

Tell HN: There is a Scammer Amongst Us - lrm242

On January 29th a HN user, 'jiganti', posted this: "Ask HN: I think I've been scammed - what now?" (http://news.ycombinator.com/item?id=2157281)<p>Starting in the evening of January 30th, posts began to appear on complaint forums with my name. These posts claim that I am a pedophile and that I have stolen money. These posts are false and I find it unsurprising that they began to appear after I provided information about the possible identity of jiganti's scammer. My name and phone number are easily Google-able, however, I provide it here in case anyone wishes to call me: Louis Marascio,  512-964-4569.<p>I'm posting this because although jiganti's post fell off the front page, <i>this story is not over</i>.  Other HN'ers and I dug up some information about the possible scammer in the original thread. Also, I believe jiganti might not be the only person who's been taken by this guy. Please read the post and thread in full. This sub-thread specifically discusses our findings: http://news.ycombinator.com/item?id=2158590<p>Our most promising evidence is this: the responsible party is a single user that has at least three handles here on HN: pinksoda, sinkfloat, and BrianHolt. This has not been proven nor has it been denied, and I repeat the last sentence of my findings: I encourage the owner(s) of the HN accounts pinksoda, sinkfloat, and BrianHolt to speak up--and if I'm wrong I apologize.<p>I re-urge you to read the post, the subsequent conversation, and the other linked-to Hacker News posts and make up your own mind. Hacker News is a tight-knit community, and if there is an unsavory character here who's using it as a way to find and exploit young entrepreneurs, then I feel we need to all be made aware of this. If a scammer does exist amongst us, let's all hope a little light will cause him to slither back into the hole he came from.<p>It is important to note that 'mahmud' is mentioned in the first paragraph of the original post. mahmud IS NOT THE SCAMMER. The original poster lost his ability to edit the post before he could clear up what he meant. This is specifically discussed in this sub-thread on the post: http://news.ycombinator.com/item?id=2157602
======
requinot59
As a side note, news.ycombinator.com should really have HTTPS access.

Passwords and cookies in clear HTTP are no good. Anyone here (should) knows
it. Firesheep proves it. GMail and Zuckerberg suffered it.

Just buy or get a free SSL certificate, and let nginx or stunnel handles SSL
and proxies HTTP to/from Arc. Total cost, being pessimistic: 150$ for the
certificate verification, and 2 hours to set-up the certs & nginx.

I know, it's awesome, it's a custom Arc webserver and all, and good practices
are for PHBs only, but still. For a "hacker" website, news.ycombinator.com is
a shame regarding to privacy/security (see also: passwords stored as shasums
(without even a salt), funny things like <img
src="[http://news.ycombinator.com/logout>](http://news.ycombinator.com/logout>),
outdated versions of software used
[<http://news.ycombinator.com/item?id=516122>], etc.)

~~~
tptacek
All HN needs is a note above the password field saying "don't use an important
password". Nobody should care.

~~~
redthrowaway
Given, however, that many founders and tech journalists use the site, a
compromised account could be used to severely damage a startup's credibility.
All it would take would be a few posts on HN before a funding round that
called into question the founder's ethics, skill, or common sense, and someone
from TechCrunch to pick up on it. It could cause sufficient uncertainty, if
properly timed, to make potential investors stay away. That, in turn, could
spell big trouble for a company.

Granted, that scenario may seem far-fetched, but it's not unreasonable to
suppose that some unscrupulous person might have motive to do something of the
sort. Rather than deal with the fallout if it does occur, why not simply allow
people the option of having a secure login? If they choose not to use it,
that's their prerogative.

~~~
requinot59
Exactly. Take a tour of the SF and Mountain View coffee-shops which offer free
wifi with a laptop to sniff traffic. Isn't there a not-negligeable chance you
might recolt some HN cookies from "interesting" accounts? Once you get them,
it's just a matter of imagination before causing some harm.

HN is not the small and unfamous news site it was 2 years ago anymore.

~~~
jackowayed
And not just interesting like a high-profile person, but interesting like a YC
founder who is a moderator. It's possible that PG has instructed mods not to
log in over public connections, but I bet they occasionally do it.

~~~
tptacek
And how much damage could a hacked moderator account do to the site? This
whole conversation seems like a symptom of taking this site way too seriously.
The community is very valuable and even important. The site is just an
artifact of it.

As evidence for my point of view (and, you can say "you're welcome" if my
brinkmanship with this sentence is paid off by Graham promptly enabling SSL,
which he could easily do in the process of fixing the far-more-important bug
of this site not being served through a front-end proxy), note that next week
SSL will in all likelihood not have SSL enabled. That request --- provide SSL
--- has been outstanding forever. Does Graham also share my cavalier attitude
towards the site?

~~~
jackowayed
That's true.

But remember that this is also the YC application system. A lot of alumni help
read apps, probably just by getting a permission added to their account. So a
lucky firesheep-er can probably read every application to YC. And mess up
people's applications (if they get the account of an applicant before the
deadline). And may reject people/delete apps if they were to get, say, pg's or
harj's account.

And possibly other stuff. I don't know what all YC uses it for, but I get the
impression that they continue to use it for various things (signing up for
office hours?), some of which may be sensitive, once teams are accepted.

~~~
tptacek
I addressed this point in another comment. Briefly: my advice regarding that
fact would not be to improve HN's security; it would be to get the YC
functionality off HN, stat. HN is way more a target than YC's stuff ever will
be. Most of the people who will take a run at this site don't even know what
YC is.

~~~
jackowayed
Ok, that would work too. But I'd guess that there's significant barriers to
doing that (ie. it would take a lot of work to make it happen).

Plus it's never optimal, even for a bs written-in-a-weekend app, to send
passwords in the clear, given how many people use the same password on
multiple sites. And even though HN isn't that important, we'd certainly prefer
to avoid the headache that would result from someone getting a mod's account,
banning a bunch of high-karma people, deleting a ton of stuff, etc.

So SSL is a good solution because a) It could be deployed today. b) It's
preferable anyway. But I agree that if they decoupled HN from all the other YC
stuff, I'd be a lot less concerned.

------
rknight
I'm a long time HN user, I created this account and a new e-mail only to
provide some new information of identities that I found in the internet of
pinksoda, after I give them to you I will not use this account again.

I do realize that maybe it will be difficult to believe in a new user with
these claims, but I do assure you that I'm here only to help, your linkedin
profile list a domain, send me a mail from this domain (with the correct
headers from the correct IP, I know that you use Google Apps in your domain)
and I will answer with the links that I found, I do not kow if they will be of
any help, but I think they provide trails for you, some of them are right here
on HN, and these ones I think there's no problem in post here:

<http://news.ycombinator.com/item?id=1299501>

With BrianHolt saying about a past website of him, I do not know if he said
the truth.

<http://news.ycombinator.com/item?id=1320560>

I did not confirm this, but searching his name in Google will bring some of
the links that I found, although not in the front page.

The e-mail: XXX@gmail.com

EDIT: I will try to give the links as early as possible.

EDIT2: I gave the links and some trails for Louis, although I'm not sure if
they will be useful, I will not use this account again and will only answer
Louis in the e-mail.

EDIT3: Smarter to remove the e-mail... a long day programming.

------
lrm242
I'd like to add. If you've been taken by this guy but have felt intimidated or
fearful to come forward, please email me. I have a strong suspicion that there
are others, but I'm hopeful there are not. If the guy that took jiganti has
scammed others, the more we know the better we are. If you don't want to go
public with the information I understand, but please contact me. My email is
my last name at gmail.

------
raganwald
I read this post: <http://news.ycombinator.com/item?id=2157281>

While anyone who invests money and gets nothing in return has my sympathy, I
don't see the relevance of a private business transaction to HN.

You will sometimes find someone plastering notices all over the city. These
notices have a picture of someone and the warning not to date them because
they are a lying, cheating low-life. Is this a public service intended to save
other people from an unhappy fate? Or is it someone trying to get revenge by
naming, blaming, and shaming someone else?

Unless the "scamming" in question is happening on HN, such as someone spamming
HN with fraudulent posts, I have trouble thinking this kind of thing meets the
HN guidelines.

~~~
reason
You'd not be so opposed to the submission if you were a lot less cynical. I
see this as a genuine warning to the community. Nothing more.

~~~
dschobel
A warning to not send money to people you met on an open internet forum?
Really?

If someone can help lrm242 great, but I don't think anyone else has delusions
that HN is anything but an open forum on the web and therefore entails the
most basic precautions.

There are thousands of other bad-actors waiting even if you manage to round up
a posse to track this guy down.

So lrm242 has my sympathies but this is definitely a personal problem because
making any assumptions based on the fact that someone entered
news.ycombinator.com into their address bar (which is the only barrier to
membership) is frankly, stupid.

------
coderdude
It looks like you can add venaltech.com to the list of domains the guy is
listed as the admin contact for. It doesn't look like that has been mentioned
yet in any of the threads. Google that domain and you find a crap load of
"reviews" on sites of questionable origin. A few of the domains of the sites
that talk about it follow the pattern of *reviews.com so it looks like he
probably paid some service to write them. You might be able to follow that
trail.

------
smoyer
Clickable links:

<http://news.ycombinator.com/item?id=2157281>
<http://news.ycombinator.com/item?id=2158590>
<http://news.ycombinator.com/item?id=2157602>

~~~
unoti
Is there some kind of circle of trust established-- you know, good old
fashioned key-signing plus vouching for people? 10 years ago I would have bet
big money that by now people would have well-established cryptographic
identities online, verified by a larger circle of trust. Does this exist, or
is that a dated idea without a whole lot of merit?

Or maybe that's what LinkedIn was supposed to be before it turned into
something that to me feels much more impersonal and spammy.

~~~
pyre
The only issue with the web-of-trust is that all it takes is trusting someone
that turns out to be untrustworthy to bring it all down. Do you really think
that the same people that click-through whatever dialogs popup without reading
them (just because "it's in front of what I want to see" or "I just let it do
whatever it wants to do so that I can get about my work") are going to
properly evaluate their trust in someone before just signing away? People
today are even _less_ vigilant about the internet because loads of them have
grown up with it, and won't learn the 'internet is dangerous' lesson until it
bites them (the same with: "don't trust all your data to a single provider"
and "always backup all of your data to multiple places, as well as off-site").

------
japherwocky
can we get a tldr on this?

~~~
barrkel
jiganti was scammed by X

jiganti was helped by mahmud

yesterday, lrm242 investigated X and turned up addresses (Chinese) etc. from
DNS

lrm242 is now being libelled on complaints forums, as of yesterday

X appears to have several HN accounts: pinksoda, sinkfloat, and BrianHolt

Vaguely interestingly, Totiboti (now auto-dead - you need to turn on showdead
to see his posts) was warning about the guy repeatedly:
<http://news.ycombinator.com/threads?id=Totiboti>

~~~
pyre
It's of note that those comments were on a HN story that was posted by
_pinksoda_ , is hosted on _sinkfloat_.com, and has _BrianHolt_ responding in
the comments as the subject of the article. That alone seems to link them all
together and make the whole thing fishy.

~~~
taylorbuley
It looks like he's responding to each individual comment thread, as if to try
to get people to notice via their threads link

------
OoTheNigerian
This BrianHolt dude is obviously NOT clean
<http://news.ycombinator.com/item?id=1299094>. Why did you not do basic
research on who you were doing business with?

------
lwat
The internet is full of scammers and on any reasonably popular forum you'll
find them. Let's not turn HN into witch hunting central.

~~~
electromagnetic
But what am I going to do with my bonfire now? It's almost a whole year until
I get to set it on Guy Fawkes night.

