[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
[LI] help: Notorious Usenet spammer - who has had India blocked from usenet in the past
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[rather off topic - but involves India's future well-being on usenet]
This is about a notorious hacker / spammer who calls himself
Hipcrime. He seems to be operating off a Satyam dialup in Delhi
afaict. (202.54.100.* is Satyam).
Can someone help? Any info? And is there someone in Satyam
Delhi I can contact? This guy led to VSNL's NNTP server being
banned from most newsgroups, for a long time.
More on this --
HipCrime is a disgruntled programmer who a few years ago wrote a
Java application that crawled web sites and emailed every 'mailto'
address it found (he later claimed it was to alert the address owners
of the dangers of future spam).
Nanae (news.admin.net-abuse.email) cut his career short. For
revenge, from VSNL IP blocks he runs cancel attacks and floods
usenet with huge quantities of rubbish posted in the names of other
people (mostly netadmins and anti spam people around the world).
Hipcrime's software "NewsAgent" can strip the headers off a legit
post and then massage them and forge post the result which
includes the gibberish body.
The gibberish is meant to be a hash buster among other things to
screw up the Cancel Bots
HipCrime's NewsAgent can do a whole bunch of things: Cancel
posts, Supersede posts, Sporgery (spam forgery) posts, Do a
Sendsys bomb, Version reply bombs, Auto bot reply bombs to *.test
forged posts
Sometimes in combination. One of the biggest attacks in recent
times was Sendsys and Auto Bot Replies of Forge Cancel posts
cross-posted to *.test sgroups.
Many news admins have turned off many of the features. In some
cases, this is real sad since the features had their legitamate
purpose and HipCrime used them as harrassment tools.
FWIE my friend's Blue/Redd/Brown/HipCrime email folder has 926
various messages - most harassment, but some related to tracking
the l00zer down - i.e. email to spam fighters, copies of important
Usenet posts, emails to FBI, and so on....
Aside from using VSNL IP blocks for Usenet harassment, HipCrime
also has in the past got into their email systems somehow and then
bounced mail from them off unprotected IBM VM machines -
particularly at *.EDU domains.
(Of course that was one of his favorite tools in thee Bluelist days
was to bounce email harrassment off these machines which running
old SW would not ID the injection points. Of course some admins
updated their SW and didn't let HipCrime know. :-))
He mostly posts from 202.54.100.*
But in fact the headers I have show an Indian IP address: NNTP-
Posting-Host: 202.144.48.82 which I don't think is VSNL (perhaps a
smaller ISP).
Most attacks come from:
NNTP-Posting-Host: 202.54.100.161
NNTP-Posting-Date: Sun, 02 Aug 1998 00:16:11 EDT
NNTP-Posting-Host: 202.54.100.39
NNTP-Posting-Date: Sun, 02 Aug 1998 01:38:19 EDT
NNTP-Posting-Host: 202.54.100.171
NNTP-Posting-Date: Sun, 02 Aug 1998 02:05:16 EDT
NNTP-Posting-Host: 202.54.100.46
NNTP-Posting-Date: Sat, 01 Aug 1998 19:42:06 EDT
NNTP-Posting-Host: 202.54.100.27
NNTP-Posting-Date: Sun, 02 Aug 1998 00:21:31 EDT
- ---s
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
iQA/AwUBOBeG5JqQidQMDLaoEQK4YACg4WFIS7j1Hn+xE8cCv7MTLZ5ggx8AoIEa
ibxRV2a9t7PAC2gFghTkPgmI
=XO35
-----END PGP SIGNATURE-----
Suresh Ramasubramanian
106D, Aditya Enclave, Ameerpet, Hyderabad 500038, India.
Phone: +(91-40)3736553/3745398 | eFax: +(1-603)590-5437
Suresh@xxxxxxxxxxx | Suresh@xxxxxxxx
http://www.kcircle.com | http://www.angen.net/~pegasus/
The average woman would rather have beauty than brains,
because the average man can see better than he can think.
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available. Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.