It’s fun to think of everyone here working on a common goal. That’s not smarmy, I think it’s cool as hell!

Exempting yours truly, Lord knows the brain power is here. And talent.

You recounted the Rooster T Cockburn story about 4 years ago.

My brother/inlaw got a nigerian a few years ago and I warned him in detail about the scam. In spite of this he felt compelled to explore the offer. It never cost him any money but it wound up making him feel stupid and he still deals with constant harassment from emails and calls from scammers.

First, Rooster responded to a Nigerian scam email, from “Jon Kabila”, sounding a bit confused and querulous. In the course of a couple of tentative email exchanges, Rooster establishes that he’s wealthy and well-connected (names dropped included his nephew “W”, a “high government official”). When things got serious, Hamenegger enters, and develops a plan to fly the corporate jet to Lagos, Nigeria by way of Baghdad (cover story is checking on reconstruction contracts, emergency landing on the return), drop off the million bucks in “expenses”, and pick up the treasure chest of gold.

I created a Web site for “Petrocock Industries”, complete with a private work area for projects like this. I gave the scammer “Jon” an account, and he went there to pick up documents like the PDF plan for the trip, and other props like a map.

The map was particularly mean on my part. I knew that Jon was often using an expensive satellite connection, and I created this huge map, hundreds of megabytes, just an ordinary map graphic enlarged 10X. I think I cost him some real bucks on that one.

Near the end, I added a new character, an up-and-coming Nigerian kid trying to horn in on the deal. I had him contact Jon on the sly, and those two were starting to develop a mentoring relationship, with Jon critiquing his work.

The endgame came when Jon logged in to the Petrocock site, to find a warning notice from Hamenegger to the other members of the project team that he’d just discovered that “Jon” was a scammer, and he was working with his contacts at Interpol to bust him. He said he’d cancelled Jon’s account on the site, so Jon was led to believe he’d gotten in to see this message by mistake…and that there was still time to save his neck.

My last contact with Jon was an email to the interloping kid, saying he was leaving the country (I’d established he really was in Nigeria, and narrowed it down to one cybercafe), and didn’t know when he’d be back in touch.

The postscript is that a few months later, I read a news story about Interpol busting a Nigerian scammer hiding out in Ireland. The story was sketchy, but the few details suggested that this was indeed my “Jon Kabila”, and that I’d panicked him to the extent of fleeing to Ireland with his wife and kids.

He he he.

Did you read the comments? There was a self-referential irony: Quite a few people were so clueless they thought the solution was simply to block email from Nigeria…and one guy who billed himself as head of an anti-fraud group sounded more like an agitator egging them on. Maybe a scammer himself?

Anyway, got me to thinking about doing it again. And maybe this time more focused on developing, eventually, an automated (Eliza-grade “AI”) honey pot for pinning down AFF scammers (“honey pot”: see Winnie the Pooh).

My approach then was to continually send false identity clues, both explicit in the email, and contextual, like the “victim’s” own Web site and a random real estate listing establishing residence. Veracity and plausibility are everything in that game.

These scammers are uniquely vulnerable to this kind of thing, because, as the article points out, they don’t try that hard, and expect their victims to be stupid. Once you get inside their filter, you’re “proven” stupid and they’re not on guard as much. Scammers project weak false identity signals and can be snowed by strong false identity information.

One scammer is about all one person can handle in a mano-a-mano duel. To pin down a lot of scammers will require a team effort. You’d probably want each conversation carried on by one individual for consistency, conversations distributed among the team; and everybody provides support in building up backstories and creating “pocket lint”.

Over time you’d build a library of that material, including the conversations themselves, which can be mined for trigger keywords paired with standard responses. That’s necessary to achieve the WSJ’s goal of an automated honey pot system. I don’t see how you could start out cold designing such a thing from scratch. Better to observe reality and build automated assists over time (“press F6 to request a photo holding a sign”).

That’d be fun, wouldn’t it? Sounds like the sort of thing that might appeal to Zoners, especially at a time when the alternative is arid partisan politics. We already have the facility for the first part, it’d be a matter of getting organized.

Granted, the system as a whole has been shown to be quite robust, when compromised, it continues to operate, albeit at reduced efficiency. But the fact remains that it doesn’t take the resources of a government or giant corporation to mount an attack that can be devastating to the victim. Not only is protecting and repairing the system expensive, the capabilities lost while it is down could be critical. And the efforts of the attackers, often just adolescent amateurs, seem to have no trouble keeping up with the evolution of our defenses.

And yet, we continue to design our society to be more and more dependent on this technology, simply because it appears to be cheaper.
I don’t think it is. I just believe we are not properly taking into account the costs and potential costs. And I believe one day it will bite us in the ass big time.