[plug] International student w/ DDoS and social engineering history

Shayne O'Neill shayne at guild.murdoch.edu.au
Mon Jul 4 11:22:46 WST 2005


calling the cops isnt coroporal punishment. Punching the guys lights out
is. And probably more effective. Also doesnt involve ruining the guys life
which is a bonus.


--
Freedom's just another word for something new to regulate

On Mon, 4 Jul 2005, Senectus . wrote:

> On 7/3/05, Bob Linus <bob0linus at gmail.com> wrote:
> > Hello.  I am writing to the list because I have gotten little response
> > from anyone.  I lost my patience today and confronted this guy (for
> > the second time in a few months), explaining some of the unethical
> > activity that I have caught him doing.  Sorry if I ruined an
> > investigation, but it was driving me nuts to live with a guy who
> > enjoys doing this stuff while recently graduating with a Masters in IT
> > and applying for permanent residency in Australia.
> >
> > I have not provided names if it is not a serious issue; but if further
> > information is needed, I can be reached at this email address.
> >
> > ------------------------------
> > To: enquiries at ahtcc.gov.au
> > Subject: (memo) International student with suspicious track record
> >
> > Hello, I am looking to make general inquiry and notification of an
> > international student from Turkey, graduating with a master's degree,
> > who will apply to stay and work in Australia.  I am not sure where he
> > crosses the line between juvenille and criminal behaviour.  I do not
> > think it would be a good idea to approve extending his visa to work in
> > Australia.  I am also an international student in Australia (former US
> > army veteran in information systems).
> >
> > Suspicious activity involves:
> >
> > * DDoS attacks with SYN floods (he showed me screenshots and bragged
> > about some of them). He has email messages stored that allude to them.
> > The DDoS attacks were directed to irc flame wars, Turkish sites of
> > people in his own country, and once or twice to University of Notre
> > Dame's servers.  Since threatening him though, he has ceased DDoS
> > behavior.  He had 300 or 3000 bots (zombies/hijacked computers) based on
> > conversation, and a recent recorded MSN conversation stated that he gave
> > the bots to one of his friends.
> >
> > * I have recent evidence of him researching and uploading (ClamAV)
> > Trojan.Spybot.gen-2, which returns keylogs and passwords to himself at
> > irc-m.icq.aol.com #icqfreund.  He has placed it on our adsl webserver.
> > (recently deleted after confronting)
> >
> > * He shared with me that he was reading a female Australian student's
> > email for over a year.  She had a default password at the university
> > (birthday).  I informed the girl.  She initially wanted to go to the
> > police also.  She was moving apartments and concerned with her safety
> > enough that she changed addresses.
> >
> > * Favorite movie and books involve US hacker Kevin Mitnick: "Track Down"
> > and "The Art of Deception".
> >
> > I have been keeping an eye on this guy, since I don't know many that
> > would be able to even report DDoS type of activity.  He has shut down
> > his DDoS operation about 4-5 months ago, but I think he is waiting for a
> > clear opportunity for access to another dedicated server that would not
> > be able to trace back to him, through social engineering methods.  His
> > friends in Turkey also engage in DDoS activity, so retaliation is
> > highly likely.  He has made conversations that he was responsible for
> > shutting down AOL's ICQ irc server for months.
> >
> > He has partially cleaned up his act since threatening him a few months
> > ago (and now again), but I do not really trust him.  He enjoys
> > electronic harrassment and 'being on top' of people.
>
> I've known a few people with the same sort of attitude and I still
> believe it's a social problem.
> Is it possible he's bragging to you because he's found someone that
> will listen, and that in the rest of his life he's
> bored/ignored/unpopular?
> There are three ways you can attack this:
> 1) You care about him and don't want to see him in "real trouble" with
> the AFP or other fairly serious Law enforcements agencies, then find
> some people in his life that are of importance or respect to him and
> explain whats going on. Make sure they're "official" sort of people
> like Teachers, School councilors, Priests etc. Make sure they don't
> put you in the spotlight when they "chat to him"
>
> 2) Fix it yourself. Get involved with him, become his friend and make
> sure that he understands this sort of activity is not acceptable and
> that there are many very useful activities/projects around that are
> technically challenging and in your/his social circles much "cooler"
> to be involved in. Given the choice and opportunity most people would
> rather be known by the positive achievements rather than the
> destruction they've created.
>
> 3) Corporal Punishment. He's a lost cause and needs to be stopped NOW,
> call 131 444 and ask them how you report a series of serious criminal
> cyber crimes?
>
>
> --
> Ubuntu Hoary 5.04
> "Luminocity is a cracktastic technology testbed for Metacity." - From
> the gnome.org website
> www.modmeup.net
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>



More information about the plug mailing list