[ale] OT: online banking hack

Jonathan Rickman jonathan at xcorps.net
Wed May 14 07:07:53 EDT 2003 

On Tue, 13 May 2003, Jim Philips wrote:

> I tried dig and host on the IP address. Nothing conclusive. Here is the
> address:
>
> 198.173.235.126

Pine suspended. Give the "fg" command to come back.

[1]+  Stopped                 pine
jonathan at abacus:~$ whois 198.173.235.126

OrgName:    Verio, Inc.
OrgID:      VRIO
Address:    8005 South Chester Street
Address:    Suite 200
City:       Englewood
StateProv:  CO
PostalCode: 80112
Country:    US

NetRange:   198.170.0.0 - 198.173.255.255
CIDR:       198.170.0.0/15, 198.172.0.0/15
NetName:    VRIO-198-170
NetHandle:  NET-198-170-0-0-1
Parent:     NET-198-0-0-0-0
NetType:    Direct Allocation
NameServer: NS0.VERIO.NET
NameServer: NS1.VERIO.NET
NameServer: NS2.VERIO.NET
Comment:    *Rwhois information on assignments from this block available
Comment:    at rwhois.verio.net port 4321
RegDate:    2000-07-26
Updated:    2001-09-26

TechHandle: VIA4-ORG-ARIN
TechName:   Verio, Inc.
TechPhone:  +1-303-645-1900
TechEmail:  vipar at verio.net

OrgAbuseHandle: VAC5-ARIN
OrgAbuseName:   Verio Abuse Contact
OrgAbusePhone:  +1-800-551-1630
OrgAbuseEmail:  abuse at verio.net

OrgNOCHandle: VSC-ARIN
OrgNOCName:   Verio Support Contact
OrgNOCPhone:  +1-800-551-1630
OrgNOCEmail:  support at verio.net

OrgTechHandle: VIA4-ORG-ARIN
OrgTechName:   Verio, Inc.
OrgTechPhone:  +1-303-645-1900
OrgTechEmail:  vipar at verio.net

# ARIN WHOIS database, last updated 2003-05-13 20:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
jonathan at abacus:~$

Verio has proven to be somewhat responsive to this sort of thing in the
past, based on my experience with them. It might be worth a shot.

> It is spam in that it was sent unrequested to multiple recipients. But this is
> a deliberate attemtp to defraud banking customers and steal money, so I am
> sure the feds are interested in it from that angle. If you try to hack a
> bank's servers and are found out, you will very quickly get a call from the
> FBI. So, believe me, it's on their radar. I worked for and with banks for six
> years.

Most, if not all spam, is borderline...if not blatantly fraudulent. The
perp was not trying to break into the bank's servers. He was trying to
dupe you into giving up your user/pass combo so he wouldn't have to.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list