they will flag it as SPAM and cut
off your posting access. A 2nd or 3rd shift employee at an ISP or
university computer center can trivially get around this. It's not
rocket science.

Another was of accomplishing the same service disruption is to emply a
distributed SPAMBOT. (I believe that after a little thought about the
details of the messages this is unlikely in this case.) Still, this is
how they operate. Over a period of time, a virus like progam is
embedded in thousands of unprotected personal computers connected to
the Internet, the presence of which is totally concealed from the
computer owner, and unless the computer owner regularly does a virus
scan using a top grade commercial virus detection program like Norton
and others, will never learn of its presence.) At another point later
in time, a trigger message will go out over the net that is received
by all of these computers that are online, at which point the
programmed virus will beging sending out messages over the net to
whatever their targets have been programmed to be. This level of
sophistication is usually reserved for 'denial of service' attacks on
major computer centers like Bank of America, eBay, Telco switches,
etc. This would be total overkill to knock out a Usenet newsgroup or
two, and has much more sinister applications.

My best guess is that out little newsgroup disruptor will be
discovered in the next week or two, and then simply fired from his
job. At least this is what happened to someone who did the same sort
of attack on my email address 3-years ago, and why I use that same
obsolete email address when posting today. Yahoo mail didn't take
kindly to his antics, and tracked him down. And yes, it was something
perpetrated by some fluky kid working second shift at an ISP in
Western PA, whose only gripe with me was that I had corrected him on
something that he had posted in a software newsgroup!

Realize, there are some real lunatics here on the newsgroups, and some
of them are so hair triggered that it doesn't take much to set them
off!

Take this post for whatever it's worth. Still, realize that here on
the Newsgroups, there is nearly no security protection except what you
provide on your own computer and...to quote an old cartographer's
phrase..."Here there be dragons!"

Harry C.


.

Relevant Pages

  • Re: Outlook Express & Noton Internet Security 2004
    ... for all the microsoft.public newsgroups). ... Also a good source of Outlook Express info can be found here: ... the (insert latest virus name here) virus, all mail sent to my personal ... | My ISP told me there was a problem with OutLook Express ...
    (microsoft.public.outlook.general)
  • Re: [OT, welcome msg] CDaoDatabase Field Limit?
    ... If you are only interested in 'pure' C++ then you had better dissuade all ... will find that Fortran and VB are both other programming languages and I ... You recommend that I should educate myself - I did say this was the first ... time I have used newsgroups and there is a reason for that - in 9 years of ...
    (comp.lang.cpp)
  • Re: Help
    ... > Como funcionam os Newsgroups ... As mensagens que cada um escrever ... Cada um dos ISPs tem um servidor próprio para newsgroups, ... ISP local. ...
    (soc.culture.portuguese)
  • Re: Newsreaders
    ... Some ISPs might not give their customers a free news server. ... newsgroups that I wanted to read that were available on Bellsouth's news ... read/post from/to the newsgroups allowed by your ISP - if you are using ... ISP providers DO NOT focus attention on newsgroups. ...
    (rec.crafts.woodturning)
  • Re: Virus Groups in Yahoo? The End of Newsgroups
    ... (Earthlink/Mindspring news servers keep posts for three months.) ... Thirty-seven newsgroups have 'virus' in the newsgroup name or description ... also>> hazard a guess that the 20% of the most active Usenet groups consist of a>> significantly larger participation than the 20% of the most active Y-Groups. ...
    (microsoft.public.security.virus)
Loading