#1 2010-05-17 15:10:18
This time his alter ego is named "darknight", I have to change my Depends, I pissed myself laughing over this one. Can anyone identify the Sweet Brucey in this comment?
By: robertslager on 5/16/10
Darkknight, can you join in LIVECHAT tonight? I would appreciate you lending your expertise on this subject.
By: darkknight on 5/16/10
My work schedule doesn't really allow me to participate in your chat. I have to get up at 3 a.m. to get ready for work, so I'm usually sleeping during your chat.
I'm not one of the Tin Foil Hat Club members, and the truth is I really don't want to be. I don't agree with everything you write, Mr. Slager, but I find your paper interesting. This particular subject is interesting to me because of my background. I think you are on to something with this story, and I hope you follow up on it. I'm not accusing Mr. McDonald of anything, but the hacker story just isn't working for me. Hackers who try things like this are usually very clever. Doing it like this is just too sloppy and risky. The hoax idea doesn't wash either. Too much risk and not enough gain.
I don't know Mr. McDonald, but if I did I would ask him who has direct access to his computer.
Last edited by billw (2010-05-18 17:14:04)
Offline
#2 2010-05-17 15:55:26
OK, I'm trying my best to be a good Ham of Peace, but come on...if he's going to start pretending that Batman is blogging in the Tin Hat Chat, that's just joke material that even a Ham of Peace can't pass up.
Offline
#3 2010-05-17 15:56:58
They go good together...Batman is the Dark Knight and Bobo is the Dork Knight.
Offline
#4 2010-05-17 16:12:45
Batman being in the tin hat chat is a silly enough idea, but the real unbelievable part where the whole story fails is the ridiculous notion that someone in the tin hat chat actually has a job.
Offline
#5 2010-05-17 17:14:42
Please allow me to ramble on a bit about the technical nature of this type of attack. Note that I have not spoken directly to Larry about this, so nothing I'm going to say is based on any direct knowledge of his situation. However, I know a lot about this industry, and I bet I can guess pretty darn accurately what happened. Larry, feel free to correct me where I'm wrong =)
Attacks like this are NOT "clever" or "sophisticated". They are, however, very very common. It's the natural evolution of a phishing attack. The first phase of the attack is rarely, if ever, actually targeted at the user who gets his email account bonked. It's typically accomplished through some type of malicious website, most of which take advantage of security holes in Adobe Reader and/or Flash, or older versions of Internet Explorer. Through technical means that I won't get into here (typically through something called a "buffer overflow" in software on your computer - Google "Phrack 49" for details), unscrupulous people who gain control of websites (either their own, or that of a third party) can install software on your computer without your noticing. Sometimes antivirus software picks up on this, sometimes it doesn't. This "malware" can do any of a number of things - one of the more popular tricks lately is to pop up fake warning messages ("Your computer has been hacked! Click here to fix it") and then promise to fix your computer for only $20. Google "Malware Doctor" for an example of this one. One of the other things that it can do is install a keylogger on your computer. This is automated software that records all of your keystrokes and sends them off to a remote location. Bad keyloggers record everything - good ones can tell when you're entering a password and just grab that. Once that software is installed, you're basically toast. If they catch a bank account password, they can swipe your money. If they catch an email password, they can send out a phishing email like this one (note that this is often called "spear-phishing" because the phishing attack itself is customized/targeted and relies on the trust of people in your address book). It's simply a numbers game. If they can get .01% of people to fall for this and send $100 (or whatever), then they need to send out 10,000 emails in order to get paid. That may sound like a lot, but I have well north of 500 people in my address book, because GMail automatically adds everybody I've ever emailed to it. If everybody has a similar number, then the bad guys only need to access 20 email accounts to send their 10,000 emails and get paid. Those economics ain't too bad =) For an entertaining, and educational, view of the "blackhat" economy, and how easy it is to make money maliciously on the web, check out this presentation by Jeremiah Grossman, who's one of the thought leaders in the web application security space: http://www.youtube.com/watch?v=SIMF8bp5-qg
There's lots of other ways to get your password snarfed, none of which involve any exceptional degree of attacker skill. Using any kind of internet kiosk/library computer/other public system is a bad idea - they probably already have keyloggers/other malware on them. So is any kind of open wifi connection (e.g., Starbucks), as this traffic can be easily "sniffed". Even if you don't browse to malicious websites, which are usually in the "dark corners" of the web, you can still get nailed - either through something called Cross-Site Scripting, where a bad guy can use a "good" website to force you to a bad one, or by directly hacking a "good" site so that it hosts the malware. There were even examples of big websites (I think one was Myspace, but I can't remember off the top of my head right now) about a year ago who were hosting malicious files.......in their advertising systems. Basically, a bad guy was able to submit an Adobe Flash banner ad through their system that automagically attempted to "hack" the system of anybody who viewed the ad. It's things like this that cause companies to make "exit pages" - if you click from the company's site to a third party, there's a warning page in the middle telling you "ANYTHING BAD THAT HAPPENS BEYOND THIS POINT ISN'T OUR FAULT". I've had clients who have linked to third party sites, then the owner of that site lets the domain registration lapse and it gets bought up by someone who wants to peddle hardcore adult content....once that happens, it looks like the company is endorsing that adult content. Not good times.
Anyways, that's a lot of ranting - the tl;dr is that it's easy to get your password snarfed, and there's nothing advanced or clever about the attack. It's simply a numbers game. And Slager's still making stuff up - he even admitted in a comment on his site that he googled for the first sentence of Larry's email, so he has seen for himself the multitude of other examples of the same thing happening.
If people think it would be helpful, I'd be happy to answer any computer security questions you have. Either in here, or I can start a new thread. Just cut me some slack if my responses are slow...I'm too focused on baby care!!
Offline
#6 2010-05-17 17:29:30
I missed you, cas....
Offline
#7 2010-05-17 18:04:32
Bobo you jerk you are so transparent. Your mistake is thinking that people are as stupid as you are. Darkknight sounds like your chat version of Paul Shooter. Your style of writing is instantly recognizable even when you try to hide your style of writing. You know you screwed up and now you introduce some new tinfoil member to defend your unethical behavior. You are an idiot. You need to seek serious mental health help.
Offline
#8 2010-05-17 22:44:32
The Dork Knight hard at work in the bathroom office...
Offline
#9 2010-05-17 23:10:09
By: robertslager on 5/17/10
And you're right, Darkknight. I probably should have played dumb and asked how to send money to whomever sent that e-mail to me. I didn't think of it at the time. I wish I had.
Bobo you don't have to play dumb
Offline
#10 2010-05-17 23:16:33
Hamatron5000 wrote:
The Dork Knight hard at work in the bathroom office...
http://www.funny-potato.com/images/batman/batman.jpg
Bah hahahaa haaa haaa...nice
Offline
#13 2010-05-18 00:39:52
After thinking about this some more, and seeing Slager's comments upthread, there's two additional things that I forgot to address:
1. Getting access to the account without first compromising a computer - I made the big (and possibly wrong) assumption above that the compromise started because of an incident on a computer of Larry's. It's also possible that an attacker simply went after his account, likely either with some sort of dictionary attack, or after seeing the account name online somewhere. Let's face it - the AOL user community is probably the least-tec hnically-inclined group of Internet users out there (no offense, Larry). As such, they're the least likely to have strong passwords/security questions, and most likely to fall victim to phishing/other attacks. The attacker(s) could have either guessed Larry's password outright, or abused the password reset process to retrieve or reset the password. If you think this is far-fetched, that password-reset-abuse is exactly how Sarah Palin got her email account hacked in 2008. As for password guessing, it's often not hard. In my time, I've seen movie companies use famous character names as passwords, banks use "money", EVERYBODY use "password", variations of "redsox" and "patriots" and other local sports teams...and you'd be shocked at how often 4-letter-words are used (passwords like "f***thisjob!" were not uncommon for normal office users). I don't know if it was through this method that Larry lost his password, but it's entirely possible.
2. How does the bad guy actually get money out of this? A suspicious mind might say "but Cas, there was no direct way to send money from the email - why wouldn't a real bad guy have put something else in there? That obviously means it was Larry who sent the email." BZZZZ! Wrong!! Remember, Mr. Badguy has control of Larry's email account - he may or may not have actually locked Larry out, but if I were doing this, I would NOT lock Larry out...no reason to raise suspicion. Since they have access to the account, they would simply monitor for replies. If anybody responds, they interject a little human touch to finish off the con. Depending on the amount they're looking for, they would typically ask for the money to be transferred via Western Union to some international location, or via a less-than-reputable version of paypal such as eGold. Once the transfer is complete, they disappear, likely wiping out all of the messages in the inbox as well as the address book. This type of attack works best on older, unused accounts, specifically because the account owner would be less likely to notice the compromise.
And, not that I'm awesome at Google or anything, but here's a blow-by-blow of someone else who got hit with a very similar email scam(same idea - stuck in Wales with no money - but somewhat different wording). The guy responded to the initial email, and eventually got a request to wire over 2,300 GBP via western union. Note that this is on the first page of google results when you search for the opening line of the attacker's email. Not exactly rocket science/super journalism to find it. Just basic research before you go and smear somebody (which I guess is why we shouldn't have expected Slager to do it...)
EDIT: typo
Last edited by acasualobserver (2010-05-18 00:40:57)
Offline
#14 2010-05-18 06:37:04
Many people online these days have gotten one or more of these scam emails, or have seen weird email blasts and then real people begging friends not to open something strange from them (because it is not really from them).
OR
Think about it: would Larry ask Slager for money?
Exactly. So obviously the email in question was not really from Larry.
Since Slager controls a lot of non thinkers, all our reasoning is immaterial.
Offline
#15 2010-05-18 07:47:42
IT WAS SAID BEFORE BUT IT IS ABSOLUTE PROOF THAT IT WAS A SCAM. WHY WOULD ANYONE WHO KNOWS ROBERT SLAGER SOLICITE HIM FOR MONEY???????? THE GUY DOESNT HAVE A POT TO PISS IN. AND STILL SILENCE ON PAYING BACK HIS RENT THAT HE PROMISED TO DO IN APRIL.
Offline
#16 2010-05-18 07:50:02
MIRROR MIRROR ON THE WALL WHO IS THE GREATEST REPORTER IN ALL OF WAREHAM( SLAGER ASKED THIS QUESTION THE OTHER DAY IN HIS OFFICE THE TOILET IN HALIFAX) THE ANSWER CAME BACK FROM THE MIRROR IT AINT YOU ASSHOLE , ITS ANN ESINBERGER OF WAREHAM WEEK.
Offline
#17 2010-05-18 08:09:53
Bobo everyone knows you are broke why would anyone send you an email asking for money?
Offline
#18 2010-05-18 09:36:12
THE THOUGHT PROCESS OF THE CREAM CHEESE CONSUMER:
"Oh no! The tin hats don't believe me! But wait...I know! Maybe they'll believe...Batman!"
Offline
#19 2010-05-18 10:50:50
I don't know Larry and I don't want to suggest that I do. If you go back and read his posts you get the impression that he is articulate, educated, and funny. He also gives his email address if anyone wants to contact him. I might take him up on that offer. Isn't it odd that all these experts weighing in haven't taken the time to talk to him? Maybe Batman could pick up the batphone and give him a call? I would be willing to bet that legal team of Slager & Jones do not have all the facts and probably do not care to get all the facts. Why ruin a good smear campaign with the facts and truth?
Larry are you out there?
Offline
#20 2010-05-18 11:20:58
Once you speak with and meet Larry, Mayor...you will have a real treat in store for you.
Larry is a funny, smart, articulate and very competent person. He is a big man with a huge heart and loves everyone.
He has donated his time and efforts to bettering Wareham. Those who have criticized him haven't, and never will.
He is a fine man with a fine family and I consider him to be a very good friend. I am proud to know him.
Offline
#22 2010-05-18 14:14:19
Bahhh ha...his first "holy" in that video is "Holy Barracuda!"
Offline
#24 2010-05-18 14:20:31
Can we change this thread to "Slager is playing with himself again'??
Offline
#25 2010-05-18 14:30:13
BEHOLD, THE DORK KNIGHT'S FAVORITE SNACK:
THE BAT BAGEL!
Offline
#26 2010-05-18 14:30:54
Holy Cream Cheese, Batman!
Offline
#27 2010-05-18 14:32:41
Hamatron5000 wrote:
Bahhh ha...his first "holy" in that video is "Holy Barracuda!"
I noticed that too..the vid after is the "Dark Knight" having a conversation with himself..Hey Assclown..the ridiculous "script" that is your life was written already for a cheesy 60's "action" comedy..Bam! Splash!! Boom!! Tune in next week, folks..Same Bobo time..same Bobo channel..
Offline
#28 2010-05-18 15:49:35
slagisDB wrote:
Can we change this thread to "Slager is playing with himself again'??
Slag, I have no objections to that if I knew how to do it of course. Your posts always make me laugh!
Offline
#29 2010-05-18 17:34:55
Offline
#30 2010-05-18 18:00:30
LMFAO!!!
GREAT stuff, P-Span. You are the MAN!
Any luck with that shirt pic?
Offline
#31 2010-05-18 18:15:35
In case Mr. Slager needs step by step instructions...
Auto-edited on 2020-08-11 to update URLs
Offline