Cyber Criminals, Coffee Shops and Staying Anonymous Online

Here's a little short story that perhaps illustrates why anonymous surfing is so important and some of the dangers that are ever present especially to people travelling. It occurred to me as I was sitting in a little bar in Portugal with free Wifi and computers to use.

Jason Williams was just about ready to close up, his cafe had done quite well today - business had certainly improved since he had installed the internet wireless service and offered it for free to his customers.   Although the enormous boost to his income was not as a result of booming Latte sales but from a more clandestine source.

After locking up and closing the shutters there were a few more little jobs to do.  First he logged into the two laptops on the counters which were provided for those customers who had no laptop or phone with them.  He inserted a USB drive and copied the two files across, cards.txt and accounts.txt, these files were created from a little computer program which monitored all the keystrokes on the computer.   The program was fairly simple but very clever, it simply extracted from a central log all likely card information, CCV numbers and account names.  The log was created from a keylogger attached to the back of the computer.

The next job was to download the files from the laptop behind the counter, this computer monitored communication between the wireless access point and customers laptops and phones.  A slightly modified  program then extracted all likely account names and passwords, plus any Credit card numbers and security keys that it detected.  Both programs were not perfect but after several months of tweaking from programmers he had found on the carders forums they came pretty damn close.

The last file was the paypal text file, this was his latest 'project' and although he rarely got more than a couple of accounts a day - it was incredibly profitable.  He had read about the concept on another forum frequented by cyber criminals, again it was very simple to implement.  The DNS tables on his wireless access point had been altered, so that when anybody tried to access the popular online payment site Paypal, they were redirected to a fake copy of the page.   The page was stored locally and was an exact copy of the Paypal login screen, however when you tried to login it failed as the web page merely logged the username and password to a file then presented an error page.

Jason looked briefly at the files, he could estimate fairly accurately the income he received from selling the Cards and security numbers - current prices were about $20 each if you had the CCV number.   Income from  raiding the paypal account was more difficult to guess as there were a lot more variables but he guess a few hundred dollars would be easily achievable........................................................

Ok it's just a story but it's far from fiction, everything in this brief tale is easily set up and pretty simple to do. In fact the most difficult part from my point of view would be learning how to make decent Latte ! My little story will hopefully just make people a little more careful about using unfamiliar wireless connections and computers, your personal information is completely vulnerable to whoever is running the systems you connect to.

The software and hardware to implement the scenario above is all readily available - here's a picture of a keylogger for instance.  This one reminds me of the little adapters you used to fit for PS2 style keyboards -

- looks fairly innocuous but the device will record every keystroke that is entered on a computer.  They come in all shapes and sizes though and can even be installed inside the computer or laptop so is not visible in anyway.   My advice on using such public shared computers is never, ever use them for accessing any sensitive information.  The person who goes to an internet cafe to do his online banking is asking for big trouble in my opinion.

The troubles of using unfamiliar wireless connections are of course much the same, your not quite as vulnerable when using your own laptop of course but there's still a big danger.  Your personal data can still be monitored, intercepted or logged by who ever controls the connection. If you do travel a lot and use hotel, airport or other Wifi Access points regularly I definitely recommend investing in a security product like Identity Cloaker to secure your connection and allow you to surf anonymously. This encrypts all your connection so it is even protected from the people who control the network you are using to communicate (none of these products can protect against the keyloggers though so never use an unfamiliar computer!)

Banned Games Across the World

If you enjoy your games then there's definitely some places you're better off living. For instance for fans of shoot em up games, Venezuela is a very bad place for you to be. Earlier this year the Venezuelan Government made good on their intention of banning all games where the objective was to shoot people. Whether this is really the cause of their huge violence and crime problem I myself am rather skeptical, but I guess we'll have to watch the crime figures and see.  In any case they have become the first country in the world where all violent video games are now illegal.

It's actually quite surprising if you see which games are banned in different countries,  Germany for instance is fairly lenient as long as you don't use any Nazi symbolism anywhere - the rather old Wolfenstein 3D for instance is banned simply for that reason.  Most countries tend to focus on violence but there's still plenty of other agendas being played through the censors.  There are of course some fairly surprising ones in China - they are usually not that concerned with the violence in video games but politics is another thing -  you would have thought that  Football Manager 2005 was a fairly inoffensive title.

But no,  Sega made the mistake of listing Tibet as an independent country in the International section and was duly banned from release in China.

Command and Conquer - Generals apparently was banned for smearing the image of China and the Chinese army.  Although I seem to remember they were portrayed as the baddies in all the other versions of Command and Conquer as well but they seem to be ok with those.


It's inevitably the problem with censorship, even if it starts off as very mild and done with the best of intentions - it doesn't take long before people with different motivations start manipulating what you can or can't do.   This is of course the primary concern with the Australian plans to censor the internet, sure it started off as just a few illegal sites but it's already developing into much more as people use it to impose their particular moral, religious or political agendas.  We've already covered the Australian Internet filter plans on this site a few times, but it the boundaries of this plan are already creeping forward.        

The latest news is that they are also planning to block the purchase of  video games which don't reach Australia's MA15+ rating, this is the classification applied to all games that are sold in Australia, they don't actually have an adult classification so the 15 year old limit is all they have to work with. (In practice this is actually means you can own these games but just cannot sell them,  except West Australia where it's all illegal)

So let me just highlight this point -

The Australian Government plan to block any website which allows the purchase of any game on the internet which is not deemed suitable for a 15 year old.   This also includes playing online games and web based flash games.

So if you're an 18+ games player it's tough, you have the same restrictions as a 15 year old.  The fact that this will be even more unworkable than the original censorship plan will eventually dawn on the Australian Government but until then they will be attempting to implement this.   The blocking of any site that stocks such software is of course going to be rather difficult - International sites such as Amazon, Ebay, HMV for a start all stock software titles that don't have this age classification.   But I'm sure the Australian public will be grateful to their government from saving them from the risk of corruption of violent or rude video games.

If you want to see how incredibly stupid this could all get in Australia, have a look at another game which has been banned there - that evil, work of Satan - Marc Eckō's Getting Up: Contents Under Pressure.   Now this game is a few years old but I have actually played it for about ten minutes once, you basically run around a city having a few fights and spraying graffiti on the walls - I thought it was pretty dull but no Australian is allowed to play it.

The idea behind the game is that graffiti is the only way of free expression left in the Orwelian, Big Brother type state featured in the game.  The huge irony here was obviously lost on Federal Attorney-General Phil Ruddock who got the MA15 Classification removed and the game effectively made illegal in Australia.

The reason - ahem it glorified graffiti ...........can you believe this !!!

Make no mistake, if Australia carry down on this road, they will have one of the most heavily censored and filtered internet connections in the world.  Also due to the technology they use for this filtering it will also be one of the slowest !   Unfortunately  this is why so many people are turning to the technology that allows anonymous surfing,  programs like the on I use - Identity Cloaker simply bypass all these filters.  Of course many people just use them to bypass country restrictions and to watch UK and US media sites but they are rapidly becoming an essential online tool due to many other reasons.   These programs shouldn't be needed but without them we simply could not use the internet freely without people monitoring us or deciding what we can or can't do online !

No Anonymity for World of Warcraft Gamers

Blizzard the makers of a rather popular game called World of Warcraft thought they had come up with a fabulous idea of improving their forums.   The anonymous game names that people used to post with  - where Blizzard explained responsible for creating a place "where flame wars, trolling and unpleasantness run wild".  Furthermore they figured -

removing the veil of anonymity typical to online dialogue will contribute to a more positive forum environment, promote constructive conversations, and connect the Blizzard community in ways they haven't been connected before

They added that Blizzard employees would be posting by their real names on the forums as well.  Now I'm not quite sure what pink and fluffy Internet that Blizzard use but I'm pretty sure it's not the same one I use.   Just to clarify, anyone wanting to post on the Warcraft forums (including those needing technical support) would need to use their real name and address.

This is possibly one of the stupidest ideas I've seen online in a long time, when all the sensible people are rightly becoming increasingly concerned with the lack of privacy and all the many risks it entails, Blizzard want everyone to throw out their real identity on a bloody Games Forum !

  Notwithstanding the benefits being fairly minimal - making the Warcraft forums a little bit nicer is hardly that important - forcing users to throw out their real identities on the internet is utter madness.

For some years I've been doing security lectures in local schools.  The idea is to make sure the kids are careful online, are aware of the dangers, always use pseudonyms, never divulge personal information and stuff like that.  Then one of the biggest online games manufacturers attempts to do this is frankly beyond belief.

There are of course lots of people who are completely oblivious to the risks of divulging such information online, one such poster offered up his name on the Warcraft thread discussing this issue.   He challenged anyone to find him by just using this information.   The result was not surprising, 20 minutes later he was called at his work telephone number -by a Warcraft player asking for Sikketh from Thunderlord.   Someone had tracked down his full address, work and personal telephone number and parents names in just under 20 minutes.

It is of course very simple to track most people down who have any sort of online presence, the above sleuth work was achieved by using primarily Facebook and Twitter profiles.  When you have a real name to start off with it becomes much, much simpler to find out such information about people.

Some Real Life Examples of Why you Should Keep your Gaming Identity Private


Now we all know that the internet is full of people you'd rather not meet in real life.  One of the main problems is that you have little information on the people you are communicating with.  Sure Aderoth the Shapeshifter might be a good laugh in a Dungeon raid but would you like to go for a drink with him, he or she could be absolutely anyone in real life?   So a couple of slightly alarming examples.....

The Counter Strike Knife Fight

If anyone plays online games they will know it can be pretty annoying to get knifed in games like Counterstrike.  It happens to me a lot partly because my reaction speeds have dropped dramatically as I get older but mostly because I'm just not very good at them.  But some people don't handle this virtual death as well as others - Julian Barreaux for instance.  He had a knife fight and lost in a game of Counterstrike Source, but Julian didn't take this very well at all.  In fact he spent the next six months tracking down the player he lost to - finally locating him in a town only a few miles from his own, a couple of hours North of Paris.

After locating the unfortunate gamer, Monsieur Barreaux armed himself with a large kitchen knife and visited his fellow gamer at his home.

When the poor chap opened the door,  Julian Barreaux stabbed him in the chest missing his heart by inches.     He was extremely lucky to be alive, he was attacked simply for winning an online fight in a game.

Amazingly Barreaux was given only a two year sentence so  he will probably have his liberty again next year and will probably be back online.   Makes you think twice about picking off that sucker ten times in a row with your sniper rifle when there are nutters like him around !


The Advance Wars Central Killer

This is a horrible case where a 21 year old called German gamer called David Heiss travelled from Germany and stabbed a young man called Mathew Pyke.  They had met by playing a Wargame called Advance wars and Heis had become infatuated with Mathew Pykes girlfriend.    Mathew helped run a web site based on the game called Wars Central.   To cut a long story short, Heiss tracked down Mathew Pyke and stabbed him 86 times in his flat in Nottingham - you can read some of the tributes to him on the War Central website here

Now of course, I do realise these are extreme cases, but it shows how incredibly easy it is for anyone to track down people across the internet just using online information which is available to anyone.  Of course our Governments, agencies and Identity Thieves know much much more about including just about everything we do online as well as our names and addresses.  They don't need our names and addresses as they already have them, but that's no reason to let everyone know them.

Privacy and the ability to surf safely and anonymously is one of the most important issues on the internet today.   We still use a protocol (HTTP) that has no security built in at all and is essentially a clear text method of communicating.  But happily there is at least a happy ending to the madness of the Warcraft forums - Blizzard completely overwhelmed by the outrage of its player base have backed down and scrapped their brilliant idea, you can still post anonymously on the Warcraft forums.   Of course we all know that you can't really but at least you don't have to hand over your name and address so openly !