GhettoWebmaster.com

Seriously…

Here’s an email that was just forwarded to me from my hosting provider (Oxeo):

Dear ISPrime, Inc.,

We have just learned that your service is being used to violate PayPal trademarks and/or copyrights. Specifically, it appears that an ISPrime, Inc. user is hosting a page at 64.111.214.22 – http://www.ghettowebmaster.com/images/paypal-phishing-email.gif which uses our trademarks inappropriately.

While we believe that the above information gives your company more than a sufficient basis for disabling the page immediately, out of caution we note that your user’s unauthorized reproduction of PayPal trademark and copyrighted materials violates federal law, and places an independent legal obligation on your company to remove the offending page(s) immediately upon receiving notice from PayPal an eBay, Inc. company, the owner of the copyrighted materials. Accordingly, the information below serves as PayPal’s notice of infringement pursuant to the Digital Millennium Copyright Act, 17 U.S.C. Section 512 (c)(3)(A):

I, the undersigned, CERTIFY UNDER PENALTY OF PERJURY that I am the agent authorized to act on behalf of the owner of certain intellectual property rights, said owner being named PayPal Inc. I have a good faith belief that the website located at URL http://www.ghettowebmaster.com/images/paypal-phishing-email.gif has its copyright in each page of its website and associated source code.

Please act expeditiously to remove or disable access to the material or items claimed to be infringing.

We sincerely appreciate your immediate attention to this important matter. We would also appreciate if you would take steps to confirm the accuracy of any contact information that your user may have provided to you in establishing the account. Should you have any accurate information that could assist PayPal and law enforcement in tracking this individual, we greatly appreciate your assistance, as we know that you do not condone the use of your services for such criminal purposes.

Finally, please be advised that we have referred this issue to the Federal Bureau of Investigation for their investigation. The F.B.I. has requested that we convey to you in this message their request that you preserve for 90 days all records relating to this web site, including all associated accounts, computer logs, files, IP addresses, telephone numbers, subscriber and user records, communications, and all programs and files on storage media in regard to all Internet connection information, pursuant to 18 U.S.C. ? 2703(f). While we do not act as an agent of the FBI in conveying this request, we do intend to fully cooperate with their investigation, and encourage you to do so as well.

eBay/PayPal Inc.
Audit and Investigations
securityalerts@ebay.com

Wow. Looks like a message I would expect to get at a throwaway email address that goes with a bogus identity used to purchase some hosting if I were running a PayPal phishing scheme. It was totally unexpected, however, to get as a person who blogs about IT Security related stuff and used the image as a real life phishing email example in a blog entry posted over a year ago.

The blog entry that image is (legally) used in:
Porn Site Hacked, 16K Emails Snatched, Epic Fail at PayPal Phishing Attempt

Here’s the email I sent to my host in response to the email they forwarded over:

Hey,

That image is being legally used (“fair use”) on this blog entry:

http://www.ghettowebmaster.com/spam/porn-site-hacked-16k-emails/

Please tell eBay/PayPal Inc. to piss off.

^^^ That’s really cute. It’s as if they think I’m using the image for a phishing scheme vs. as an example of one. I’m forwarding this over to some IT Security contacts. This is total BS.

Please call me if you guys have any questions:
[phone number removed]

Thanks in advance,

Loren J. Williams

Their response:

Hello,
You may want to convey this directly to paypal at ftsteam@paypal.com, if you would like though I can relay your message to them, just let me know.

Me again:

Hey,

I’ll message them in a bit with the url to a new blog entry where I’ll use the image again and kindly (lol) tell them to piss off. Thanks for forwarding the message over to me and not acting like an irresponsible host by pulling the image or anything goofy like that.

- Loren

The image in question:

So… What we obviously have here is eBay/PayPal Inc. trying to be proactive in getting their insanely huge phishing issues under control. What we don’t have is a reasonably sane team actually researching the images they are likely finding via a Google image search. This is insane at best and has my nerd blood boiling to nerd rage levels. I wonder how many other people have gotten similar messages from their hosts or simply had their sites shut down without warning.

Proactive = Good
Proactive + Retarded = Bad

Dear eBay/PayPal Inc.,

Piss off.

- Loren J. Williams (LoLo)

Update (7/15/09 – 6:15am-ish)
Here’s the email I ended up sending eBay/PayPal yesterday:

Hello,

Your message to my host was anything but cute. The image in question is being used as a real world example of a paypal phishing email on a blog entry from January of 2008.

Here’s that entry’s url:

http://www.ghettowebmaster.com/spam/porn-site-hacked-16k-emails/

And, here’s a new entry with my formal response to you:

http://www.ghettowebmaster.com/legal/ebay-paypal-reported-me-to-the-fbi/

You guys need to get your head on straight. I can only imagine how many other security researchers got a similar email.

Here’s my contact info in case you would like to pursue things further legally:

Loren J. Williams
[address / phone # removed]

Email addresses:
[removed]

P.S. That new blog entry will likely be making the rounds all over the internet this week. Congrats on making your company look like a bunch of retards.

- Loren J. Williams
Ghettowebmaster.com. etc…

That last line is already haunting them…

When shit hits the fan it’s always best to pick up the bat phone, light up the sky with the bat signal, or in my case: run to Twitter and send PaperGhost a message asking for “serious nerd rage backup”. His nerd rage also went into full fury after being forwarded the messages I had gotten. That resulted in a post on FaceTime’s Blog.Spyware.com: EBay / Paypal Reports Security Blog To FBI For Phish Screenshot and a tweet to pimp out that blog entry. And, that tweet has received a metric ton of retweets – thanks for the support everyone.

It’s pretty obvious that this story will make the rounds on the tech blogs and whatnot today. So, I repeat: Congrats on making your company look like a bunch of retards.

In other news… In order to avoid a shootout and prolonged hostage situation I went ahead and surrendered to the FBI this morning…

…via Twitter. lolz

Update (7/20/09 – 10pm-ish)
This story made the front page of reddit and is getting a bunch of comments here and there that pretty much demand some kinda response from me.

“Please don’t call them ‘retarded.’ It’s childish and counterproductive.”
“damn you’re an arrogant geek.”
“…they do NOT deserve the abuse you are heaping on them. Show you are the better man…”
“You would do yourself a world of good by using more formal language in your communication with your ISP, eBay/Paypal, and your blog readership.”
Etc, etc, etc…

Did you guys bother to read the name of the domain you’re on? Childish & immature is what I do. Could I be more formal and not come off as a prick? Sure. That wouldn’t capture the demographic I aim for though. There are plenty of IT security blogs that IT security people and other nerds read. I write in a way that appeals to the Joe the Plumbers of the world. And, let’s face it: they seriously need the info more than you. Telling me to be more professional is like telling Jon Stewart that he needs to take a cue from Wolf Blitzer.

And… I’m an arrogant and immature prick so this arrangement works out fine.

One comment did rightfully slam me…

Hey thanks a lot- I’m an email scammer and thanks to you hosting that image, now I can send out as many phishing emails as I want. All I have to do is link that image to my phishing site and plenty of morons will click it. Trust me, the date won’t stop anyone who’s dumb enough to fall for a phishing scam.

Most spam filters won’t let phishing text through, and when I send out emails with images linked to MY sites, it gets caught by URIBL- but yours is a nice, clean domain and with your blind rage (and lack of common sense) I’m sure it will stay that way for a looooong time- or at least long enough for me to rip off a few hundred unsuspecting old people. But who cares about them, they’re old! Like they’re going to spend that money anyway.

Thanks again!

I would be majorly pwned if someone used that image in a phishing campaign. And, it would likely slip through spam filters. So, I’m going to add some text to it right now.

The skinny:

1. Some eTards decided to harass Officer John Nohej for having a MySpace friend who linked to adult content when he was simply trying to reach out to kids at the middle school he is assigned to.

2. Hilarity ensues as netizens rip the eTards apart for this retardedness. The school he works at? They had a link to a domain parking page from a belly up clip art site they linked to. What ads were splashed across that domain parking page? Gay porn, seriously. It got worse for them when I pointed out that the technology-challenged “elite cyber crimes task force” investigating Officer Nohej is guilty of all sorts of stuff that also doesn’t matter on MySpace.

3. In their infinite wisdom, they decided to (screw up while trying to) hide their own “misdeeds”…

Their friend list from a few days back:

Their friend list and comments now:

What the hell?

They ran to another third party site and got code to hide their friend list and comments. And, once again… they didn’t remove the extra code included which links to a site pushing adware:

What kind of places does that site link to?

Yuppers, the ad network that site does business with serves up a ton of Zango banners. Nice.

I think it’s time for this “elite” interweb task force to go ahead and ask one of the kids they are supposedly protecting to help them out with their MySpace.

Update:
They went ahead and deleted every comment from their MySpace page. lolz

I stole this blog’s title from the ending thought Alex Eckelberry (someone who understands the interweb) left on his latest blog entry. He gives a solid overview of the current retardedness being shown by law enforcement (people who don’t understand “that interweb thingy”). The last big story like this was the Julie Amero case. Just like in Julie’s case, John Nohejl is being fed to the wolves over total BS.

Kevin Poulsen (he really understands the interwebs, too) explains:
Gulf Middle School resource officer John Nohejl didn’t have porn on his MySpace profile, and he didn’t link to porn. But one of the 170-odd people on his friends list, which seems mostly populated by students at his school, had a link to a legal adult site. Now the New Port Richey Police Department and the Florida attorney general’s elite cyber crimes unit are investigating him for making adult content available to underage children.
Source: Wired.com

Shortly after this story broke, a link going to gay porn was found on the school’s website! The great thing about this is that the school has FULL control over the content of their website. John Nohejl on the other hand has zero control over the content on his friend’s MySpace pages. Who’s the screw-up now?

Alex ended his blog entry with some nice bait:
At least one thing is heartening — the good folks over at the Florida Cybercrimes unit have their own MySpace page. They may quickly see how ludicrious this whole thing is.

Well, I took the bait. After a good ten minutes of looking over the profile of this “elite” cybercrimes task force that’s actively investigating John Nohejl’s MySpace I found the following…

Being the interweb gods that they are, they used code from a third party website to pimp out (add style / graphics) to their profile. Included in that code was five troublesome links they didn’t remove. All five links are promoting two “MySpace page pimping” sites which as a whole are known to be breeding grounds for all sorts of evilness. The two in question here are actively promoting several sites known to distribute adware.

Here’s one button and two text links going to those sites:

Another banner ad:

And, another:

So… Besides having a hideously ugly MySpace page full of broken code, they are sending kids to sites that promote adware. After seeing that, I dug into their friend list to give them a taste of the exact same BS being served to John Nohejl. Here’s what I found on their friends’ pages…

Promotion of some funky head shop “legal weed”:

via this friend.

That same friend has a banner in her comments promoting a site which is known “to steal your MySpace username and password by posing as a profile tracker“. In fact, several friends of theirs have the same thing on their pages. Nice!

Another friend of theirs seems to be a lost cause. That page has links to phishing pages and all sorts of other evil stuff. Those email addresses spammed in the comments… Yeah, those will lure you to sites with boobies all over the place if you dare message them.

Go dig for yourself, there’s plenty of double standard to be found in them hills ;-)

Seeing these eTards go after this cop sure reminds me of someone…

I’m sure these experts are just as ninja at the interwebs as the jackass pictured above.

Just noticed the below internal message in my ePassporte account. Anyone have the scoop on this? It smells like BS to me. I imagine it was a processing fee issue and ePassporte felt MasterCard was getting more than their fair share. If this is a smear campaign based on something like that, ePassporte just screwed up big time. I smell a lawsuit brewing…

————-
From: Internal Notification
To: [Removed my ePassporte account name]
Received: Jan 10, 2008 2:41 PM PST
Subject: Important Notice about MasterCard Credit/Debit Load Cards

Dear Account Holder,

ePassporte currently does not accept MasterCard Credit/Debit Cards for loading funds. ePassporte does not believe MasterCard’s security procedures meet the standards required by ePassporte to ensure the security of our Account Holders.

Alternatively, you may use a Visa Credit/Debit card to load funds to your ePassporte Account. To add a Visa Card, please log into your ePassporte Account, click on “Load Money”, “Credit Card” and the “Add a New Credit Card” link.

You may also use your US checking account to transfer funds to your ePassporte Account. To add a US Bank Account, please click on “Load Money”, “US Bank Account” and enter your bank account details.

We apologize for any inconvenience this may have caused you. Please do not hesitate to contact us for further assistance.

Thank you for choosing ePassporte.

Best Regards,

ePassporte Account Holder Services

For those of you that missed the insanely huge (over-publicized) story of MySpace filing suit against Scott Richter back in January, here’s a little pre-blog warm-up…

Step One:
Watch this video and bathe in the douche baggery that is Scott Richter, AKA: The Spam King…

Step Two:
Wonder to yourself how I managed to put bathe, douche, and one of the biggest shit bags on the internet into the same sentence without disrupting the space-time continuum.

Step Three through Twenty-Six:

Get that mental image of Doc Brown out of your head.

Step Twenty-Seven:
Go read or reread this old blog entry of mine about MySpace filing suit against Scott.

“Based on [MySpace's] track record of unrelenting incompetence and boneheaded moves, I find it unlikely that they’re really ready for this war.”

My predictions in that blog entry have proven to be dead accurate so far.

Step Twenty-Eight:
Ponder the notion of me being a time traveler like George Bush to explain away my ability to predict the future.

All caught up? Good. Now, let me explain what all the legal mumbo jumbo in them there fancy legal documents actually means…

Read more…