Free Internet- What The Malicious Hackers Don't Want You To Know

From: invalid (_at_yahoo.com)
Date: 07/05/03 

Date: Sat, 05 Jul 2003 22:52:49 +0400

THE MILLION DOLLAR EXPOSURE:

A. Here is what the malicious hackers are doing and how they are using
resources at your expense and others. Here is the starting point which
helped me to expose this million dollar loss to your company. I decided
to click on my canceled ISP’s Newsgroup Server name which was still
listed in my browser. When I was asked for my closed e-mail
address/password, I just typed it in and "voila", free News Server
access. These Cable/Digital Subscriber Line (DSL) showed closed
accounts were still accessible. You are probably wondering how I did
this and why? I had called them to close my account, then decided to
verify that this had been done. It was discovered I could still see my
account and use it. Phone calls were made to these Internet Service
Providers and their representatives informed me that it’s impossible to
remove the 10-20 free hours provided with Cable/DSL dial-up accounts. A
major company should have the capability to shut this avenue down on
closure of any account. I was able to dial into my canceled Cable/DSL
ISP accounts using my canceled account information and use your services
for free. The time seemed like forever, with no end; Company revenue
was given away for free. All these Cable/DSL closed accounts are being
used freely by the general public, or malicious hackers, through dial-up
access. Are you aware of this? Don’t you care about the x amount of
dollars given away daily? Let’s say 50,000 general public, or
malicious hackers using these accounts daily for free. This is a loss
of $24 a month x’s 50,000 = $1.2 million a month, x’s this by 12 months
= $14.4 million a year loss in company revenue which could be in your
pocket. Estimated the above by the amount of attacks our compromised
computers were receiving on a daily, weekly and monthly basis.
B. All ISP’s listed below provide ten or more hours of free dial-up
access for their Cable/DSL customers. The main purpose for using
dial-up is to access your Internet Service Provider (ISP) remotely,
while traveling. Has your company done a study on the business
customers and time utilized? Company policies show that security is not
used in cases of closed accounts. ISP’s tested showed that there was no
time limit of usage on canceled Cable/DSL accounts. Because of this
lacking security not only the general public and malicious hackers are
having a field day with your customers by using obsolete accounts; which
then identifies the previous owner as doing wrong. Previous owners are
unaware that the general public, or malicious hackers, are using their
old account information, and all vital information that only the
customer should know and have. It’s a free-for-all with the previous
customer liable for any wrong doing.
C. All Cable/DSL customers both business and non-business, with dial-up
access are vulnerable to a number of hackers using this free dial-up
avenue. Since hackers already know the e-mail addresses and passwords,
they log into the ISP with real accounts and continue to use this free
avenue at your expense and your customers’ expense. I’m speaking to
the companies who allow multiple connections using the same e-mail
address.
D. This is pertaining to e-mailing your company any information an
individual has about your Network possibly being hacked into, Open
Relays or any evidence in nature. Companies need to help their
technical staff understand how the SMB Relay Man-in-the-Middle (MITM)
works. On a compromised system, the SMB Relay MITM directs all e-mail
you send to the hackers Servers, instead of the intended address that it
is supposed to go to. So any pertinent information the victim were to
e-mail to your company, would never reach you. My suggestion is to have
a victim snail mail you a replication of the evidence. This would be
the only way you may ever receive any evidence, or information.

Below is a list of Internet Service Providers who allow free dial-up
with their DSL accounts. Besides AT&T, which allowed free dial-up (at
the time), no other Cable companies were contacted. It wouldn’t
surprise me if hackers could also abuse the below ISP canceled dial-up
accounts. If memory serves me correctly, Qwest bought out Earthlink in
2001.

1. AOL Unlimited
2. Bellsouth 20 hours
3. Eschelor 500 min free then 5@ a min after
4. Pacific Bell Unlimited
5. Qwest 10-20 hours
6. SBC Unlimited
7. Sprint/Earthlink 20 hours
8. Verizon 20 hours

THE SECOND MILLION DOLLAR EXPOSURE:

When I had a Qwest Digital Subscriber Line DSL, (including 20 free hours
of dial-up) and AT&T Cable/ISP dial-up account, a compromised computer
was constantly having major problems while online. On unlimited
occasions then you could count, while the system was online, it would
freeze or lock-up. The only way to unlock it was to shut it down via
the power supply. On one occasion, Qwest billed me for having two
connections online, simultaneously and they charge a dollar per hour
when this occurs. I caught onto this really quick when the bill
arrived. When my MSN dial-up account was setup I spoke to them
regarding my problem with Qwest. An MSN tech representative advised me
that "I could connect to the Internet with an e-mail address as many
times as I liked, with no extra charges being billed." Considering MSN
allows a person to have nine e-mail addresses, I thought this was a good
deal. Due to my curious nature, another test was about to begin. I
decided to ask one of "The Trackers" if they would connect to one of my
eight e-mail addresses while I connected to my main account e-mail
address. I already had the answer to this test, but to prove this to
the world, the test was performed. While I was online with my main
email address, "The Tracker", being in another state, was able to
connect to the Internet using one of my other eight e-mail addresses.
"The Trackers" were then given the main account e-mail address/password
MSN provides. While I’m connected with one of my other eight e-mail
addresses, "The Trackers" were online using my main e-mail address.
This far, no bill has been sent for any extra charges. None the less, I
still would have paid bill.

Microsoft, you do the figures. Nine e-mails addresses which the general
public, or malicious hackers are abusing for free at $22 a month =
what? Don’t forget, Microsoft, an individual can connect to all nine
email addresses as many times as their heart desires, plus from any
state. You’re allowing thousands of people free Internet access at a
cost of probably millions per month of lost revenue.

Tracker

Interested in purchasing my book named "Security Minds versus Malicious
Minds" visit:
www.securityminds2003.com
It will teach you to learn about Windows, the Internet and Hacking

To view some kick *** artwork, visit:
http://captiveimagery.com/index.cfm?fuseaction=home.main

Quantcast