Troll Update
Friday's Troll attack on TBP generated some fascinating stats.
Number of attempted comments: 212
IP Addresses used: ~60
Names Used: 12
Kudos to Movable Type -- once I labeled his comments as spam, their system very quickly identified the pattern and eliminated 95% of them prior to their showing up on the blog.
In addition to Nostradame, he also used Panzner's and my name, as well as others he pulled off of comments list in an attempt to hide his identity (anyone accidentally banned or deleted, please let me know).
The Nostrodame troll had IP Addresses randomly assigned, through a corporate, or more likely, a University network. But these addresses aren't truly random -- they are all assigned via the broader ISP trunk, and are readily traceable. And because he used so many IP addresses, its a simple matter to track down the school. In fact, my IT guys tell me they can identify the precise dorm room it came from.
And trying to post over 200 comments was probably via an automated system. Still, manually punching in 200 captchas, only to see them deleted moments later must involve an extraordinary lack of anything better to do. Who is that bored or has that much spare time? Amazing.
Anyway, the upshot of it is that Typepad has initiated an investigation. Their security personnel and lawyers will determine if its prosecutable. I'm not sure if being an asshat is technically a crime, but because of the systemic automation, my IT department tells me it could be.
Regardless, the behavior surely violates any University's code of behavior. Wonder what they are going to do when the data and IP addresses are turned over . . .
Nostradame -- I had fun! I hope you did too!
>
Spam Comments from Nostrodame
Saturday, April 12, 2008 | 05:00 PM | Permalink
| Comments (59)
| TrackBack (0)
add to de.li.cious | 
digg this! | 
add to technorati | 
email this post
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/t/trackback/763/28030598
Listed below are links to weblogs that reference Troll Update:
Comments
Barry, if Dante were alive today, he would find a special circle in hell for the spammers and sockpuppet trollers of this world.
I may not always agree with you, or some of your commentators, but I defend the right of you to do everything you can to prosecute these folks to fullest extent possible.
Go get 'em!!
Posted by: Karl K | Apr 12, 2008 5:31:33 PM
What a loser. When you find the dorm, let us know so someone can try a college prank like pennying his door :D
Posted by: matt | Apr 12, 2008 5:40:00 PM
I hope he gets expelled from school, what a jerk. Of course, if he's busy spamming, he isn't studying, so he'll have to resume his operations from his parent's spare bedroom.
Posted by: Billy Shears | Apr 12, 2008 5:41:39 PM
I remember the penny trick in the dorms....worked like a charm! Unfortunately, there was payback...
Posted by: Billy Shears | Apr 12, 2008 5:43:17 PM
Hunting trolls is fun and easy.
Posted by: Max | Apr 12, 2008 5:50:34 PM
Some years back I worked over some Internet thugs with a civil action based on an old theory called trespass to chattels, which is recognized in a number of jurisdictions. Intellectually interesting, but probably not worth the effort.
It is surprising how much spare time some bozos have to waste.
Posted by: No_Bear | Apr 12, 2008 5:54:08 PM
It is a crime because of the malicous intent to disable or otherwise harm the normal system.
Posted by: John Borchers | Apr 12, 2008 6:05:29 PM
BR,
you may consider publishing the, further, identification of yon' troller, in the interest of providing additional market clearing information v. the actions taken by the, various, responsible parties..
Posted by: Mark E Hoffer | Apr 12, 2008 6:16:15 PM
TALL TREE...........SHORT ROPE.
Posted by: Ross | Apr 12, 2008 6:42:20 PM
Nice alternate text.
Posted by: crack | Apr 12, 2008 6:48:01 PM
I've got plenty of trolls but you don't waste valuable blog space on them
Posted by: Timothy Sykes | Apr 12, 2008 6:50:45 PM
Blog stalking... Is that celebrity status or what?
Posted by: Deborah | Apr 12, 2008 6:53:32 PM
I had way more free time in college. And high speed internet. Those were the days.
Kind of a weird choice of targets, though. Smart enough to find a good blog, dumb enough take offense for comment moderation?
Posted by: stevesliva | Apr 12, 2008 7:01:14 PM
Good for you, Barry.
Posted by: Mongo | Apr 12, 2008 7:32:42 PM
In consulting for clients about information security I sometimes get the following question "if you can't break into it then its secure right?" - my usual response is "no i have a life - i am not a bored 13 year old in [detroit,russia,india,china, etc] with nothing but a computer, time on my hands, and a doubtful future".
Posted by: yoshi | Apr 12, 2008 7:41:58 PM
Here at Johns Hopkins they will expelled you for the folowing:
c. Harassing others by sending annoying, abusive, profane, threatening, defamatory, offensive, or unnecessarily repetitive messages, or by sending e-mails that appear to come from someone other than the sender.
Inded, you have to be a real punk to do it.
Posted by: maximo | Apr 12, 2008 7:53:12 PM
ah how sweet KKK Karl is also a suck up...
How many pairs of kneepads do you go thru in a given mo. ?
Posted by: km4 | Apr 12, 2008 7:55:23 PM
Correction: Meant to say Indeed!
Posted by: maximo | Apr 12, 2008 7:55:29 PM
I'm 100% in favor of identifying the school, the dorm room, and the loser who should have been studying for his basketweaving exam.
Posted by: bluestatedon | Apr 12, 2008 8:07:48 PM
I'm 100% in favor of identifying the school, the dorm room, and the loser who should have been studying for his basketweaving exam.
Posted by: bluestatedon | Apr 12, 2008 8:09:49 PM
BR:
For those of us who are not IT geeks or nerds and who are somewhat or completely lost regarding what you are saying happened here perhaps a detailed and very basic explanation would be desirable.
You seem to be saying that someone posted several hundred identical entries using different email accounts over a short period of time using some manner of automated software that opened the email accounts and performed the posting.
Is this the new version of the "all caps" post?
Why not just remove the duplications so that only the original remains ... perhaps your own automated software can do that at all times.
What was the original "pre-duplication" post anyway?
Posted by: esb | Apr 12, 2008 8:14:06 PM
BR:
I notice that the two posts immediately above mine of 8:14:06 are duplications.
Is this a (small) example of this process?
Posted by: esb | Apr 12, 2008 8:20:47 PM
Most likely some kid or hacker paid by someone who didn't like being exposed as a buffoon or fraud... guess you gotta expect that.
I wouldn't suppose you could track the down any more than you could track down whoever sends me the five-ten via gra spams every day.
Posted by: Bob A | Apr 12, 2008 8:22:41 PM
hope he is not french, though his troll name. or i would be ashamed. France could want to join your action ;-)
Posted by: mat | Apr 12, 2008 8:51:59 PM
oh, would it be that the troll sees himself as a kind of heir of the Quasimodo of Notre Dame ? ;-)
Posted by: mat | Apr 12, 2008 8:56:10 PM
No doubt a "rogue troll" from a respectable banking institution.
Posted by: Winston Munn | Apr 12, 2008 8:57:51 PM
Call in his/her student loans!
Posted by: judyo | Apr 12, 2008 9:07:23 PM
may his/her portfolio be fully invested in First Marblehead or Thornburg
Posted by: Wade Black | Apr 12, 2008 9:14:18 PM
It took me only 10 minutes to set it up. I am rewriting the code to make the hits more responsive and quickly adaptive to their ridiculously primitive Movable Type (Let me know if you want me to repeat the show, it will keep you attached to your computer 24-7, maybe I should do it because you have never apologized. I am too nice to you). Typepad is a very weak platform. I cannot believe you are using it. I think you are also paying for it. What a waste of money! WordPress is a hundred times better written, more secure and free. (NYT and WSJ use WordPress)
Your IT department is a bunch of clueless morons (fire all of them and hire someone who knows the field). They do not have a clue or they are giving you bologna. I did not use any University based PlanetLab or CoDeeN system. I am not stupid.
Typepad can investigate what ever they want. Their security personal cannot add 1+1 but you think they can trace it. There were no laws violated at all (Typepad’s lawyers are a bunch of illiterate high school drop outs, they need to pass the bar exam first, I doubt they can pass the exam without knowing the first amendment), it was not spam. This is a public blog (it is not a private blog or private email account, you did not secure it with a password and you did not restrict it). Moreover, I guarantee 100% they cannot trace anything. Do you want to make a bet they cannot trace it? Lets each of us put $100K in an escrow account and make a bet that those dorks cannot trace it.
Here are the real stats from my program (proving that your IT department is a bunch of morons):
240 hits over 24 hours
58 completely different IP addresses coming from 32 different countries (none of them from any University)
Posted by: Nostradame | Apr 12, 2008 9:34:15 PM
Nostradame - go back to Slashdot!
Posted by: pmorrisonfl | Apr 12, 2008 9:47:50 PM
I was wrong - a rogue asshat.
Posted by: Winston Munn | Apr 12, 2008 10:09:38 PM
BTW, the new redesign happens to be on WordPress.
Posted by: Barry Ritholtz | Apr 12, 2008 10:26:54 PM
yo...that guy is cool...NOT!!!!
Posted by: SINGER | Apr 12, 2008 10:54:44 PM
Yep, WordPress 2.5 new version was released last week and there are more than 1000 free fantastic plug-ins giving additional amazing functionality as needed.
WordPress is both free and priceless at the same time.
http://wordpress.org/
Posted by: N_o_s_t_r_a_d_a_m_e | Apr 12, 2008 11:17:48 PM
Like I said, dude, you are a dick.
Posted by: Marcus Aurelius | Apr 13, 2008 12:17:39 AM
If you think you are doing Barry a service . . . why don't you get a real job . . . or start up a company of your own that for a FEE and WITH THEIR APPROVAL would test their security. Otherwise your just being a punk and a doing a disservice to society.
As a Master student in ECE, if you think you've got such skill, then doing this crap is a horrible waste of talent. If you have such skill you'd actually be able to get hired on by a security company and would be making tons of money . . . otherwise you're just some two-bit joker who is a menace to society.
Trust me kid . . . in the real world companies don't give a rat's behind that you were some hacker, or pwned a blog . . . they care that you know your crap, work hard, and can help their bottom line.
So instead of hacking a blog, why don't you get a 4.0 at a great University, get involved in the field of internet security, get a job, and make something of yourself.
Otherwise . . . have fun living in your mom's basement for the next 10-15 years.
Posted by: Shane | Apr 13, 2008 12:39:29 AM
I find this awfully funny. Generally I'm a big supporter of Barry since he is so anti-Establishment. But in this case, he seems to be the Establishment. So I'm tempted to root for the spammer.
I have to admit too that a sense of revenge and the virtue of drive are both admirable qualities. Not to mention technical know-how. Hmmm... both parties seem to excel in these categories. Could this turn into the 21st Century version of Willie E. Coyote and the Roadrunner?
I think the WOPR that Matthew Broderick hacked into some 20 years or so ago has some good advice: "The only way to win is not to play."
Posted by: Sherman McCoy | Apr 13, 2008 12:39:48 AM
If this guy is as smart as he claims to be then I have to say he is wasting his talent and time. What a lack of creativity as well. Go after someone evil like Wal-Mart, Microsoft, Google, or the Chinese Interior Ministry.
Don't be a jerk to someone like Barry. So what if he monitors his blog. Name someone who doesn't protect the integrity of their virtual space.
Actually, come to think of it you might be a Google reject or Microsoft wash out.
Posted by: maximo | Apr 13, 2008 12:48:23 AM
Keep posting the truth Barry. Keep beating that drum.
Posted by: Trainwreck | Apr 13, 2008 1:11:46 AM
"I'm not sure if being an asshat is technically a crime,"
I think that would depend on what position or level you held. And whether or not your decisions (as a asshat) influenced alot of other people's lives.
Posted by: Pat G. | Apr 13, 2008 1:18:24 AM
Should he be French let him find his Esmeralda! but I am afraid he is not Victor Hugo when reading his title:)
Posted by: Philippe | Apr 13, 2008 2:26:55 AM
Lemme know what dorm room he's in and I'll send him a dunce cap.
Posted by: bugly | Apr 13, 2008 5:46:54 AM
OK, I'll bite. What is so inherently good about being anti-establishment? And what is so "good" about being a hacker? Didn't your mommy and daddy love you when you were a child? That's OK, you can tell us all about your unhappy childhood.
All of us can do things we know we shouldn't do. So is there a point, or is it just a mental problem thingie?
Posted by: Nihilism | Apr 13, 2008 5:47:21 AM
Just because you can doesn't mean you should.
I understand that the drive for status is a all consuming affair, but what's the result. Do you want to be the governor who doesn't love his wife? How about the hedge fund manager in his isolated mansion? Or the pro athlete that can't walk without pain when he is 40?
There is nothing wrong with success, but true success comes from cooperation and not from competition. In war, business or life. Become the next Marc Andreessen and move the ball forward.
Posted by: steve | Apr 13, 2008 9:30:27 AM
To paraphrase Patton Oswalt it often seems that scientists and technologists are "all about coulda, not shoulda."
Posted by: Kris Tuttle | Apr 13, 2008 9:52:52 AM
To paraphrase Patton Oswalt it often seems that scientists and technologists are "all about coulda, not shoulda."
Posted by: Kris Tuttle | Apr 13, 2008 9:53:13 AM
I think the worst part of the problem is that Nostr. is off topic. If your so smart why don't you add some unique insight to the topics covered by the blog?
That would be stepping up to the plate, rather than throwing crap at the umpire.
Posted by: alexd | Apr 13, 2008 10:24:28 AM
What is so inherently good about being anti-establishment? And what is so "good" about being a hacker?
Posted by: Nihilism | Apr 13, 2008 5:47:21 AM
because you asked....
there's nothing much good about being a hacker. Just because you disagree with something doesn't give you the right to shoot someone or damage their space when you have the power to change things and most hackers have the brains and talent to change things. Besides, putting out grief only earns grief with interest. We reap what we sow no matter how justified. I like to turn my frustration into fuel in order to make the world I see and interact with that much better. It is better for the gut that way. I'm beginning to get addicted to that feeling of respect I am given when I head to work each day. It only took about 20 years to build
With that being said, I can't endorse a world system myself that starves 50,000 innocent children every day for lack of less than about 1% of world GDP
And save your justifications. I've heard them all before. 1% is pocket change for all of us. We'd do it for a loved one in a second. Yet most are too busy loving themselves and the rolls that will be in the junkyard or used car lot soon after the 3rd world kid is dead
Posted by: DavidB | Apr 13, 2008 10:58:03 AM
And I thought I didn't have much of a life. This goofball is from another planet. At least I have a purpose for writing when I choose to, but freaks like him make this place totally unappealing.
BTW, I just finished 'The Trillion Dollar Meltdown'. It's a fast read and a great explanation of the current financial problem. I highly recommend it, especially to those who only see gloom in the form of shadows. This book will add substance and, hopefully, raise the level of pessimism here to knowledge based pessimism.
Posted by: cinefoz | Apr 13, 2008 11:19:22 AM
testing testing....
i wonder if nostradamnus is the troll who would post under my screen name occasionally...
He seemed like a right winger (wanker?) Bushler youth type.
find him and prosecute.
Blog about it. Put the fear of god in some of the internet's more feverish fascists.
Posted by: brion | Apr 13, 2008 11:48:30 AM
Most hackers were pathetic little kids who didn't and can't seem to find a fit in society.... They are screaming for attention and probably struggle in the REAL world.... Poor pathetic little nerds! Borderline trench coat types........ I guess the little geek is getting his wanted attention........Pathetic!!!!!!!!!!
Posted by: stckpkr7000 | Apr 13, 2008 12:42:00 PM
"Most hackers were pathetic little kids who didn't and can't seem to find a fit in society"
Actually hacking is the largest black-market industry on the planet. It is believed that there hackers who control botnets with millions of zombies. It is estimated that the best hacker rings gross billions and operate under tacit governmental support. Its a statistically certainty that some of you are posting from root-kitted zombie computers.
http://www.computerweekly.com/Articles/2008/04/11/230252/rsa-2008-american-public-ignorant-of-botnet-threat.htm
http://www.darkreading.com/document.asp?doc_id=150292
The best way to protect yourself:
http://www.nsa.gov/selinux/info/faq.cfm#I1
Posted by: squeezed | Apr 13, 2008 1:54:04 PM
I remember years ago when blogs first started and Google was still a real search engine (albeit with a butt-simple algo that was ridiculously easy to crack). There was a bot that would use Google to search for mt-comments.cgi and then cache the results and visit each page and leave predetermined links/blurbs/etc at the rate of 5000 blogs per hour.
The whole cause of all those poor bloggers pain wasn't some evil 13 year old kid. It was because the difference between being on the front page of Google and anywhere else was the difference between making $500/mo and $40,000/mo.
Because the Google algo was so easy to figure out, all the ecommerce guys knew they HAD to have as many links with the right keyword text pointing at their sites as possible.
Posted by: l33tf00l | Apr 13, 2008 2:11:19 PM
It is estimated that the best hacker rings gross billions and operate under tacit governmental support.
Do the Free Masons have anything to do with this?
Clearly this poor fuck just needs to get laid. And unfortunately, apart from their lack of social skills, many of these hack3rz are far less smart and more traceable than they believe themselves to be.
BTW Barry, great blog.
Posted by: Mikey | Apr 13, 2008 2:59:06 PM
Spammers suck.
They make me long for the days of the Arpanet and the early Internet, when everybody knew your name, and the flame wars were so much better.....
Posted by: donna | Apr 13, 2008 5:05:22 PM
He's not a Hacker, nor a slashdotter, he's a script-kiddie.
Hiding one's IP address takes about 10 seconds. Rerouting takes about 20. He probably downloaded the code from some message-board.
Posted by: Dervin | Apr 13, 2008 5:46:24 PM
Well if this is a "World or American elites" sponsored attack on good information from informed sources I am very sad about that and that they can do it.
Posted by: Simon | Apr 13, 2008 6:38:59 PM
the isp / uni most likely will not give out his information
you alone cannot trace it to a specific dorm room, only the uni can match the logical location to the physical location, unless of course, you have obtained that information
Posted by: paul | Apr 14, 2008 12:14:43 AM
DavidB. I live in a 3rd world country.
I see what you talk about everytime I
leave the subdivision that I live in.
I see kids begging for money, starving
and diseased dogs on the street.
We can throw money at the problem. But
I believe most rational people would object
to paying for someone else's joy-joy or
supporting their family. I believe you
shouldn't have kids you can't feed and/or
won't be able to find meaningful jobs.
It sucks being a child of these parents.
Perhaps the government should do family
planning. My wife is one of six kids.
Her sister had six more kids.
There are so many people saying that
the US shouldn't be the world police.
I don't think we should be world's
nanny either.
Posted by: Rock | Apr 14, 2008 12:41:17 AM
