Skip to content

Talking with a porn chat spammer, a lesson appears.

Hi, I have some questions.

The message popped up on my screen one afternoon. This was exciting; I’d been testing a new live chat tool on my websites, one that was starting to turn visitors into customers, and new messages that asked questions were usually a good sign.

Me: Sure, how can I help?

Spammer: Boy or girl?

“OK, that’s a first,” I thought, “let’s see where this goes.”

Spammer: http:// sexytimes-livefreehotchat-withrealgrrrrrls.example.com

“Ah, I should have seen that coming.”

I was still curious though; do spammers really enter into live chats via support systems nowadays?

Me: Well bless your little cotton socks!

Me: Are you attempting to spam me through my own chat system?

 

Spammer: No babe, I’m naked right now.

Spammer: Let’s have sex.

 

Me: Hmm, I’m not sure, that could get messy; there’s lots of wires and… cabling between us, you know?

Spammer is typing a message…

“Wow, this spammer is just not giving up…”

Spammer: Do me like I’m a dog.

“… and is that part of their script? Imaginative.”

But the spammer’s responses quickly changed:

Spammer: Son of a bitch.

Spammer: You mother f*cker!

I couldn’t resist:

Me: That’s not very nice :-(

Me: Oh hang on; is this some submissive thing you’re trying out?

No reply. I returned back to what I was doing. And then, suddenly:

Spammer: You’re such an aswhole

Spammer: asshole

Spammer: [continues sending playground insults for the next five minutes]

And there it was, the missing feature: banning messages from people.

30 minutes of coding later, and TrackChat had a new and shiny chat command: !ban.

Who would have thought of it? A spammer taking so much time to a) chat to me and b) insult me.

The mind boggles.

Written by Tom

Are you looking for web development or just someone who will work with your business needs and not against them? Get in touch with me here, or take a look at my consultancy’s website: Moo Unlimited. I’m confident I can help you.

Published inTrackChatWeb Apps

4 Comments

  1. Martin Martin

    Oh. My. God. A spammer on the internet! You got lucky there bro!

    • Tom Tom

      I know, right? Every day I thank my lucky stars for what could have been.

      • I’ve noticed that some of the page views of my blog are coming through porn websites. It’s a bit worrisome, from a security standpoint. Just not sure how concerned I should be. BTW, if somebody told me to ‘do them like a dog’, I’d say, “Sure! Come on over and I’ll shut you up in the basement while I go screw my hot boyfriend.”

  2. My Asian investigations and security consultancy partner & I do the same thing with two classes of emails (1) the “i’m stuck in Paris w/ no wallet please send money to a Western Union account” scam and the (2) “i’m a Nigerian dignatary help me split the proceeds of my ill-gotten gains by sending money today” scam. Anyone who is foolish enough to send a known investigator such communications deserves it. Your post got me thinking of a larger point and an opportunity.

    What does the front line look like for these syndicates (largely the same – whether in sex trade or internet fraud)? Where are they and what are the current challenges for recruitment up the ladder using humans? Your correspondence confirms a few things – the lines are “live” and managed by alert humans often with common motivations/worldview, managing accounts remotely, who facilitate. Follow the money when it goes on the frauds, as we do when the money involved exceeds US$500k, however, and a better picture emerges – they can be caught, they physically dont move fast enough to get away from a motivated investigator, and the facilitators (corporate secretaries who establish the main accounts) are willing to roll on them when confronted with the reality of criminal charges for aiding fraudsters and money laundering.

    IMHO, your response (!ban) is imperfect. !ban = NOT ME. This is in some respects the problem with the current limits of SPAM filtering.

    It is now fairly easy to parse incomming messages (email, messages) to look for the types of language used across this set of overlapping challenges, and to filter across categories of SPAM. The technology is here to push back a bit more against the humans at the other end of the line, and opportunities to make enough money doing it to pay for the pushing.

    Again, there are “live humans” somewhere at the other end waiting for the 1 in X response, so why does the data sit dormant in spam filters or why should it only be !banned? Code that would direct these invitations to an appropriate central place can be written. Code can be written to automate a set of replies to the spammer using same social engineering techniques they are using, inviting a response from the spammer inclusive an instruction for next action (send money, visit this site). Code can then be written that redirects the response to someone who captures the economic benefit of a shut-down. This may be Western Union or banks who bear burden of e-Fraud and regulatory compliance. But also as code can be written to auto-share, both to other recipients as well as to financial institutions, there is a larger consumer benefit – one that can be bundled with credit score / identity theft services, and with spam filter market itself. Report notifications can be written to enforcement.

    If done efficiently and effectively, this would increase the cost of maintaining this network of humans / reduce the return on investment in the humans on the outer band of the syndicates, while in many cases increasing pressure on inner circles.

    To your porn spammer, the question becomes – do you feel lucky?

Leave a Reply to Martin Cancel reply

Your email address will not be published. Required fields are marked *