An iPhone app that allowed anyone to snoop on anyone’s calls. A data breach where 150,000 surveillance cameras protecting hundreds or thousands of customers were apparently “secured” by a single password. And please don’t forget: “Don’t spread hoaxes, folkses.”
With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Intro and outro music by Edith Mudge.
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
WHERE TO FIND THE PODCAST ONLINE
You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.
Or just drop the URL of our RSS feed into your favourite podcatcher software.
If you have any questions that you’d like us to answer on the podcast, you can contact us at tips@sophos.com, or simply leave us a comment below.
Gerry Vrbensky
On your topic of being snooped, somebody is using my email address to send a couple of words of text to other email addresses that don’t exist. I’ve been receiving about 50 or more bounced messages from Mail Administrator ([REDACTED]) as not delivered. I’ve looked at the source code and there is no reference other than back to me as it’s origin.
I’ve already de-activated that address and switched to a Gmail account. I waited about a month and decided to re-activate the old address however the month delay didn’t make any difference.
Bounced message may come it minutes apart and then hours would go by before any more would show up.
I have a way of grouping these so one click and they are all deleted while still on the server.
Two questions
How does this benefit the hacker?
Is there any way to traces where it’s coming from?
Paul Ducklin
Ah, good old “mail undeliverable” spam :-( In this case, I suspect that the answer to your question “how does this benefit the hacker?” is a simple “it does not.” Having said that, it’s hard to know the motivation of someone you’ve never met and probably hope you never do.
In the past, crooks would use undeliverable emails as a trick to produce “backscatter” scam. Companies that faithfully rejected undeliverable emails and included the original email in an effort to be helpful would be spammed with thouands of emails from a laundry list of alleged senders, all directed at addresses that were known not to exist. These bouncebacks were often bounced right away, even before any spam scanning was done (why check a message you know you are not going to accept?), and so they provided a sneaky way for crooks to use innocent companies as spam relays. This doesn’t work very well any more, not least because [a] many companies bin rather than bounce undeliverable messages unless they think they can trust that it really came from the claimed sender and it doesn’t look like spam, and [b] many companies don’t bounce the whole message but just a tiny snippet of it so that if there were dodgy links or spammy content in the original message, they don’t survive the bounce process, making the backscattered emails useless to the spammers.
Of course, spam-by-bounce usually has a different *sender* each time (that’s where the bounceback will get delivered) and the same recipient (one that is know to provoke a bounce message). That doesn’t really match your pattern.
Secondly, some crooks have used bounces simply for harrassment and to cause frustration by flooding someone’s mailbox with a bunch of annoying garbage that isn’t easy to filter because it doesn’t really look like spam.
And lastly, you will sometimes simply get caught up in a spammer’s incompetence, where their automatic spambots go haywire and do things such as sending all spam in one batch to the same recipient instead of to a long list, leaving out the subject line, leaving out the content, or sending just a few words that don’t form any sort of message at all. (I went through a stage of getting 100s or 1000s of spams that just said, “Dear”. After a while they stopped coming. Perhaps that spammer was so incompetent they actually went bust?)
You can probably see from the headers which servers it came through the way to the company that bounced it to you (look for the Received: lines, starting at the bottom and moving upwards, given that new Received: headers are added at the top as the message makes its way to you). That’s not an awful lot of use if you want to trace the actual spammer, however. It identifies the sending *computer* but not the person/persons/gang who hacked/infected/tricked/subverted/paid their way into getting the message sent from that computer in the first place.
HtH.
Gerry
Paul, thanks for that reply. I suspected as much and as I’m the one caught in the middle. But it really doesn’t bother me that much have a way of deleting all 50+ e-mails in 2 seconds or less with just one click. I’ll play along and see who gives up first.:)