April 19, 2024

You are here: Home / Archives for e mail addresses

Link by Link: Pastebin Helps Occupy Wall Street Spread the Word

October 10, 2011 by 2 Comments

Over time, the movement has necessarily gained some structure — I read the above description of its goals at a seemingly official Web site, and there are designated representatives to communicate with the news media.

At Pastebin.com, however, you can still see the anarchic nature of the early protests.

There, you can search for the personal information of the police officials who have used force against the Wall Street protesters; or what purports to be e-mail addresses of bank executives; or guides on how to spot an agent provocateur or undercover officer in your midst; or lists of other Occupy movements around the country and the world.

•

On first blush, Occupy Wall Street and Pastebin would seem an unlikely match. Pastebin was created for programmers nearly a decade ago as a way to save, and perhaps share, snippets of programming code. The service could not be simpler — there is a “bin” (an empty input box) into which text is pasted. No registration is required.

Perhaps because of that simplicity, and its origins as a programmers’ site, Pastebin has become the de facto open-source bible of the protests. In a fashion, it is offering direct, anonymous “publishing” that does not even require the efforts or inspection of a group like WikiLeaks.

If a blog is akin to an online diary, and Twitter offers repeated telegraph-style status updates, Pastebin is something like the empty space on a phone-booth wall or at a community center, where you can anonymously tack up an announcement, or write someone else’s phone number along with a crude description, or offer your first try at a manifesto.

The bulk of what appears on the site is still code, says Jeroen Vader, a 27-year-old Dutch entrepreneur who bought Pastebin two years ago after coming to rely on it as a programmer. But the site slowly gained notoriety as a way to place information — often anonymously — into the public information stream.

“The future is looking pretty bright as more and more people start using the site every day,” Mr. Vader wrote in an e-mail, which also said he preferred to communicate via e-mail since he has 10 other businesses to run. “Traffic has gone up about 400 percent since I bought the site.”

He said the site made its money from banner ads — a search for Occupy Wall Street, for example, comes with Google ads for various affiliated groups — and by selling “pro accounts” that offer special features.

Mr. Vader described himself as an entrepreneur who loved to create and improve Web sites. He has a very tolerant view of what can appear on Pastebin. He is quick to say that with thousands of news “pastes” in a day, he cannot be expected to check what goes up, but he says he responds if people ask for personal information about themselves — d0x, tech-speak for “documents” — to be taken down.

Mr. Vader says his instinct is to be inclusionary. “Usually we always remove DOX items, but this one got a lot of exposure and we usually don’t remove very popular items unless we get a direct removal request from the authorities, which hasn’t happened with the item in question,” he wrote in an e-mail.

•

He said that the site tracked the Internet Protocol addresses of posters, mainly to foil spammers. A few times the authorities have asked for I.P. addresses, and he has complied, he wrote, though he agreed that masking an I.P. address was very easy and could make the Pastebin experience completely anonymous.

With its resemblance to an unbounded corkboard, and its contributors’ penchant for anonymity, Pastebin is hard to sum up. There is a search button and a Latest Posts list that changes by the second, which can lead a visitor to random material on virtually anything — alfalfa sprouts or the name of a Turkish singer.

But it is through the list of Trending Posts that a visitor can see how others are using the site in a public way. There are hackers’ boasts about their successes; there are descriptions of favorite anime characters; and, periodically, lists of what purport to be compromised e-mail accounts. Lately, Occupy Wall Street is generating many of the most-viewed posts, as the Arab Spring protests did before.

The site is still used mainly by programmers, Mr. Vader wrote, but he said he was glad to be making a bigger impression in the world. “We like the fact that people start sharing their political beliefs on Pastebin, this is yet another way of using Pastebin,” he wrote. “It seems our users keep finding new things to share on our platform.”

This flexibility is celebrated by Jonathan Zittrain, a Harvard Law professor, as the “procrastination principle” in his book “The Future of the Internet — and How to Stop It.” It is the notion, he wrote, “that the network should not be designed to do anything that can be taken care of by its users.”

Twitter is a classic example of an innovation that was willing to delay, with much of its utility — whether organizing around topics through hash tags or forwarding someone else’s posts as retweets — coming from its users.

Pastebin, too, will bend almost completely to its users’ ideas: a protest movement may have found its perfect complement.

Article source: http://feeds.nytimes.com/click.phdo?i=5b23f10ef6406a4e5459e75b08672c25

Filed Under: Business News Tagged With: , ,

After Breach, Companies Warn of E-Mail Fraud

April 5, 2011 by Leave a Comment

The breach exposed the names and e-mail addresses of customers of some of the nation’s largest companies, including JPMorgan Chase, Citibank, Target and Walgreens.

While the number of people affected is unknown, security experts say that based on the businesses involved, the breach may be among the largest ever. And it could lead to a surge in phishing attacks — e-mails that purport to be from a legitimate business but are intended to steal information like account numbers or passwords.

“It is clearly a massive hemorrhage,” said Michael Kleeman, a network security expert at the University of California, San Diego.

The marketing firm that suffered the breach, Epsilon, which handles e-mail marketing lists for hundreds of clients, disclosed the problem in a brief statement on Friday. But its sheer scale became clear over the weekend and on Monday, as banks, retailers and others began alerting their customers to be on the lookout for fraudulent e-mails.

While e-mail addresses may not seem particularly vulnerable, experts say that if criminals can associate addresses with names and a business like a bank, they can devise highly customized attacks to trick people into disclosing more confidential information, a technique known as “spear phishing.”

“Any time you have an organization that loses the contact information of customers for some of the biggest banks in the world, that’s a big deal,” said Brian Krebs, editor of Krebs on Security, a Web site that specializes in online security and crime. “You’ve just given the bad guys a road map between the banks and their customers.”

In traditional phishing attacks, criminals e-mail millions of people with a message that appears to be from a bank or other real business, hoping that some of the recipients will be customers of that business and will follow instructions to, for example, “update your account information.”

A spear-phishing e-mail is far more dangerous because it can include a person’s name and is sent only to people who are known to be customers of a certain business, greatly increasing the likelihood that the targets will be duped.

Phishing has remained a major challenge, especially for banks and other financial institutions, which want to encourage customers to do business with them online.

The Anti-Phishing Working Group, an organization that tries to prevent Internet crime, received reports of more than 33,000 phishing attacks worldwide last June, the most recent month for which data is available. Roughly 70 percent of the attacks were in the financial services and online payment industries.

With the information stolen from Epsilon, thieves could send customers of JPMorgan Chase an e-mail that appeared to be from the bank, complete with their names, said Mark Seiden, an information security consultant in Silicon Valley. If the criminals cross-check a name with the property records of mortgage holders, they could even include the customer’s address in the e-mail, he said.

“Something that is that customized and has the right graphical elements, people will fall for it,” Mr. Seiden said.

The companies that alerted customers or acknowledged being affected also include Barclays Bank, U.S. Bancorp, Walt Disney, Marriott, Ritz-Carlton, Best Buy, L. L. Bean, Home Shopping Network, TiVo and the College Board.

In e-mails to their customers, the companies asked them to be cautious but also sought to reassure them that the hackers had obtained only e-mail addresses and names, not passwords, account numbers, credit card information or other more confidential data.

“Your account and any other personally identifiable information were not at risk,” the clothing retailer New York Company told its customers in an e-mail. “Please note, it is possible you may receive spam e-mail messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties. We also want to remind you that we will never ask you for your personal information in an e-mail.”

Ron Baldwin, a technology consultant in Laguna Niguel, Calif., said that over the weekend he received an e-mail alerting him to the security breach from U.S. Bank, where he is a customer. He said he was particularly upset that the bank, a unit of U.S. Bancorp, would entrust his information to another company.

“They shared my information with a third party unbeknownst to me,” Mr. Baldwin said. “I don’t know Epsilon from some guy walking down the street.” Mr. Baldwin said that when he contacted the bank, he was told that he had given permission to share information with suppliers.

Jessica Simon, a spokeswoman for Epsilon, which is based in Irving, Tex., said in an interview: “We are currently working with authorities and are conducting a full investigation. We are limited in what we can share.”

Epsilon is a unit of Alliance Data and has some 2,500 clients, though not all of them use its e-mail marketing services. The company said that about 2 percent of its clients were affected. It declined to say how the hack had occurred or why the e-mail addresses had not been encrypted.

“Epsilon has some explaining to do about the numbers, how it was penetrated and what they have done to protect the information they have,” said Mr. Kleeman, the security expert.

Mary Landesman, a senior security researcher at Cisco Systems, said that because e-mail addresses were not considered of great value in the criminal underground, she suspected the attack on Epsilon began as something random. Hackers often scan the Internet looking for machines that have a certain vulnerability or misconfiguration and then, once they hit upon something, look further to see if the victim interests them. Ms. Landesman speculated that the attackers had found themselves on Epsilon’s system, realized what they had and then worked to acquire their customer lists.

The breach points out the significant risks for companies that outsource even seemingly low-risk activities like e-mail marketing, said Avivah Litan, an analyst focused on online fraud at the research firm Gartner. It also highlights the lack of regulation on security when it comes to consumer data that is not directly tied to financial accounts, which are subject to industry standards, Ms. Litan said.

This article has been revised to reflect the following correction:

Correction: April 4, 2011

An earlier version of this article misspelled part of the name of a city in California where Ron Baldwin is a technology consultant. It is Laguna Niguel, not Laguna Nighel.

Article source: http://www.nytimes.com/2011/04/05/business/05hack.html?partner=rss&emc=rss

Filed Under: Global Business Tagged With: , ,