Hacking The Scammers

Most of those who come accross this blog have received e mails from Nigerian spam artist. I opened this one up this morning:

DEAR ONE,

PLEASE DO NOT BE EMBARASED,I AM SEEKING FOR YOUR
ASSISTANCE TO HELP ME CLEAR ONE TRUNK BOX CONTENT $10.5M US DOLLARS WHICH
MY LATE FATHER DEPOSIT IN A SECURITY COMPANY HERE IN ABIDJAN COTE D IVOIRE.

YOU WILL COME DOWN TO ABIDJAN. AND I WILL TAKE YOU TO THE SECURITY COMPANY
WHERE MY LATE FATHER DEPOSIT THE BOX. AND YOU WILL SIGN SOME DUCUMENTS THEN THEY WILL RELEASE THE BOX TO YOU.

PLEASE IT IS MORE THAN URGENT,I PROPOSE 15% OF THE TOTAL MONEY AS YOUR SHARE FOR YOUR ASSISTANCE WHILE 5% FOR ANY EXPENCES YOU WILL INCURE TO SEE THIS TRANSACTION THROUGH.

I WISH TO TELL YOU THAT I AM FINDING LIFE VERY DIFFICULT SINCE I LOST MY FATHER.
I WILL DETAIL YOU MORE AS SOON AS I HEAR FROM YOU.

PLEASE REPLY ME IMMEDIATELY FOR MORE DETAILS.

THANKS AND GOD BLESS.

CHRISTINA UMEH.

Did anyone watch 20/20 last night? I had to laugh when watching the woman from down south who sent them her bank account numbers. People who deal with these scammers are all too often just greedy. No one, and I mean NO ONE, gives out millions to forigners for free. (Well maybe our own government). Anyway, below is some of the header information from the above e mail sent to my Yahoo e mail account. (I get a lot).

X-Apparently-To:
frannyward@yahoo.com via 206.190.49.125; Sat, 09 Dec 2006 02:00:16 -0800
X-Originating-IP:
[68.142.236.185]
Return-Path:
(c_umeh586ci@yahoo.com)
Received:
from [196.201.89.11] by web58502.mail.re3.yahoo.com via HTTP; Sat, 09 Dec 2006 02:00:12 PST

The only thing that I am interested in is the “Received” field. The ip address that is shown in red is where the message was composed. So I open up “Sam Spade” and punch in the address. This is what I get:

12/09/06 10:24:20 IP block 196.201.89.11
Trying 196.201.89.11 at ARIN
Trying 196.201.89 at ARIN
African Network Information Center
NET196 (NET-196-0-0-0-0)
196.0.0.0 – 196.255.255.255
RIPE Network Coordination Centre RIPE-ERX-196-200-0-0 (NET-196-200-0-0-1)
196.200.0.0 – 196.207.255.255
# ARIN WHOIS database, last updated 2006-12-08 19:10
# Enter ? for additional hints on searching ARIN’s WHOIS database.

Curious, I then type in my browser http://196.201.89.11. I get a login page that is in french saying this: “Veuillez vous authentifier pour entrer dans la configuration du Evo-WR54ADSL”. I don’t read french so I copy it and paste it into Google’s Language Tools. Volia! “Please authenticate itself to enter the configuration of Evo-WR54ADSL”. Enough of a translation for me.. It’s a DSL router, complete and out in the open with a username and password dialog box, just waiting to be hacked..

Cheers.

Advertisements

2 thoughts on “Hacking The Scammers

  1. You are AWESOME!! I can’t believe you are not a Computer detectiveYou should try to get back that dumbass doctor’s money who sent 300K+ for the Nigerian black money Scam.After that you can find Jimmy HoffaTaz

  2. Yes, I’m so smart that I found this IP addy: http://68.85.23.77 that has visited this blog 66 times in the last twenty four hours..12/12/06 22:28:43 dns 68.85.23.77nslookup 68.85.23.77Canonical name: c-68-85-23-77.hsd1.pa.comcast.netAddresses: 68.85.23.77I think I’ll ban it via .htaccess

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s