Aug 20 2008
Modern way of stealing passwords
Alright, my bookkeeping nightmare is now over, the first half of the year though. It was run against the clock. As all things I hate to do – BUT I MUST DO – I somehow do at the last moment, and my bookkeeping, is one of the worst jobs for me, ever!
Fortunately I’ve got a good bookkeeper, who allows me to do only the necessary things …as less as possible thus, and yet it’s too much for me even then.
The nature of work I guess. Or in short: bookkeeping is just not my thing.
The night was long and I was bussy until 11.00 o’ clock AM this morning, then my bookkeeper came over and after we had a lunch together, here just around the corner, I finally went to sleep.
Avery Tolar: Wouldn’t you lie about having a felon in the family to get a job like this?
Bill DeVasher: He ought to be kept on a short leash.
Avery Tolar: Why? You’ve got nothing to be suspicious about.
Bill DeVasher: I get paid to be suspicious when I’ve got nothing to be suspicious about …
—- The Firm (the movie) —-
When I woke up, I didn’t realise I was still logged on my MSN. And there was of course a message for me waiting. Apparently from a friend of mine. ;-)
And this is how “our short conversation” went:
… in Dutch
| 20/08/2008 | 20:50:51 | Her | to | Me | Iemand heeft jou geblocked op msn, wil je weten wie ga dan naar http://www.messchecker.nl ;-) | |||
| 20/08/2008 | 20:51:24 | Me | to | Her | hmm? | |||
| 20/08/2008 | 20:51:46 | Me | to | Her | zit je mij in de maling te nemen meissie? | |||
| 20/08/2008 | 20:52:14 | Me | to | Her | ik klik niet zomaar op dit soort links | |||
| 20/08/2008 | 20:52:46 | Me | to | Her | hoeistie verder? | |||
| 20/08/2008 | 20:53:13 | Me | to | Her | hmmm oh ah… groetjes |
… and translated into English
| 20/08/2008 | 20:50:51 | Her | to | Me | Someone has blocked you on msn, if you want to find out who, go to http://www.messchecker.nl ;-) | |||
| 20/08/2008 | 20:51:24 | Me | to | Her | hmm? | |||
| 20/08/2008 | 20:51:46 | Me | to | Her | are you trying to make fun out of me girl? | |||
| 20/08/2008 | 20:52:14 | Me | to | Her | I don’t click just like that on that kind of links | |||
| 20/08/2008 | 20:52:46 | Me | to | Her | how are you by the way? | |||
| 20/08/2008 | 20:53:13 | Me | to | Her | hmmm well, oh ah… bye |
As you can see, she didn’t reply on my talk for entire two minutes (which is very unusual, as normaly she always does!) and she wasn’t online either, but I didn’t check that at once, so I just answered “her” previous message in an already open window.
Then there came a very rude instant message from her account again, which said something like this: “Cut out the crap, pretending being offline, I can see you!”
For some reason my MSN didn’t reccord that sentence, so that part is not written in my logs.
And then it made me think even more, because when I received this message, I was online, not pretending being offline, whatsoever… I then indeed logged off and went downstairs to make myself a coffee in order to wake up.
10 minutes later while drinking my coffee I received sms message on my mobile “from the girl I thought I was talking to”. The message said: “What was it on MSN all about, all that flood of yours, I don’t understand a thing!”
I then followed my natural instinct and answerend her like this: “You should definitely change your MSN and Hotmail password, as it’s most probably stolen!”
15 minutes later she sent me an e-mail saying that she followed my advice and indeed changed her password… which was good. Well, I hope for her it was good, no idea how big the damage was.
Then I opened my Firefox browser and went on little expedition. Alright, let’s see what kind of the site is this: www.messchecker.nl
The first thing I noticed, was how BADLY they faked the MSN login page OR perhaps it was just a VERY BAD attempt to make it appear as the site belongs to MSN networks…. Then I wanted to know if the page looks the same in Internet Explorer (as it does!)… see screenshot (click on the picture below to enlarge!).
 |
| “Messenger Check” screenshot. |
However, their own application is called: “Messenger Check!” in stead of “Messanger”, but hey… who’s reading it anyway?!
It’s an optical psychology trick, designed to fool your brain… and this psychological technique is known for a very long time!
Psychology of colors test
Alright, a short psychology of colors test. What do you read?
 |
| Red, Green and Blue right?! Right! Look at it once more, but don’t read this time, just observe … |
Alright. Now that we have an idea, let’s see what I found more on this page…
… just a simple LOGIN page, with MSN Search? field above, Microsoft logo and wel known Msn butterflies in it’s background.. and of course, a few nested MSN links upon it, so it looks real.
The rest of the page is empty. Further no “contact” or “info” pages whatsoever…
Well, oh, it appears empty… but is it really?!
There is a huge gap in between login field above - and it’s page footer, so nobody would expect there is a footer as well (except the one with a short copyright note in it, which is usually the case). You can only notice there is one when you take a look at your scrollbar. Alright, let’s then scroll all the way down and see what the footer has to say. And this is what the footer says:
In Dutch:
U verklaart dat de msn contactpersonen welke in uw msn lijst staan naar alle waarschijnlijkheid interesse zullen hebben in deze site en het op prijs stellen dat u hem of haar op de hoogte gebracht heeft.
Om u aan te melden voor en gebruik te kunnen maken van de dienst moet u 18 jaar of ouder zijn. messengerchecker.nl slaat uw msn gegevens niet op en gebruikt deze niet voor andere doeleinden dan het inloggen op het systeem en het versturen van de uitnodigingen naar uw msn contact personen.”
Interesting!
How amusing … ;-)
Using Google translator (because I’m very lazy when I wake up) to translate it into English, we get the following:
You acknowledge that the msn contacts listed in your msn list in all likelihood will have an interest in this site and appreciate that you have him or her informed.
To sign up for and use of the service you need 18 years or older. messengerchecker.nl store your data not on msn and uses them for no other than to log onto the system and sending out invitations to your msn contact persons.”
Well, it’s far from being perfect translation, but Google translator does fairly good job, so we now have an idea of what’s going on…
Then I went on www.sidn.nl to find out who’s behind it, and when I wanted to check on whose name this www.messchecker.nl url is registered, coincidence or not, SIDN replied as following:
The DRS is currently ondergoing maintenance. As a result the Whois is temporarily unavailable.”
Too bad! Maybe I try once more tomorrow.
In a nutshell
Are these guys criminals?
Well, it’s a tough one to decide.
Legally seen, NO, they are probably not. Not for 100% at least.
Morally seen: YES they are (and should be inprisoned)!
But that’s something the lawyers should figure out, I guess.
In plain English: you don’t have to be Nikola Tesla to figure out that the site in question is MISLEADING, and when I say “misleading” then I’m yet being very kind.
Or in my own words: this is nothing else but MODERN WAY OF STEALING PASSWORDS! …in order to spread the SPAM through MSN network and do God knows what more.
Whether they use these passwords for other purposes or not (probably not, you shouldn’t worry ;-)) it’s not up to me to brainstorm, nor to judge as it’s not my core business anyway. It’s something police should investigate further… and if I was a cyber-police officer, I’d be glad to have a little chat with these folks, or at least with the person who registered the domainname and who owns the site.
The girl in question explained me later on, that a couple of days ago, as result of the very same method (as described above), she received similar message, which said: that she was blocked on MSN by one of her contacts (family member, as the matter of speaking!). It was probably the same message that popped-up on my screen, due to her password being abused - and her being on my contact list, these guys were now also able to start bugging me (bad move!) …
She of course became very upset (as she continued telling) and wanted to find out why her niece would want to block her on MSN?! So, as naturally not being a suspicious person, she logged in on this site (by using her real MSN login and password) and amazingly, she didn’t realise until now, that (to my opinion) she in a fact became the victim of serious cyber crime.
In internet jargon, it’s called: phishing.
Phishing
Such a “phishing” method is mostly used to fool the banks clients, by making them believe they’re logging in on their bank website account, while in reality they are logging in on the site of a cyber thief - and as result, losing of course their login and password.
One can just imagine what happens then.
www.messchecker.nl is of course slightly different, but the logic (and purpose) behind it, is pretty much the same. It’s about stealing your login account, without you even suspecting anything like that at all… as you are “tricked” into it by an unexpected fake message on your screen, as mentioned previously a couple of times, so you naturally hurry up, without much thinking - or not thinking at all, as you badly want to find out who of your friends (or even family members) did block you - and why. — UND Bingo! –
… unless you’re a brave citizen who reads all the existing footers, or are that naive - and yet able to expect to find the legal explantation in the footer of such a webpage in the first place, and with your full sanity, you thus conciously decide to use their services… which is NOT IMPOSSIBLE, but VERY UNLIKELY!
And otherwise you must be stupid as hell, even for an average internet user.
Something to think about.
… or even let the police know, that your password is (legally?) just stolen!
How to deal with this problem?
Supposively it was not (your) conscious decision to give these people (your) password, as it most likely wasn’t, then you might concider the following:
- If some of your MSN contacts claims he/she has got such a message (see above) from you, then your password had been compromised and you should change it a.s.a.p.
- If you get such a message from one of your contacts, warn your contact to change his/her password at once.
- Send an e-mail to abuse@msn.com and inform them of what’s going on.
- Eventually you might inform the police as well.
I’ve been told that simmilar things are (since recently, or even longer) happening on MySpace as well. I guess you’ll be doing fine if you change your password on regular basis over there as well. But as I have no account on MySpace myself, I’ve got no much to say on that issue right now.
The all seeing eye
Anywayz, as I’m now fully awaken ;-), I do realise (as I usually do), there are also good things in this world. A couple of days ago, I received this picture. It’s from my shoot with Michael and Yvonne a month ago. Michael did the shoot and I did the makeup. Except being our (new) model, Yvonne also likes to play a lot with graphic software and thought that I might like this creation of hers… which of course, I do!
 |
| “The all seeing eye”, Photo by Michael, Model Yvonne, Photoshop art-work by: Yvonne. |
August 21st, 2008 at 8:56 am
Alexander,
So we all have to be very cautious. And maybe first have a coffee (or two) before we go on the internet.
greets, JP
August 21st, 2008 at 9:22 am
@JP, whatever we do, we definitely shouldn’t do it without having a coffee (or two) first. :))
August 21st, 2008 at 10:32 am
Hey Alex,
messchecker is doing this for years now. I think I get emails/mesages like this from one of my messenger contacts monthly, really anoying :p But criminals? hmmmm not yet I guess. When they keep your information and use it for other purposes they cross the line imho.
the whois info weirdly enough couldn’t be gathered from my commandline :s … but default linux network tools did the job. So if your indeed curious about these:
Domain name:
messchecker.nl
Status: active
Registrant:
DEV008629-ALLER
G de Vries
Sumatralaan XX
1217GP Hilversum
Netherlands
August 21st, 2008 at 10:56 am
@Jeroen, like I suggested above, it’s indeed worth discussing is it a criminal act or not. Morally seen it’s definitely crime (to me) as the girl from my story wasn’t aware of consequences whatsoever, and thus the fact that they were going to USE her account to SPAM everyone on her list, including me as well! They also lied to her about her being blocked by her niece (in order to trick her in), as they also lie to me and everyone they now spam in a search for a fresh blood… And I never asked for their spam either, nor I asked them to intrude my privacy while “pretending” to be someone I know and whom I gave the permission to be on my list (while of course it’s NEVER been the case!), by using this persons identity.
The way they “deliberately” placed the info (what their site is all about) DEEP DOWN in the footer so nobody reeds it, tells me that I certainly wouldn’t give the keys of my home to these folks when going on holidays…. to put it very polite way. :))
We also DO NOT KNOW are they storing gathered passwords on their server or not.
The fact that I’ve got her message while she was “offline”, suggests rather that messchecker.nl most likely does store the passwords on their server.
The only way to find that out, is to hack their server I guess.
But that would be illegal, wouldn’t it. ;-)
The bottom line is, the girl from my story wasn’t aware she was giving them her password and that they were also GOING TO USE IT, let alone what were they going to do with it!
And the clue is, if people are fully aware of what’s going on over there, how many people do you know are willing to give their passwords away freely?
And if these folks get those passwords - the way they do - after all, and without most people (supposively) even being aware of it… then we might concider calling it a crime also within the law system itself as well. But that’s my personal take on things.
P.S. Just checked SIDN site a minute ago. Now it works fine and it says that the domainname messchecker.nl was registered on: 03-06-2008 for the first time. So, if it’s true that they do it “for years now”, as you say, then they must have been operating under another name in the past I guess.
August 28th, 2008 at 8:17 am
He Alexander,
Ik ben nog even verder gaan zoeken naar deze klojo’s. De eigenaar van het domein is Gxxxard de Vries, die betrokken is bij het bedrijf In Programme Sales Bv, dat ook is gevestigd aan de Sumatralaan XX in H’sum (check maar de eigenaar van Springboard.nl - het mailadres waar messchecker op geregistreerd is)
Vroeger zaten ze in Zeist:
In Programme Sales B.V.
Dalweg XX
3707BJ ZEIST
Netherlands
De Dalweg xx is een bedrijfsverzamelgebouw.
Helaas staat er niets op de site van springboard.
Hoop dat je er iets mee kunt…
August 28th, 2008 at 9:16 pm
Hi @Dorian,
Thanx for sharing this info with me and the rest of the world.
As “De Telegraaf” journalist gave me a call yesterday and he then covered this topic in the newspaper and their internet edition already (which is to be found right here: http://www.telegraaf.nl/binnenland/1786142/__Msn-pagina_bedrieglijk_echt__.html) and above of all, Microsoft is now aware of this problem too… they all can digg on this issue further, so I think I’ll leave it right here.
P.S. I think the shortest and perhaps also the best path that both (Telegraaf journalist vs. Microsoft) could take, is to find out who pays the domainname + hosting for messchecker.nl
And when I say who, then I don’t mean someones name or address, but rather his bank account.. Check where the money came from. ;-)