
Spammers expose their entire operation through bad backups - lightlyused
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html
======
uladzislau
It puzzles me that all these spam/fishing operations are being uncovered by an
accident and there's no proactive private or nonprofit organizations pursuing
these criminals.

Overall our current state of (an average user) security can be described as
Swiss cheese where anyone with malicious intent can poke a hole and use it
without any repercussions.

~~~
Kalium
There are people who do this. ShadowServer comes to mind. A number of large
companies (Google, Microsoft, ISPs, etc.) run anti-spam operations.

It's harder than you might expect to do effectively.

~~~
Sunset
But is there an international interpol-style/black helicopters operation
against such types. If there's one class of people I'd be glad to see have
their human rights trampled, it would be spammers.

~~~
mulmen
Or you know, we could uphold the rule of law and punish rule breakers within
the framework we already have.

------
tyingq
This talks about misconfigured rsync being the vector.

However, the researcher that found it says:

 _" The search engine at Shodan.io had indexed their IPs as running publicly
accessible MongoDB instances"_[1]

The screenshot looks like some kind of mongo explorer type UI:
[http://imgur.com/DzNthuy](http://imgur.com/DzNthuy) Probably MongoVue:
[https://mongopi.files.wordpress.com/2012/11/mongovue.png](https://mongopi.files.wordpress.com/2012/11/mongovue.png)

So it appears to be the "mongo installed with no password, and open to the
internet" thing again.

[1][https://www.reddit.com/r/apple/comments/3wq9fc/massive_data_...](https://www.reddit.com/r/apple/comments/3wq9fc/massive_data_breach/)

~~~
dandelany
That post is a year old... I don't think it's talking about the same breach.

~~~
tyingq
Ah, wow. My mistake then. Interesting that MacKeeper is related to both.

------
otterley
The number of emails in the database isn't even the interesting part. What's
more noteworthy is the fact that the spammers have figured out how to evade
Google and Yahoo SMTP servers' rate-limiting techniques, and the sheer amount
of volume they have at their disposal relative to the compute resources they
have.

~~~
altern8tif
I hope Google does something about this. The problem with spam is that once
you're on the spammers' lists, it's virtually impossible to get off it.

~~~
xanderstrike
That's interesting, I never get spam in my inbox in Gmail, but my "spam
folder" is constantly full. I wonder if gmail makes these spam emails appear
as if they're "inboxing" to the spammers.

~~~
gregmac
At the SMTP level, you can't tell the difference (spam or not). A bounce
return message will tell you it fails, but the absence of a bounce message
doesn't mean it was received, let alone got into an inbox.

The only way a sender can tell for sure their e-mail was delivered is to have
tracking links: images and/or clickable links that include something to
uniquely identify which address received the mail.

Most if not all e-mail clients block images, and many even disable links for
unknown senders and/or messages that even remotely look like spam (eg: a non-
zero spam score that is below the threshold to automatically reject or filter
to a junk folder).

If you get tracked by one of these images or links, presumably you move from
the "maybe working" e-mail address list to the "reads our messages" or "clicks
our links" list, and at the very least means you contribute to making more
money for the spammer when they sell that (higher-value) list.

~~~
brak1
> Most if not all e-mail clients block images

Gmail auto preloads (via their servers) all images in emails. You can turn it
off though.

(lots of sources on internet about this,
[http://www.guidingtech.com/13461/gmail-always-display-
images...](http://www.guidingtech.com/13461/gmail-always-display-images-
email/) for example)

~~~
gregmac
I stand corrected. Must be a setting I changed at some point then, as I have
it set to always ask.

It's a terrible setting, it should just be 'always ask'. Is there a legitimate
use I'm missing? The only thing I can think of is for spammers to track if
their spam went through, marketers of 'legit' mail to track the same thing, or
a backdoor way to implement the atrocious 'read receipt' feature. None of
those is at all beneficial to the user receiving the message.

~~~
xanderstrike
I was delighted when they changed it from "always ask" to "show by default."
Like I said, Gmail never puts spam through to me, so it saves me clicks.

------
wiredfool
[https://news.ycombinator.com/item?id=13802559](https://news.ycombinator.com/item?id=13802559)
is a better article, now marked as a dupe.

~~~
dang
OK, we've changed the URL above to that from
[https://mackeeper.com/blog/post/339-spammergate-the-fall-
of-...](https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-
empire).

------
ucaetano
So now MacKeeper will use those 1.4B accounts to lure people into installing
their own software, and giving them more information?

------
vonklaus
I didn't realize MacKeeper investigates other spammers, maybe helpful in
develoiping their own best practices.

------
janwillemb
I'd rather see Troy Hunt handling this... hoping they add the database to HIBP

~~~
laurencei
Is it a "pawn" though? Your email address in their database does not
necessarily mean your security has been compromised - just that your on a spam
list somewhere?

~~~
Klathmon
They have added the "GeekedIn" leak from mid last year in the database even
though technically none of the information was private (IIRC it was all
scraped from GitHub's public API).

Sometimes getting on these lists is fairly harmless by itself, but they can
end up leaking a large amount of data about some people.

Just knowing that an email address is used and active is a start, but combine
that with other information that could be grabbed like rough location data, IP
address information, knowledge that the email was associated with that
service, active usage dates, and more can end up being much worse.

------
elorant
For years I've contemplated with the idea of building a botnet that
aggressively attacks companies that advertise through spam by consuming their
bandwidth or DDoS the hell out of them. Every time I read an article like this
I feel like I have to implement that thing sooner than later.

~~~
jacquesm
Yes, because it's a great idea to combat one illegal thing with one that is
much more illegal and victimizes yet another large number of people.

Better let that one sit in the contemplation folder, as soon as you move to
action you'll simply be just another criminal.

~~~
dvdhnt
There's no such thing as "more illegal"; interpretation of the law may be
subjective, however, once a determination of legality has been made, it is or
isn't legal.

Actually, it'd make him/her a vigilante, that while still criminal, aims to
serve the public good, whether rightfully so or not. I won't suggest whether
that is ethically acceptable, but it'd me more of a conversation than
legality.

~~~
sverige
Well, there are degrees of criminality, which is why penalties for certain
similar acts vary depending on the exact circumstances, methods, and
intentions; e.g., manslaughter vs. 2nd degree murder vs. 1st degree murder.

I think this was the point. DDoS attacks potentially affect innocent people
who just want to (say for instance) buy some cheap Viagra and who have nothing
to do with the spammer who caused the initial irritation by sending yet
another useless email.

------
shadowcodex
Who doesn't already have our email addresses? I get spam email all the time...

------
johnnycarcin
Reminds me a bit of this story from a few years back:
[https://www.wired.com/2010/04/cloud-
warrant/](https://www.wired.com/2010/04/cloud-warrant/)

------
r1b
Can someone please explain the difference between email marketing and spam?

~~~
austenallred
I assume you're being facetious, but there is a literal definition of SPAM in
the United States (or, at least, a definition whereby it's OK to send
'commercial email', the inverse of which could be considered SPAM). (From
Wikipedia for the CAN-SPAM act - [https://en.m.wikipedia.org/wiki/CAN-
SPAM_Act_of_2003#Applica...](https://en.m.wikipedia.org/wiki/CAN-
SPAM_Act_of_2003#Applicability))

A commercial email is legal if it complies with the following:

 _Unsubscribe compliance_

* A visible and operable unsubscribe mechanism is present in all emails.

* Consumer opt-out requests are honored within 10 business days.

* Opt-out lists also known as Suppression lists are only used for compliance purposes.

 _Content compliance_

* Accurate "From" lines (including "friendly froms")

* Relevant subject lines (relative to offer in body content and not deceptive)

* A legitimate physical address of the publisher and/or advertiser is present. PO Box addresses are acceptable in compliance with 16 C.F.R. 316.2(p) and if the email is sent by a third party, the legitimate physical address of the entity, whose products or services are promoted through the email should be visible.

* A label is present if the content is adult.

 _Sending behavior compliance_

* A message cannot be sent through an open relay.

* A message cannot be sent without an unsubscribe option.

* A message cannot be sent to a harvested email address.

* A message cannot contain a false header.

* A message should contain at least one sentence.

* A message cannot be null.

* Unsubscribe option should be below the message.

~~~
r1b
Was being genuine - thank you for the detailed response.

------
_RPM
Hey, it can't be worse than what the airbnb founder did

~~~
jensvdh
Story?

~~~
tyingq
I suspect they are referencing this:

[http://www.businessinsider.com/airbnb-harvested-
craigslist-t...](http://www.businessinsider.com/airbnb-harvested-craigslist-
to-grow-its-listings-says-competitor-2011-5)

Harvesting emails from Craigslist and spamming people that listed properties.

------
eis
MacKeeper? The company that aggressively advertises something that looks like
scareware? Surprised that they are now supposedly the good guys.

The Wikipedia intro reads "The software is heavily promoted and has been the
subject of a class-action lawsuit for false advertising.".

They are now writing about a data leak of some spammers because these
accidently left their repo open while MacKeeper had their own nice similar
leak: "In December 2015 security researcher Chris Vickery discovered a
publicly accessible database of 21GB of MacKeeper user data on the internet,
exposing the usernames, passwords and other information of over 13 million
MacKeeper users. According to Kromtech this was the result of a "server
misconfiguration""

~~~
altern8tif
MacKeeper has 13 million users?? Who would install MacKeeper willingly?

~~~
btilly
My 12 year old son has installed it multiple times without notification.

This is what happens to people on a Mac who download minecraft modpacks off of
random places on the internet...

~~~
jdcarter
My 10 year-old is an ace at spotting fake download buttons and "your PC is at
risk!" banners thanks to downloading Minecraft mods. In an odd way, these
spammy download sites have been a surprisingly good educational tool--to date
she hasn't messed up her machine once.

------
scandox
These Mackeeper guys had some high pressure dude on a live chat get my mother
to pay and install their software. Worse - she was having trouble installing
it and the guy suggested a remote session. Luckily she got wise at that point.

I wouldn't even visit their site to be quite frank.

~~~
joering2
Out of curiosity - what do you think a guy that is hired to make that software
to work on your mom computer would do more than help her install said
software, even if through a remote session?

~~~
DashRattlesnake
> Out of curiosity - what do you think a guy that is hired to make that
> software to work on your mom computer would do more than help her install
> said software, even if through a remote session?

Because that is literally part of the modus operandi of the Windows tech
support scammers?

------
AdmiralAsshat
Were they held for River City Ransom?

(I'm sorry, couldn't resist)

~~~
digitalsin
Crap now the menu tune is playing non-stop in my head

