Evil on the Internet
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 97 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/45701 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 201074 / 97
1
2
4
5
6
8
14
15
16
17
23
29
38
41
42
44
46
47
48
50
53
54
62
63
64
65
66
71
74
75
77
78
79
80
82
84
85
94
00:00
InternetworkingComputer fontWebsiteNumbering schemeModemLink (knot theory)Pairwise comparisonMalwareEmailFluxDenial-of-service attackComputer networkServer (computing)Factory (trading post)Sample (statistics)CyberspaceComplex (psychology)PhishingMotion captureGeneric programmingInsertion lossSpherical capGame theoryBefehlsprozessorIndian Remote SensingInternetworkingHoaxSlide ruleWebsitePersonal identification numberTerm (mathematics)QuicksortMultiplication signFisher's exact testMereologyWeb pageNumbering schemeDenial-of-service attackTask (computing)Virtual machineSurface of revolutionProcess (computing)BitMotion captureFactory (trading post)LengthComputer animationXMLLecture/Conference
03:01
Web pageUniform resource locatorDomain nameFacebookLoginComputer animation
03:34
Heat transferVideo trackingDomain nameType theoryMoment (mathematics)Computer animation
04:22
Device driverWindowConvex hullThomas KuhnMoment of inertiaCommodore VIC-20Inclusion mapHill differential equationDenial-of-service attackExecution unitBackupClique-widthLemma (mathematics)Interior (topology)Drill commandsPhysical lawMenu (computing)Front and back endsMereologyMathematicsWebsiteServer (computing)Different (Kate Ryan album)Web pageVirtual machineIP addressMoment (mathematics)Open sourcePhishingResultantComputer animation
05:29
Type theoryWebsiteVirtual machineFreewareMechanism designFluxExclusive orDomain nameProxy serverServer (computing)Uniform resource locatorAddress spaceMeasurementWeb serviceTotal S.A.Session Initiation ProtocolWebsiteEmailPoint (geometry)Web 2.0Multiplication signFilter <Stochastik>QuicksortTerm (mathematics)Uniform resource locatorDomain namePhysical systemInsertion lossLine (geometry)FluxGroup actionSound effectWeb pageShape (magazine)NumberGoodness of fitGraph (mathematics)MedianServer (computing)InformationVulnerability (computing)Virtual machineWeb serviceTraffic reportingResultantVector potentialRight angleMoment (mathematics)LengthSession Initiation ProtocolSpring (hydrology)Form (programming)Pattern languageBitDot productVolume (thermodynamics)In-System-ProgrammierungAddress spaceArithmetic meanMeasurementGravitationElectronic mailing listFreewareInformation securityExistenceComputer animation
14:19
AuthorizationBackupInclusion mapBenz planeDrill commandsHill differential equationExecution unitMaxima and minimaLink (knot theory)MIDIGraphical user interfaceIRIS-TRule of inferenceTwin primeStructural loadPhishingFlow separationPasswordOrder (biology)Term (mathematics)BitMultiplication signFamilyRemote procedure callWebsiteComputer animation
16:02
WebsiteHacker (term)Personal identification numberMaxima and minimaProcess (computing)WebsiteRight angleComputer animation
16:47
TrailWebsitePerturbation theoryQuadrilateralComputer iconNormed vector spaceDew pointHash functionComputer wormInclusion mapMaxima and minimaInsertion lossComputer-generated imageryLocal GroupPhysical systemPersonal digital assistantMoment (mathematics)Process (computing)Perturbation theoryEvent horizonSystem administratorWave packetNegative numberGroup actionOffice suiteComputer clusterDesign by contractSound effectInternetworkingClient (computing)GoogolComputer animation
19:47
Interior (topology)Google MapsTwin primeWindowDigital photographyWebcamBuildingNumberBitAirfoilComputer animation
20:28
Menu (computing)TrailWebsiteWindowPersonal identification numberComputer wormDigital rights managementoutputExecution unitNormed vector spaceInheritance (object-oriented programming)Chi-squared distributionMathematicsWhiteboardComa BerenicesLocal GroupReduction of orderCarry (arithmetic)Compilation albumGoogolWebsiteGroup actionRevision controlWhiteboardType theoryWeb pageDigital rights managementHTTP cookieTelecommunicationNumberRight angleComputer animation
22:24
WebsiteMultiplication signWebsiteOrder (biology)Group actionEmail1 (number)AverageComputer animation
24:01
WindowSign (mathematics)Chi-squared distributionMenu (computing)SicTransportation theory (mathematics)Line (geometry)Web serviceBuildingGoogle Street ViewTrailEmailHeat transferOrder (biology)BitNumberMereologyWebsiteComputer animation
26:40
Wave packetWindowLine (geometry)Address spaceNormal (geometry)Web pageComputer animation
27:12
Denial-of-service attackDean numberSummierbarkeitUniform resource locatorSalem, IllinoisWechselseitige InformationExecution unitAngleInformation and communications technologyView (database)Web serviceString (computer science)Internetworking1 (number)Coma BerenicesComputer animationLecture/Conference
27:57
AngleTrailTwin primePasswordInclusion mapLemma (mathematics)Term (mathematics)WebsiteGoogolWindowCommunications protocolPhysical lawSoftware configuration managementComputer wormWeb pagePublic key certificateDifferent (Kate Ryan album)EmailGoogolSubject indexingWebsiteProcess (computing)Home pageComputer animationLecture/Conference
29:35
InformationWindowSurjective functionMedianWebsiteWebsiteProcess (computing)Coma BerenicesGoodness of fitFocus (optics)Figurate numberComputer animationLecture/Conference
30:33
Programmable read-only memoryAvatar (2009 film)Right angleWebsiteQuicksortPhysical systemFront and back endsFilter <Stochastik>Web pageSpacetimeEmailInternetworkingUniqueness quantificationSound effectGoodness of fitFilm editingRange (statistics)Domain nameComputer animation
32:46
GoogolRankingMathematicsFunction (mathematics)Domain nameWebsiteMenu (computing)Greatest elementNumberComputer animation
33:50
Formal verificationWebsiteMultiplication signWebsiteBitComputer animationLecture/Conference
34:22
INTEGRALLink (knot theory)Execution unitWebsiteGoodness of fitComputer animation
35:08
Execution unitOnline helpCodeEmailDecision tree learningWebsiteEmailHeat transferGoodness of fitComputer animation
36:13
Information securityTerm (mathematics)WebsiteGreen's functionMalwareGreatest elementSign (mathematics)Right angleComputer animation
37:23
CAN busSummierbarkeitConvex hullRaw image formatGoogolWeb pageMetropolitan area networkWebsiteGreatest elementComputer animation
38:05
WindowLink (knot theory)TelebankingBitWebsiteComputer animation
38:49
Inclusion mapExecution unitQueue (abstract data type)Ring (mathematics)Google Street ViewLoginMultiplication signSign (mathematics)NumberMetropolitan area networkRule of inferenceComputer animation
40:28
WindowOpen setPlot (narrative)Maxima and minimaMietserverMetreWebsiteUniqueness quantificationMultiplication signRight angleComputer programmingBasis <Mathematik>MereologyNumbering schemeBit rateComputer animation
41:40
Host Identity ProtocolDomain nameComa BerenicesInverter (logic gate)SummierbarkeitMaxima and minimaComputer clusterLink (knot theory)Protein foldingDynamic random-access memoryTerm (mathematics)PermianReading (process)Residual (numerical analysis)Thomas KuhnProcess (computing)Numbering scheme1 (number)WebsiteMultiplication signComputer animation
42:28
Coma BerenicesInternetworkingLink (knot theory)Web pageBlogComputer animationLecture/Conference
43:01
XML
Transcript: English(auto-generated)
00:07
Anyway, I'm going to talk to you about evil on the internet, and I'm going to talk to you about fishing. I'm going to talk to you about mule recruitment, money mule recruitment, the people who move the money for the fishers.
00:21
I'm going to talk about some things which you may not have seen, like fake auction escrow sites. Pharmacy sites, you've almost certainly seen those, which is a new Viagra. And then some fake banks, some totally fake banks, some Ponzi schemes, and all sorts of other things as well.
00:42
Now I'm going to try during this talk to show you some real live sites. Now they may not actually work because these are bad sites and people are trying to take them down. So they may have taken them down since I actually checked that they were all there at breakfast time this morning. So if everything goes wrong, I apologize and I have some slides for all of these things.
01:06
Just to get you all in the picture, there's a whole ecosystem out there. Mainly, the key thing is botnets, which is basically you and my machines taken over by the bad guys running trojans,
01:22
forming part of a botnet, and then being commanded by criminals to do things like do DDoS attacks, to send spam, and also to host some of the bad websites which we look at. And there's also an entire underground economy whereby if you manage to compromise machines,
01:41
then you can use your skills to compromise machines, and then you can go and sell compromised machines. Alternatively, if you go fishing and you can capture credentials, then you can go and sell the credentials to people and they will cash them out. So basically what we've got now is a great deal of specialization,
02:02
which means that because people can be specialists in what they do, that moves the economy along. Adam Smith first described this for his pin factory in 17th century Scotland, that it was much better to make pins by having one person cut the bit of wire to length and somebody else sharpen it and somebody else put the top on the pin and so forth,
02:25
rather than having one person doing all of these jobs. And that's what drove the Industrial Revolution, and certain other steam power and things like that as well. But the specialization of tasks was very important in terms of making people more efficient. And since the criminals have created this specialization around about 2003 or so,
02:46
they have been much more efficient as well. So, just to get us all on the same page, what do I mean by fishing? Fishing is capture of user credentials by impersonating things. So, let's have a look at some fishing.
03:03
And this is a domain which has been set up, this funny thing here, has been set up by the bad guys sometime yesterday. And if we go and visit one particular URL on that domain, there's the domain you see,
03:21
there's a Facebook login page. If we go and visit another URL on exactly the same domain, there's a Western Union page. And Fifth Third Bank, nobody ever heard of Fifth Third Bank before they started fishing it,
03:44
but there you are. If you have some Fifth Third Bank credentials and you type them in there, then the criminals will steal your money. How is this actually working? This is one of the most sophisticated fishing gangs out there, which is why I was able to go out and immediately find an example to be able to show you,
04:04
because these things are ubiquitous. They're sending about two-thirds of all the spam, just this one gang. And what they're actually doing is, this domain is in fact resolving to, at the moment, eight or ten different, we'll do an NSLookup on this fine thing,
04:34
that's where it all goes wrong. And we see it's resolving at the moment to six different IP addresses.
04:43
Those six different IP addresses are part of a botnet, and the Trojans sitting on those IP addresses are merely forwarding HTTP requests to a backend mothership, which actually contains an Apache server. They're very keen on open source.
05:02
They're running an Apache server which is serving up all of the pages which we've just looked at. And this is obviously very robust, because if one of those botnet machines goes down, or the owner turns it off, or the owner fixes it,
05:21
then they can just change what it's resolved to. As a result of which, the only way of dealing with this particular fishing site, if you're Fifth Third Bank and you'd like this site removed, is you have to get the domain name suspended, which is why they were using a .cz domain name, because I suspect that the registrar who they bought the things off
05:41
didn't actually know what to do when Fifth Third Bank came knocking at their door saying, hey, you must suspend this domain name, it's bad. So, go back to our... So we've now shown you fishing.
06:01
Now, if you go back to 2003, much of the fishing was done using domain names which were meant to confuse. So you'd spell Barclays with two Ls or something like that, so that it looked like Barclays if you read it quickly, but it wasn't really Barclays. That's very unusual just at the moment.
06:21
About three quarters of all fishing sites by volume are insecure end user machines which have been hacked into, insecure web servers which have been hacked into because people haven't kept their copy of Joomla or something like that up to date, as a result of which there are security vulnerabilities, as a result of which the bad guys can break in and put extra pages
06:45
onto a perfectly legitimate web server. About 17% of all of the sites are just stuck on free web hosting, where all you have to do is turn up, hand over an email address, and you can have a web presence. And these people turn up, hand over an email address,
07:01
and they have a web presence, and they put up fishing pages for eBay or PayPal or whoever it may be. And then they send out lots of spam pointing at those things. But the specialist attackers, who as I say are doing most of the action in terms of how much spam is sent, and we think are stealing most of the money, are using these fancy things like fast flux botnet systems.
07:26
So, don't really want to go into this, but basically we have the way in which their URLs work is that they basically tend to have something to make it unusual and different so it will get through spam filters.
07:42
Then you have the name of the bank, which is very important, because if you don't have the name of the bank, why would anybody believe that it really was Fifth Third or whatever? And then you have whatever domain name they're using today, and then the bit at the end which decides whether or not this is going to be a Fifth Third fish or a Visa fish
08:02
or a Western Union fish or whatever it may be. When we look at the takedown times, because I'm really an academic, and what we've been doing for about three years now is studying fishing, and one of the things we've been looking at is how long the websites last for.
08:24
Because if the websites last for a long time, there's the potential for doing a lot of damage. If the websites don't last for a very long time, then when you finally get around to opening your email, and you see this really convincing email that says that your bank account is about to be suspended if you don't click in and hand over your credentials immediately,
08:44
then if the website's been taken down, then it doesn't matter if you click on that because the website's disappeared. So how long the websites stay up for is a measure of how much damage they do. And one of the interesting things we found was that when we looked at how long the websites stayed up for,
09:03
then at the moment, well in fact this is going back almost two years now, the data we had showed that fishing websites were on average taken down in about four hours, with a mean of four hours and a median of zero. And a median of zero means that over half of the sites were removed
09:22
before we had the chance to measure what their lifetime was. They were coming down so fast. But the sites were only taken down that fast when the brand owner, the bank or PayPal or eBay or whoever it was who was being fished, only if they were aware of the websites.
09:42
If they weren't aware of the websites, then they had a lifetime of about four days because the bank didn't try to get them removed. In fact, it's still a bit of a puzzle to us why the websites which the bank doesn't know about ever get removed at all. We think what it is is just members of the general public
10:00
turning up and pointing out to the ISP or the website owner that they have a fishing page and therefore they remove the page and the bank never actually learns that the page existed. Now you might wonder how we know about the sites existing if the bank doesn't know about them. And the answer to that is that we get the data from two,
10:22
well in fact now several more, takedown companies, people who collect lists of fishing websites and they collect these lists of fishing websites and if one of their customers, Barclays or eBay or whoever it is, is on that list of things, then they take the websites down
10:41
and they also give the data to us. But if one of those companies sees a Barclays website and Barclays is not their customer, then they just make a note of it and tell us but they don't actually do anything about it and they certainly don't tell Barclays because they're competing on how much information they know.
11:03
So when we measured all of this, we found that there was this huge disparity between the four hours when they knew about it and the four days when they didn't. We said, because we're naive academics, we said wouldn't it be a good idea if you were to share information with each other because then the websites will get taken down faster?
11:23
And they said wouldn't it be a good idea if Barclays was to come along and buy a service from all of us? This is data a long time ago now, this is three year old data, which basically shows how long our websites stay up for on free web hosting.
11:45
And you'll see that Yahoo is doing really rather better there. And the reason Yahoo is doing rather better is that as soon as you tell Yahoo about one of these sites, they take it down in 20 minutes. And why does it say a median of 6.9 hours?
12:01
That's because that includes all the sites which nobody goes and tells Yahoo about. But one of the things we found when we looked at all of this and some of these very large numbers for how long things came down for, is we found an effect which we call the gaining of clue.
12:22
If we look at all of the websites from the spring of 2007 on Alice.it, which is a free web hosting company in Italy, then you'll see that over on the left hand side, the sites which turned up in early May,
12:41
all of those sites last for 500 hours. And all of the sites which turn up, say on the 1st of May, lasted for about 100 hours. Then after that the times come less. Now what's actually happened is in fact, all the way through the end of April, Alice.it got all of these reports about phishing websites,
13:03
and they didn't do anything at all. They left them all up, which is why you get that kind of straight line in terms of how long they're staying up for. And about the 1st of May, so many people have shouted at them that you must remove these websites, they are doing damage.
13:21
This is very important that you take these websites down. They suddenly removed all of the websites all on the same day, and then thereafter, as soon as the websites were reported, they took them down. And that's why you get a graph looking like that. Now the really interesting thing about this is that this shape, you can find all sorts of other places as well.
13:44
These are two registrars, one handling .Hong Kong domains, and one handling Chinese domains. And you'll see exactly the same pattern, which is that at the beginning of the graph, they have phishing sites,
14:01
they don't know what to do, so they leave them all up, so the earlier they turn up, the longer the lifetime. And then suddenly, they gain some clue, and they take them all down, and after that, they're a little bit more efficient in terms of removing websites.
14:21
Now this is, having talked about phishing, one of the difficult things about phishing is actually making any money at it. You shouldn't be surprised that some things are more difficult than others, because if you think about other crimes,
14:42
like say, kidnap. Kidnap is a really easy crime in terms of if you go along to outside the nightclub at 2 o'clock in the morning, you can grab the heiress when she comes out of the nightclub, you can bundle her into the back of the car,
15:01
you can drive her off to the remote farmhouse, and you can put blindfolds on and make sure she doesn't know where she is, and if you're really keen, you can cut off her ear or something in order to send it off. All of that is remarkably easy. What's really difficult about kidnap is that you have to communicate with the family several times,
15:23
backwards and forwards, and then you have to arrange that they go and put a suitcase full of money, and they leave it somewhere, and you have to go and pick up the money, and then you will get caught. So the really difficult thing about kidnap is not the first bit, it's getting the money, and the same thing is with phishing.
15:43
Getting credentials with phishing is really, really easy. You just have to break into a website, you have to send out some spam saying, your bank account is about to be closed down, please come and fill in your password here, and people do.
16:00
So what's the problem with phishing? The problem is getting the money. So this is a real live website for getting the money. When it comes up, I hope, it's still there. Excellent.
16:23
And this website is about a company who does outsourcing. It doesn't really matter what they do, but the important thing is that if we have a look at this, they've got some jobs, and they probably sent you some spam about these jobs. They said, work at home, they said.
16:43
Are you going to come and talk to me? Excellent. Right. And they have all these really cute jobs, they've got HR training, oh no, that's not available at the moment. They've got system administrators,
17:02
I'm sorry, they haven't got any of those jobs. What they do have available, is they have available a payment processing assistant. Hot it said. And what you have to do, well I'm sorry, it's only for people from USA and Canada,
17:20
so not all of you will be able to apply, but it's a really great job, you have to have internet access, you're available on the phone, a bank account, no criminal offenses, we don't want bad people. And what you do, it's really easy, money is moved into your bank account, and then you send it off to Millennium Group, whatever,
17:43
by Western Union. What's not to like? A couple of hours, you have to answer the phone, they may be checking the money's turned up in your bank account and so forth, and they'll give you some training about how to find the Western Union office and all the really difficult things in all of this,
18:01
and it's a really great job. And what's more, they're paying 8%, they're paying a monthly salary of $2,300, well not a lot, but it's only a couple of hours a day, and you get 8% on all the money they move through your account. Excellent. Now of course what happens in reality is this money
18:21
is not coming from their clients, who are doing outsourcing, which is what they're trying to tell you, this money is coming from compromised bank accounts. And when the money comes from compromised bank accounts, it comes into your bank account, you then go and move the money to Western Union, and eventually the money will be moved out of your bank account again
18:41
by your bank, who has realised that it has been stolen and therefore they will just undo it. So your bank account will now be extremely negative. Well that's alright, you can go down to Western Union and ask for your money back, and they will laugh. A lot. And they will point to the thing on the wall that says never send money over Western Union
19:01
to anybody you don't know really, really well. And you will say, I know these people really, really well because they're my employer, and I have a signed contract of employment to show that they have employed me. And Western Union will laugh even harder. So anyway, the Millennium Group,
19:21
one of the things you might be interested in in the Millennium Group is where they are. Because, and, in fact they're based in 109 Livingston Street in Brooklyn, on the 7th floor. So, fortunately, Mr. Google,
19:42
when he comes up, here we go, right at the beginning, Mr. Google allows us to have a look at 109. You know, this is not a live webcam, you understand, this is a photo he took earlier.
20:05
There we go, there's Livingston Street. I'm here to tell you that that building there is on number 111 Livingston Street, and this building here is number 85 Livingston Street. So, 109 the 7th floor is somewhere in that bit of thin air.
20:34
Now, one of the things you can do with these, right now, the Millennium Group, the reason I picked them is this site's been up for a little while.
20:43
But these sites don't last forever because various people take them down. But this is the management team of Millennium Group, and in particular, the Chief Executive, I really like him because he's a post-graduate
21:01
of the Higher Educational Institute of England. The University of England, well-known place. Okay. This gentleman was a commercial director, personal manager of a large corporation engaged in electronics production.
21:20
So we'll just copy that, and we'll go off to Google, and we'll type in this fine string, and we'll see if we get a number of hits on this. Many of these pages,
21:45
it gets better because Google has realized many of these pages are all the same. If we put in all the pages which were not all the same, this gentleman has been on the board of 120 different sites
22:03
because they've just been doing cookie cutter, rolling this stuff out. I'm sure they use version control for this stuff. So basically, that's being a money meal. Oops, right at the beginning.
22:21
So we just go back to the talk, which I'm supposed to be doing over here. There's that, payment processing, etc. And basically, one of the interesting things about these sites is they get taken down very slowly. This is some data from about three years ago,
22:41
but it's very much the same today, and you'll see that back in those days, they basically used to set up multiple websites for the same company rather than inventing a new company each time, which is obviously easier. They've obviously improved the tools in order to be able to make a new company every time.
23:03
But if you look at that, you'll see that those times are considerably longer than four hours, and they're considerably longer than four days as well. What's going on here? And what's going on here is that these money meal recruitment sites attack all of the banks, not just one bank, and therefore, since they're attacking everybody,
23:21
it's no particular one bank's problem to get these sites removed. And therefore, they all leave it to somebody else to get the sites removed, and they don't worry about it. So the only people who are taking these down are basically activist groups like AA419 and people like that who basically spend their evenings
23:40
doing nothing else but sending off emails to the hosting companies of these websites saying, please, will you remove this? It's a scam, and we think that it should be removed. All right, so the banks, the professionals who can take down sites in four hours just aren't tackling these ones at all, and they're very slow.
24:03
Okay, here's a different scam. Let's just get rid of that. This is a company called GTS Global. And the reason you'll come across GTS Global is if you go and buy a car or perhaps a motorbike on an auction site, and you're lucky enough
24:21
to win the auction, and the next thing you know is that the person sending you the car sends you an email. And the email says, well, not to be terribly rude to you, but I don't entirely trust you, so what I've done is I've given my car to an escrow company, and you give the money to the escrow company,
24:40
and then the escrow company will arrange to release the car to you, and they will release the money to me. Okay, so we both trust the escrow company in order that we don't have to trust each other on the car and the money. And in particular, you'll be really pleased to hear that this escrow company not only does escrow,
25:02
but they also do transportation as well. In fact, there are major transportation people, so in fact the car will be delivered to outside your front door. This is great, you think. So off you go, and you pay them some money.
25:20
That's it, that's the end of the story. You just pay them some money. So this is a, so basically, a big red thing, so you can fill in the money here, and you send them off the money, and they actually have some tracking so that you don't realize that you might be able to undo the money transfer if you're really quick,
25:42
so they have some tracking so that you'll be able to see where your car's been moved to and so forth, and they'll give you a serial number so you can see where it's gone to and so forth, so it's really quite impressive. It's great. Now, where is, right there, they're one of the largest shipping lines in the world,
26:03
it says here, one of the leading global shipping lines in the world, and they're based at 13645 Alton Parkway. So we'll do a little search for that. Now, I will show you the street view for this,
26:21
but it's rather unconvincing because the buildings in this part of Irvine have set back a fair bit from the road, so it's really difficult to tell whether or not it actually says we are one of the biggest global shipping lines in the world here. However, you'll be pleased to see there is actually a trucking service at this address,
26:42
and there are the guys who run it. Now, let's be really clear, those are perfectly normal Americans and nothing wrong with them at all, right? They just happen to have their address stolen. It's not that those two guys are pretending to be a global shipping line, it's just they were unlucky enough
27:00
to be at the same address which the criminals decided to use. Again, if we go off to the page, then we can find the string which says as the most trusted escrow service on the internet.
27:23
So we'll copy that. You're ahead of me, aren't you? Our 231 people are the most trusted. In fact, one of the hits there is for AA419 because it's a scam.
27:42
The top hit is actually for escrow.com who really are an escrow company, but they don't do deliveries. Only the bad ones do deliveries as well as doing escrow. In particular, if we go back and we find another phrase from down here
28:01
which is we protect both the... This is a phrase from the front page of escrow.com and what I showed you before was all of the 231 which came from that particular gang because there's a lot of different gangs do this particular thing,
28:22
but they all have copied escrow.com's simple five-step trust process which is why we get a hit of about 615. Obviously, Google keeps on indexing pages, but eventually when the sites die, 615 is how many sites there are out there today still alive.
28:43
This is a rather popular thing and the reason it's popular is because for not very much effort, all you have to do is list a car on an auction site, send off a couple of emails and you'll make 8,000 to 10,000 euros. Great then.
29:02
If we go off to the real escrow.com, you'll notice the real escrow.com has some... They've spent all the money in getting one of these green certificates up the top and you'll find the nice... Where's it gone? I'm not on the top page, that's the reason.
29:27
Right up the top, you'll see that this is where the... escrow.com are the people who have the five-step trust process
29:43
and escrow.com you can trust. Okay, so back to the talk.
30:00
Lots and lots of them. Our lifetime is fairly high. One of the interesting things is that when we actually looked at this a few years ago, we took some of these well-known phrases and saw how many sites Google could find and how many sites the vigilantes actually knew about and basically only about a quarter or so of the sites
30:24
were actually being... were any attempt being made to take them down. I haven't done that figure lately, it's possible that figure has improved. Right. Now, if you had too much beer last night,
30:40
then possibly you'll be interested in a pharmacy site. They will sell you all sorts of useful things for dealing with your hangovers or the side effects thereof.
31:01
Excellent is still there. This is good old Canadian pharmacy, which has been around for ages and ages and ages. And the interesting thing about Canadian pharmacy is that it's run on an affiliate system. So basically the pharmacies do all the hard work
31:22
of supplying the pills and that sort of thing. And any entrepreneur who wishes can send out spam and what they do is they put into the spam their own unique domain names or whatever it may be, arrange for that domain name to be forwarded back
31:40
to the back-end system where the real criminals operate the pharmacy. And that's why pharmacy spam is so prevalent and why so much of it gets through your spam filters. Because if you have a really good way of getting email through spam filters, then this is what to do. Send out email spam for Viagra
32:02
because people will actually go and buy Viagra off the internet and these guys will do all the hard work of sending out the blue pills and taking the money and so forth and then they will give you a cut. And what this means is that almost all of the innovations we've seen in the sending of spam
32:21
and getting through spam filters over the last five years or so have all started off with pharmacy. So these people are driving innovation in this space. And you can buy all sorts of really cute stuff from here. Now, what I used to do, in fact they have changed
32:44
because I'm going to have to go and show you an older page. Just very quickly, Google has about 53,500 hits for the menu down the left-hand side.
33:02
If you go and look for those, then you get a very large number of hits. Some of these hits are for blog spam. Some of them are for other material. But most of those are just lots of domains which are forwarding to this thing. If we go and look at a rather older one,
33:25
down the bottom of this one, we can find some nice seals. In particular, so we can click on here and we'll get a little pop-up which shows that this is a genuine site. Now you may spot the fact that it's actually been served from the site
33:42
where I clicked on it. And if I clicked on the VeriSign one, this also comes from the same site. But it is secure. But unfortunately, it's expired.
34:04
In fact, I think this site is just left lying around because the current sites don't have those seals on at all. I'm going to have to rewrite the talk soon. I'm running out of time a bit. There's a whole lot of stuff to do with penis enlargements, but nobody here needs that anyway.
34:21
But you might like an iPhone. Here's a nice shopping site. And they're offering you an iPhone for 108 euros,
34:40
saving you 172 euros. That's good, isn't it? I'm here to tell you, if you go off to Google, the best prices they can find for iPhones are in the... Well, that one's used, right? New one, $540. 108 euros is a bargain.
35:03
Why is it a bargain? Well, it's a bargain because if we go and pay for it... All right, so we'll add it to the cart. All right, that's great. Off we go. So we're going to check out.
35:21
Check out is unregistered. There we go, 108. I'd get a few gifts if I wanted. Here's all the detail, and I'm going to pay. How am I going to pay? Good old Western Union. They do offer PayPal, but you have to swap email with them first. And I suspect when you swap email with them
35:40
that you will find that they don't actually offer PayPal. Or you can use MoneyGram, which is much the same as Western Union. You go down there, you hand over your money, and that's it. Or you can do a bank transfer into their bank at the Bank of China, and good luck with getting the money back from that. So this is really good.
36:03
However, of course, you wouldn't go and buy something off a site like this without checking it out first. So we'll go off to our site advisor, one by Mr. McAfee, and he's got a green tick. Why has he got a green tick? He's got a green tick basically
36:21
because McAfee understands about drive-by downloads of malware. McAfee doesn't understand about whether or not this is a good place to give your money over. However, the technical people who built this fantastic site which says it's all right, there's no malware here, can't communicate with their marketing people
36:44
who insist on saying that this green tick means that it's safe to shop there. This is a disconnect with the marketing people. So it's not really safe at all. This one, which is a previous incarnation of exactly the same site
37:00
from a couple of years ago, still has a green tick, but you'll notice right down the bottom because I blogged about all of this, various people turned up and shouted at McAfee, and it now has a couple of little red things which basically says, hey look, it's listed as AA419 as a scam site. Which basically is a really bad sign about this.
37:23
However, it still has a green tick. If you go Google search on it, you can find this page. This is in Dutch, but Google told me what it said. It says, I'm thinking of spending some money at this site. Is this a good idea?
37:41
And the man at the bottom says, no. I'm from Italy, I gave him some money and I haven't got it back yet. It's a scam, he says. Do not send money. The Italian police are helping him out, so that will be all right.
38:03
Okay, I've got five minutes left, so I'm going to be able to show you one more thing, which is a bank. This is great, this is a bank. Fleming Merchant Bank. There used to be a Robert Fleming Merchant Bank until 2000 when it ran into a bit of trouble and got bought by Chase,
38:20
and they haven't reused the name. But the bad guys have reused the name. And you can do online banking through this bank. By the way, do you see all this really cute stuff on the... I hope it's coming across. The guys who do this have nothing better to do than design really cool websites. You should employ them. So you can sign up and so forth.
38:41
But why would you want to sign up for this bank? Here's the contacts for the bank, which will show that it's based in Glasgow. All right, so off we go. We've got Google. Google will show you the street view.
39:04
Here we go. Actually, I've cheated on that because in fact the number 11 is over on the other side of the road. But it doesn't say Fleming Merchant Bank anywhere there at all, because of course there's no relationship
39:21
between this and Fleming. But why would you want to have a bank? Well, supposing that you were helping out an African dictator move all of his money, it might be useful for you to be able to go and do a login to see the account which contained all the money. Also, if you've won the Canadian Lottery,
39:42
and many people here have won the Canadian Lottery, one of the things you'd find is that the people at the Canadian Lottery have very helpfully taken your money and they've put it in a high-interest, yield-bearing account, so that when you get the money,
40:03
it wasn't thought of being wasted. It's been earning interest all the time. But unfortunately, when you go and look at your money and sign into the Merchant Bank where they put it, you'll discover that you owe them 500 euros for opening the account. And under the bank's obscure rules, and they're very sorry about this, you can't actually pay for it for the money in your account. You'll have to send them some money from elsewhere,
40:23
which is how they make money on the Lottery. So, the man there waving times at me and saying that I'm running out of time. So, I will finish by showing you this one
40:41
because I think it's just so fantastic. Right? This is a high-yield investment program, and they offer you 110% return after one day. No wonder the banks make money if they're only giving you half a percent a year if they can make money at this rate.
41:03
Now, the really fun thing about these things is that they are, the people who take part of them know that they are a scam because what they do, it's a Ponzi scheme, right? What they do is they take in money today and they pay you your interest owed on what you deposited yesterday
41:21
on the basis of how much they're taking today's money and using it to pay off yesterday and so forth. Right? So, provided you've got new people turning up putting in money, then the people at the beginning make a profit. Therefore, if you know it's a Ponzi scheme,
41:45
then there are people who will tell you, lots and lots of sites, which will tell you about all of these schemes, which ones are new, which ones are still paying out and so forth, so you can invest your money wisely in the Ponzi schemes which are still on the process of taking off
42:02
so that you can make some money. I'm a little cynical about this. I think the only people who are really making money out of this is this guy who's written a book about it and he says the first thing you must do is admit to yourself it's a Ponzi scheme and after that, try and make some money.
42:23
So, I think I've plugged this book for long enough. I'll take that off and say that since I've run out of time, I will skip a lot of the rest of it. My apologies and we'll go down to the end where you will see the link to our blog, where we put all the cool stuff we do,
42:41
and to my publications page. Thank you very much. I will take questions if people have them.