back to article Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher

Think you have bad luck? Imagine being the script kiddie who inadvertently tried and failed to pwn an Akamai security pro. Larry Cashdollar, a senior security response engineer at the US-based global web giant, told us late last week he just recently noticed something peculiar in the logs on his personal website. Further …

  1. K

    Well... I was expecting something more

    I was expecting some Tech-Fu, like loading the requested resource with some explode-able payload..

    1. Nick Kew

      Re: Well... I was expecting something more

      Clickbait headline leading us to suppose the whitehat took a terrible revenge. Like the best stories of playing with 419-merchants.

      1. Robert Helpmann?? Silver badge
        Childcatcher

        Re: Well... I was expecting something more

        I was looking for something more than "Cashdollar was also able to extract the criminal's email address and their preferred language". That may lead authorities to the people committing the attacks, but probably not. As far as the perps are concerned, his was just another of a list of sites that couldn't be pwned using this method. They only care about those they can get into, so they just moved on after trying and failing.

        1. Anonymous Coward
          Anonymous Coward

          Re: Well... I was expecting something more

          That may lead authorities to the people committing the attacks, but probably not.

          Probably not. I work at a large portuguese-speaking country, and some years ago used to waste my time tracking some very lame phishing attempts (we be your email provider, you be over quota, send your password to us). When I was able to identify an e-mail account associated with the phishing pages I alerted the postmaster of the email domain. Never got a reply, and the phishers just moved e-mails or targets. I am quite sure the authorities would not be able to do anything about this either.

          1. Chloe Cresswell

            Re: Well... I was expecting something more

            I miss the days of people like Afterburner, where not only did the account get deep fried, you got a witty response too!

            1. gerdesj Silver badge
              Windows

              Re: Well... I was expecting something more

              Afterburner was a Transformer and not real. No idea what you are on about.

          2. Huw D Silver badge

            Re: Well... I was expecting something more

            One of my clients was receiving a shed load of phishing emails from a legit email account that had obviously been compromised (rather than a spoof).

            Notified the IT Department (of the really big university where the emails were coming from) and got a "oh yeah, we'll notify the user..." response. That' (IMO) is even worse than no response.

            1. molletts

              Re: Well... I was expecting something more

              That reminds me of when I tried to report a compromised NHS email account that was being used to send out phishing messages. The headers showed quite clearly that it was being sent via internal Exchange servers at what turned out to be my local hospital (the amount of detail it revealed about their AD server architecture was quite interesting...), so maybe the user's PC had been pwned so, naturally, I did my civic duty and, after some headscratching, managed to find a suitable contact email for the IT support team. (Couldn't find any kind of dedicated "report a security issue" address.)

              The next working day (after the weekend), I got back a polite but obviously-canned response giving instructions on how to raise a support ticket via the form on the intranet. Of course, that was of no use whatsoever as I can't log into their intranet, nor was the internal telephone extension number I was directed to ring if the problem prevented me getting onto the intranet.

              1. VikiAi
                Facepalm

                Re: Well... I was expecting something more

                There's your problem. If you had been the hacker, you would have had full access to their intranet!

                (Icon for them, not you!)

    2. Doctor Syntax Silver badge

      Re: Well... I was expecting something more

      I was expecting a full-on BOFH retribution.

      1. YetAnotherLocksmith

        Re: Well... I was expecting something more

        Maybe he signed them up to a mailing list? A busy one?

        1. hayzoos

          Re: Well... I was expecting something more

          ...and spoofed their address in reply to a few spammers' lists.

    3. Kevin McMurtrie Silver badge

      Re: Well... I was expecting something more

      I've had all of the common vulnerability scan HTTP paths hooked up to a large garbage stream for about 18 years. It used to kill the scanners but now most disconnect after a few MB and continue.

      I've been thinking of sending badly behaved anti-piracy bots files tuned specifically to crash them but it's not a high priority. My connection is flat-rate so letting them repeatedly download terabytes of unspectacular personal photos and videos sounds like it's already punishment.

  2. Efer Brick

    Cash Dollar?

    I'll buy that, for a quid

    1. Hans Neeson-Bumpsadese Silver badge

      Re: Cash Dollar?

      Story says he works in security, but he sounds more like a money man to me.

    2. Anonymous Coward
      Anonymous Coward

      Re: Cash Dollar?

      I'll happily sell you a dollar for a quid ;-)

      1. Anonymous Coward
        Anonymous Coward

        Re: Cash Dollar?

        Just don't forget to sell that quid before Brexit!

        1. Rich 10

          Re: Cash Dollar?

          Yep, after the crash of the Borexit, you'll be using a one pound note to light your ciggies because they will be cheaper than matches!

          1. julian_n

            Re: Cash Dollar?

            One pound note?

          2. MrAverage
            Joke

            Re: Cash Dollar?

            1988 called. It want's its obsolete currency back.

            1. Anonymous Coward
              Anonymous Coward

              Re: Cash Dollar?

              The poor fool's obviously not British or he'd have known that.

              1. YetAnotherLocksmith

                Re: Cash Dollar?

                Sadly, unlike the old £1 note, you can't eat the £1 coin for sustenance. And now the £5 & £10 are plastic, only the rich will survive, on £20s and £50s!

              2. Evil Scot

                Re: Cash Dollar?

                Not English!

                Ya Skunner.

      2. gerdesj Silver badge
        Thumb Up

        Re: Cash Dollar?

        Millions of years ago me and my brother as kids (off of the UK), found ourselves in a place called Bethlehem with a (very small) fist full of US dollars as pocket money. Despite being Brits living in Cyprus and holidaying in Israel, it was easier to go in with USD because the shekel was a bit volatile in 1985.

        The local kids wanted dollars but had all these dodgy pound coins that they had scrounged or stolen off British tourists. We traded one for one and everyone was happy.

      3. Anonymous Coward
        Anonymous Coward

        Re: Cash Dollar?

        BBC News have just reported it's now £1=$1 !!!

        Go BoJo... just go!!!

        1. Anonymous Coward
          Anonymous Coward

          Re: Cash Dollar?

          Maybe "will be", but at this moment the R/E is 1.215

          1. Loyal Commenter Silver badge

            Re: Cash Dollar?

            Except in airports, where they don't charge you any commission, but they do cut 20% off the rate...

    3. chivo243 Silver badge
      Thumb Up

      Re: Cash Dollar?

      Ah, that old Robocop quote.... I'll buy that for a Dollar!

      1. ED-209

        Re: Cash Dollar?

        Violation Detected. Pay $1. Pay $1. Invalid input. Arming... Pay $1. 10... 9... 8...

        1. Loyal Commenter Silver badge

          Re: Cash Dollar?

          Quick, run down the fire escape!

  3. J 3
    Thumb Up

    Cashdollar

    When I first read that name, I thought that would be the script kiddie's moniker...

    1. hplasm Silver badge
      Devil

      Re: Cashdollar

      Larry Cashdollar - Crypto Currency Consultant.

      "He's my goto guy for BitCoin!" Lance Uppercut - Dude.

      He's missing out on so much free pseudophame!

  4. Anonymous Coward
    Anonymous Coward

    Informative blog link

    Hhmmm... surfed to the link given (https://blogs.akamai.com/sitr/2019/07/criminals-using-targeted-remote-file-inclusion-attacks-in-phishing-campaigns.html) and rewarded with:

    Access Denied

    You don't have permission to access "http://blogs.akamai.com/sitr/2019/07/criminals-using-targeted-remote-file-inclusion-attacks-in-phishing-campaigns.html" on this server.

    Reference #18.8f2bf648.1564405881.2828abd2

    1. The First Dave Silver badge

      Re: Informative blog link

      Ultimate security there - no access to anyone.

    2. iron Silver badge

      Re: Informative blog link

      Same here with a slightly different ref.

      Access Denied

      You don't have permission to access "http://blogs.akamai.com/sitr/2019/07/criminals-using-targeted-remote-file-inclusion-attacks-in-phishing-campaigns.html" on this server.

      Reference #18.b6cd417.1564406891.12d47b72

    3. Anonymous Coward
      Anonymous Coward

      Re: Informative blog link

      Using Tor?

      Asking because Akamai point blank blocks anything to do with Tor.

      1. WolfFan Silver badge

        Re: Informative blog link

        Nope. I do use Cloudflare’s VPN, though

    4. WolfFan Silver badge

      Re: Informative blog link

      Same here

    5. chivo243 Silver badge
      Holmes

      Re: Informative blog link

      Tried from the US, no errors.

      Akamai must be geo-blocking now?

    6. Doctor Syntax Silver badge

      Re: Informative blog link

      Seems to be working for me from the UK.

      But while we're on the subject does anyone else have problems with Linux Today. Almost inevitably I get a message such as:

      An error occurred while processing your request.

      Reference #97.d481655f.1564419041.399b3e2a

      with changing references. That's been going on for weeks.

      1. Kiwi Silver badge
        Pint

        Re: Informative blog link

        Many thanks!

        I've almost never read "Linux today" (in fact I had to parse your post several times trying to work out what issue you were experiencing while using your Linux computer on this particular day - then remembered that "Linux Today" is a site :)

        But while we're on the subject does anyone else have problems with Linux Today.

        I didn't. I did have to turn on JS for LT, WP and clodfool - the latter necessary before I could see any content. I tried a few random articles before seeing anything.

        But I owe you many thanks for inadvertently teaching me something quite useful that I had not previously come across in all my years of using bash :

        https://www.linuxlinks.com/excellent-utilities-mcfly-navigate-shell-history/

        Using ^R on the command line brings up a search system where you can type part of the command and it does the rest. There are some partly-remembered commands with odd formatting that I'd love to be able to remember, which I use sparingly enough that they get pushed way back in the history. Being able to get them up with "^Rsc" or "^R48" - 3 keystrokes and a long command back.

        So much thanks Doc, you've improved my mental health some - completely by accident! :)

        (Speaking of command histories.. El Reg - that box we used to have that gave us threads we'd posted to which had new posts - can we get that back????)

        1. stiine Silver badge
          Facepalm

          Re: Informative blog link

          Does it also tell you how to turn it off?

          1. Kiwi Silver badge

            Re: Informative blog link

            Does it also tell you how to turn it off?

            I'm guessing "rm ~/.bash_history" would do the trick fairly well, at least temporarily.

            But I only read enough to learn the basics of a new toy. Once I get that far I don't bother looking further.

            Hell, I only learned sudo -k a couple of weeks back ("reattaching" tmux sessions was kinda scary as it might've been a week or more back since I did the sudo command before dropping the session, and if someone managed to get on to that (though if they get that far they probably have my password anyway).

            I'm very seldom paid to do computer stuff, and have more important stuff to focus on much of the time, so I do the least possible to meet my needs :)

      2. Esme

        Re: Informative blog link

        I'm getting this:

        An error occurred while processing your request.

        Reference #97.d481655f.1564467737.3b848abe

    7. katrinab Silver badge

      Re: Informative blog link

      Works fine for me. Tested on two different work computers (UK & Switzerland), my home computer (UK), and via Opera VPN on my home computer.

    8. jonfr

      Re: Informative blog link

      No problem for me. I am not using proxy, vpn or anything of that to access the internet.

  5. Paul Herber Silver badge

    logs

    If I trolled through all the access logs for my websites and customer websites every day, I'd never get any work done, let alone read El Reg!

    1. Chloe Cresswell

      Re: logs

      You don't class reading El Reg as work related?

  6. Bronk's Funeral

    Larry Cashdollar is a _superb_ name.

    1. MrBanana

      Yes, great name. Is there a way to generate a hacker name like there is for your porn star name - name of your first pet + mother's maiden name? Of course that one gives away two questions on any list of those tedious "security" questions some companies think necessary in order for you to login.

  7. herman Silver badge

    Hmm, maybe SlashDollar would have been a better name.

  8. Mike007

    So basically "SQL injection" or XSS or similar types vulnerabilities, except you are taking user-supplied input and downloading the URL and executing it on your server? How common is this?

    Next you'll be telling me that there are people who append user supplied input to a shell command and execute it as root....

  9. Anonymous Coward
    Anonymous Coward

    Disappointing...

    Larry Cashdollar,

    In the future... stop being so civilized. Unleash your vengeance!!!

    Thanks

  10. Arachnoid

    name of your first pet + mother's maiden name?

    Theres nothing to say these have to be the actual names Shirley its more secure to make them up i.e. Rhaegal+Dhampir .Though I can never get round why email addresses are used as part of a two part log in system on some sites.

    Damn my securitys blown now!

    1. hplasm Silver badge
      Happy

      Re: name of your first pet + mother's maiden name?

      "Shirley its more secure to make them up i.e. Rhaegal+Dhampir"

      Rhaegal+Dhampir? That was my Mother's name!

      1. Arachnoid

        Re: name of your first pet + mother's maiden name?

        She led a mysterious and adventurous life then.......

        1. david 12 Silver badge

          Re: name of your first pet + mother's maiden name?

          Remember, the name of your first pet should be at least 8 characters long, and should include both letters and numbers...

  11. Andy3

    That story was going well until er... nothing happened.

  12. VulcanV5

    Wot: no Leisuresuit?

    As no-one in this life, or this world, is called 'Larry Cashdollar', it's difficult to believe anything in this report. Thanks but no thanks: Arthur Moneybags.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wot: no Leisuresuit?

      He is a real guy, I've met him at a conference. He has a twitter account that is easy to find as well.

  13. Anonymous Coward
    Anonymous Coward

    Hacking back.

    Would probably have been a bad idea since I'm sure Larry would like to stay on the right side of the law.

  14. Anonymous Coward
    Anonymous Coward

    Unsubbing due to this clickbait.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020