Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Growth of the CSE | Main | Security, Group Size, and the Human Brain »
June 30, 2009
Cryptography Spam
I think this is a first.
Information security, and protection of your e-money. Electronic payments and calculations, on means of a network the Internet or by means of bank credit cards, continue to win the world market. Electronic payments, it quickly, conveniently, but is not safely. Now there is a real war, between users and hackers. Your credit card can be forgery. The virus can get into your computer. Most not pleasant, what none, cannot give you guarantees, safety.But, this disgrace can put an end.
I have developed the program which, does impossible the fact of abduction of a passwords, countersign, and personal data of the users. In the program the technology of an artificial intellect is used. As you cannot, guess about what the person thinks. As and not possible to guess, algorithm of the program. This system to crack it is impossible.
I assure that this system, will be most popular in the near future. I wish to create the company, with branches in the different countries of the world, and I invite all interested persons.
Together we will construct very profitable business.
Posted on June 30, 2009 at 1:36 PM • 52 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
John • June 30, 2009 1:56 PM
Well, I have to partially agree with him on one point.
".... you cannot, guess about what the person thinks....."
I certaintly can't guess what that person is thinking. Or for that matter, if he's thinking at all.
Kerub • June 30, 2009 2:26 PM
".... you cannot, guess about what the person thinks....."
I remember of a sci-fi novel where someone was specialized in guessing passwords. He studied the target person way of life and other everyday life details and came out with the right password.
he did it guessing what the person thinks.
I think that is possible.
@JB: Every year, there's a surplus of punctuation that goes unused by people constructing e-mail messages, participating in online chat, and so on. Good on this spammer for trying to use up some of that wasted punctuation. With more spammers like her or him, we can finally eliminate the mountains of wasted punctuation the government has dispose of ever year.
Oh, and it's "grammar".
Mark • June 30, 2009 2:36 PM
@Kerub: You might be thinking of "Dogwalker", a short story by Orson Scott Card (http://en.wikipedia.org/wiki/Dogwalker)
Alan Porter • June 30, 2009 2:43 PM
How are you gentlemen !!
All your base are belong to us.
You are on the way to destruction.
You have no chance to survive make your time.
Ha ha ha ha....
John • June 30, 2009 2:56 PM
@Kerub: I remember of a sci-fi novel where someone was specialized in guessing passwords
Yep, I seem to recall the same story. Also used a bit of biometrics. Unfortunately, the guesser entered the correct password on the 1st attempt.
@Kerub and John,
I think it's Orson Scott Card's "Dogwalker" that you remember, from his collection Maps in a Mirror.
JAQ • June 30, 2009 3:17 PM
I can't help but to think of this ( http://www.mindhacks.com/blog/2009/05/... scroll down) and wonder how much Bruce has already invested.
spaceman spiff • June 30, 2009 3:31 PM
Talk about Tales From The Crypt! Back in the early 80's I was positing the possibility of using keystroke patterns of timing to authenticate users. No password necessary. Just display a random phrase (about 100 characters) for the user to type into the system, and the system can analyze the typing patterns of the user to determine if they are who they say they are. The main problem is what to do when you have broken your wrist and have to type single-handedly... :-)
Suzanne • June 30, 2009 3:37 PM
Milan! What a wonderful idea... spam poetry! A lot of it does read like worded versions of modern art.
Daniel Franke • June 30, 2009 3:55 PM
Is this actual spam (i.e., mailed in bulk), or is it a crank who singled you out and wants to be your business partner?
Oojiwah • June 30, 2009 4:07 PM
Hahahahaha! You tiny FOOL! Your ecommerce fraud fu is clearly inferior to my secret protection of end-users technique! Hahahahaha!
Mailman • June 30, 2009 5:13 PM
@Daniel Franke - I am assuming that it is someone who sent a message specifically to Bruce Schneier, and perhaps a few other crypto gurus, asking them to become a business partner.
Regardless of whether it was sent in bulk or not, this should be considered spam by its recipient. It's an unsolicited business proposal, just like the "first DEC spam" of 1978.
Daniel Franke • June 30, 2009 6:06 PM
@Mailman: If that's the case I'm surprised it's a first. I've gotten much crankier stuff than this in my inbox, and obviously I'm a lot less famous than Bruce.
Dom De Vitto • June 30, 2009 7:41 PM
Sounds like one of the guys who tried to buy your laptop....
:-)
Random Guy • June 30, 2009 11:42 PM
I thought grammar school was mandatory, even in poorer countries.
Nostromo • July 1, 2009 1:04 AM
Dear Sir,
My associates and I wish to invest $50 million (fifty million US dollars) in your wonderful company.
Please confirm your bank account details by wiring $100 to my bank account in Lagos, Nigeria. When we receive it and are able to confirm your bank details, we will immediately wire you the $50 million.
moo • July 1, 2009 2:11 AM
@Bruce:
Did you receive this in your e-mail? Since you are a well-known authority on cryptography, isn't it more likely that this is an elaborate troll played against you, than an actual randomly-targeted spam?
..I am assuming of course, that millions of other people are not receiving the same message. Since spam filters eat 99% of them and us humans seldom read the rest, my assumption could be wrong.
Ian • July 1, 2009 2:23 AM
Are you sure that this isn't just spam steganography? That's the first thing I though of when I saw the title...and then the message.
Kurt Seifried • July 1, 2009 3:05 AM
@moo
actually I forwarded it to Bruce (June 24th), I found it highly amusing, didn't expect him to post it (maybe more people sent him copies, maybe it tickled him, etc.). Either way it rates in the top 100,000 weird spam I've received =).
roehm • July 1, 2009 3:37 AM
another types of overflow that occur in minds that shows the "overconfidence" and "overirrational" as the side effect, or main effect, probably
MentalPasswordSafe • July 1, 2009 3:39 AM
``As you cannot, guess about what the person thinks. ... This system to crack it is impossible."
I think he is suggesting we all use pass phrases.
qwertyuiop • July 1, 2009 3:52 AM
Let's leave aside for a moment the fact that this is almost certainly a con. Clearly the person who wrote this message didn't have English as their first language and several commenters here have taken great delight in ridiculing the almost incomprehensible prose. I would just like to pose them a question: how well could YOU write something in another language? Several of you can't even spell or write grammatically correct English! (And no, I don't claim that my English is perfect!).
Tom Welsh • July 1, 2009 4:40 AM
Any informed guesses as to which language it was translated from? No doubt the broken English phrases correspond to normal idioms in Chinese, or whatever.
It never fails to amaze me that people will go to the trouble of composing and sending out these missives, without bothering to get them translated by a competent English writer. How difficult can it be to find one these days, anywhere in the world?
qwertyuiop • July 1, 2009 4:53 AM
@Tom Welsh
My guess would be Chinese. I suspect it's either a word-by-word dictionary translation or it's been run through (poor) translation software.
Paeniteo • July 1, 2009 7:12 AM
@qwertyuiop: "how well could YOU write something in another language?"
Probably not too well.
*However,* if I wanted to make money from a text in a foreign language, I would spend some effort to get it right.
James • July 1, 2009 8:07 AM
Is this coming from Nigeria? I can give that person the contact information for that poor Nigerian fellow that needs help with all his money from the royal palace...
Adam Gomaa • July 1, 2009 8:39 AM
@Tom Welsh I don't think it's a translation at all. Like BCS, I think it's the result of a Markov chain text generator. I've been getting spam that seems to be seeded with the text of the page it's posted to - which probably helps beat things like the Akamai spam service.
As Kurt said he received it, I'd assume that his email was scraped from his website, and then the contents of his site used as the seed text.
Mark V. Shaney • July 1, 2009 11:42 AM
The challenge is that junk mailers can go out of member directories and may place your e-mail address is an exemplary BOBE-weak system. It is often difficult or impossible to tell how a spammer acquired a user's e-mail address.
You must detect a disease in a spam center to keep up with several versions of the object that will enter the predictions that individual instances (clients) of all security-systems, whether based on hardware or software, will be able to get it right, and you want to avoid future spam, because one or more messages received are yet another explanation for free riding.
Sometimes, these attacks even take the form of time. The goal is to determine if they are generally cheap and easy to guess, and may receive more spam, because in terms of the spam we received, most were received from the payload.
For example, most people have a huge bearing on the address and will send it to Bruce Schneier, who has essentially free use of channels that he has subscribed or paid for.
As with spam, so with obscenity: You can't define it, but you know it when you have broken your wrist and have to type up the formulas that dance around in a foreign language. I would just like to pose them a question: how well could YOU write something in another language? Probably not too well when you have broken your wrist.
Matt • July 1, 2009 1:21 PM
Whoa Bruce, for the first few sentences I though you got drunk and wrote a blog post!
James Sutherland • July 1, 2009 1:37 PM
In a way, it's fortunate so many spammers appear to be illiterate. Of course, using poor quality as a heuristic for identifying scams can backfire; a year or so ago, I received a letter claiming to be from my credit card company wanting to check a transaction. The printing was so poor, on flimsy 60 gsm paper, I thought it had to be an attempt at offline phishing - but no. Sadly, it was genuine, as was the equally poor letter from another CC company a year later.
J. M. Schneider • July 1, 2009 5:36 PM
Sounds more like a quick and dirty use of Google's language tools. Probably made sense in his native tongue.
Ulrich • July 2, 2009 1:05 AM
Oh dear. It seems that KRYPTOCHEF is at it again...
(See http://kryptochef.net/index2e.htm for, err, interesting times. As far as I know, it's not clear whether he is an elaborate hoax or not, but he's gained quite some notoriety in Germany.(
CyberStasi • July 16, 2009 3:19 PM
Wow... Kryptochef's website looks like the best that 1997 can buy! Complete with a tiled image background.
Also...
"Only Krypto master user can put
on new Krypto users." So its for Crypto Vampires?
As far as the Original post, this sounds a bit Boratish: "I assure that this system, will be most popular in the near future."
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments