Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: True tales of (mostly) white-hat hacking

Roger A. Grimes | July 23, 2013
Stings, penetration pwns, spy games — it's all in a day's work along the thin gray line of IT security.

True tale of (mostly) white-hat hacking No. 2: Spamming the persistent porn spammer. Some white-hat hacking walks a thin line. Here's a great example of "white-hat hacking" of a vigilante nature gone somewhat awry.

Back in the late 1980s, when I was using an email client called Lotus cc:Mail, my work email address had found its way to a porn spammer, and he began to load my inbox with enticements. After five of them came through in a couple of minutes, I decided to take a look at the email header. Back then, spammers didn't hide as much, and the header revealed the spammer's true domain name. Using a reverse lookup, I found the hacker's name, address, and work email address from his domain's DNS registrar.

I sent a polite email asking to be removed from the spammer's email list. He replied that there's nothing he could do and followed up with 10 more porn spams. This ticked me off, so I created a mailbox rule to send right back at him 100 copies of any porn spam message he shot my way. Naturally, this only incited him to fire off even more spam and a personal email indicating that he was sharing my email address with other spammers.

I used the search engine we all envied at the time, AltaVista, and found not only his personal email account, but those of his wife, daughter, and grandparents. I sent him an email notifying him that every time I received any new spam I would send 100 copies of that spam to his personal email account, as well as those of his wife, his daughter, and his grandparents. Not surprisingly, the new spam suddenly stopped. I even got an email from him notifying me that it might take a day for all spam to stop because he had to remove my name from external lists beyond his control. I never got another spam from him.

I contacted the late, great Ed Foster's Gripeline column at InfoWorld (many years before I began writing for InfoWorld myself) and told him what I did and how I had found a new way to stop spam that anyone could use. I expected him to congratulate me and make me the focus of one of his columns. Instead, he told me that what I did, or proposed to do, including using the daughter's email address in my threat, bordered on illegal, or at least ethical, issues. Bless Ed Foster for making me realize I was walking a line I might not want to tread.

True tale of (mostly) white-hat hacking No. 3: Red-herring sting nabs nefarious fishmonger. Years ago I was hired by the CEO of a small fish-selling business. He had a hunch that a former senior executive had hacked his company to get a competitive edge in fish sales to Egypt. A new company, started by the former VP, was suddenly and consistently beating his bid proposals by 1 cent per pound —just enough to ensure that my client's company went from getting every fish delivery project to getting none. The fishmonger was near bankruptcy when he hired me.

 

Previous Page  1  2  3  4  5  6  7  8  Next Page 

Sign up for CIO Asia eNewsletters.