A journalistic and literary trope I increasingly despise: creating an elaborate and evocative metaphorical description of something without naming what it actually is, often with the side-effect of making a rather mundane technicality sound all gee-wiz and confusing rather than enlightening the reader. E.g., Mike's booting up a copy of Windows in a VM:
His first step is defensive: the creation of a software shield that will hide his identity. He boots up a computer containing a version of Windows that’s cut off from the rest of the machine. It’s a digital Russian doll, a computer within a computer.
Yeah, OK, we get it. Windows running in VirtualBox or Parallels or VMWare or whatever. Yeah, it's a security measure. But if a guy's engaged in laboriously sculpting mother earth with an implement of ancient design comprised of planar forged ores fastened to the end of a sylvan shaft, just call a fucking spade a spade and tell us he's digging a hole in dirt.
The language doesn't serve to inform, it conceals. And in this case, the security isn't necessary to protect the identity of the VM, unlike the elaborate description of Mike's apartment silo.
I agree that the author should have named what the Windows installation is, i.e., a VM. However I disagree that metaphors aren't useful in teaching people things, especially about technology.
The author knows his audience, and it is not people like you who have deep technical knowledge. The majority of people reading this probably have trouble starting their Windows PCs, much less understanding how a 'Virtual Machine' is any more or less virtual than the machine they're already using. The russian doll metaphor points towards the concepts of separation and encapsulation, which can help the non-technical reader understand what's going on.
This isn't a technical manual and shouldn't be held to the standards of one. It's entertainment for people who want to know slightly more about technology -- but not too much or too deeply -- than they did before.
You can use the metaphor. But call the thing what the hell it is, in straightforward language.
The problem with this trope is that it makes technology (and science) seem both much more complicated than it is, and, as I've noted, obscures the reality, both in the specific tools used, how they're used, and what they accomplish.
Conducting virus and scam investigations from within a fresh VM is hardly news (a co-worker of mine would do this for filing HR and other corporate reports over MSIE-only interfaces, noting that by the end of the 15-20 minute session his VM was already compromised...). And some bright kid reading the story might actually get some ideas as to how she could better protect herself and/or get into this online forensics and investigations thing.
And the argument that news reportage has to protect the ignorant from their own ignorance by not accidentally un-ignoranting them is ... tired.
>And the argument that news reportage has to protect the ignorant from their own ignorance by not accidentally un-ignoranting them is ... tired.
I don't think I made that argument.
Keeping content simple isn't about protecting anyone from their ignorance, it is writing to serve an audience's wants. People who read publications like Medium generally want bite-size overviews and entertainment. There is a reason the vast majority of people would rather read Scientific American or The Economist instead of picking up an IEEE journal.
I think you are missing the point of the whole article.
This writing is not a piece of news that tells you something you did not know. Rather it works as a "short novel" whose purpose is to create a story around a modern-day phenomenon.
If you look closely you can see the age-old patterns of stories worldwide: the low-key individual that takes the path of the hero, the cause, the ruthless enemy, the obstacles to overcome, the relentless fight.
Overall I found it to be an entertaining read, the key here being the "entertaining" part. I do believe that the target of this piece was never the "enlightment" of the audience but rather the "sentimental engagement" of the audience.
After all, this has been the point of storytellers since the break of mankind, keep us fearing the night and happy to have lived another day.
>The call unsettles him. “I will do anything to ensure that I never have to hear that woman crying ever again,” he tells me later. I get the feeling that, in Mike’s mind, other people’s emotions show up as noise: data that has no apparent purpose, and that his internal software cannot process.
I found this a very unfair judgement made by the author. Giving Mike the benefit of the doubt, I get the sense that he cares about her, and wants to stop the root cause of her suffering, not that her crying made him uncomfortable because he "cannot process" it. The author seems to be trying to play up the rational side of Mike and his engineer's mind at the expense of his emotions.
Yeah. Anyone who knows Mike knows that he isn't some fictional automaton. The journalist is playing the 90's hollywood hacker card here. All we need now is Mike roller blading and some bad CGI to make it complete.
I get the feeling that the reporter could not be bothered to understand people can be complex, and that is may not be easy to understand people in a couple of days, so he is just jumping from one stereotype to another, assembling the quick-and-dirty caricature of Mike from an ample set of templates of "hacker types" provided to us by movies and previous reporting of the same quality. I just ignore such writing now, there is very little they tell us anything about real Mike.
Still reading it, but so far I don't quite like how the following paragraph could make it easy to find Mike's home, 25-foot walls, sushi restaurant and so on:
MIKE LIVES IN Fremont, a trendy district north of Seattle’s downtown that’s known as a haven for alternative types. Even there, though, he doesn’t quite fit in.
Take his apartment: it isn’t one. From the street, a glass door opens onto a concrete retail space with 25-foot high walls. The windows are covered by blinds. Ceiling-mounted halogen tubes cast a low glow that leaves the corners dark. Delicious smells from a neighbouring sushi restaurant occasionaly fill the space, but Mike’s own kitchen is rarely used; obscure electronic components and dismembered gadgets crowd the counters. The floor is covered in random detritus: a single white sock, a piece of fuzzy green string.
I thought the same thing. The journalist is very careful to respect the scammer, "Mr. Smith" but is very eager to dump where Mike lives, what mule fingered him, and the only thing protecting either would be the fact that Mr. Smith would be more exposed if he tried to retaliate directly.
As they mention in the link at the end of the post[1], they hid the scammer's name out of fear of UK libel laws. Presumably they're not really concerned about Mike suing them.
I think they're worried about being sued for accusing Mr. Smith and Jennifer of crimes which they haven't been convicted of, whereas Mike Davis just admits to crimes directly (for a good cause, but it certainly seems like he's exposed to some legal risk here, in the US and especially India, although I suspect no prosecutor in the US would go after him, and no jury would convict, because he's doing it for a good reason.)
A lot of prosecutors would gladly go after him - they are regularly going for people for self-defense, "crimes" that hurt nobody, and so on, and so forth. And they can very well succeed in selecting a jury that would know nothing except the letter of the law was violated, so the must convict.
To my own slight surprise, as I began reading the article, I realized: I know Mike. Didn't know he was into hunting scammers, though.
It's easier to find him than you think, if you know how to access ordinary public records. But if any scammers were to threaten Mike with retaliation, he'd probably say, "come at me, bro."
I have to say, in spite of having a lot of respect for Mike, his willingness to expose himself legally is, as we say in the industry, some serious cowboy bullshit.
I actually gave this a try -- There are a remarkable number of unmarked retail spaces with > 2 floors and blinded windows near sushi restaurants in Fremont. I'm not condoning the author's lack of discretion, but I was surprised to see that the kind of home Davis has, while unconventional, probably looks rather nondescript from the outside.
Submitted 12 days ago[0] with a few up-votes and no discussion, then submitted 6 hours ago[1] with no up-votes and no discussion. Now submitted again with /?attempt=2 on the end of the URL to avoid the minimal dup-detection that HN does.
This submission gets traction. Maybe everything should be submitted again and again until it gets traction. Then again, maybe there's nothing wrong with lots of re-submissions of the same stories over and over, and I'm just grumpy and need more sleep.
Edit: And yes, I've made this point before. Perhaps people are tired of me saying the same thing repeatedly. Well, I'm tired of seeing the same stories repeatedly. I guess I'll just have to take a break for a while. Feel free to vote me up or down as you will.
The criterion is simple: a small number of reposts is ok when an article is solid and hasn't had significant attention on HN. We want good stories to have multiple cracks at the bat, or sheer randomness would prevent many from ever getting seen.
If you pay close enough attention to HN that those two previous submissions counted as already having seen the story, you're way beyond the 99th percentile!
That's why we leave the dupe detector so porous. HN's goal isn't to build a database of unique urls—it's to have the most interesting front page possible.
This system is easy to abuse, so we ask people not to abuse it. For example, don't delete things and then repost them. But I don't see abusive reposting as a huge problem on HN right now. We catch most of it, and alert users catch nearly all the rest.
Edit: I should mention that we're going to be releasing a new approach to /newest that addresses the tendency of good stories to lose their chance at the front page too quickly. Exactly when we release it depends on how much code I get to write in the next month or two.
It seems like you guys (dang and .. I forgot the other one's name) added a feature to tag "meta" comments so they appear all the way down the bottom of a comment thread?
Because that's clever. I really like that solution, because "meta" comments usually do not deserve the downvotes they can get to move them away from the top part of the discussion.
I'm generally quite impressed by the new and improved job you are doing at moderating HN. I don't pay close enough attention to tell if it's improved the quality of discussion so far (it probably did, definitely did not get worse). I can say, however, the changes you made and especially the openness about most things, really improved the atmosphere and general feeling of "fairness" of this place. And that counts for a lot! Well done :)
BTW did that whole /pending experiment go anywhere? That page is always empty to me. I'm still not very sold on the idea, but just wondering.
Thanks! To answer your questions: yes, we flag some subthreads as off-topic (especially when they become weird local optima that would otherwise sit at the top), and no, we haven't turned pending comments on. We decided to try other experiments instead (such as changes to downvoting, which we've posted about quite a bit) and reserve pending comments as a last resort.
> It seems like you guys ... added a feature
> to tag "meta" comments so they appear all
> the way down the bottom of a comment thread?
I have no personal knowledge of this, but I suspect other people have flagged the comments, and that's what's caused them to sink. No other mechanism would be required.
My understanding is that resubmitting good stories is explicitly permitted. If we had a more meritocratic way to decide what exposure each story gets we wouldn't need to, but we're not there yet.
It took me four tries over three years (!) to get Citizen Kubrick to the frontpage[1]. It is IMO the #2 article I've ever read, and it's too good to submit once and give up just because of the vagaries of /newest. Given that I was willing to be so persistent, I'm not sure what harm my repeated submissions did.
I wouldn't have been as persistent with this one, but it seemed worth a second attempt. (Though I wasn't aware that it had been attempted the very same day; knowing that would have changed my decision.)
No, Colin, not tired of reading your posts on multi postings. Although I do let out a chuckle every now and then when I realize how thoroughly you've researched a story's history on HN :-)
I hate this article. It's about some fine reporter who opens with some tear-jerker piece about pay-day loan scams, then transitions to "Mike" who, in so many deliberately picked words, is a loner hacker character with no credibility just in case this article doesn't pan out, and then...
"Mike casts his hands over the keyboard, and makes like God."
Seriously. That happens in the post.
Unfortunately, as I page down, I noticed that author mentions "lead generation." Which most of us can relate to, so I read, nay, struggle onwards. (this is parody)
Mike turns into a criminal phishing character in pursuit of an elusive quarry. The article tapers off into a stalemate.
hear hear. I hated it too. It felt like he wanted to recreate a William Gibson short story. The description of the method maded it sound like voodoo, Mike was turned into a character trope, and the story ended in nothing.
Give me a wired article to read. They have some amazing investigative journalism that is far more thrilling.
I've been curious about how to track down scammers -- just a few days ago I got a quite convincing call supposedly from Bank of America; they appreciate my reliable payments and would like to lower my interest rate... they'd just need to verify a few bits of info, then pass me off to an account manager to handle the rate change.
First, do I have the card with me? Can I confirm the expiration date, so they know this is the current card?
Next, they just needed the card number, starting after the (here he listed the first 4 digits accurately). This was when I belatedly realized this was of course a scam attempt -- the initial digits of a credit card number just identify the bank, so he could pretend to be confirming that he was legit while at the same time collecting my entire credit card number.
What if I hadn't known that? I know perfectly well I shouldn't trust an incoming caller's identity as a general rule... but he called in the middle of my workday, I was wrapped up in other things, and just thought "eh, I can take a minute and accept a lower rate" without even paying enough attention to realize he hadn't even addressed me by name. Embarrassing, really....
Once the game was up it didn't last much longer -- though I played it safe and pretended I didn't realize it was a scam.
But what can I do now?
The incoming number was reported as 703 237 2680; but I have no other info on who the caller was beyond that, and I believe caller-ID is fairly easily spoofed.
I wish I'd had a honeypot credit card to give him; that would have been at least somewhat useful, though tricky to really use. From what I understand, stolen CCs are tested first (via a small purchase from any online service), then good ones are sold.
A honeypot cc (generated by someone with the power to investigate its data) could be used to attempt to track down the people testing it, and whoever buys it, but the former use could be useless (if the scammer can cover their tracks), and the latter only gets the downstream bad guy, not the original scammer.
And... the honeypot cc would need to pass the test to be sold, which would cost money. A chargeback (to that initial test) would of course be possible, but the whole testing process is already brutal for whatever merchant they're using for that.
I'm curious about other ideas on the most useful action I can take in response to this kind of thing.
This will do you no good. They are using a hijacked PBX. There is no way possible they are going to make it that easy to find them.
Here's my story:
I kept getting calls from "credit card services" and every damn time I asked to be removed they would just hang up on me. So, after about the 20th time, I decided to play dumb. I strung them along for 10 minutes. Here's how I did that: the first person you talk with asks if you have more than $3000 in CC debt. The second person basically asks the same thing, but in a little more depth. The third guy is the smooth talker. He asks you to find your statement so he can verify information from it. I played dumb and said I needed to find it. He said "I'll wait" in a very patient voice. I kept him on the like for 10 minutes (while I worked). Then, I just hung up. He called back immediately and said we accidentally got disconnected. I told him "you wouldn't take me off your list, so fuck you."
His revenge was next. The phone rang and someone was yelling at me. He was redirecting all complaints to my phone number. I had to unplug my phone.
I called AT&T (who I had service with) and after about 30 minutes of run around, they said they couldn't do anything. I'd have to contact the fraud department, or some such. I did try, but it was a lot of paperwork and it looked very bureaucratic.
So, I decided to google for "credit card services" (not exactly that, but that's what I started with). I found a TX state lawsuit against a company with this name from the early 2000's. The lawyer that prosecuted them was listed and had a phone number. So, I called it. An elderly gentleman picked up the phone and I told him my story. His first words, "so, they're back at it?" He told me to be very careful, and basically tried to dissuade me from doing anything.
It amazed me that they seem to operate with impunity.
"This will do you no good. They are using a hijacked PBX. There is no way possible they are going to make it that easy to find them."
Yup. But more likely the caller is using SIP. Which is easy to manipulate to one needs. Quickly too. PBX's, when hacked (and they are hacked regularly), are being used to sell calls. And most PBX's rely on service from carriers. Carriers usually set the CID info (they'll set it to what you want - but it takes time). But with SIP it's a different story. I could call you sitting in Russia and you'd think I was down the street.
And it gets worse too. Cause most carriers (ATT, Earthlink, Verizaon, Windstream, XO, etc, etc) got lazy and greedy and are now using SIP to host 800 service. And all the carriers are getting hacked DAILY.
So reporting the number is a waste of time. If the carrier traced it (and they won't) they'd probably trace it back to their own service.
So it's buyer beware really. I trust email more than phone calls.
PS: I didn't mean to imply these guys are from Russia. They could be (a lot of shit has it's roots in that country - since its mob rule basically), but PLENTY of Americans are scamming too.
Note that email doesn't have a "report spam" functionality designed into it (in the form of RFCs), though email providers often offer their own version to their users (most are far more opaque when it comes to reporting spam against their own systems). Reasons for this are diverse, but effectively, if you're a large email service provider, your users' satisfaction is a concern, spam is a large part of that, and the ability to leverage reports from many users to identify spam (and non-spam) sources is very useful.
Telephony was designed in a far more innocent age, and was largely protected against the abuse which ran rampant in email (and Usenet) on account of the costs associated with network access and in actually making calls. Now that this is rapidly approaching email costs (effectively nil at the margin once you've got the infrastructure set up), this is changing.
One consequence is that voice service is rapidly becoming useless due to abuse. I've rightgraded from a smartphone to a dumbphone for a number of reasons, but one feature I particularly miss from my Android device was the call screening app: deny access to unknown or blocked numbers, and allow priority access only to specifically whitelisted callers. Why should I allow myself to be interrupted by any one of the 7 billion people on this planet, or worse, programmed robots which call me without any regard for what I'm doing?
I'm hoping for features such as this to make it into dumb phones soon.
My other thought is that conventional telephony (both POTS and mobile) is going the way of the dodo -- VOIP over wireless broadband with only very occasional fallback to direct connections.
I wonder if it would actually be legal for a phone company to implement a spam filtering service the way an email company can. Phones services are a much more regulated industry than email is.
Offering tools to put the subscriber in much greater control over their device would (and IMO should) be offered.
My frustration is that at present, I cannot do what I want without, take your pick:
• Using a dumbphone with at best the ability to block (but not whitelist) specific numbers.
• Using a smartphone, with all of the additional privacy invasion concerns involved.
• Utilizing a service such as Google Voice, in which all of my phone traffic is routed through yet another NSA surveillance partner (willing or otherwise is left unspecified).
• Ditching conventional voice comms for an alternative (which I haven't yet even identified) that actually does offer the filtering tools I'd like. This would also have the effect of greatly limiting my general connectivity, though in the present universe this might not be all bad.
My suspicion is that a high-end and/or technical solution which does this will emerge. As either option is selective to generally more attractive and upscale markets, the conventional telephone network (wired and cell) will die: it will be comprised increasingly of down-market subscribers, less attractive to both telcos and others who might be interested in reaching them, and cut off from the NeuPhone network (if it weren't that would itself be a disadvantage of the NeuPhone, though some bridges might in fact persist).
It's a similar dynamic to how first AM, then FM radio have increasingly become wastelands as those with means switched first to cassette CD players, then iPhone adapters, as well as satellite and Internet radio. Or Facebook's overtaking of an established social networking market by offering a more attractive network (the in-crowd of Harvard, Ivies, Stanford, and selective colleges for the first few years of the network). Or of broadcast TV's increasing fall in light of both deferred-viewing options through DVRs and increasingly on-demand video content over the Internet -- why accept QVC when you can watch Netflix, Hulu, Vimeo, or even YouTube, bypassing schedules, advertising, and hours of crap?
It could well be that those 20 calls were from different companies using the same identity. Or it could be a company feeding the calls to different criminals. The FTC keeps going after the people behind these things, but they are woefully outmatched:
The FTC held an all day summit on robocalls in 2012, and ran a contest to find the best proposal to handle the problem. The problem is hard to solve, and the winning proposal does not seem to be spreading much:
If you google around there are government agencies and websites set up for all types of spamming/scamming. I got some scam phone calls awhile back and reported them; it could be a coincidence, but I stopped getting them.
So I'd say, report, report, report. Scammers and spammers go on for too long because people brush it off. The worst thing you can do to an email spammer is take the time to mark it as spam. The worst thing you can do to a scammer is to report it to the government - some justice department and/or federal and state representatives. Articles like this make it seem like nobody is doing anything, but with a bit of digging you'd find that consumer protection agencies and state and federal legislatures have been passing laws regularly to combat scamming/spamming/predatory loans.
Whenever someone calls me and asks me to confirm something - that is, reveal something - I always intentionally get it wrong the first time. If they carry on as if what I said was correct, I can be sure that it's a scam.
I like that idea. Whenever there is a form that asks for my social security number, and it's not some "under perjury" government statement, I always flip a bit somewhere in my number. With any luck, I have poisoned a lot of databases about me.
It used to be that phishing emails were easily sniffed out due to the poor grammar. It was always immediately clear that they were coming from non-native speakers and, hence, obviously not the product of the major bank, etc. they claimed to represent. And, I always thought, "Good grief, if these guys would only hire native English speakers to write their crap (or simply copy a legit e-mail) and take a couple of other similarly easy steps, they'd be in business in a big way".
It all pointed to the fact that there'd be a day when their increased sophistication, coupled with their boldness, would make it nearly impossible for the average person to sniff them out. And, beyond that, even seasoned tech folks would someday be vulnerable. That day is fast approaching.
The good guys are losing and we need a completely new model for dealing with this stuff. "Protecting" access to information has long been an untenable goal, and any new model must make it such that everyone's personal information could be completely public without that fact exposing them to any risk. It's nuts that we all walk around with just a few bits of info which, if gleaned by a bad guy, could completely destroy us. It's also nuts that we walk around with a couple of numbers that we are routinely encouraged to give out to a myriad of people/systems, but if they ever once fell into the wrong hands, could be a gold mine for a scammer.
We also need more international cooperation combined with super-stiff penalties, as there is currently no downside risk for these guys. The current model is esentially: Try. If it doesn't work or the fraudster is discovered, then try again.
This. The potential few extra victims they might profit from by using impeccable language/appearance probably doesn't compare favourably to the cost of extra time/effort dragging along smarter people for a longer time, that are probably just going to bail later on with high certainty at a stage where appearance is no longer the key factor for believability.
Interesting. Makes sense, though many such emails only attempt to bait the recipient into following a link, whereby malware would be installed via drive-by, or otherwise the user would be prompted to enter sensitive info.
In these cases, it seems that crafting a more professional email to cast the net as wide as possible would be prudent.
Ooh, honeypot credit cards. If there is any law enforcement officer out there who would like to use me as a honeypot, get in touch. I get a half-dozen calls a week like this.
I used to have a debit card that never had more than about $300 on it that I used for final testing of ecommerce sites. I wish I still had it for giving out to scammers.
I'm wondering if it would stand up in court if one were to get a limited debit card, tell the police that you were keeping it purely for a honeypot card, and then hand over those valid, useable, but limited CC details to any would-be scammer while telling the police to start tracking transactions.
There are some interesting stories out on the internet (google for "419 eater" or "scam baiting".) Unlike this story they are often well documented (and in some cases, funny, like tricking the scammer into providing a c64 carved out of hardwood.)
Be sure to read their guidelines before trying anything similar as scambaiting can be dangerous.
> and in some cases, funny, like tricking the scammer into extorting some innocent person into providing a c64 carved out of hardwood.
Fixed, for what usually happens. If you think about it for a few moments, you'll come to the same conclusion: those "funny" pictures of supposed 419 scammers holding up silly signs with shoe-on-head and all that, no way the actual scammer criminals would let themselves be caught on camera like that.
This one time I read a story about someone catching a 419 scammer on a specific 24/7 street webcam in Amsterdam as the location to hand over cash (all the while the trickster resided in the US, pretending to be a middle aged lady with a dog, that just happened to be visiting relatives in NL that weekend). This was in the early 2000s or so. I always used to think, that at least this time, it was the actual criminals they made a fool of.
However, after reading this story, and about "Jennifer", maybe these guys were innocent victims as well. On the other hand, they did appear both quite big, muscular, leather jackets, not really the type you'd expect on the victim side of extortion. But I try to not make a habit judging people I don't know based on fuzzy 200X webcam photos ;-)
I've been getting phishing attempts to my cell phone in the past few months. They leave message that say, "to collect your $100 AT&T rebate, go to www.phishingwebsite.com", which looks like a standard phishing site.
They always come from different phone numbers and list different variants of the web site. It's odd because I've seen plenty of phishing emails, but this is the first time I've gotten them via phone.
Getting the same calls lately. Not sure what to do about it - my experience with AT&T shows I'll probably waste about 10x to 100x more time just trying to explain to them what I want that it takes me to hang up. But if somebody knows a way to make AT&T aware of it and do something (provided there's somebody in AT&T that cares and can do something) please share.
I get the same thing. I knew it was not AT&T but I called anyway asked for a manger then another manager explained it to him and I haven't got one since. I'm sure AT&T can quickly figure out who is sending this stuff.
I also get voicemails from my "Google Specialist" letting me know that my "first page ranking" is ready. I can't get rid of this one.
Really great story. Sounds like a really cool hobby although it would really suck if "Mike" got busted for recording phone conversations when he was trying to helpout.
One question I have: lets say "Mike" does get together enough evidence to make a decent case in court, would the FBI even listen? Is this even legal what he is doing?
I have done a lot of work in Boca Raton and can confirm the town is filled with email spammers, lead gen cons, and fly by night SEO companies. Not only that these lead gen companies constantly steal from one another and pop up / shut down in the blink of an eye:
"TrustedPayday has gobbled up Mary’s information and is alerting other sites, with names like clicks.cashadvance.com. Somewhere in the machinery that processes payday loan applications, decisions are being made. In just a few minutes, loan offers begin falling into Mary’s inbox. We’ve just watched Mary’s identity get turned into profit before she’s even taken out a loan."
Is there a way to fight fishing with spam? Perhaps if the loan request market was saturated with enough fake requests, the price for leads would fall as leads would become increasingly unreliable and time-wasting for the fishers.
Margins would decrease for the sites who sell the loan request information, as their info becomes less and less reliable (valuable).
Margins would decrease for the scammers as they invest more time and money in due diligence and verification of the loan requests.
The irony of the situation would be priceless. Could spam be the way to fight scams?
However, the risk is that Lead Flash cannot be linked to any of the illegal activity that happens a few points after initial sale of the leads. So they'd probably have grounds for legal recourse against such activity.
Perhaps you are right. It seems like the environment is murky enough that a sufficiently motivated individual (or organization) with Mike's drive and skill set could set up a fake identity dumping program while avoiding detection, just as scammers can mask their activities.
There would be the inevitable question of incentives: Who benefits from this service and who pays for the service? Mike tracks these guys down (unsuccessfully) in his free time, as a hobby. His only reward is the feeling of justice he gets from cornering a scammer and making him squirm.
There is no data to support this in the article, but it seems as if the majority of the scamming targets lower-income, misinformed, and vulnerable people. So it would make sense that the taxpayers would pay to rectify this situation and rid the general public of this predatory nuisance. The failure here is with the government - they have the resources and the incentive to fix this situation. Seems kind of ass-backwards that our legal system would protect a company such as Lead Flash. But hey, capitalism isn't perfect is it?
It was worth reading. These type of scammers piss me off too. I wish we could generate thousands of fake leads a day and make their lives miserable. Since law enforcement only cares about national security, and only barely ordinary people being ripped off, there has to be a technological solution.
.. wow.. isn't this whole thread disturbing to read..
frankly i regret ever talking to danny, while hes a nice guy and all; it was my goal to highlight the issues with lead generation.. i didnt know it was his intention to make me a part of the story until the fact checker called me sigh
i'm not a "vigilante" nor am i "errant", yes.. its my hobby to make it harder on people who would try to swindle me out of money.. yes i get paid to do this for my customers and yes i was doing it for "free" in the case of the victim we stumbled on..
if we would like to talk questionable ethics.. when i presented danny with everything i had, he continued to push me to go further.. at one point offering to pay some of my expenses (tough i declined, voip numbers are cheap).. no matter what info i had, danny would follow up months later asking for more.. asking if i had followed up here and or there..
lastly i'm pretty saddened that my privacy was less important then those of the criminals i was looking for :/
they even missed a really funny point about fact that the scammer was using my name "mike davis" as his alias; because they wanted to protect his fake name..
anyway.. thanks for the positive comments from the folks who apparently know me..
The article doesn't really seem to question the mere existence of payday loan, which is the sort of actual usury I thought existed only in the most undeveloped nations and in medieval times. Crazy stuff, really.
It means the person using the given room as both bedroom and office.
The usage of word 'cum' is very common in India. When I first arrived in US, I used to get lot of weird looks from people, I have finally stopped using it.
As a 40 year old who has always lived in the US, the use of -cum- in this manner was never widely used in speech during my lifetime, but it did used to be pretty common in writing.
As a 27-year-old from the US, I tend to agree that this is used in writing (where it's distinguished by being set in italics) and never in speech. I do have a photo of a fancy trash receptacle (four different sections!) in Hong Kong bearing the label "LITTER CUM RECYCLABLES COLLECTION BIN".
As another 40 year old who has always lived in the US, that exactly jibes with my experience as well. As far as I can tell, the expression is common in written English, but almost unheard of in spoken English.
Now that I'm thinking about it, I'm trying to think of other examples of "things that are sometimes (or often) written, but almost never spoken".
It's legitimate American English, although to my ear it's now archaic, presumably due to the naughty meaning of the term. And I think of it as one of those things that relatively literary, that one would not say in casual conversation.
Except magna cum laude is a different construction entirely. "Bedroom-cum-office" (hyphens and italics required in my mind) is an english phrase constructed using native english rules, albeit a fairly esoteric one. "Magna cum laude" (hyphens not permitted) is a three-word latin phrase borrowed into english. A bedroom-cum-office is just a room that happens to be both a bedroom and an office. "Magna cum laude" isn't even a noun, it's a descriptive phrase, and the two outer words are not linked by "cum" -- "magna" is an adjective modifying the noun "laude".
- "magna cum laude" isn't spelled with a -cum-, it's three words, one of which is "cum".
- while the "cum" in "magna cum laude" does mean 'with', the "cum" in "bedroom-cum-office" doesn't. How would you interpret "this is the bedroom with office"?
- the cum of bedroom-cum-office isn't a latin word, it's english. Similarly, if I say "there's something wrong with the audio", "audio" isn't a latin word, it's an english word. The fact that there's a latin word "audio" (it's a verb, meaning "I hear") is irrelevant.
- explaining one thing by reference to another completely unrelated thing is a weird thing to do.
Cum is Latin, and means "with". So it's a bedroom with office. I suspect in this particular case it's probably meant to indicate a bedroom-office hybrid, but originally, "this-cum-that" just means "this with that".
I've tried to point this out above, but this cum is only related to the latin word cum by historical accident. It doesn't share usage or meaning with the latin word. And I can only interpret the english phrase "bedroom with office" (already questionably grammatical) as referring to a bedroom with a separate office attached or contained within; it can't refer to a room which serves as both, which is what a bedroom-cum-office is.
Funny. I'd always thought of it as also denoting a chronological sequence. For instance, here, originally a bedroom which later fell into use as an office.
Not sure why I've had that impression, but it seems (if I recall) that its usage typically supports that implication.
In this case, it's best translated as "and". It mostly survives today as the "com-" prefix, like in "combination", but also as an award of particular academic merit "cum laude".
I wish the FBI weren't so picky about irrelevant factors in hiring -- it would make it a lot easier for them to get top-quality talent in technical areas like computer security (for internal use and for computer crime investigations).
It's really a two-class system, where people who are full agents (the badge/gun/etc. thing) exist pretty separately from support. There are certainly reasons to want people involved in investigations to be full agents when possible, but it does make hiring a lot more difficult.
When I was looking for jobs as a new CS grad a friend who works at the FBI sent me a job description for their computer scientist role. IIRC the starting salary was $45-50k. By comparison I was getting offers from big tech companies for $90k not including signing bonus and stock options.
My bank fraud dpt calls me, and want me to confirm information. I ask them to confirm, they sound puzzled. I school then. The Indian guy doesn't care. I ask for the case n and call the number on the back of the card. I usually gets the same Indian guy...
It'll get passed on to the appropriate dept., but that's one of the jobs of the office of the CEO. Point out the problem with their procedures.
And if they don't fix it, move to a bank with a clue (or a credit union).
True story: as the housing bubble was building to its inevitable bust, I started hearing home loan ads from my financial institution on the radio (they generally don't advertise a whole lot). I wrote off a concerned but stern letter asking what the hell they were doing pitching for more housing loans in what was obviously a massively overheated market. No idea if my contact had any impact, but the ads stopped very shortly afterward. The crash not much longer thence.
I just find it quite interesting that writing like this that is so journalistic and written by more than one individual is finding success on Medium. Not necessarily in a positive or negative way though, I've yet to see this become a common phenomenon.
Who's really doing anything effective about spamming, scamming, phishing, etc? Any successful government efforts? I report spam and so on with little effect. The web is a mess.
It seems most efforts are being taken by the private companies who are affected by it. In the phishing and spamming arena you have Google doing a fairly sterling job of eliminating spam from most people's inboxes, and many banks and insurance companies have online crime investigation departments that try to crack down on phishing etc.
It is good to see the occasional prosecution for spam/scam/phishing but I don't think we see enough of them. How are you going to prosecute someone who you can trace to an IP in Eastern Europe, but which may just be a Tor exit node.
I think that higher reporting rates would be a good first step, and I'd implore anyone who has been targeted by these pricks to report it to the local authorities. The more details that can be collated, the easier it will become to follow the money.
I imagine a lot of people don't bother reporting because nothing happens. Spam filtering won't stop spammers. They need to be hit in the pocket. Here in Australia, I report Australian companies spamming me to the ACMA but can't imagine they ever do anything about it.
I get spam from Chinese businesses posting galleries of their products on Picasa (Google property) and then using share buttons to spam people. I mark it as spam in Gmail (Google property) every time, but still every Picasa email makes it through despite that consistent mix of Picasa template and Chinese characters.
Yeah. I did not continue after the third paragraph. I hate this kind of writing style. I know there is a risk of being scammed by "a long read for very little content".
> His first step is defensive: the creation of a software shield that will hide his identity. He boots up a computer containing a version of Windows that’s cut off from the rest of the machine. It’s a digital Russian doll, a computer within a computer. His sleuthing may attract attention, but any hacker who penetrates the inner realm would probably never know there was a larger doll wrapped around it. And when it’s all done, Mike will delete the hidden computer and any unwanted software that may have slipped into it.
Quite a good description of VMware et al, I thought. I frequently need to explain that technology to non-geeks; this is the description I'll be using from now on.
Why on Earth did you find it at all objectionable?
I'm sorry that you missed out on the meat of the article, which talks about the lead generation industry and how leads and contact info will get continually re-sold to attempt to extract as much value from the knowledge that someone is looking for something specific which has a high profit margin (or is likely to fall for some specific scams, as the case may be)
Someone tried to make it clear to everyone that it is the second attempt. At least we're dealing with someone who wants to be honest about the fact he attempted to repost it twice.
His first step is defensive: the creation of a software shield that will hide his identity. He boots up a computer containing a version of Windows that’s cut off from the rest of the machine. It’s a digital Russian doll, a computer within a computer.
Yeah, OK, we get it. Windows running in VirtualBox or Parallels or VMWare or whatever. Yeah, it's a security measure. But if a guy's engaged in laboriously sculpting mother earth with an implement of ancient design comprised of planar forged ores fastened to the end of a sylvan shaft, just call a fucking spade a spade and tell us he's digging a hole in dirt.
The language doesn't serve to inform, it conceals. And in this case, the security isn't necessary to protect the identity of the VM, unlike the elaborate description of Mike's apartment silo.