He’s a Russian Spy

Here’s a brilliant bit of music that deserves a bigger audience.

Shot in Liverpool, Exmoor and Berlin. The song is performed by There’ll Always Be Diseases (TAB-D) and is available as a download single. The video features Boz Hayward, (who wrote the song in January 1979 when he was a 13 year old school boy punk) and a few of his old friends on a reunion in May 2015. More info on russianspy.co.uk

Posted in music, youtube

Welcome to the spam factory

ur1-sms
Does this text message look familiar to you?

Been involved in a car accident in the last 3 years that was not your fault? Then you can claim compensation, to find out how much click www.ur1.click/********

I routinely forward messages like this to 7726 (which spells out “SPAM” on the phone keypad) in the hope that the mobile phone operator will do something to stop it. It never seems to be particularly effective, though. The same old URLs like www.accidentinjuryclaim.so seem to keep cropping up no matter what.

However, ur1.click was new to me. According to whois, the domain is registered in Panama, and its IP address (104.219.250.52) is assigned to a US web host called Namecheap.

I decided to have a quick poke around on their web server, and discovered that the spammers are publishing a lot more information than they probably intended to — all their spam messages and phone number lists are publicly accessible. I don’t want to link directly to this content, but I can tell you that it includes dozens of CSV files containing many thousands of UK mobile phone numbers.

Inside the spam server:

Here’s an excerpt from one of these CSV files (with some digits replaced with asterisks):

79663840**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b94** or to optout reply STOP"
77531043**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b93** or to optout reply STOP"
79806446**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b92** or to optout reply STOP"
75530413**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b92** or to optout reply STOP"
74192985**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b91** or to optout reply STOP"
75405329**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b90** or to optout reply STOP"
74053775**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b90** or to optout reply STOP"
79444301**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b8f** or to optout reply STOP"
74321371**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b8f** or to optout reply STOP"
75438700**,"Is your debt causing you stress and anxiety? For expert advice on managing your debt visit www.ur1.click/767b8e** or to optout reply STOP"

The digits at the start of each line are the phone numbers that these messages were sent to, without the initial zero. (I searched for my own number in these files, and sure enough it was listed there next to the message I’d received earlier.) There were over a quarter of a million more records in the file shown above. Another file contained messages for 764,532 numbers, promising each and every one of them £2886.21 “for the accident you had”. That amounts to a grand total of £2.2 billion in unclaimed compensation payouts. Yeah, right.

As you probably guessed already, anyone who follows one of these ur1.click links will be redirected to another site. After following the first link in each CSV file, I obtained this list of target domains:

claim4pi.com (192.64.116.30)
claimpinow.com (192.64.116.30)
energysaver.deals (162.213.255.133)
freedebttoday.com (162.213.250.36)
injury.center (199.188.206.216)
injuryaid4u.com (192.64.118.154)
reviewteam.info (111.90.147.108)
solarsaver.today (162.213.255.134)
urclaim4ppi.com (192.64.116.30)

The domain reviewteam.info is hosted in Malaysia somewhere, but all the others are hosted by … surprise, surprise … Namecheap. So Namecheap are not only hosting a rather large SMS spamming enterprise, but are also hosting most of the websites that are promoted by this spam.

I emailed Namecheap’s abuse contact about this three days ago, but nobody replied and nothing has been done. So I can only assume that Namecheap are perfectly happy to continue supporting their spammy clients.

Conclusions

  • If you get a text message containing a link to www.ur1.click, forward the message to 7726. Don’t follow the link.
  • Avoid these domains:
    • claim4pi.com
    • claimpinow.com
    • energysaver.deals
    • freedebttoday.com
    • injury.center
    • injuryaid4u.com
    • reviewteam.info
    • solarsaver.today
    • urclaim4ppi.com
  • Don’t host your website with Namecheap. Find somewhere reputable.
Posted in rant Tagged with:

Tom Harper defending his journalism on CNN

Last weekend, an article by Tom Harper, Richard Kerbaj and Tim Shipman in the Sunday Times alleged that files leaked by Edward Snowden had been decrypted by the Russians and Chinese, endangering the lives of Mi6 agents in those countries.

When asked to back up his claims in an interview with George Howell on CNN, Harper basically admitted that there was no evidence to support any of the claims they had made, and that they were simply reporting what they had been told by the British government.

But if this is the government’s official position, then why did they need to use “anonymous sources”? Why aren’t there any ministers queuing up to validate the claims made in this article?

Here’s the original CNN interview. I’ve put together an executive summary, which you can watch here:

Posted in rant, youtube Tagged with: , ,

Noli Timere Messorem

Noli Timere Messorem

Don’t fear the reaper

Posted in Uncategorized

3D noughts and crosses

3D Noughts and Crosses

Old-school computer (Javier Carcamo, CC BY-NC-SA 2.0)

Long ago (back in the 80’s), my school had a couple of Research Machines 380Z computers for us to play around on. These things had about as much processing power as your average modern-day wristwatch, but were great fun nonetheless. In particular, I remember spending a lot of time playing a 3D noughts and crosses* game that was quite tricky to beat despite being programmed in BASIC.

More recently, I discovered that the entire contents of the floppy disk containing this game (plus a bunch of other demo programs) can be downloaded from rml380z.org. Since I don’t have a 380Z to run this software, I decided to resurrect the code by porting it to C.

You can now try it out yourself via telnet. Just follow this link. If that doesn’t work, open a command line terminal and type in the following:

telnet justmyl.uk 20312

(If you’re using Windows and you need help getting telnet working, try asking Google.)

Here’s a link to the original BASIC program.

* Or “tic tac toe”, if you must.


Footnote: In 1980, a computer scientist called Oren Patashnik used 1500 hours of computer time to prove that there is a perfect winning strategy for the first player in 4×4×4 noughts and crosses. But don’t worry; the 380Z game isn’t quite that sophisticated.

Posted in fun stuff, hacks Tagged with: , ,

3D panoramas from Mars

Flickr user Moe_Ali has been using photos taken by the Curiosity Rover to create 3D images that work with red-blue 3D goggles. They’re really quite good, but don’t bother trying to view the example shown below; click through to the original high resolution images on Flickr and get your ass to Mars.

Mars Curiosity Rover - 3D Panorama - Sol 709

Posted in fun stuff Tagged with: , ,

The mathematical arse

Stack Exchange user mikuszefski has come up with a parametric formula for plotting rather nice arses in three dimensions. Take a look at this:

buttocks

Apparently it doesn’t look so good from the other side, but I don’t have Mathematica so am unable to verify. Here’s the formula:

buttock formula

(Images licensed under cc by-sa 3.0.)

Posted in fun stuff, graphics, StackExchange Tagged with: ,

Solution to the Turing competition

Enigma close-up

Last month I mentioned a codebreaking puzzle tied in with the release of the new film about Alan Turing. The competition has just closed, but you might still be able to find it online if you feel like having a go.

If you want to know how to solve the puzzle, read on…

Read more ›

Posted in cryptography Tagged with: ,

Breaking a robot out of jail

A company called Double Robotics makes “telepresence robots”, which are basically mobile iPads that remote workers can use to give themselves a “virtual presence” in an office many miles away.

Their website includes a “test drive” feature where you can control one of these things through your own web browser. The test drive robot is normally confined to a single room, but someone figured out how to open the door with it and escape.

This whole story may just be a marketing ploy by Double Robotics, but it’s very entertaining.

Posted in fun stuff, youtube

Experiment 60713/B

This was the runner-up in the DepicT! short film competition back in 1999. I think it deserves another airing :-)

It was made by Tom Baxandall and Alan Gardener. Tom went into advertising, and appears to have made several ads with a similar theme, like this one for cranberry juice. I have no idea what became of Alan. Found him: alangardner.co.uk


Posted in youtube Tagged with: ,