Massively complicated but awesome idea

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Mon Apr 02, 2007 6:25 pm

Maybe a blonde girls question, however I downloaded it, including the gmail addy, but if I let it runnothing happens, e.g. I see no pop-up window, nothing, just the little green think in the right bottom, but I don't see neither notice anything.. can someone tell me how it works Embarassed

?

Master Baiter Joined: 05 Aug 2006 Posts: 213

what did you download ? and from where did you download it ?

please be a bit more clear and i just might be able to help you with this....

Posted: Mon Apr 02, 2007 7:04 pm

I downloaded the program from www.freepops.org (freepops.exe), then I downloaded the LUA file for Gmail.

I installed FreePOPS and when I 'open' it, even when I double click on the gmail addy as well, there just comes this little green floweriish thing in the right bottom. When I downloaded the gmail file it said something about asking the login name/password.

But so far no pop up or anything has shown, it looks like the program is doing nothing.

Maybe I'm just too a-electronic, but please, maybe you know more.

Posted: Mon Apr 02, 2007 7:22 pm

If a lad asks for ID, could this link into something like writejunk or a repository of files?

Would the AI be able to detect what type of file (ID / form etc) needs to be sent and then automatically pick that up from the library?

I've got absolutely no idea on how to do it, I'm just asking the question Laughing

Posted: Mon Apr 02, 2007 10:18 pm

Remember that sometimes the lad mails the same thing twice. For this reason I suggest (pseudocode)

Code:

Store new mails
Strip headers
Create MD5 hashes from the texts
Compare the hashes to find identical mails
If mail A equals mail B, ignore the first mail A.

If the lads are intelligent enough to understand how to exploit MD5's weaknesses, by all means let them (it will still mean that they are wasting their time with the bot).

Hashes can be created with md5 (1).

Posted: Mon Apr 02, 2007 11:31 pm

@pingu: I kinda assumed he would do that. Each baiter can generate their own list at http://www.fakenamegenerator.com/order.php. Is is quite snarky (whatever I mean by that...)

As far as duplicate mails, it shouldn't be an issue. You can do the comparison thing, oe you can make it only react to the lads last email, and reset when they send it.

Also, you always have the "i deleted all my emails, oops, who are you?" card. Best to hold that in reserve for the program getting REALLY confused, and probably better to just toss it to the baiter controller with a list of possibles, and a chooser.

And hey, whats the worst that can happen if you accidentally send the wrong reply to the wrong lad? Very Happy

Posted: Tue Apr 03, 2007 1:06 pm

Autobaiters are implemented and used by the experts. Though, unfortunatly not every baiter is admitted to one of them (e.g. me Sad

).

But for a start you can use my old method:

http://forum.419eater.com/forum/viewtopic.php?t=47031#393772

Its a bit complicated but you need zero programming skills. Very Happy

I had some good results with it, but it is a hell of work and I have more fun baiting them personally but using my own scripts.

Posted: Tue Apr 03, 2007 1:07 pm

IP Freely wrote:

http://www.fakenamegenerator.com/order.php.

404 � File Not Found
We're sorry, but the page you requested doesn't exist.

Posted: Tue Apr 03, 2007 2:28 pm

^^ Odd, it only works if you go there from th main page.

Hello I'm New here! Joined: 06 Nov 2004 Posts: 8

In regards to looking for similarity in email addresses when lads switch

nobody3 wrote:

this is going to be a bit difficult because there are just too many variations to take care of

This is where I think I can help out. If the email address is parsed, and the binary representation of the name (before the @) is used, a simple hamming distance in boolean n-space can return a measure of closest matches. A simple threshold function could be applied to this to detect whether or not the addy is close enough to be considered the same person. This gives us a way to tell the program that "arigatomrroboto" and "arigetomrroboto" are very similar.

As for the domain portion of the address, it should be considered separately, as this large a portion of the text string being changed will significantly affect hamming distance. I figure we either simply check to see if the only difference is the domain, or keep with the hamming distance method and build a simple feature detector (or rather a domain db) that represents the domain in as small a binary number as possible. Something like a single byte, so that (for example):
yahoo = 0000 0000
hotmail = 0000 0001
etc. . .

That way, the portion of the overall binary string represented by the domain is trivial when compared to the name portion. Keeping it in the final check shouldn't make much difference, but it is still able to tell that a change occurred, and if the name differs by an amount very close to threshold, this can push it over so that accidentally similar addresses are less likely to be returned.

Posted: Wed Apr 04, 2007 2:13 am

^^^^^
... what he said!

The domain is quite likely to be different though, but building a list of every email provider would be hard, so why not just toss everything after the @?

Master Baiter Joined: 05 Aug 2006 Posts: 213

dear mami : freepops is a program to download email from gmail in outlook / mozilla thunderbird or any pop3 email program.

the program is a service or server : meaning it has no user interface and when it is running there will be no indication on the screen that it is running

but if it running it will do its job of downloading the email and get the mail from gmail to outlook ( or whatever pop3 program you are using )

the only way to know if this program is running to go to the command prompt and type

telnet 127.0.0.1 2000

if you need any help about this pm me i would be glad to help you with this : if you want to download mail using outlook then you can just enable pop3 in gmail settings and be done with it but if you want to see how this thing works pm me i willl help you as much as possible....

Master Baiter Joined: 05 Aug 2006 Posts: 213

Pingu:

Quote:

if a lad asks for ID, could this link into something like writejunk or a repository of files?

you just gave me a pretty good idea.... i am going to send them all the writejunk files with jpg extensions.

Quote:

Would the AI be able to detect what type of file (ID / form etc) needs to be sent and then automatically pick that up from the library?

there is nothing to detect - just make a writejunk file and send it on it way.

Quote:

I've got absolutely no idea on how to do it, I'm just asking the question

well you did not just ask me a question you just gave me a good idea - thanks for pointing this out

Master Baiter Joined: 05 Aug 2006 Posts: 213

Tricia:

Quote:

Remember that sometimes the lad mails the same thing twice. For this reason I suggest storing and comparing md5 sums of the email

calculating md5 will require quite a bit of cpu power and storing all the email will require quite a bit of disk space - if you see page one you will find my requirements.

6. should be light on disk usage
7. should be light of cpu usage

and it will server no purpose that to detect duplicate email - so i think making the bot respond 2 time to the same mail will not make any *huge* difference to the mugu but will save quite a bit of cpu power and disk space

this is a tradeoff but right now i am not in the favor of detecting duplicate email.

IP Freely:

Quote:

As far as duplicate mails, it shouldn't be an issue. You can do the comparison thing, oe you can make it only react to the lads last email, and reset when they send it.

And hey, whats the worst that can happen if you accidentally send the wrong reply to the wrong lad?

it will work, duplicate email is never a problem.... Twisted Evil

Master Baiter Joined: 05 Aug 2006 Posts: 213

SenorBaits:

Quote:

the portion of the overall binary string represented by the domain is trivial when compared to the name portion. Keeping it in the final check shouldn't make much difference, but it is still able to tell that a change occurred, and if the name differs by an amount very close to threshold, this can push it over so that accidentally similar addresses are less likely to be returned.

doing all this exotic binary stuff will add only one capability to the autobaiter : be able to detect changed email addresses.

if the mugu has to communicate with the autobaiter then they have to put their email address somewhere in the email, my solution is just scan the email for email addresses and send them an opening salvo - regardless of where they come from...

i want to do this after i get the basic responses working i will add this to the to do list.

^^^^^
... what he said!

IP Freely

Quote:

The domain is quite likely to be different though, but building a list of every email provider would be hard, so why not just toss everything after the @?

yep another good idea - how do you make sure that there are not different mugus with different names ?

maybe by using a some kind of keywork in the responce ....

Posted: Thu Apr 05, 2007 4:12 am

You don't have to put TOO much thought into this... think about 100 baits at once, not trying to do each one perfectly. So what if it mixes up two mugus? You could put order of preference in, come to thing of it.

If the mugu has an email in the first few mails, use that. If not, reply. After a certain number, lock it on reply, and account for account closings/switches.

They WILL contact you out of the blue from "banks" or barristers or whatnot. It takes ME a few moments to figure out who the hell each one is, and I've screwed it up once. That's probably a big hurdle. You could simply ASK them for the email address of the original guy (in a randomized fashion) and then use that email to link the two. Or give the original a keyword to "tell to" the barrister. And hope they don't misspell it.

If the autobaiter is used to generate off-script scammers, you could them simply dump everything that's linked together to the baiter when they request it. If not dmping for a baiter, you will need to deal with saying "i'm still dealing with him" to the original guy while you pound the bank with meaningless crap.

You're not going to use the mugu name in each response, I don't, and there's no real reason to. Building it in couldn't hurt though.

Heck, make a 1/100 chance of sending them a paragraph or three of utter gibberish that SOUNDs like instructions, requests, and (random) information all rolled into one- like one of those letter generators in a mugu version. Extra module if you get bored later. Very Happy

Posted: Thu Apr 05, 2007 4:16 am

I would like to categorically state that very little that has been said in this thread makes sense to me. I am shamefully ignorant in the programming dept.

But it sounds good!

Posted: Thu Apr 05, 2007 6:39 am

JJ, that's when you learn the most !

What I have been doing lately is running my baits like an autobaiter might work, to see what insights I can derive from this action. Like all big programs, you break the project into smaller tasks that can be done by the computer. I have been sending only responses that have been already written and I select an appropriate response, cut and paste it and send it. In the thread from 1.5 years ago where e6ffdyr0 was working on a similar project, He posted some scripts that were compelling enough to generate effort consuming responses, but vague enough in details to avoid suspicion. Remember, straight baiting consumes the most time from the scammers and also, happens to be the easiest to do. Maybe one of the most important goals of the autobaiter should be to AVOID SUSPICION. So much that it should know when to drop the scammer so that it has a better chance of re-hooking the scammer later as a different character. Given the choice between taking a certain scam bait to a dramatic conclusion versus taking the scammer so far, then dropping the scammer so that he can be re-engaged again, it would choose to drop and re-engage. What's the difference, wasting a scammers' time on one bait, or wasting a scammers time on many different baits? Well, for one, different baits will require the scammer to have to remember so much more information, so the latter scenario may cause more hardship. The longer baits will cause the scammer to have more emotional investment therefore causing more scammer punishment, so that's some points to ponder.

One big thing I learned from programming in the industrial sector is to not let the capabilities of the computers divert the programmer from the goal - usually to get the project finished profitably. Think using lookup tables instead of complex formulas. I'm still seeking advice on what language I should learn to build an autobaiter.

Posted: Thu Apr 05, 2007 11:15 am

Actually, in straight baits, the computer program has the capability to outperform the human. It can be more patient. LOL

Baiting Guru Joined: 04 Jan 2006 Posts: 3193

Herb Sewell wrote:

I'm still seeking advice on what language I should learn to build an autobaiter.

I'd vote Python. It's a nice language, has a good email API available and is platform independent.

Hello I'm New here! Joined: 06 Nov 2004 Posts: 8

All the "exotic binary stuff" is really not cpu or code intensive. My preferred method of implementing this kind of thing is ASM, so it is a little more code intensive, but could be built into a library easily, so. . .

Also, the reason I kept the domain in my proposal is so that changes could be detected, regardless of whether or not it is just the domain. Just good to know that a change occurred.

And finally, to address the concern about creating a db with all potential domains, I figure it is probabally good enough for government work to just include the most common ones (i.e. yahoo.co.uk, hotmail, etc.) and use a single string as a catch all for the rest. This means that if they skip from one obscure domain to another, it won't detect it, but as I said - Good enough for government work.

On the other hand, this is all suggestion, take it or leave it.

Posted: Thu Apr 05, 2007 5:13 pm

Just a quick note on this idea....

The Howard Stern show here in the States is notorius for using fake phone calls. They use bits of pieces of legitimate conversations that have been recorded for their radio show. But, they cut them up into short sound bytes. When they would prank call someone, they would use these sound bytes, but they wouldn't really care what the other person was saying.

Surprisingly, this worked QUITE effectively. The other person didn't realize they were talking to a recording and would pick up their end of the conversation as if the recording was actually speaking to them.

SO:
For this automatic scam bait project, you wouldn't have to worry too much about the program picking up on certain phrases. You could have like 4 or 5 scenarios built in. It could just randomly pick one. Then, start sending emails regarding this scenario.

It could have questions built in, but never care about the answers.

"Did you meet with Mr. So-and-so like I requested? Don't forget I'll need you to send me your bank account information soon, so I can start the money transfer."

"I told you last time that we would only speak when I had time. Don't bother me now."

"Why haven't I heard from you? You were supposed to send me copies of your deceased brother's birth certificate so my company could sponsor his funeral costs."

"Where is my pickle sandwich? I was hoping you and I could meet in Canada when you have a chance. Would you be interested in just doing a cash transfer then?"

"I told you not to use this email address. If my employees found out, they would want in on this inheritance money. I cannot afford that. Why don't you give me your phone number so I can call you when I'm not at work?"

Etc.

Whatever scam-reverse you want to try. As long as the computer asks random questions, it will probably keep the guy going for a while. And just set it up to send a random email at random intervals (like once every 4-8 days).

If you have ever heard of these "prank calls" then you know exactly what I'm talking about and know that they are extremely effective at times.

Hello I'm New here! Joined: 08 Apr 2007 Posts: 6

One issue I've seen discussed is how to distinguish WHICH scammer the autobaiter is dealing with. Trying to distinguish based on the scammers email address is tough, if they change address.

Why not distinguish based on the victim's email address? The baiterbot could generate and use a unique email ID for each baiting. The scammer, no matter how often they change identity and/or email address, would always send to the same victim.

Where to get so many email addresses? The baiterbot could be hosted on a website set up to resemble a free email host. However, the signup page would say 'sorry, due to popular demand, we are not accepting new accounts at this time. We are now upgrading our infrastructure. Please come back in a few months time!'

Just my 2c.

Posted: Wed Apr 11, 2007 9:02 am

Instead off trying to have a long conference with the scammer, and wasting his time,
you could also use freepops, to send xxx reply�s using multiple email-accounts,
and every reply a little different.
(can you explain how WU works?, Wow i�m interested, Who are you?, very long going nowhere story )

This way,
A) The scammer has something to read (wasting time)
B) He has to guess, what are the real victim's emails and the autobaiter.
(and maybe losing real victims this way)

Posted: Wed Apr 11, 2007 9:09 am

The original poster seems to have disappeared....... I have looked into the python language, just waiting to pull the trigger and do it myself.

Massively complicated but awesome idea	View next topic View previous topic