On the Case

April 9, 2010 - 2:42 pm

One of the unsung heroes in this cyber-attack is Wayne Eaker of Samutech, LLC. 

Wayne is my web guru. The person who broke the hacker's hold on my company web site. The person who tracked the location of their server to Russia. And the person who walked me through the process of filing a formal complaint with Google. (Although, as far as I know, the illegal e-mail account is still up and running.) 

 Wayne is also the person I've been peppering with questions for the past 12 days.

Having spent nearly a year of his life in Nepal studying and meditating with Buddhist priests, Wayne is a patient man. Which must come in handy when dealing with tech-challenged clients like me. 

A couple of days ago, I wanted to know if there was anything I should do to the current Fitzgerald Communications web site to protect it from future attacks. Install a new-fangled firewall? Insert some crafty kind of code?

Wayne answered this way:

"This person didn't actually do anything to your site. He just registered and set up his own site to look like yours. So I don't believe there are any technological countermeasures to the specific sort of attack this guy used. I know it's frightening to hear, but I'm not sure there's anything you can do to stop it from happening again."

I tried a different tact.

Maybe, I suggested, there's a way to stop people from linking automatically to my site, the way these folks linked to my home page.

Or maybe not. As Wayne explained:

"Well, we have the frame-busting javascript code on your site now, but really, I doubt even that would prevent someone from doing this sort of thing. It was actually sort of a lazy way for that guy to have done things, to just build a frame around your site like he did. It would have been nearly as easy to make a copy of the whole site and repost it on his webserver. It would have been to his advantage to do this as well, since then you wouldn't have been able to post the warning message on HIS version of the site.

"I suspect that others trying to do this same thing would probably copy the site. It's an easy enough thing to write a program for. In fact, your browser basically does this every time you go to a website. It downloads all the files to a local copy on your computer, and then displays it."

But there had to be a way around this. What about doing something desperate and dramatic? Like taking down both sites. Going dark.

Once again, Wayne had an answer. But not one I wanted to hear.

"Taking down the websites doesn't break your email, and you can't control the email for <http://fitzgeraldcommunications.net>, the hacker's site.  I'm not sure why you want to take down both your sites though. It seems to me that it's better to leave http://fitzgeraldcommunications.com up, with a notice stating that a scam is being perpetrated.

"If you want to have a website that only says that, and doesn't have your normal stuff, that might make sense, as it draws more attention to the issue. Though I'm not sure why you need to do that to http://mantraformurder.com.

"If you're worried that the scammer might use info off the sites in his scam, taking down the sites won't stop that. Most of the pages are cached by Google, anyhow. They will still be available there."

But that's utterly illogical, I spluttered. You're saying that people can continue to access a web site, even after that site is taken down?

"That's right," Wayne said calmly, then explained in his methodical, Zen-like way: "Google caches pages for their own indexing use. About five or six years ago, they started making that cache available. This is so if the site goes down, information can still be accessed.

"So, for example, if you search for 'fitzgerald communications ann arbor,' and look at your listing, there is a link there for the cached version, that goes to this: <http://74.125.95.132/search?q=cache:cGHwLVN7OtQJ:www.fitzgeraldcommunications.com/+fitzgerald+communications+ann+arbor&cd=1&hl=en&ct=clnk&gl=us&client=safari>http://74.125.95.132/search?q=cache:cGHwLVN7OtQJ:www.fitzgeraldcommunications.com/+fitzgerald+communications+ann+arbor&cd=1&hl=en&ct=clnk&gl=us&client=safari>.

And with that, Wayne had the last word.

 

 

 

Add a comment (0 comments)
April 8, 2010 - 3:35 pm

Yesterday, I had a conversation with the one who got away.

No, not that kind of "one who got away." This "one" is a media planner by the name of Matt. He had left a phone message ten days ago, early in the morning. Before I knew anything about the hacker mess.

Problem is, his message was so brief and so obscure, I simply assumed it was a cold call--just one more clever salesperson hoping to make an in-person pitch. And given the fact Fitzgerald Communications never makes media buys for clients, the assumption made perfect sense. So I felt very comfortable ignoring Matt the media planner.

It wasn't until yesterday, when I was playing back the 19 or so messages that had accumulated over the past week and a half, that I stumbled on Matt again. And this time, of course, his words had a completely different meaning. 

 "Hi, Linda, just wanted to speak with you quickly before we get everything rolling. Give me a call at your convenience."

Get everything rolling? As in--oh no, could it be--as in ad placements?

I called Matt immediately and introduced myself as the real Linda Fitzgerald from the real Fitzgerald Communications. After a brief exchange, it came back to him. Ah yes. That Linda.

Turns out that Matt had been targeted in the Spark Communications scam last fall, so he's been on high alert since then. This despite the fact that his firm actually got $10,000 in up-front money from the scammers. Hmmm... so it wasn't quite the perfect fraud after all.

And, as he explained, there were too many details that simply didn't make sense. So, no, he didn't bite. And, yes, I could put away my worst fears.

For the time being, anyway.

 My God, but I'll be glad when this is finally and fully over. 

 

Add a comment (0 comments)
April 7, 2010 - 11:27 am

The cop at the reception desk looked as if he worked undercover detail for the A2PD. Torn bluejeans. Nondescript sweatshirt. Hair sculpted into a stylish uplift. Eyes wary and watchful.

He took in my business-girl outfit along with the notebook and hefty manila file I carried.

"How can I help you?" His voice was as wary as his eyes.

I took a deep breath and began my sad tale.

The pale eyes grew wide. He stopped me. Asked me to repeat some of what I'd just told him. Listened some more. Shook his head slightly as if to shake off confusing thoughts. Then he repeated the main facts back to me.

He paused, as if not sure how to proceed. He glanced down again at my driver's license and business card. Then he asked the question I'd come to expect from law enforcement types over the past week.

"Have you lost any money to these people? Have they stolen from you?"

No, I told him, then reached for the same answer I'd given the Secret Service agent days earlier. "What they've stolen is my name, my business, my identity, and quite possibly my professional reputation." My voice shook slightly.

After a short discussion, he and I agreed that the Secret Service might have been misguided in directing me to my local police station. As he pointed out, this really belonged in the realm of national security, cyber crimes division.

It's true, he admitted, that the local police were occasionally able to track online fraud when bank accounts had been compromised or credit card abducted. But even then the results were less than satisfactory, since the perpetrators were often safely tucked away in Nigeria or other distant parts. "And if these guys who are impersonating you are running a scam from Russia..." he shook his head.

I tucked my notebook under my arm along with all the documentation I'd collected. Thanked him.

 As he handed me back my ID, his mouth worked itself into something approaching a smile. "I have to tell you, this is a really bizarre story."

I nodded.

"You must have been shocked when you found out."

I nodded again. And told him that "shock" was the operative word

"Sorry," he said. "But if there's anything else we can do..." his voice trailed away.

I returned his smile and walked past the grimy walls, out the door, through the construction site that used to be the A2PD parking lot.

The springtime sun was tempered by the gentlest of breezes. It felt delicious on my face. I decided to park as far as I could from the site of my next appointment, this one with a client.

I needed the walk. 

 

 

 

Add a comment (0 comments)
April 6, 2010 - 1:35 pm

Good news: there were less than a dozen out-of-state hits on the Fitgerald Communications web site yesterday. Most of them were from California, which I suppose makes sense, since the scammers are touting California Almonds as one of their major clients.

So, a decline in numbers probably means one of two things. Either the terrorists are hitting on fewer firms, thus triggering fewer checks on the part of media buyers.  Or the buyers being targeted are letting laziness win out over professional judgment and due diligence. Not a happy thought.

On my "To Do" list for the next day or so: contact my web consultant and find out if there's anything else we could or should be doing to protect the site. Problem is, it isn't really the site that's being targeted. It's my identity. My name. And how do you protect that? Disappear from view entirely? Not likely.

Well, here's my identity theft tip for the day: If--heaven forefend-- someone should ever open an illegal e-mail account in your name, report the abuse to the provider immediately.  If it happens to be Google (g-mail), as it was in this case, here's where you need to go:

http://www.google.com/support/a/bin/answer.py?hl=en&answer=134413

Add a comment (2 comments)

For more information about Mantra for Murder
Phone: 734/761-8440 • Email: lindafitz@mantraformurder.com