tracking scammers by IP number - OT

Jeff Lightner jlightner at water.com
Thu Dec 28 16:46:16 UTC 2006 

My bad.  I guess I assumed the user had logged into their Yahoo mail
account and sent it and it was this I was speaking of - Oddly enough I
can't hit port 25 on the server that said it received it with SMTP.
 

The originating address is from hsd1.md.comcast.net.  Comcast is a U.S.
Cable Television company that also does broadband over cable.  Is this
always a Comcast address you're seeing?  (doing reverse lookup on the
IPs would tell you).  If so it might be to the point to contact Comcast
and let them know you suspect there is fraudulent activity there.  

 

Of course while the origination of the email may perhaps not be forged
it is possible to hack into local PCs and/or place bots there that send
the email.  Ironically a lot of this does emanate from Eastern Europe
and Russia so you may in fact be corresponding with a Russian albeit
more likely named Boris than Natalya. :-)

 

My point about "justice" was that A) it is very hard to track down these
people and B) unless they can actually have been shown to have profited
it is difficult to get them prosecuted.  That is if you'd send money and
lost it then you'd have a case but would any U.S. prosecutor spend the
time and money to track it down on behalf of a non-voting citizen in
another country or would an Oz prosecutor bother to try bringing to
justice a U.S. person not immediately in their reach?

 

It's a lot like the difference between murder and petty larceny.
There's nothing prohibiting the police from dusting for fingerprints or
looking for tell-tale DNA bearing items at the seen of a smashed car
window and a missing CD player but they'll almost never do it.   However
if a murder is committed they will. 

 

There is no really global agency dealing with what is truly a global
phenomenon and until there is you'll not see much done except on a
larger scale.   That is to say there have been prosecutions but they are
typically targeted at large operations that are somewhat easily
identified.  Mixed jurisdictions, just county to county is often a pain
and state to state usually requires larger crimes because extradition
comes into play.  On international crime one typically has the added
burden of politics and added expenses.

 

________________________________

From: Alexander Harvey [mailto:alexh19740110 at gmail.com] 
Sent: Thursday, December 28, 2006 11:15 AM
To: Jeff Lightner; bind-users at isc.org
Subject: Re: tracking scammers by IP number - OT

 

Hi Jeff,

 

This isn't spam: these people follow a standard procedure that involves
building the trust of receiver, sending photos & then love letters
(emails I mean) before finally confessing that the Russian currency is
so weak that they'll need to borrow money for a Tourist Visa & airfare.
Unfortunately, a lot of people actually go as far as sending this money.
If it's legal to send these emails then there's some serious problems
with our justice systems. And apologies to the US subscribers on this
list: I'm not suggesting it's a US phenomenon; it's just that in this
particular case the sender appears to be in the US. 

 

Regarding the other point you made--perhaps someone else can
clarify--but my understanding was that the following line which can't be
forged forged:
 

Received: from unknown (HELO 127.0.0.1 <http://127.0.0.1/> ) (
drobotnat at 69.143.102.104 <mailto:drobotnat at 69.143.102.104>  with
plain) by smtp111.plus.mail.re2.yahoo.com
<http://smtp111.plus.mail.re2.yahoo.com/> with SMTP; 28 Dec 2006
14:06:19 
-0000
 

and that 69.143.102.104 <http://69.143.102.104/>  was the originating IP
number of a server that passed the mail into Yahoo's system? Admittedly,
I don't know a lot about Yahoo. 

 

Thanks,

Alex

 

On 12/28/06, Jeff Lightner <jlightner at water.com > wrote: 

I live in the US (and NO, I'm not Natalya).  You'd be hard pressed to
get someone put in jail even under existing spam laws and for fraud 
you'd have to prove they had financially benefited from it.  Has Oz had
more success in imprisoning/fining spammers?

Also given that Yahoo is a US company I don't know that mail coming from
a yahoo address wouldn't always come from a US server regardless of the 
sender's original login.  I regularly correspond with a German woman
living in France that originally got her hotmail account while living in
the U.S.  I've never checked to see where her email appears to have come

from but wouldn't be surprised if it was a US server given hotmail is a
M$ service.

Anyway my own Yahoo mail account gets a fair amount of spam though the
majority is blocked.  Yahoo itself allows for a fair amount of anonymity

so I seldom trust email accounts that end in yahoo.com
<http://yahoo.com/>  as being anything
real until I've chatted on line with the person a fair amount and even 
then I make sure not to provide much information. 

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Alexander Harvey 
Sent: Thursday, December 28, 2006 9:53 AM 
To: bind-users at isc.org
Subject: tracking scammers by IP number

Hi Bind Users.
I am wondering if anyone on this list can advise me on a little personal

project I'm working on at the moment:

Over the years I have been contacted by people who have responded to my
profile on various internet dating sites pretending to be beautiful
Russian
princesses trying desperately to flee their lives of hardship in Russia 
into
a wholesome marriage in a first-world country such as Australia, where I
happen to live.

For the last few days I have been corresponding with a person who calls
him/herself 'Natalya,' uses a yahoo email address, claims to be in Omsk,

Russia, but whose email headers show in fact his/her messages are coming
from various servers in the US.

My question is this: beyond collecting IP numbers for my own curiosity &
watching on a map the various originating locations of these messages, 
what
can I do to have these people actually put into a lovely US prison?

The originating headers always look something like this:

Received: from unknown (HELO 127.0.0.1 <http://127.0.0.1/> ) (
drobotnat at 69.143.102.104 with
plain)
by smtp111.plus.mail.re2.yahoo.com
<http://smtp111.plus.mail.re2.yahoo.com/>  with SMTP; 28 Dec 2006
14:06:19
-0000
X-YMail-OSG:
xAeutlYVM1nrbM0hGg4nL0YSueszX7_Q5Pqnsg_L6tjr0BNPAyFXUjqTe4vcHI83LdQ6umEz
0GZPbbqtCrwy93cVsZUh3m5QKT4HrZYUflT5YI5WzW2ifg--
Date: Thu, 28 Dec 2006 16:41:43 +0300
From: Natalya < drobotnat at yahoo.com <mailto:drobotnat at yahoo.com> >
X-Mailer: The Bat! (v2.00.6 )
Reply-To: Natalya <drobotnat at yahoo.com>
Organization: home
X-Priority: 3 (Normal)
Message-ID: < 1567629203.20061228164143 at yahoo.com>
To: "Alexander Harvey" < alexh19740110 at gmail.com
<mailto:alexh19740110 at gmail.com> >

Many thanks,

Alex Harvey
UNIX Administrator

More information about the bind-users mailing list