Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime The Courts Your Rights Online

New Hampshire Man Sentenced To 7 Years For Robo-Calling Malware 160

alphadogg writes with this excerpt from Network World: "A New Hampshire man who made $8 million by installing unwanted dial-up software on computers and then forcing them to call expensive premium telephone numbers was handed down an 82-month sentence this week. Prosecutors say that between 2003 and 2007, Asu Pala and others put together a lucrative business by setting up premium telephone numbers in Germany — similar to the 1-900 numbers used in the US — and then infecting German PCs with software that would automatically dial the numbers for short periods of time." Do that many people still have modems attached?
This discussion has been archived. No new comments can be posted.

New Hampshire Man Sentenced To 7 Years For Robo-Calling Malware

Comments Filter:
  • Only way to get rid of them.

    • peopel still fax even in 2011 so some modems in systems may just be there for faxing.

      • Precisely. Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.

        I've also never heard of a virus managing to successfully infect a fax.

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          LMGTFY

          May 5, 2000 - "Love" virus accidentally targets fax machines

          http://news.cnet.com/2100-1001-240143.html

          • Back in those days my mac yawned at fruitless activeX exploits meant for WinIE5, and loled at those .EXE downloads ESPECIALLY if we were dumb enough to doubleclick them; Linux browsers are just as safe, the same as a fax can't load virus code meant for Outlook Express 4 from 10 years ago.

            Looks like PP forgot to read the article they posted: targetting and succeeding (at infecting with a virus) are not the same thing

            • by mwvdlee ( 775178 )

              Or perhaps PP is not some snooty snob and actually read the title of the article they posted.
              It clearly says "accidentally targets", which is a pretty accurate description of what happened; the virus targetted fax machines whereas it clearly shouldn't have.

          • From your article:

            It's a most modern definition of uselessness: An email virus that sends itself to a fax machine. That's what a few confused people around the world saw today, as their fax machines began churning out page after page of the computer code underlying the destructive "I Love You" virus. The damage created by this particular manifestation of the virus--the computer equivalent of a pistol shooting a flag that says "BANG"--was nil. If anything, it proved that Microsoft's Outlook program was capable of annoying people even away from their personal computers.

            I'm not sure how sending a fax of the virus code to literally print out is "infecting" a fax machine. Annoying, maybe, but all they are doing is sending them a harmless fax.

        • Comment removed based on user account deletion
        • Precisely. Faxes also have legal statuses that email doesn't, in some jurisdictions, so faxing is still a staple in government departments, the legal profession, and in B2B transactions.

          It's also still used where visual content approval is required. Monuments, headstones, printing runs, etc don't get done until someone signs and FAXs back the proof page. Likewise many construction operations send proposals and bids, and receive signed, accepted bids by FAX. Many medical operations like FAX because the transmission can not easily be rerouted or duplicated (without other office workers noticing the half ream of photocopies someone just made).

          Yes, you could set up a scanner and hope the peo

        • by Meski ( 774546 ) *
          Not exactly infect, but a moebius loop of paper ties one up for a while.

          Also, some faxes are PC based. Or have some OS that you could infect.
      • by yuhong ( 1378501 )

        Indeed, I recently helped to install a PCI modem in a newer PC exactly for faxing.

        • Funny, I do the opposite. When someone brings me a machine weird fault, I yank the modem and then ask "Do you use your modem for anything?" They frequently ask me "what's a modem". I then ask if they hook a phone line up to the computer. When they describe a cat5 cable to me, I tell them they don't need it. I can usually tell by the dust buildup in the phone port, so I know my answer before I start asking silly questions. :)

          I had a box of them laying around for a while. I

      • Also, the crimes go back to 2003-2007 when a lot more people would have been on dial up.
    • Re:Modem Tax (Score:5, Interesting)

      by wvmarle ( 1070040 ) on Wednesday March 02, 2011 @12:14AM (#35354456)

      Nowadays modems are really rare; it's hard to find one. My server has one connected, which I bought about seven years ago, just to receive faxes. Not easy to find a shop selling them back then; will be harder now. It has never been used for a data connection. Nonetheless they are still available. Dial-up internet is even still available.

      This story started in 2003, when modem use was quite common at least in Europe. In 2001/2002 I worked for about half a year at the telephone help desk of a major Dutch ISP, dial-up was for many people the main way to connect to the Internet. I recall even a serious reorganisation of the telephone system to accomodate all those dial-up users. At the time probably still more dial-up users than ADSL or cable users. By 2003 dial-up must still have been very common. And people that switched possibly simply had their modem still connected. Indeed nowadays this kind of fraud would not work anymore.

      What I encountered very often when talking to people was that they had multiple dial-in icons in their network settings. One from our ISP, sometimes one or two from a previous ISP, and a handful of icons that they didn't even realise are there. Most were porn dialers, installed by malicious sites (usually porn sites), that would try to dial expensive numbers. This sounds very much like what these people have been sentenced for.

      Anyway it's not surprising that it worked in those years, as modems were simply a really common way to connect to the Internet. It wasn't fast but it worked, and it worked on existing infrastructure. Add to that the plethora of security issues in Win98 and WinXP and these things happened - and happened a lot.

      The most remarkable part of this story, besides that such a common crime even appears on the /. home page, is that the culprits have been caught and sentenced.

      • Over the last couple of years here (not europe) there's been a big push by the Cable (TV coaxial) company introducing their own phone system. a couple of months after switching many people find their computer won't POST. I remove the PCI winmodem and it POSTs OK... most of them didn't even know they had a modem until I handed it to them. I don't know what's causng it but it's too common to be coincidence.

        • Interesting.

          I have a similar problem with one of my computers: when I have my phone (Android smart phone) connected to the USB (for charging;USB is also used for downloaded data etc) it gets stuck on the memory test. That caused me a lot of frustration to figure out! Other computers don't have this problem.

          Anyway to come back to your point: it would be most interesting if people don't know they have a modem, AND have this modem connected to a phone line at the same time!

          I can imagine many have a modem as

          • by Targon ( 17348 )

            Many older low end systems do not provide enough power to the USB ports to handle the demand by USB devices during the POST process, and this will cause the problem. I have seen it where just unplugging the USB cable to the printer is enough to work around the problem. Low end Intel based Dells are the systems I run into that have had this problem.

            • Many older low end systems do not provide enough power to the USB ports to handle the demand by USB devices during the POST process

              Aha! I had that problem when I bought a scanner (for my circa 2002 P4 system) over 7 years ago... and I never knew what caused it. Bit late now (not my main computer any more!) but thanks for the info.

            • by BillX ( 307153 )

              A minor clarification; this behavior does not necessarily mean a system is "low end", only that it is standards-compliant :) Per the USB spec, a USB device may not exceed 1 unit load (100mA) from the port prior to enumeration; after this it can request up to 500mA. In general the BIOS provides enough USB support to get legacy HID devices like keyboard operable, not handle power and bandwidth negotiations, etc.

              How well devices obey this limitation is another matter.

              Ironically, it's the low-end systems that f

          • when I have my phone (Android smart phone) connected to the USB (for charging;USB is also used for downloaded data etc) it gets stuck on the memory test.

            It will if it's on the mode selector screen, since it announces itself as a USB disk but doesn't actually respond to any probes. Set it to be a USB disk and it should boot just fine.

      • by Nursie ( 632944 )

        A lot of laptops still have them built in. My three year old home laptop does, and the six month old one I have here at work does also.

        I guess this is due to them being used for travelling quite a lot. Though I can't remember the last hotel I went to that didn't have some sort of wireless or wired net available. And I spent four months in remote parts of Australia last year...

      • The new thinkpads [lenovo.com] coming out late march will still have modems.

        And why not, they probably cost pennies in components these days.

      • The most remarkable part of this story, besides that such a common crime even appears on the /. home page, is that the culprits have been caught and sentenced.

        They probably just followed the money... Germany is a strict country when it comes to rules and regulations so I'm guessing that the premium numbers used required a german bank account which require valid ID (they check it!) to set up. The guy probably used his own name or some company traceable to him to set it up, and then it's simple to find the guy. He probably counted on it being an issue with a foreign country and a language barrier, but no such luck. It takes some time but it can be done.

      • This story started in 2003, when modem use was quite common at least in Europe.

        Exactly- hence why the editor's comment "Do that many people still have modems attached?" was pointless, given that even the summary it sat beside made clear that the events in question happened between four and eight years ago.

        And yeah, most people- including myself- still *were* using dial-up eight years ago, whereas I doubt very many are now (though probably still more than one would suspect).

    • There are some (pretty big) rural areas here in Germany, where people can't get xDSL or cable even if they wanted.
      I know of at least 5 villages with about 100 citizens each in 20km radius that don't have any chance but dialup networking for Internet Access.

      In some areas you can get Networking via UMTS/(E-)GPRS, but mostly it's not faster than POTS or ISDN Dial Up.

      That's also why some of the lower frequencies used for LTE/4G Networks were given to provider with the prerequisite to install networks in those a

    • Presumably Skype and Magic Jack allow Voip calls from your computer to premium lines if you have signed up for the right kind of outbound service.

      Additionally most people with voip have their voip modems as their frontline firewall on the internet. If anyone manages to either breakinto to those or otherwise sniff their handshaking then presumably one could make loads of calls and bill them to the voip plan (again assuming one has a plan that allows calls to premium numbers.)

  • That will teach him! (Score:4, Interesting)

    by vvaduva ( 859950 ) on Tuesday March 01, 2011 @11:09PM (#35354168)

    Gotta love the punitive vs retributive approach to justice in the West. Why not make the guy work towards paying back the victims instead or locking him up for 7 years and forcing the victims or us the taxpayers to pay for his food, clothing, heating, cable and housing?

    • by k8to ( 9046 )

      Are the victims well identified? I like the idea, but sometimes it's hard to restore to thousands of victims who may not be well documented over a period starting 8 years ago.

      • by vvaduva ( 859950 )

        It's all billing data in a modern country, Germany, with a 30 year data retention limitation for many financial/legal documents. I am sure it could be done if they really wanted to do it...

    • Re: (Score:2, Informative)

      by Anonymous Coward

      He was also fined 7.9 Million USD and owes 2.2 Million in back taxes.

      Not exactly the typical getting off with a slap on the wrist...

      • by Nursie ( 632944 )

        It's good to see a custodial sentence AND significant fines.

        Too often we hear about these guys getting off with a slap on the wrist and a fine equivalent to less than 10% of their ill gotten gains.

      • I'm guessing he's already spent or hidden the money. What are the consequences to him if he doesn't pay the fine?

    • Gotta love the punitive vs retributive approach to justice in the West.

      Some lessons are only learned the hard way.

    • by shadowofwind ( 1209890 ) on Wednesday March 02, 2011 @12:29AM (#35354502)

      Because if we start forcing people to work to pay for their crimes, before long it morphs into a slave program with people being convicted on bogus charges for the sake of their labor. This has been tried in parts of the US in the past, and it has been a problem. The people who control the system don't have close to enough integrity to stand that kind of conflict of interest.

      • Comment removed based on user account deletion
        • While it very well could require more staff, I think it's worth it.

          Also, GP says that the people in the system do not have enough integrity, but they still don't have it now, so I don't really see that it would be much worse. I think the current penal model in the West has two issues that we really need to deal with: a) efficiency and b) retribution . And I think they're closely related.

          I've given some thought to this and I think that first, we have to separate violent offenders from non-violent. Violent pe

          • by tlhIngan ( 30335 )

            But non-violent (or less seriously violent) offenders, don't really need to spend their whole day just doing nothing, hanging around with other criminals, inevitably exposed to even worse influences than themselves. They can be doing something useful for both themselves and society.
            I thought up something along these lines: All elegible (non-violent) offenders, would have to exercise a mandatory occupation, and be assigned a base salary (leveled with minimum wage where it exists) but they will not be able to

          • by cdrguru ( 88047 )

            One of the objections to letting criminals work is that stops being punishment. One of the most severe punishments you can inflict on people is to isolate them away from anyone they can reasonably interact with. When you take away the punishment for a lot of people there really is no difference between what they experience in their day-to-day lives before and after being convicted of a crime.

            The problem today is that for a lot of inner-city minorities life is pretty hopeless. Prison isn't a lot different

          • You should read up on what Burt Cain has been doing to Louisiana's Angola Penetentiary(sp?). The prisoners there make crafts, which they sell direct to the public a few times a year during the prison rodeo. Several inmates get to go to churches around Louisiana to sing/preach etc. The prison is known as 'The Farm' because it is actually a farm, prisoners work the farm, and eat what is produced; this provides several benefits: cheap food, large areas of flat land make it harder to escape and learning skills

    • by mr100percent ( 57156 ) on Wednesday March 02, 2011 @12:31AM (#35354514) Homepage Journal

      It's more to make an example and prevent others from thinking of doing the same.

    • forcing the victims or us the taxpayers to pay for his food, clothing, heating, cable and housing

      No worries. With the Internal Revenue Service collecting back taxes on his illegally earned income, he is (well, his non-US-taxpaying-victims are) more than paying his way through prison. In the end, it's the US government that profits from his crimes -- some agency expects a $7.9 million fine as income, and the IRS wants $2.2 million in taxes. Sounds to me like the guy owes a debt to society, and the wrong society is trying to cash in on it.

    • by mapkinase ( 958129 ) on Wednesday March 02, 2011 @07:09AM (#35355580) Homepage Journal

      "Why not make the guy work towards paying back the victims " this is unlikely. How much of $30M Simpson paid back to his victim's families?

      "punitive vs retributive" you forgot the deterrent component - that is what important. Geeks and nerds (perpetrators of such crimes) are afraid of the prison much more than street-tough guys (perpetrators of conventional off-line crimes).

      • "punitive vs retributive" you forgot the deterrent component - that is what important. Geeks and nerds (perpetrators of such crimes) are afraid of the prison much more than street-tough guys (perpetrators of conventional off-line crimes).

        Depends on the jurisdiction - that line of reasoning would be forbidden in New Hampshire, where the Bill of Rights specifies reform as being the true design of all punishments.

        • "that line of reasoning would be forbidden in New Hampshire" that's understandable, but what is your point: vvaduva was not questioning legality, but common sense.

    • Get the money back, THEN shoot him. And any virus writers you can find along the way too.

  • Modem??? (Score:1, Funny)

    by Codeman125 ( 1168085 )
    What's a modem?
  • So they made 16.5m and had to pay 10.1m, netting about 5.4m. Was it worth it?
    • That was a different case (in Austria, not New Hampshire); this guy only made $8M.

      • So the whole thing goes like this: "YOu stole 8 million bucks; go to your room for 8 years!".
        I would take the shot. I mean, I wouldn't be able to make 1 mil/year even if I willingly let burly illiterate dudes pound my ass every night for money.
  • by devnullkac ( 223246 ) on Wednesday March 02, 2011 @01:03AM (#35354624) Homepage

    I don't have a modem, but I do have a USB-attached multi-function printer/scanner that includes fax capability, which I'm pretty sure a piece of malware could trick into calling any number it wanted (might be difficult to keep it from turning on the annoying speaker as it dials). Which reminds me... I should cancel my plans to get a network-attached version that would be vulnerable to such an attack without having to infect any of the PCs on the network; just breaching the firewall or wireless encryption would be enough.

    • (might be difficult to keep it from turning on the annoying speaker as it dials).

      Not at all. It's a plain stupid "AT..." command. The default initialisation string sent to the FAX has it turn the speaker on during hand shaking (so you can hear if everything is working ok), and off afterward (no useful information from the transmission noise).
      Just send instead a command for having the speaker off the whole time (ATM0, instead of ATM1)

      And that's for analog modems. This is Germany we're speaking about, where everything is nearly 100% ISDN since ages. So no noises at all. The fax is purely

    • Or you could just, you know, not leave the MFP plugged into the phone line, like I do on mine.
  • Do that many people still have modems attached?

    Yes. While DSL, UMTS and DOCSIS are quite common in urban areas, there are still several areas (villages) where dual-channel ISDN is the fastest way to get into the net (2x 64 kBit/s), and many people in those areas still use analog modems (V.90) simply because ISDN lines have a higher monthly fee and dual channel ISDN doubles the costs of each internet connection.

    Of course, there is also satellite internet access, but it is expensive, overloaded, slow (despite opposite claims of the operators) and has a high latency. Plus, you need a free line of sight to the satellite and the permission to install a(n additional) satellite dish from the owner of the house. LTE is the latest promise for fast internet access in non-urban areas, following WiMAX. WiMAX exists only in prototype areas, it still is not commonly available in Germany. LTE is only planned, no prototype area exists, and despite legal restraints to install LTE first in areas without high speed internet connections, the first prototype areas will be big cities.

    Another reason to use a modem is the ability to send and receive faxes, as others already posted.

    Costs for 0900 calls are very high compared to other numbers, and the 0900 owner can define how much is charged. There are two mutually exclusive limits: Either max. 3.00 EUR per minute, or max. 10.00 EUR per call independantly from the length of the call. (Source: http://www.teltarif.de/i/sonderrufnummern-0900.html [teltarif.de]) So if you use the second option (charge 10.00 EUR per call) and distribute a dialer that makes one-second calls to your 0900 number, you gain 10.00 EUR per second and call. Gaining 8,000,000 EUR (roughly approximating 1 EUR = 1 $) requires 800,000 calls. If you can make 10 calls before getting caught by the modem owner, you need only 80,000 users. If you can make 100 calls before getting caught, you need just 8,000 users.

    ISDN users are even more attractive than modem users. The V.90 handshake needs about 10 to 20 seconds, and it is noisy due to the modem speaker. Plus, the V.90 modem blocks the phone line. So it is very likely that the dialer is found very fast. The ISDN handshake takes much less time, about a second, it is silent, and ISDN offers two lines, so you can still use your phone while your computer is busy wasting your money with one second calls to a 0900 line. If that goes unnoticed for one hour, and each call lasts four seconds total, you have 900 calls from one user, 9,000 EUR. Trick just 900 users into using your dialler for one hour on an ISDN line and you gain 8,100,000 EUR.

    Tux2000

  • by Slur ( 61510 )

    This would have been awesome. If he had gotten away with it.

    • "Porn-diallers" (ie, premium-number dialling software) have been around since before the internet, many malware-based that would dial even if you didn't want them to. The only thing unique about this case is he's one of the few to actually get caught.

      There's nothing special about what he's done (besides being stupid enough to get caught), and I don't see anything awesome about stealing from generally innocent folks - who can't afford broadband connections. "Rob from the .. poor.. and give to myself!". Yeah.

    • "And I would have gotten away with it too, if it weren't for you meddling kids!"
  • 7 years in prison for $8m? $1.14m per year wage is pretty good. I'd guess that a lot of hard-working, honest people would do 7 years inside if it netted their family $8m.

    Also it'll be nice for him when he gets out after 4 years and realises he got a pay rise to $2m per year.

    I don't think these "mid-range" sentences for high-gain crimes are really effective unless the criminals are forced to give the money back.

    • Fortunatly it does not work like that.
      He had to pay a $7.9 million fine, along with $2.2 million in back taxes to the US IRS.
      Don't mess with the IRS.
      • by cvtan ( 752695 )
        Are people required to pay taxes on illegally obtained income even after they have to give it back??
        • If German law in this respect is like US law,Yes. [irs.gov] Quoting: "Illegal activities. Income from illegal activities, such as money from dealing illegal drugs, must be included in your income on Form 1040, line 21, or on Schedule C or Schedule C-EZ (Form 1040) if from your self-employment activity. "

          Oh, "after they have to give it back?" The convict in question didn't "give it back". The victims haven't gotten anything "back". The criminal is "paying a fine". You pay income tax on income, whether you pocket the

          • Heh. I confused a German case mentioned up-thread with this one. Yeah, the IRS rule is emphatically applicable, since New Hampshire is still part of the United States.
          • In Australia there was a drug dealer who was caught, but he claimed the drugs the police seized as a loss. He ended up having to fight it, but won in the end.

    • 7 years in prison for $8m? $1.14m per year wage is pretty good. I'd guess that a lot of hard-working, honest people would do 7 years inside if it netted their family $8m.

      This assumes that he's going to be allowed to keep the proceeds of the crime. Is that generally the case in the US?

      I'd hope not, and if so, that they'd investigate and deal with any obvious attempts to (e.g.) pass on the money to his family, who I assume would not be allowed to keep it either (and possibly be held liable if they were clearly aware of the illegality of what was going on?)

    • by PIBM ( 588930 )

      Which he was.... from TFA

      " In addition to the 82-month sentence, he must pay a $7.9 million fine, along with $2.2 million in back taxes to the U.S. Internal Revenue Service."

  • The best part of the story really is that might not have been caught except that he was 'flagged by federal authorities after paying cash for his second Lamborghini.' http://www.itworld.com/networking/138664/man-gets-7-years-forcing-modems-call-premium-numbers [itworld.com]
  • 7 years? That means he will probably be out within one. I'm assuming he managed to squirrel away some of that money where it wouldn't be found. He's got his retirement set.
  • by Yvan256 ( 722131 ) on Wednesday March 02, 2011 @10:24AM (#35357042) Homepage Journal

    "Hello, this is Homer Simpson aka Happy Dude! The court has ordered me to call every person in town to apologize for my telemarketing scam. I'm sorry. If you can find it in your heart to forgive me, send one dollar to : Sorry Dude, 742 Evergreen Terrace, Springfield. You have the power!"

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...