[SpamCop-List] Re: (Very Very OT) Tracing Terrorist E-Mail
redford_stone at INVERSE_OF_COLDmail.com
Tue Mar 16 01:18:57 EST 2004
"Philippe Verdy" <verdy_p at wanadoo.fr> wrote in
news:c2v72t$rd3$1 at news.spamcop.net:
> So now suppose a terrorist wants to send an email, all it has to
> do is to seek for a list of unsecured hosts currently contaminated
> with a open-relay/open-proxy. And then check that this host is
> already anonymizing its connected source (the terrorist may need
> to send first a test email to himself to ensure that the relayed
> email does not track the source.)
Haven't seen an open-proxy that ever tracks the source.
> When a list of "good" open-relays or open-proxies is determined,
> it becomes very easy to relay an anymized email through these
> proxies, located in countries whose ISP is not supposed to perform
> good checking of the open-proxy/open-relay status of the hosts
> they connect to the Internet.
> Also, the virus authors tend to discuss after their "exploit" with
> their friends on some "hackerz" networks, so they leave lots of
> fingerprints which will help determine the real sender.
You mean they stupidly discuss. (Not knowing when one of their
"buds" might rat them out.)
> On the opposite tracking a terrorist sending an email will be
> likely much more difficult as they will first seek to secure a
> unqiue sending point to revendicate their act. And they will be
> silent and will then drop all further traces of the abused
> networks and hosts through which they revendicated their act.
> A single email will be sent to some newspaper email address that
> currently does not reject emails from open-relays/open-proxies or
> dialup accesses.
Like the one regarding the Spain incident.
More information about the SpamCop-List