Moron Headhunter Payback Experiment



  • I am, as you are likely, receiving a non-stop onslaught of headhunter spam, mostly beginning with: "Urgent opportunity in <someplace too far away> requiring <the wrong skill set>. If you are qualified, please send me your life history over unencrypted email and maybe I'll get back to you."

    My resume isn't even on the job boards, and hasn't been for quite a while.

    Since responding to these spam artists asking to be removed from their lists doesn't sink in, no matter how many times your script responds to their spam, I decided to take a different approach.

    I had an old, unused pc lying around. I securely wiped the hard disk, installed a new copy of Win-7, turned off all security features and removed the admin and login passwords. The machine has an open connection to the internet with absolutely nothing to protect it from anything. I set up a monitor to record (in a text file) anytime something is taken off of that machine, and what that file was.

    On my machine, I set up a mail rule that anytime it detects one of these urgent spam messages, it auto-adds the sender to my contacts list on the unprotected machine (no mail actually goes to that machine, and it is unable to send mail). The connection between the two machines is locked down and one way only.

    So far, the contacts list has been pulled off of that machine more than twenty times.

    If hackers and/or spammers are predictable (and I'm pretty sure they are), then...

    Payback's a Bitch!

    Thoughts?



  • So you're putting their emails up on an unprotected machine that script kiddies can download it from? Wouldn't it be more productive to spam forums and stuff so spam crawlers find their emails?



  • well depending in the laws where he is, if he spams the forums with the emails he could be implicated in the "invasion of Privacy", "Improper distribution of address" etc.

    As it is, he is simply a private citizen with a machine on the internet, not his fault if hackers are pulling data off it without his knowledge or permission.

    :)

     



  • I think there is some kind of justice if you manage to get the head hunters to head hunt each other.  For me only my linked in account gets head hunter spam, which never makes it into any of my real emails.  However I still get random college related financial aid emails even though I have been out of college for over 4 years.



  • @KattMan said:

    well depending in the laws where he is, if he spams the forums with the emails he could be implicated in the "invasion of Privacy", "Improper distribution of address" etc.

    As it is, he is simply a private citizen with a machine on the internet, not his fault if hackers are pulling data off it without his knowledge or permission.

    :)

     

    I doubt it's illegal in New Jersey. And even if it is, are they really going to trace it back to him and then prosecute? That sounds idiotic.


  • Considered Harmful

    As clever and hilarious as I think this is, that box is probably part of a botnet (or several) and participating in all kinds of nefarious activities by now.



  • Sounds Idiotic?  I agree, considering my context would be the US legal system.  Idiotic only seems to scratch the surface at times.

     



  • @joe.edwards said:

    As clever and hilarious as I think this is, that box is probably part of a botnet (or several) and participating in all kinds of nefarious activities by now.

    I'm curious how they got onto the machine in the first place. Is it possible to catch a computer virus by proximity?



  • @joe.edwards said:

    As clever and hilarious as I think this is, that box is probably part of a botnet (or several) and participating in all kinds of nefarious activities by now.

    Yeah, like serving up kiddie porn. I wonder if this thread is now evidence of recklessness in the inevitable People v. Snoofie case.


  • Considered Harmful

    I think 'worm' is the technical term for a malware infection that requires no user interaction. Yes, there are many that just scan for known vulnerabilities and infect. I've had a fresh Window installation get compromised in the few minutes it took between connecting it to the Internet and connecting to Windows Update.



  • @KattMan said:

    Sounds Idiotic?  I agree, considering my context would be the US legal system.  Idiotic only seems to scratch the surface at times.

    Huh? I was just saying it sounds idiotic to think that a headhunter is going to see an increase in spam, attribute it to malicious activity, search the Internet until he finds his address posted on a forum, contact the authorities in the appropriate jurisdiction, who will then follow-up with a DA, who will then subpoena the forum, who may respond with Snoofie's IP if they are legally required, which the DA can then use to subpoena his ISP to get his name, so that they can prosecute him for a crime which I'm pretty sure doesn't exist. (Or, the equivalent series of events for a civil case, which actually could be filed although I'm not sure the plaintiff would win.)


  • Trolleybus Mechanic

     @snoofle said:

    So far, the contacts list has been pulled off of that machine more than twenty times.

    I've been tempted to write a script that will:

    1) Take all incoming information from the headhunter (name, contact, company, etc)
    2) Create a fake resume with their information, listing their current place of employment
    3) Posting it to Monster, Workopolis, etc, under the "Job Seekers" category
    4) Let them get spammed to hell with other head hunters looking to hunt their heads.

    It'd be nice if two of those headhunters try to recruit each other, and get caught in an endless feedback loop.

     


  • ♿ (Parody)

    @morbiuswilters said:

    @KattMan said:
    Sounds Idiotic?  I agree, considering my context would be the US legal system.  Idiotic only seems to scratch the surface at times.

    Huh?

    I think you can stand down. This looks like standard "more cynical than thou" boilerplate.



  • @joe.edwards said:

    I've had a fresh Window installation get compromised in the few minutes it took between connecting it to the Internet and connecting to Windows Update.

    How does this still happen? Do people still connect client machines directly to the Internet? Surely people don't do that any more and instead are behind a NAT router which will prevent worms from contacting services on the host.



  •  Evil!!!



  • What would be even more impressive is getting a headhunter to try and head hunt themselves.


  • ♿ (Parody)

    How much head would a headhunter hunt if a headhunter could hunt head?



  • @Lorne Kates said:

    I've been tempted to write a script that will:

    1) Take all incoming information from the headhunter (name, contact, company, etc)
    2) Create a fake resume with their information, listing their current place of employment
    3) Posting it to Monster, Workopolis, etc, under the "Job Seekers" category
    4) Let them get spammed to hell with other head hunters looking to hunt their heads.

    It'd be nice if two of those headhunters try to recruit each other, and get caught in an endless feedback loop.

     

    If you can somehow work Kickstarter into this mess as well, I think you'll have the ultimate internet revenge prank.


  • BINNED

    @boomzilla said:

    @morbiuswilters said:
    @KattMan said:
    Sounds Idiotic?  I agree, considering my context would be the US legal system.  Idiotic only seems to scratch the surface at times.

    Huh?

    I think you can stand down. This looks like standard "more cynical than thou" boilerplate.

    Can I borrow that? My "more cynical than thou" boilerplate doesn't seem to be working very well.



  • @morbiuswilters said:

    @KattMan said:

    Sounds Idiotic?  I agree, considering my context would be the US legal system.  Idiotic only seems to scratch the surface at times.

    Huh? I was just saying it sounds idiotic to think that a headhunter is going to see an increase in spam, attribute it to malicious activity, search the Internet until he finds his address posted on a forum, contact the authorities in the appropriate jurisdiction, who will then follow-up with a DA, who will then subpoena the forum, who may respond with Snoofie's IP if they are legally required, which the DA can then use to subpoena his ISP to get his name, so that they can prosecute him for a crime which I'm pretty sure doesn't exist. (Or, the equivalent series of events for a civil case, which actually could be filed although I'm not sure the plaintiff would win.)

    You mean like the RIAA?  Yes they went through all that just to prosecute people for money they knew they would never see.  Liek I said, US Legal system, idiotic, yeah they go together.

    Come to think of it, that is where snoofle might get snagged, someone will use it to share music, and of course since it is snoofles machine he is the one they will track down and sure, and somehow lose the case, because who can beat the RIAA with all thier money.

     

     



  • @KattMan said:

    You mean like the RIAA?  Yes they went through all that just to prosecute people for money they knew they would never see.

    Um, no? Copyright infringement isn't really close to being the same thing as a few extra spam emails. The financial incentive for combating piracy is a lot more than the financial incentive for a headhunter to get rid of a few extra spam emails. Stop pretending you are stupid.

    @KattMan said:

    Come to think of it, that is where snoofle might get snagged, someone will use it to share music, and of course since it is snoofles machine he is the one they will track down and sure, and somehow lose the case, because who can beat the RIAA with all thier money.

    Come to think of, you may be legitimately stupid. I apologize for calling you stupid, then. It's not very nice to call an actual stupid person stupid and I'm sorry.



  • @boomzilla said:

    How much head would a headhunter hunt if a headhunter could hunt head?

    This gives me an idea for an HR-themed pornography site.



  • Not stupid, just cynical of our legal system here, or maybe it's just lawyers, I'm not real sure.

     



  • @KattMan said:

    Not stupid, just cynical of our legal system here, or maybe it's just lawyers, I'm not real sure.

    Can you imagine a world without lawyers? I'm currently considering going to law school. I could spend my time with drunk drivers, bitter divorcees and suspected murderers. It would be far more rewarding than working with shitty software and social-maladjusted programmers. I do worry that my personal code of ethics might be too flexible and self-serving even for legal work, though.



  • @joe.edwards said:

    I think 'worm' is the technical term for a malware infection that requires no user interaction. Yes, there are many that just scan for known vulnerabilities and infect. I've had a fresh Window installation get compromised in the few minutes it took between connecting it to the Internet and connecting to Windows Update.


    And yet I still know people who refuse to update unless it's necessary, because "if it ain't broke, don't fix it".



  • @morbiuswilters said:

    @joe.edwards said:
    I've had a fresh Window installation get compromised in the few minutes it took between connecting it to the Internet and connecting to Windows Update.

    How does this still happen? Do people still connect client machines directly to the Internet? Surely people don't do that any more and instead are behind a NAT router which will prevent worms from contacting services on the host.

    I thought the same thing ten years ago when people were stating the same about Windows XP. It takes an act of monumental stupidity to connect a new machine to the DMZ (or to set up a home network with bare IPs). I've got a MAME machine on my home network running Windows 98 and it hasn't been compromised in the past eleven years.


  • Considered Harmful

    This was my grandparents' computer, they just wanted me to get them online. I enabled Windows Firewall as soon as that feature was available (once XP SP2 had been installed), and installed antivirus software on top. There was no router or firewall, just the DSL modem, so I worked with what was available. I was just surprised at how quickly it happened.

    When running SSH from another box, I had several break-in attempts a night show up in the logs, mostly brute force and dictionary attacks. Eventually I had to set it up to auto-ban IPs that tried an invalid username or tried to log in with a password (of course, it was using a certificate for authentication). I'm sure it would be the same with any public-facing service.



  • @joe.edwards said:

    Eventually I had to set it up to auto-ban IPs that tried an invalid username or tried to log in with a password (of course, it was using a certificate for authentication).

    I usually ban on multiple failed logins (say, 10) instead. Reason being, I don't want to lock myself out if I type the wrong username or key file (although that info is actually in a config, but it's possible that might fail, say if I'm running as root..)



  • @joe.edwards said:

    There was no router or firewall, just the DSL modem, so I worked with what was available
    This is where I'm surprised. I've never seen a DSL modem that wasn't set up with NAT out of the box.



  • @Jaime said:

    I've never seen a DSL modem that wasn't set up with NAT out of the box.
     

    You don't have much experience with DSL modems then! :) When I first used ADSL in 2000 we had an Alcatel Speed Touch Home: this was a pure bridge and one ran PPPoE on your PC. Of course I had a Linux machine providing NAT (back then "IP masquerading") to the LAN. One of my friends had a PCI DSL modem, which worked in a similar way. Of course in 2003 I bought a Billion ADSL modem/router which made the network much simpler (didn't need a separate switch/hub or routing PC). Replaced it around 2009 to get ADSL2+.



  • @joe.edwards said:

    I've had a fresh Window installation get compromised in the few minutes it took between connecting it to the Internet and connecting to Windows Update.

    If you need to set up a Windows box and you don't have a NAT router to hide it behind, you can improve the quality of your life with WSUS Offline Update. A 16GB USB stick is enough to hold all available updates for all currently supported Windows and Office versions.



  • @snoofle said:

    The connection between the two machines is locked down and one way only ... Thoughts?

    My thought is that you're much more confident about your ability to prevent sploits gurgling backwards up your locked-down connection than I would be in your position.



  • @morbiuswilters said:

    I'm currently considering going to law school.
     

    A mercenary soldier robs, steals, rapes, and murders for whoever pays him the most money.

    Q: What's the difference between a mercenary soldier and a lawyer?

    A: The lawyer is proud of it.

     



  • @Jaime said:

    I've got a MAME machine on my home network running Windows 98 and it hasn't been compromised in the past eleven years.
    That's because nobody in his right mind has tried to deploy an exploit for W98 in eleven years.



  • @boomzilla said:

    How much head would a headhunter hunt if a headhunter could hunt head?
     

    The veal's pretty good, though!



  • @Jaime said:

    It takes an act of monumental stupidity to connect a new machine to the DMZ (or to set up a home network with bare IPs).
     

    All it takes is a household with 1 computer and a direct connection to the modem.

    These days, all modems from all ISPs here are in fact (wi-fi) routers with integrated firewalls, but that's a development of the last 5 years, I think. My previous cable modem was just that— a modem. Fortunately I have had multiple computers for over a decade now, and as such have always had a router/firewall.

    In fact, while my ISP has offered a default router-modem for quite a while now, I only got one to replace the plain modem after the house's internet got transferred to my name, so I assume there are still plenty of subinformed households with computers exposed to the net and only Windows' firewall to shield them from the dank recesses of the intertoobz.



  • @AndyCanfield said:

    A: The lawyer is proud of it.
     

    Don't kid yourself. So is the mercenary.



  • @boomzilla said:

    How much head would a headhunter hunt if a headhunter could hunt head?

    Even if a headhunter could hunt heads and even if a headhunter would hunt heads, should a headhunter hunt heads ?



  • @morbiuswilters said:

    @boomzilla said:
    How much head would a headhunter hunt if a headhunter could hunt head?

    This gives me an idea for an HR-themed pornography site.

     

    I am amazed that headhunter.com isn't already a porn site.



  • @dhromed said:

    These days, all modems from all ISPs here are in fact (wi-fi) routers with integrated firewalls, but that's a development of the last 5 years, I think. My previous cable modem was just that— a modem. Fortunately I have had multiple computers for over a decade now, and as such have always had a router/firewall.
    I've had high-speed Internet access since 1995, and every "connectivity device" has had NAT enabled by default, except the ISA cable NIC I was issued for one of the early Internet over cable installations. You guys have horrible ISPs.



  • @snoofle said:

    I had an old, unused pc lying around. I securely wiped the hard disk, installed a new copy of Win-7, turned off all security features and removed the admin and login passwords. The machine has an open connection to the internet with absolutely nothing to protect it from anything. I set up a monitor to record (in a text file) anytime something is taken off of that machine, and what that file was.

    On my machine, I set up a mail rule that anytime it detects one of these urgent spam messages, it auto-adds the sender to my contacts list on the unprotected machine (no mail actually goes to that machine, and it is unable to send mail). The connection between the two machines is locked down and one way only.

    <mode nagesh=true auth=false>

    We would be liking you to provide codes.

    </mode>

    In all seriousness, I'd like to know a bit more detail as to how you did this.



  • @Jaime said:

    every "connectivity device" has had NAT enabled by default,
     

    It's possible that I underestimated the capabilities of my ye olde cable modem. I am not a network specialist, or even a hobbyist. I know what DMZ stands for, but I don't know what it means.

    It was a box kind of like this one, but apparently there are many variations with varying specs so I can't be sure.



  • @AndyCanfield said:

    @morbiuswilters said:

    I'm currently considering going to law school.
     

    A mercenary soldier robs, steals, rapes, and murders for whoever pays him the most money.

    Q: What's the difference between a mercenary soldier and a lawyer?

    A: The lawyer is proud of it.

    Most mercenaries are probably proud of it, too. Oh, and I'm suing you for defamation of lawyers.


  • BINNED

    Isn't this supposed to be the point where someone comes along screaming:

    "But NAT is not security / a firewall !!!!11"

    and starting an endless debate if it does fix the flaws of an unpatched XP box ?!



  • @dhromed said:

    @Jaime said:

    It takes an act of monumental stupidity to connect a new machine to the DMZ (or to set up a home network with bare IPs).
     

    All it takes is a household with 1 computer and a direct connection to the modem.

    These days, all modems from all ISPs here are in fact (wi-fi) routers with integrated firewalls, but that's a development of the last 5 years, I think. My previous cable modem was just that— a modem. Fortunately I have had multiple computers for over a decade now, and as such have always had a router/firewall.

    In fact, while my ISP has offered a default router-modem for quite a while now, I only got one to replace the plain modem after the house's internet got transferred to my name, so I assume there are still plenty of subinformed households with computers exposed to the net and only Windows' firewall to shield them from the dank recesses of the intertoobz.

    Most of the new cable modems I've seen (the Motorola DOCSIS 2.0 and 3.0 consumer models, at least) are modem-only. Still, who doesn't have a router nowadays?


  • ♿ (Parody)

    @AndyCanfield said:

    Q: What's the difference between a mercenary soldier and a lawyer?

    A: The lawyer is proud of it only makes you wish you were dead.

    FTFY



  • @dhromed said:

    @Jaime said:

    every "connectivity device" has had NAT enabled by default,
     

    It's possible that I underestimated the capabilities of my ye olde cable modem. I am not a network specialist, or even a hobbyist. I know what DMZ stands for, but I don't know what it means.

    It was a box kind of like this one, but apparently there are many variations with varying specs so I can't be sure.

    Yeah, I used to have one of those, instead of paying my ISP to rent their equipment. My current modem is ISP-provided, a DOCSIS 3.0 by Cisco which does not appear to have any kind of router. I was only going to be at my current house for a couple of months so it wasn't worth it to buy a modem for that short period of time. I do know that Comcast provides integrated modem/routers (by SMC, IIRC) to business customers or anyone doing phone-over-cable.



  • @topspin said:

    Isn't this supposed to be the point where someone comes along screaming:

    "But NAT is not security / a firewall !!!!11"

    and starting an endless debate if it does fix the flaws of an unpatched XP box ?!

    Unless your router has UPnP enabled and XP is using it to open public ports, how is a worm going to connect to the XP box behind the NAT router? You can still get infected other ways, of course, such as downloading malware-infected binaries or a MITM attack which inserts malicious code into a download. But that's not what we were talking about.



  • @boomzilla said:

    @AndyCanfield said:

    Q: What's the difference between a mercenary soldier and a lawyer?

    A: The lawyer is proud of it only makes you wish you were dead.

    FTFY

    Defamation! Defamation!!


  • BINNED

     I didn't say otherwise, just that this discussion usually gets started at about 2nd post.


Log in to reply