Interesting story -
New York Times columnist says someone is using his IP address to download kiddie pr0n.
NYT‘s Paul Krugman Says Hacker Downloaded ‘Child Pornography’ Using His IP Address
By Caleb EcarmaJan 8th, 2020, 4:01 pm, Mediaite.
OK, if real, that could be a very serious attack vector on a victim, given the international cooperation of law enforcement to shut down that category of illegal content, and the harsh punishment given those who are convicted.
So, how might this work?
First, the attacker has to discover the victims IP address. Maybe from an e-mail header?
Once the IP address is known, send a GET command or an ftp command to the illicit server, spoofing the source IP address.
If successful, that should send the requested content to the target box.
So, how did Krugman find out it is happening, causing him to contact his ISP/
Maybe seeing unsolicited files arriving, adn being shocked when he opened one?
Craig
Very troubling. This is the worst type of crime and immorality.
@DHerrmann wrote:Very troubling. This is the worst type of crime and immorality.
But reporting on this item shows that there is a bit of skepticism about whether Krugman is telling an accurate tale. The twitterers, in particular, has been less than sympathetic to him.
Terrifying to be certain. This is an excellent (terrible?) example of why guest wireless needs to be heavily controlled and keys frequently cycled, both in corporate and home settings.
Another possibility is a VPN service that is essentially acting like a P2P exit node for other VPN users. https://www.pcworld.com/article/2928340/ultra-popular-hola-vpn-extension-sold-your-bandwidth-for-use...
This is one example of a VPN doing something shady, but it isn't a stretch to think of other providers doing similar things. In this way, a provider wouldn't necessarily need a large bandwidth pool to serve all it's users, it would simply use all the other customers to randomize traffic (i.e. per-flow load balancing). This is arguably a more terrifying possibility, as you are expecting privacy from the provider, but depending on how it is implemented, you may not receive this privacy and in fact end up suspected of such activities based on connecting through an IP that has had suspicious traffic on it.
I think the key takeaway here is there will be much more to this story than has been shared (or discovered), and there is perhaps more this individual could be doing to protect themselves.
Well, some wisdom and experience is finally getting to the top. NY Times has an article that gives a much better picture.
Apparently Krugman did not find pr0n on his computer, nor was he covering up for someone discovering pr0n on it.
He was reacting to a phishing phone call or email!
He fell for it and got burned.
Here is the NYT story:
Nobel laureate Paul Krugman said he likely fell for a phishing scam. Here's how phishing scams work ...
Aaron Holmes Jan 9, 2020, 9:56 AM
For added fun, here is an arstechnica take on the story:
Paul Krugman’s no good, very bad Internet day
Claims "security team" told him his IP address was downloading child pr0n, got blockchain spam.
SEAN GALLAGHER - 1/9/2020, 10:19 AM
Poor Paul was apparently taken for a ride.
Well, being smart enough for a Pulitzer does not mean you are immune from con games and scammer.
Plus, his analytical skills may fail him once in a while. After all, check what his predictions for the US economy were in late 2016 and early 2017. That didn't work out, either.
Dangit, the forum nanny-wordprocessor caught me using the real word for pr0n again!
Craig
@CraginS wrote:Well, some wisdom and experience is finally getting to the top. NY Times has an article that gives a much better picture.
Apparently Krugman did not find pr0n on his computer, nor was he covering up for someone discovering pr0n on it.
He was reacting to a phishing phone call or email!
He fell for it and got burned.
Here is the NYT story:
Nobel laureate Paul Krugman said he likely fell for a phishing scam. Here's how phishing scams work ...
Aaron Holmes Jan 9, 2020, 9:56 AM
For added fun, here is an arstechnica take on the story:
Paul Krugman’s no good, very bad Internet day
Claims "security team" told him his IP address was downloading child pr0n, got blockchain spam.SEAN GALLAGHER - 1/9/2020, 10:19 AM
Poor Paul was apparently taken for a ride.
Well, being smart enough for a Pulitzer does not mean you are immune from con games and scammer.
Plus, his analytical skills may fail him once in a while. After all, check what his predictions for the US economy were in late 2016 and early 2017. That didn't work out, either.
Dangit, the forum nanny-wordprocessor caught me using the real word for pr0n again!
Craig
I was going to write that this is exactly what happened to several seniors and workers in our organization.
It is very easy to dump material onto your computer without your knowledge if you click on a link in an email. You have absolutely no idea what is happening behind the scenes, as you don't usually when intelligent styled malicious code is downloaded to your computer as well (unless of course you are a tech savvy person who has more protection software than normal on your computer, and even then...).
It doesn't have to be a link in an email as well, it can be a web site you visit that has malicious code installed in an add window or the site itself. These are simple and do not need your IP address (although that's easy to steal unless you are using a proxy).
Smart does not mean immune to stupidity.