Monday, February 06, 2006

MySpace Vigilante: Blogster Against Fraudster

MySpace has 50 million members. Fifty million people have gone to and set up a personal web page. It's a social networking site. You get to put up a web page about yourself, complete with pictures and sound recordings, even bits of video. Many post blog entries (blog = web log = journal, diary, column, anything). You can browse profiles, select interesting people to be your friend. Then you can see who your friend's friends are.

More than one celebrity uses MySpace to put up a fan web page easily, and to make it easy to chat and correspond with fans (and other celebrities, even). You can find real celebs on my own friends list, some I've eaten chatted with in real time. Well, Alyssa Milano, anyway. The others are there just because it's fun being able to say "well, on MySpace, I'm friends with Britney Spears, Hilary Duff, Adam Sandler, even Lou Black.

Not to mention the Olsen twins, Mary-Kate and Ashley Olsen, all five pairs of them. Yeah, five. Not every profile on MySpace resembles the person who posted it. And any system that can be misused can be misused for illegal profit. On this note, let me transition from long preamble to actual story.

I got a peculiar message on my MySpace account, from a guy who said a close female friend of his had formed a crush on me based on my profile. It looked an awful lot like one of those porn site come-ons that we see in so many spam e-mails. But I checked the site, and there were no links to any porn sites or anything commercial at all. Looked like a real MySpace woman. A real attractive woman, too. With attractive but normal-looking women on her list of friends.

I checked out the blog of one of those friends of the woman who allegedly had this enormous crush on me. In an entry to readers who may have received "strange messages" she starts off:

Okay....If you have been receiving weird messages from anna, cindy, barbi,or diana...this may be of some help to you.....First off I do not know these people I have never added them to myspace and never intend to..

So I did a little research and wrote a response to her. This letter might be of general interest to anyone annoyed by porn-spam or imposters. Or anyone who's rather enamored of this cozy little village of 50 million people called MySpace. Or anyone interested in seeing massive-scale fraud get punished properly.

Dear Jami,

Thank you so much for posting this. You're an innocent victim of a nasty spam/scam/con game. All this is designed to drive traffic to a cam/porn site. All of these "girls" are really probably just one ugly hacker on a PC somewhere. He's probably fat, bald, ugly, and smells bad. This is all about money.

Here's the scam. The "girls" have a "best friend" send messages to a random MySpace guy, informing him that a hot babe has a cyber crush on him. Only by adding her to his friends list can he contact her. The MySpace "girl" has a profile set to private. A "top 8" friend list is there, but this isn't a true top 8 list -- those are not visible in hidden profiles. This is just hacked html code made to look like a real MySpace "top 8" display. Look very carefully: the hacked code has been inserted into the "who I'd like to meet" section. The con man just picked 8 attractive young female MySpace members to show as the "girl"s friends. Congratulations, you won a beauty contest you never wanted to enter.

My own e-mail came from "Milan" ... Milan's profile is:

His e-mail pointed me to the babe with the crush on me, Liz. Her profile:

Her picture:

So, the "mark" (that's me) adds "Liz" to his friend's list, but can't see her full profile, post comments, or send an e-mail. (A con man's victim is called his "mark," so lets call this victim Mark. Mark is me.) Mark has no way to reach "Liz", even after putting her on his friends list, until he sees a BULLETIN pointing him to a letter posted online elsewhere. Here's the bulletin that "Liz" posted to for all her Marks to see:

Which reads:

Okay so here we go. It's me,the one who wanted to meet you. Your profile really fascinated me. I am a shy girl and really have a hard time meeting people that I am truely interested in.

I wanted to be as clear as possible with you because I have faith that there could be a future with us. I wrote up my webpage explaining who I am, what I do as to why I am shy, and what i want to

I hope this works. I have faith
My personal letter to you
Yours Truely

Following the money, we see that we're given a link that points to

It would seem that all this chaos on MySpace is being caused by a customer of, that customer being "user7629". I'll be sending a letter of complaint to I'm sure the con man called user7629 has a whole bunch of pages for anna, cindy, barbi, diana, carmen, kelli, janis, paula, manda, courtney, and nicole. Continuing to follow the trail, Liz's posted love letter to Mark directs each of us victims to a link:

That page has code that automatically redirects our browser to the sign-up page for the cam/porn site:

So our con man is user7629 at and also your_eyes_only at Looking into, I suspect that your_eyes-only isn't just a customer of some server hosting business.... has a home page that is almost blank, and is identical to our con man's own account's page. It is reasonable to suppose that is a domain name owned by our con man. But it's possible the owner of the site is merely another victim of our con man's game. Perhaps we should all contact the URL site owner to convey our commiseration.

We can do a whois query (at, e.g., to figure out who owns :
Registrant Name: CHARLES JOHNSON
Registrant Organization: 08820
Registrant Address1: 35 SWISS CIR
Registrant City: Beverly Hills
Registrant State/Province: CA
Registrant Postal Code: 90210
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +01.3474520842
Registrant Email:
Administrative Contact ID: CJ45344-NBAY
Administrative Contact Name: CHARLES JOHNSON
Administrative Contact Organization: CHARLES JOHNSON
Administrative Contact Address1: 35 SWISS CIR
Administrative Contact City: Beverly Hills
Administrative Contact State/Province: CA
Administrative Contact Postal Code: 90210
Administrative Contact Facsimile Number: +1.013474520842

Now, whoever has sent all this spam/porn stuff is trying to lure people into a business transaction (signing up at a porn site for $) under false pretenses...the impression that a very attractive young woman is available there and already has a crush on the victim.

This is fraud. Not just figuratively speaking, this is a crime. Across state lines, this violates federal fraud statutes. I belive the FBI would have jurisdiction. Anyone care to forward this matter to their local FBI office? Hundreds or thousands of counts of fraud (each electronically recorded in precise detail!!!), times perhaps a year in federal prison for each count....whoever is responsible could end up wishing he'd been convicted of homicide instead. Literally.

Where do all of us victims go from here? I'd suggest contacting a few people, maybe cut+paste this text, and add your own details. The people to contact would be MySpace's own customer service:
MySpace Customer Service

and your local FBI office, perhaps:

If you're really mad about this, you could print out all this information and walk into your local FBI office. The directory is here:

Interested in follow-up? I'll continue posting about this tawdry little cyber crime on my blog:

Want to reach me?

Best wishes,


Thursday, February 02, 2006

Is this laudable? Or skanky? I can't decide. It's certainly a noteworthy way to make money on the Internet.

I've been a chat room user on the internet for perhaps over a decade. In the lightning-fast world of the internet, that's an extremely long time, indeed.

I sometimes get flustered or tongue-tied when meeting a new person, face to face. This is particularly so if that new person is an attractive, available woman. How is it that anxiety never got eliminated from our species by natural selection? I don't see any reproductive advantage to being shy.

Every aspect of the internet has become saturated with unwanted advertising. I'll be writing more on this whole topic, and possibly describing some of my thoughts about solutions.

Most readers of this column likely are all too familiar with e-mail "spam" -- unsolicited commercial sales pitches. Typical commodities include pornography, Viagra, other prescription pills, or perhaps get-rich quick schemes.

All of this internet-delivered advertising is annoying and counterproductive to society. Perhaps uniquely among advertising efforts, spam and the like are ALWAYS delivered when the audience is trying to accomplish something specific, and something other than looking at advertising. Advertising delivered at the worst possible moments. The guy who thought of this should have to face a firing squad.

The different uses of the internet make themselves targets of different kinds of unwanted advertising. With e-mail, the unwanted advertising is spam. With web browsing, the unwanted advertising is "pop-ups," or "pop-unders," or plain old misleading links inserted into material. Typically, these links are embedded in pages designed to find their way high in the results of Google searches.

Chat rooms have their own medium of unwanted advertising: bots. A chat room "bot" is a pseudo-identity...a screen name with output going onto the screens of people "in" a chat room. The bot is simply powered by some malignant computer program; no human being is sitting at a keyboard and screen to produce the text. Most commonly, these "bots" advertise pornography sites, or poker sites. I was flabbergasted recently to see one bot directing people to a site set up by the Jehovah's Witnesses. You know a neighborhood (physical or virtual) has gone downhill when the cults start recruiting.

Chat room bots upset me. In the early years of chat rooms, such annoyances were rare. People actually had lengthy, involved conversations in these rooms. They were a place where one could make friends from the other side of the globe, or down the street with equal ease.

Year by year, the steadily increasing saturation of bots has made chat rooms largely useless. It's a real loss. It's as though one's favorite neighborhood pub were invaded by unfriendly gorillas. I've lost a hangout for socializing. Well, maybe these gorillas call for ... guerilla warfare. Sorry for the pun.

In my recent readings about internet advertising, I've come to realize that the anti-social huns who create and deploy these "bots" are typically not the owners of the web sites being advertised. These bots are managed by "affiliates." Essentially, professional, independent carnival barkers, who get paid a percentage of the admission receipts.

The owners of these sites actually would rather not have their affiliates be overly aggressive in the advertising....being over-sold in irritating ways can be bad for business. Still, getting business by less-attractive means is far superior, in the mind of a business owner, than not getting business at all. So most of these sites being hawked tend to look the other way when it comes to overly aggressive sales techniques.

But under some circumstances, site owners will terminate their relationship with particular bot-master "affiliates." That is, if they the commercial site owner believes an affiliate is manipulating the system in a way that's bad for business, he's out on his ear.

This led to my thinking about strategies that people could use to help the entire internet be slightly less infested with bots (and spam, and pop-ups, etc). That is, if we consumers make clear to the commercial web site owners that they've LOST business, then the worst "affiliates" will be fired, and overall unmanageability of the web might improve.

I am under no illusion that I'm capable of being a one-man army against the hordes of bots. But I might possibly work out a system that other people could latch on to that might make some difference.

I am further under no illusion that nobody is going to get substantial numbers of internet users to draft letters of complaint to owners of commercial web sites about the marketing habits of their associates. Nobody has the time for this.

I was thinking that I might be able to design some simple program that millions of users could invoke with a few keystrokes. I imagine people might right-click on some irritatingly-promoted link to a site, and select something that would get the spam-writing affiliate promptly fired.

For example, a program to simply send a lot of "clicks" to a commercial web page from a single computer will look (to the web page owner) like the affiliate is simply clicking away at links that are supposed to net himself some income.

Anyway, suffice it to say that I've recently done some snooping around some links that crop up in spam e-mail, in bot output, and in pop-ups. Most of these links have embedded in the URL some username or ID to identify the "associate" who is to be credited the income from steering traffic to paying sites.

I found that some bots are badly programmed, and are sending traffic to paying sites with invalid affiliate IDs. That is, with usernames that haven't yet been signed up for. That is, usernames that you and I can claim, and probably pocket income that the spammers have essentially left laying on the table.

What I did was astonishingly straightforward. I simply examined some of the obnoxious links being thrown in my direction, parsed out the username (e.g., NoraSoHot5467 on [fabricated, not a real example]). By golly, I found I could go to and sign up as NoraSoHot5467. Not just as a consumer, but as an paid Affiliate. Yes, with my real SSN and address, so they can send real checks to me that I can cash. The first two links I tried from a particularly bot-infested site both proved to be wide open for the taking. I'm not going to specify what commercial sites these are for, nor what the IDs are. But I'll be keeping you blog readers posted about how much income I make off of this.

This particular anti-bot strategy won't necessarily do a lot to reign in the bot masters. It may simply make them a little more careful about the programming. But if enough people go prospecting for gold the way I did, we'll all become more knowledgeable about how the system work, about exactly what constitutes abuse, and about who and how to complain to in order to imrove things.

Working for a better internet,