I’ve been looking for new contracts through Kijiji and Craigslist, and while following up leads have been approached by quite a well organized group of scammers. In this article, I’m going to go through the way they operated, the warning flags and the eventual smackdown of them when I got tired of dealing with their nonsense.
The first contact was a job posting for “administrative assistant”, requesting resumes. I sent mine, and got an email back (sent several times) from an address registered at hotmail.
Dear Employee (Personal Assistant)
Your email is recorded.I explained to you via email job description,hours and lot more but again here is the details.
You will be working with my Boss James Scott who will be arriving location in few days but before he arrives you will pay for his hotel and also hire a car,he will drive himself.
So payment you got is for the purpose,deposit payment in your bank and wait 3-4 days to clear,when it clears you will then take care of hotel.
I WILL OFFER THE FOLLOWING COMPENSATION:
(1) Weekly pay $350 for 2 hours daily (Monday – Friday)= 10 hours weekly
(2) Tips comes regularly
(3) Will keep up to my salary payment even before the week ruins out
UPFRONT DUTIES:
1.deposit payment
2. Pay for hotel and car hire service
3.You will take off $350 when funds clear for your weekly pay.
4.Download a yahoo or msn messenger and add me on (mary.mac1@live.com) so we can chat for more directives.
Contact me when payment is deposited.
Mary
A couple of things to note here. First of which, this came from a yahoo address (personalasstmary@att.net – yahoo run the att.net email system) and it directs the victim to contact a hotmail (live.com) address. It also asks for the person to add them to a messenger program, because instant messengers work faster and are less trackable.
Initially I ignored this message, so it wasn’t long before another one appeared, again from att.net:
Dear Employee (Personal Assistant)
Your email is recorded.I explained to you via email job description,hours and lot more but again here is the details.
You will be working with my Boss James Scott who will be arriving location in few days but before he arrives you will pay for his hotel and also hire a car,he will drive himself.
So payment you got is for the purpose,deposit payment in your bank and wait 3-4 days to clear,when it clears you will then take care of hotel.
I WILL OFFER THE FOLLOWING COMPENSATION:
(1) Weekly pay $350 for 2 hours daily (Monday – Friday)= 10 hours weekly
(2) Tips comes regularly
(3) Will keep up to my salary payment even before the week ruins out
UPFRONT DUTIES:
1.deposit payment
2. Pay for hotel and car hire service
3.You will take off $350 when funds clear for your weekly pay.
4.Download a yahoo or msn messenger and add me on (mary.mac1@live.com) so we can chat for more directives.
Contact me when payment is deposited.
Mary
I ignored this one too. Then came the most plausible part of the scam. A check arrived in the post, posted from a residential address in Toronto. The check, as you can see, looks quite authentic (I’ve added the watermark to make sure nobody else tries to download and use this check):
A convincing looking check arrives in the post
Unfortunately the accompanying letter was less convincing:
APPROVAL LETTER
This is an approval letter to inform you that you have been approved to work with my Boss for 1 year, 2 hours weekly. We apologise [SIC] for the long delay.
Task: Verify the attached check, and contact MARY MAC at mary_mac1@live.com for more directives. Payment is for Hotel and Car hire. There are a few more tasks when JAMES SCOTT arrives at your location.
Thanks
Sandra Goaty
Accounts
The accompanying letter had no signature.
So let’s look at red flags that result from this check:
- What company sends out $5,000 checks from a residential address?
- The signature on the check is clearly scanned, there’s distortion around it and around the amount and payee details
- At the top it says “This document has a colored background and microprinting”. There is no microprinting
I’m particularly amused that the letter instructs the victim to “verify the attached check” – there’s a reason for this; if you suspect the check to be a forgery (which it is) and you take it to the police, you’ve passed what’s called “Due Diligence” and thus have not been defrauded. As long as you didn’t deposit the check, no offense has been committed and the police are powerless to act. If you didn’t verify the check YOU have committed the offense because you’ve passed a forged check to the bank without due diligence. It’s a neat getout to the scammers.
However, once the victim has the check the scammers have to hurry, because if the victim does deposit the check, there’s only a limited amount of time before the bank discovers the forgery and reverses the transaction. Their aim is therefore to get as much real money sent back to them as quickly as possible, before the transaction is reversed.
So, as the letter asked for a hotel booking and car rental, I responded thus:
Dear Mary,
To confirm check number 1237 in the value of $4,900 arrived this morning. In order to proceed with bookings we will need to know the following information:
- FULL NAME that the car is to be booked in – the car hire company will also require a photocopy of the drivers license for insurance purposes. This license must be the same as is shown when picking the vehicle up
- Whether or not the vehicle is going to be returned to the same car hire point or whether it is on an A to B hire, and will be dropped at an approved dropoff point different to the pickup point
- Flight time, number and airport if appropriate
- Which hotel your boss wishes to stay at and the full name to be used in the booking.
Please furnish these details to continue.
Best regards,
Edward Sheldon
While the scammers pontificated, I ran some background checks just to be certain. As I had predicted, the background checks proved this payment to be a complete forgery. There is no Sandra Goaty or Mary Smith working for Compass Group Canada. Also, their address on the check is wrong, and their check numbering system is totally different.
Suddenly in the scammers next email, the flight isn’t booked, and the rental car isn’t needed:
* FULL NAME that the car is to be booked in – the car hire company will also require a photocopy of the drivers license for insurance purposes. This license must be the same as is shown when picking the vehicle up- DO NOT BOOK FOR A CAR ANYMORE,HE GOT OFFERS FROM A COMPANY ALREADY
* Whether or not the vehicle is going to be returned to the same car hire point or whether it is on an A to B hire, and will be dropped at an approved dropoff point different to the pickup point
* Flight time, number and airport if appropriate- NOT BOOK FLIGHT YET NOW
* Which hotel your boss wishes to stay at and the full name to be used in the booking.
SEND LIST6 OF 5 STAR HOTEL CLOSE TO YOU
QUESTIONS FOR YOU
HAVE YOU DEPOSITED PAYMENT
2.SELECT YOUR HOURS SO WE CAN WORK IT OUT HERE
3.ADD ME ON MSN CHAT, MARY.MAC1@LIVE.COM SO WE CAN CHAT
I AWAIT YOUR EMAIL
Note she STILL wants me to add her on a messenger. Emails are both time consuming, and can be traceable, and she doesn’t want to leave any bigger trail than necessary.
Even though I have no intention of banking the check, I claim that I have. I also knock on the head ANY chance of using a messenger:
1) Yes, there should be news from the bank on Wednesday or Thursday
2) Any time during normal business hours is good
3) We DO NOT USE instant messenger programs, including MSN. They are insecure and open to abuse by hacking or security loopholes.
Edward
This puts pressure on them, because if the check IS indeed in the clearance system, then this means that there’s only a limited amount of time until the bank discovers the fraud. They have to get the money quickly if the scam is to work.
So they go for the goal of the scam. I receive this email:
Hello
How are you and hope you okay. At this point your email is clear and Scott instruct me to inform you that you need to contct his fabric supplier and order 30kg of swedishlace fabrics
I am not sure if i inform you that he his opening a clothing line and needs orders
Have this done and inform me soon
her info is
NAME- THAMINA HAQUE
EMAIL- haquethamina@yahoo.se
contact her and inform her you are the assistant to James Scott and need to place order so you need price
Mary
Again, note how this new contact also is an anonymous email address, this time at Yahoo. I’m curious to find out how greedy the scammers are, so I send this email to the yahoo address given:
Dear Thamina,
We have been asked to approach you on behalf of James Scott and ask for a quotation for the following materials:
30kg Swedishlace Fabric
Please forward a link to your online catalog and ordering system.
Best regards,
Edward Sheldon
The reply is not long in coming:
Ref- 001
Here is Thamina Haque and from recommedation from Scott here is the price of your order plus insurance to Toronto will cost $4500
You will have to send payment to
Enamul Haque
Address- 43 normarz str
city- Farsta
State- Sweden
Country- Sweden
$4500 By western union
Contact me with details when sent,then you orders will be processed and delivered within 3 working days
I am sending copy of email to Scott our customer for years.
Thamina Haque
Wow! They want almost all of it back… or should I say, they want me to send them legitimately, the amount they pretended to send me. Note how they want payment by western union, which would involve the victim paying that amount in cash at a western union office. Once an amount is paid in cash, that cash is gone to the recipient. There is no chance of ever getting it back.
Note also that they quote a price in dollars. This I use to trip them up. I respond immediately:
Hi Thamina,
Please choose an alternative payment method. Western union is not a payment method we support.
Best regards,
Edward Sheldon
The reply is almost indignant, but contains a major flaw:
Ref-002
Due to country differences in currency we wont be able to use any means ONLY MONEY GRAM OR WESTERN UNION,so you can use money gram,check location around you.
When are we expecting payment so orders will be ready.
THIS IS THE WAY SCOTT ALWAYS SENT FUNDS TO US,CONFIRM FROM HIM
Thamina Haque
Waaaaait a minute… Differences in currency? What differences in currency? You quoted me in dollars, didn’t you? I respond, in a clearly suspicious tone:
What differences in currency? Your quotation requested payment in dollars, did it not?
I also write to “Mary Mac” and tell her I have a price, but I don’t tell her I’m suspicious of the western union part. The next reply from her was so bad my spam filter dumped it in junk mail and I didn’t find it till later:
Hello
I am aware that payment is delivered, The list of hotel must be sent to me for selection because my boss arrives few days to come.
he also PREFERS YOU CONTACT HIS FABRIC SUPPLIER VIA EMAIL- ( THAMINA HAQUE – EMAIL- haquethamina@yahoo.se )
Order for 30kg swedishlace fabric,find out cost and inform me here,she will be contacted too.
My boss so far appreciate your effort ,email me if you have any question and also deposit payment.
Lastly,Add me on chat messenger so we can chat some more very importantly ( mary.mac1@live.com)
Mary
Despite the earlier admonition that I don’t use messengers, there she goes again with the messenger thing. Showing some impatience, I respond:
Hello Mary,
I will reiterate: Messengers ARE NOT USED during work hours. It is not that I cannot add you, it’s that I won’t add you. The use of messengers during work hours is grounds for disciplinary action.
I have contacted Thamina, and I forwarded her quotation to you. However she seems a little mixed up over payment currencies, having given a quote in dollars she’s now asking for a different currency to be used, and hasn’t specified what currency yet.
Please let me know which airport your boss will be flying into, and the flight number, so that we can book appropriate hotels. There is no point in booking a hotel miles away from where he wants to be or where he’s landing as gas prices are prohibitively high and car rental companies charge by the kilometer if you go over the agreed distance allowance. Believe me, that can get VERY expensive – we want to do this right in order to minimize costs.
Payment was deposited Friday, it should be clear tomorrow or Thursday.
Edward
The flight’s a red herring. The hotels are a method of fishing for local information so that future scams will look more plausible. It’s always more plausible to appear to know what hotels are local, it gives the impression that they know the area because their staff travel there frequently. I’m not about to feed that. I’ve also now told her that there’s going to be a problem getting the money via western union. While I wait for her next move, I send off a quick email enquiry to Western Union asking if there’s any way they can put a notification on a fake transfer that the recipient is involved in fraud and needs to be arrested. Now they know they need to hurry – this last email in its subject header emphasized how the tasks contained therein were to be completed TODAY. If I had indeed banked the check last Friday, the hours are rapidly counting down until the bank would discover the fraud and reverse the payment.
After several hours, they respond again:
ref-004
i mean currency difference wont permit us to accept credit card or bank to bank transfer? we use swedish koran
The best option is western union or money gram since Scott want order within 3 days
Thamina Haque
This is looking weaker and weaker. For a start, they can’t spell “Krona” (the Swedish currency) correctly. Secondly, any international transfer of funds is handled by a bank in native currency. If you use, for example, paypal, to send money to Sweden, and the person in Sweden has their account registered to accept Swedish Krona, Paypal will translate it into Krona automatically (minus their cut, of course). It’s not that it can’t be done, it can – it’s that they don’t want it to be done. They want as much of the money being banded around as they can get.
Now sounding considerably pissed off, I respond (BCCing “Mary Mac” who is, of course, also “Thamina Haque”) with this:
1) What Swedish natiional mistakes their currency, the Krona with an Islamic holy book?
2) 4500 Swedish Krona is $630.66 according to paypal, who, incidentally, work in Canadian dollars, US Dollars and Swedish Krona. So which is it that you are wanting payment in? 4500 Swedish Krona ($630.66) or 4500 Canadian dollars (which works out at 31,895.43 Swedish Krona – a bit pricey for fabric, even given customs fees and international postage)
3) Paypal can guarantee a secured delivery to ANY email address within seconds, and you don’t even have to go to a receiving point to pick the money up. A Paypal payment is backed by one of the biggest international payment companies in the world.
Why are you insisting in payment by western union?
Edward
At this point I’m about to draw the scam to a close – it’s by now blatently clear they’re scam artists, I’ll allow them one more attempt to get hold of the nonexistent money before closing the net.
Before long, the response comes back:
Ref-005
We do not use paypal here and reason why we prefer money gram or western union is because it is realible and fast,bank to bank transfer takes 7 working days to get here from over sea company,so that not okay knowing that shippment must depart tommorrow
have a great night
Thamina Haque
The “have a great night” is another amusing touch, given that it would now be late evening in Sweden – another indicator that this isn’t actually a company.
So there we have it. Time to end this.
Well, it’s been fun folks, but now it’s time to end this scam. Fact is, I didn’t deposit your fraudulent check on Friday because it was a blatant forgery. Instead I took it to Detective Gajkowski of Waterloo Regional Police’s fraud squad. He’d very much like to talk to you, Mary or Thamina or whatever your real name is. Go on, call him, I dare you – 519 653 7700 extension 8375.
Credit where credit is due, that was quite a photoshop job on the check. But it’s still absent several security features, and gives the wrong address for the company it pretends to be issued by. Nontheless, I did conduct due diligence – after all, your own letter said “verify the attached check”. Well, I contacted the Compass Group and they’ve never heard of Sandra Goaty, your supposed accountant, or Mary Smith who supposedly signed the check.
But you still have a lot of mistakes in your little act. Cancelling the car was good, and nice try fishing for local information about hotels but that ain’t gonna wash either. Getting the Swedish currency mixed up was a bit of a giveaway, as was getting mixed up with the exchange rates. Also, not knowing how the international banking system works was another red flag.
So there we have it – nice try, but no prize. Go try scam someone else, your reverse check fraud isn’t going to work on me, even if it was fun to lead you on for a while. And it made great material for a blog article and further lectures to my students about things to look out for spotting this kind of fraud.
Have a nice life. Losers.
I don’t expect to hear from them again, but I’ll update this post if I do.
I received a call today from a rather worried lady who had a laptop where the hard drive was reporting imminent failure. She’d approached Best Buy about a repair, and they had quoted her over $300.
This didn’t seem at all right to me. New hard drives of the size hers was (she had a 160Gb) for laptops come in at around $60. Over $240 for an engineering fee seemed absolutely outrageous. So I asked a few more pertinent questions, and the con was revealed.
When she bought the laptop, just over 16 months ago, it came with Windows Vista on it. Best Buy’s “solution” was to basically take the failing hard drive out and bin it, replacing it with a new hard drive that would then lack an operating system. They had no intention of making any attempt whatsoever to migrate the data on the failing hard drive, so the extra money it turned out was for a brand new license of Windows 7.
So, they wanted over $300 for losing ALL the customers data and providing the customer with an operating system she didn’t want and she didn’t need.
This, to me, sums up what’s wrong with todays “computer repair” companies. They operate on a “get it in, perform the most convenient to the company fix, get it out, get paid” basis. They don’t care about the customer, all they want is the fee.
Now admittedly, it took Norton Ghost over five an a half hours to read the data off the failing hard drive, and another hour and a half to write it to the new drive – but that was mainly unsupervised work; leaving the computer that was reading the data alone to get the job done and only needing to do anything whenever an alert came up. But the point is, after that 7 hours the customer had a new hard drive which she’d paid for, and a reasonable engineering fee – and that’s all. She still had Vista, she still had all her documents and data, and essentially the computer is completely unchanged appearance and function-wise, other than having a larger amount of free space owing to her buying a 320Gb hard drive (which she decided to do since the price difference between 160Gb and 320Gb was only $10).
There’s no excuse for pushing customers into such expensive and unnecessary repairs in their hour of need – none whatsoever. It’s like taking a car in for a puncture repair and selling someone a new axle. It’s dishonest trading, and there’s no reason why anyone should have to put up with it. Bad show, Best Buy, bad show!
So we get a computer in that’s just under 3 years old. It has a habit of shutting itself off unexpectedly. I’ve met this problem before, and it can be a pain to diagnose, but downloading a nice little diagnostic tool showed me straight away where the problem was. The core temperature (the temperature the CPU runs at) was around 22°C when the machine was idling, which is normal, but the second you tried to run anything the temperature went up… and up… and up. When it hit 82°C – well into the danger zone for a CPU – it shut off completely.
There is an easy solution to that. Replace the heatsink fan that sits on top of the CPU with something that has a bit more muscle. As the machine was going to be used mainly for gaming from now on, I chose a good quality, reasonably priced fan that would draw off as much heat as possible. Got home, assembled it, installed it…
And the problems began.
First of all, the machine wouldn’t start. It claimed the CPU heatsink fan had failed (which we could see wasn’t the case, even though the fan was only spinning relatively slowly). This was a BIOS message, there was no way to get around it other than to plug the old fan in until the computer had passed the initial tests, then unplug the old fan and plug in the new fan while it was loading Windows. The second crappy cheap part was the BIOS, an abhorrent Phoenix bios that shows you as little as possible and lets you actually control and set the options for even less. This was not helped by a contradictory article on the manufacturers website that claimed it was possible to disable the heatsink fan detection by going into the BIOS when in fact the crappy BIOS didn’t have that option at all. This check is also carried out when the machine wakes from sleep mode as well, so we not only have to leave it on all the time but also disable its power saving functions to avoid it claiming the fan doesn’t work when it does.
Finally we discover after several hours of fruitless being disconnected by the less than helpful live chat staff, that the third crappy part is the most important part of all – the power supply. It can drive the bits the machine came with – just about – but add anything else and the power supply can’t cope. It’s only rated at 220w, so even adding a second hard drive will put a strain on it that will likely burn it out rapidly. The BIOS detection message is coming up because the heatsink fan, being a heavy duty gaming fan, requires a bit of oomph from the power supply. It’s made more for a gaming machine with a 450w or above power supply, not the few-dollars-cheaper 220w supply the machine came with.
And the worst part about this? The machine still cost around $100 MORE than I could have built a machine from parts that had the same CPU, same level of memory, same sized hard drive but a much more powerful power supply capable of further expansion. For $80 less than this machine costs I could have built a comparable one with a 650w power supply, more powerful graphics card and full expandability.
What was the manufacturer’s response? “We no longer support your machine because you fitted a third party fan rather than send it back to us (out of warranty) so we could put a new crappy little fan in it that probably wouldn’t do the job but would make us a lot of money.”
Shame on you, Hewlett Packard! Shame on you for creating the Pavilion 6100n as a substandard machine made of substandard parts with no intention of permitting future expansion without ripping out almost half of the machine and replacing it. You should know better. It’s not worth making an extra $100 profit on one machine by building it out of substandard bits, only to have the end user do exactly what they’ve done in this case: say “I’m never buying one of THESE again, they’re crap!”
And while I might disagree with some people giving up on machines too quickly, I have to say this consumer is entirely justified in calling it crap. I call it crap too. Very expensive crap. It’s about time machine manufacturers woke up to the fact that if you build in obsolescence to your machines, you’re going to lose your customers pretty damn quick.
Well, that was a travesty.
It all started when the defendant decided to be brutally honest and say that he used KaZaA to download files. He made a huge mistake and agreed that he distributed them too.
As I’ve already said, it IS possible to install KaZaA and not actually distribute anything. It’s possible to restrict access to the shared folder without any third party software. This works because the way a directory listing is read is not the same form of access as actually reading the files. You can have access to view a folder but not access to read the files within the folder. With the correct set up, it’s entirely possible for KaZaA to see – and serve the list of – the contents of a folder, but not to be able to send the contents of the folder to anyone, as in effect anyone accessing the filesystem through KaZaA has guest access privileges, and if the guest account can’t share the folder then nobody can request a file. The actual KaZaA program has system access privileges to read the folder contents, which can be different from the guest account access privileges.
So, as soon as he admitted to this, the judge decided to instruct the jury to find him liable, despite the fact that up to that point the plaintiff hadn’t presented anywhere near enough evidence to prove liability. Of course, in an appeal, the plaintiffs will grab hold of this admission which could cause an appeal to fail too. This is unfortunately not the first time I’ve seen someone open their mouth in court and say too much. He should have admitted to using the program, no more than that, and said that it was up to the plaintiffs to prove anything was actually downloaded from him (since they’d already effectively admitted they couldn’t.)
So damages wise it’s not as bad as it could be, it’s less than a million, but it’s still going to drive him into bankruptcy. Result for the RIAA, travesty for the rest of us.
I really wish that the judges in these cases were a lot better at finding someone who was not only tech-savvy but good at explaining in laymans terms what goes on with these programs. Using KaZaA – or in fact ANY P2P program – does not necessarily automatically equate to full file sharing.
But those who really know what they’re doing don’t bother with P2P anyway – it’s slow, it’s inefficient and it’s insecure, and there are far more efficient, faster and safer ways to transfer files.
The world is great. The RIAA and its associated music companies make the world great by the service that they provide, expensive as it is to them to provide it. The ONLY thing that isn’t great is pirates who cost the music industry it’s metaphoric arms and legs in lost revenue and legal costs. People like the defendant.
Just look at the testimony of Dr Jacobson, the music industry’s P2P expert who testified today in Sony BMG vs Tenenbaum. Dr Jacobson has never EVER been spoofed or rickrolled in all his internet life. His has been the textbook perfect internet life, no faulty software, no physhing, no rickrolling… the only fly in the ointment being P2P illegal music sharers, just ganging up to force him to download copyrighted music. People like the defendant.
Dr Jacobson did not, or could not, correct yesterday’s bombshell that there was no actual proof the defendant had at any time had a single file downloaded from him, and thus had committed the offenses the plaintiffs claim.
His opinion was based on the evidence that MediaSentry was able to start the download of 1000+ files and collect MetaData and successfully continue the download for a subset of these files.
Source
Now, there’s something wrong here to my mind. Yesterday’s testimony by Chris Conelly specifically stated that he’d tried and failed to start downloads of songs from the defendant’s computer. So something’s not right here. Either Media Sentry WAS able to “start the download” in which case Chris Conelly’s testimony is a lie (and thus purgery) or they were not in which case his opinion isn’t worth anything since it’s not accurate. And if it’s not accurate, why should the jury believe any other part of his opinion? Of course, the fact that he was paid $9,000 for his opinion in this case shouldn’t hint that he might be biased in the plaintiff’s favor. Absolutely not. Even though he estimated he worked between 40 and 50 hours at a $200/hr rate. Nothing to do with why his opinion might possibly be inaccurate.
Other highlights of his “expert opinion”:
* There were two registry files which could not be opened, which he indicated was evidence that they were attempted to be deleted.
What a load of cobblers. There can be any reason why a registry file can’t be opened, but one of the most common is that it’s in use by another application, and normally if it’s a registry file that other application is the core operating system of windows itself. Windows will not permit the accessing or deletion of such a “locked” file, but you boot with another operating system capable of reading NTFS drives, such as linux, and you can delete the file without a problem since Linux doesn’t read the activity flags that Windows sets up. Any professional wanting to delete ANY windows-made file would simply use a Linux boot disk or CD, and delete the file. If it was locked (which seems to be the case here, since the files were present but could not be opened) then it was either corrupt or already being used by a part of the operating system.
* The file sharing program LimeWire was on the machine, and he believed it to be operable.
* He found evidence of over 2700 music files in the C:\My Music folder which LimeWire was sharing, but that this folder itself had it some point been deleted.
Again, I have to say “So what?” Even if you could argue that Kazaa was installed, so what? That’s just hinting that the defendant COULD have shared files, it’s no proof that the defendant DID share files. As such, it doesn’t deserve to be given major weight because it’s circumstantial evidence of the ability to commit the offense, not actual evidence of the offense being committed.
* He was able to identify several songs that were once in the C:\My Music folder that were at issue in this case.
Again, so what? I might have those files on my hard disk. Doesn’t mean I’ve ever distributed them. I could have ripped them legitimately from CDs I owned. Again, this “evidence” is circumstancial at best, at worst inadmissible.
* He found several hundred exact matches to files in the C:\My Music folder that were being distributed by sublimeguy14@KaZaA
Here we’re back to his testimony conflicting with Chris Conelly’s testimony. Chris Connelly testified that he saw those files in the defendant’s list of available files, but couldn’t actually download them. On the occasions he was able to download those particular music files, his testimony was that they originated at a different computer than the defendant’s. Thus, the “were being distributed” is a misleading contradiction.
* He also found a My Music folder under Joel’s My Documents folder, which contained a similar folder structure and many of the files that were removed from the C:\My Music folder.
Again, so what? Again, this is circumstantial evidence of the possibility that things were in place for an offense to be committed. This is not evidence that an offense WAS committed, or that the defendant was the one committing the offense.
* He had formed the opinion based on the inconsistent meta data in the files he found during the forensic examination that they were downloaded and distributed on the internet.
Well of course he did. He then submitted his invoice for a cool nine thousand dollars which was duly paid. Naturally that has absolutely NO bearing on why he formed that opinion. Absolutely not. *cough*
Dr. Jacobson was then asked why MediaSentry only downloaded 7 of the files they found in the shared folder. He stated that it would have been infeasible to download them all, because it would have taken a long period of time. He was asked that for the remainder of the files it would be impossible to know if they were the sound files they stated they were or not, because there was no underlying file. Dr. Jacobson agreed that an audio comparison could not be made, but that it was still his opinion that all of the remaining files were present for distribution.
Hang on a moment! Didn’t Chris Conelly admit under oath that the songs he downloaded did not start from the defendant’s computer? I use Blizzard’s background downloader – which is a p2p program – to download my World of Warcraft updates, but they seldom if ever use the same machines. Surely if the plaintiff is alleging that the defendant distributed music files, that means that he distributed the entire music file. If he distributed the entire music file, then he broke the law – but what if only a few tiny chunks ever came from his machine? If you were to join those chunks together you probably wouldn’t even be able to play them back; surely the plaintiffs must, if they wish to claim damages, prove that the entirety of each file came from the defendant? And again, Mr $9000′s opinion has to be called into question because of the money aspect. Would he still be of the same opinion if the defendant had been the one paying him $9000, not the plaintiff?
Professor Nesson asked Dr. Jacobson that if a spoofed file was present in the directory if it would look the same as the other files from the meta data, to which he admitted that a spoofed copy could contain the correct meta data as well.
What’s a spoofed copy? Another tactic used by the music industry. Basically it contains the first few bars of the song it pretends to be, then either garbage, profanity or repeated recordings of voice overs discouraging music piracy. And Dr Jacobson admits that a spoofed file would contain the same meta data (it would have to be if it was to successfully masquerade as authentic) and thus blows the 7 files Media Sentry DID get out of the water, since their evidence is based on meta data, and there is thus no evidence that they were genuine song files even if by some miracle the evidence could be cobbled together that the files were distributed from the defendant’s machine in their entirety – itself looking like an impossible prospect at this point in time.
One final thing:
On recross Dr. Jacobson was asked if KaZaA contained Malware. He stated that it would be more accurate to say that it contained Adware. He was asked if the MediaSentry computers had adware on them. He stated that he has not investigated their computers beyond what MediaSentry has told him, which is that they keep their computers clean.
I hope the defense brings this up again. Because here we have another contradiction, and it’s a pretty major one. If KaZaA contained Adware, then it follows (and this is born out by the warning you get when you run Spybot: Search and Destroy that if you remove software related to programs, i.e. the adware that comes with KaZaA, the programs themselves will stop working) that Media Sentry’s computers must have been infected with Adware, because they would have to have the Adware for KaZaA to continue functioning. This leads us to one of the following possible scenarios:
- Media Sentry’s computers run KaZaA (and it’s associated Adware) and are thus not “clean” but KaZaA works
- Media Sentry’s computers had the Adware removed after KaZaA was installed, which would have disabled KaZaA and required a re-installation (the re-installation would then reinstall the adware, leading to an endless loop of deleting adware and reinstalling KaZaA)
- Media Sentry have illegally modified KaZaA so that it no longer checks for the Adware that it was installed with, but in doing so they revoke their own license to use KaZaA in an unmodified form and thus commit the offense of using unlicensed software every time they run KaZaA
These are the only three possible outcomes. I’d love to know which it is.
There were two other witnesses today, but neither of them had anything near as interesting to say as this one. The trial continues tomorrow.
Something really got up and hit me when I was reading about the testimony from Media Sentry in the current Sony BMG vs Tenenbaum RIAA court case:
[Chris Connelly of Media Sentry Inc] He then described the evidence that they found, such as the screenshots of the sublimeguy14@KaZaA shared folder. He described the user log that they created which showed the meta-data they were able to transfer from over 800 files in this shared folder. He also described the data log showing packets between a Cox Communications IP address and MediaSentry. He was brought many pages of these logs showing mp3 files, kpl files, and MetaData collected about them. He testified that most of these files most likely did not come from ripped CDs due to disparities in format of meta-data, varying bitrates, et. cetera. which indicated that they most likely came from different originating sources throughout the internet. One part of the data log showed a portion where the sublimeguy14@KaZaA computer did not respond to several requests, which he described as ‘most likely because the computer was busy’ and the requested file then starting to download from a different PC. He described this process as part of the way KaZaA worked. He did testify that he had no evidence of other transfers between sublimeguy14@KaZaA and any other party, because peer-to-peer software does not show these activities taking place.
Wow! And I mean, WTF?
We have two things here. The first is that Mr Connelly tried to download files from this defendant AND FAILED TO DO SO. The second is that Mr Connelly, who represents the organization the RIAA uses to provide technical proof of infringement CANNOT PROVIDE ANY OTHER EVIDENCE that the defendant did in fact do what the plaintiffs are claiming he did.
Let’s get this straight: The case is that the plaintiffs claim the defendant cost them damages in that he knowingly distributed copyright material he held no copyright for to one or more other persons. That’s the gist of the case. Sony BMG and the RIAA are seeking damages for that specific crime. Yet not only could their evidence collection company not actually download – thereby receiving unauthorized distribution of – any of the songs, but they now say they can’t prove anyone else received any songs either.
Were I the judge in this case I would have stopped the case there and then, and asked if there was any witness that COULD actually prove that the witness or any other person downloaded any files. Because if they can’t, or no such witness is available, then I would direct the jury to return a not guilty verdict and close the case.
The case is not about whether someone COULD download songs. It’s an allegation that someone DID download songs. It’s an allegation that the defendant owes the plaintiff damages because they DID download songs which they may otherwise have paid the plaintiff or plaintiffs agents for. To me, Mr Connelly’s testimony basically blew the plaintiffs case right out of the water, because it said the plaintiffs have no evidence that such downloading DID take place, only that it COULD have. Whether that is a separate offense is debatable but even if it is, that’s not what this case is about. This case is about an actual happening, not a theoretical possibility of a happening. There’s a huge difference.
I’m going to be following this case very closely, because to my mind unless someone can stand up and say “Yes, I can prove he did that!” and then do so, it’s already over. Media Sentry supposedly are there to do that, and they can’t. If nobody else can, the theory behind whether someone may or may not have at some point downloaded music from Mr Tenenbaum is irrelevant – to get a conviction, it must be proved, and if they can’t prove it, he deserves a full acquittal.
Here we go already:
Sir.Anderson Clarks
Google Promotion Award Team
Email: sir.anderson_clarks@hotmail.co.uk
You are advised to contact your Foreign Transfer Manager with the
following details to avoid unnecessary delay and complications:
VERIFICATION AND FUNDS RELEASE FORM.
(1) Your contact address.
(2) Your Tel/Fax numbers.
(3) Your Nationality/Country.
(4) Your Full Name/Sex.
(5) Occupation/Age.
(6) Ever won an online lottery?
(7) Your Preferred Method of Receiving Your Prize (From Below)
Mode Of Prize Remittance.
(1)Cash Pick-Up (You coming Down to United Kingdom Personally to Pick Your
Prize).
(2)Courier Delivery Of your Certified Winning Cheque Name and other Winning
Documents safely to you.
The Google Promotion Award Team has discovered a huge number of double
claims due to winners informing close friends relatives and third parties
about their winning and also sharing their pin numbers. As a result of
this, these friends try to claim the lottery on behalf of the real
winners. The Google Promotion Award Team has reached a decision from
headquarters that any double claim discovered by the Lottery Board will
result to the canceling of that particular winning, making a loss for both
the double claimer and the real winner, as it is taken that the real
winner was the informer to the double claimer about the lottery. So you
are hereby strongly advised once more to keep your winnings strictly
confidential until you claim your prize.
Congratulations from the Staffs & Members of the Google interactive
Lotteries Board Commission.
Sincerely,
Dr. Leslie Spears.
Google Promotion Award Team
Now this is quite obviously a scam; they don’t know who they’re contacting, they want an overabundance of information that they would already have access to were it legitimate, and they’re making contact from a live.com free email address. You’d think if they worked for google at the very least they’d have a google.com or gmail.com address, not a microsoft one.
Still, Bjorn is nothing if not thorough, and shot this email back:
Dear User,
Thank you for your recent email. Before we can proceed with your case we need the
following information:
* No entry to any raffle is on file. Please specify what raffle, when, who entered and
which email address they gave.
Until we receive the requested information your enquiry ticket will be placed on hold.
If we do not receive the required information within 28 days, we will close the ticket
and assume you have resolved the original issue yourself.
Best regards,
Bjorn Yestadae
For Emergency Computer Technicians
Let’s see if the scammers take the bait.
