Tim W (admin (and human))
Today's #DynDNSHistory brought to you by @jtk , who asks about early or interesting abuse-related issues.
There's lots here so this one will be a thread...
The first one that jumps to mind is credit card fraud. This isn't really surprising/interesting in the later days, but what surprised me was that people used stolen credit cards even when we were just taking donations.
Like, really? You're going to abuse some kids who are just trying to run a free service? Not cool.
1/?
Tim W (admin (and human))
The next one, which also started surprisingly early, was using #DynDNS hostnames for botnet command and control. That's what actually got me involved in the #infosec community (and where I met @jtk !)
DynDNS was good for C&C because they could move it around quickly, and have the bots follow. If the C&C got taken down, boom, switch to a new one. We were unintentionally helping them keep their control going.
2/?
Tim W (admin (and human))
We eventually got plugged into the InfoSec community, though, and were able to build systems to detect this and both take action (blocking accounts, etc) and also collect information to help security researchers.
I take my users' security and privacy seriously, but if you're doing malfeasance, it all goes out the window - you're not a user anymore, you're an abuser. And don't worry, we put that in our ToS too.
3/?
Tim W (admin (and human))
Once we started doing paid services, the credit card fraud really picked up - in some cases it just seemed like they were using us to check stolen cards before using them for something bigger, other times they were really trying to get services.
I never quite understood the logic of the second one - you have to know it's not gonna last for long when you're using someone else's card. But maybe people don't notice and report the fraud?
4/?
Tim W (admin (and human))
This one led to some of the most interesting things about abuse - getting surprising new domain names! When someone bought a domain with a stolen credit card, there was usually no way for us to cancel the registration (eventually we could if we caught it fast enough, but by the time there was a chargeback it'd for sure be too late).
So, we figured - we paid for these, I guess they're ours now! I don't remember any specifics, but there was definitely some weird ones in there.
5/?
Tim W (admin (and human))
I don't remember if we ever turned any of them into actual customer domains for our free services - I don't THINK any of them happened to be good for that purpose.
Credit card fraud was a huge pain back then (not that it isn't now) - there wasn't nearly the range of intelligent analysis and risk assessment that's out there today. And as I recall we got chargebacks via fax (or had to respond via fax, maybe both). The bad old days...
6/?
Tim W (admin (and human))
Next time on #DynDNSHistory I'll talk about credit card processing - it was so much more complicated than just getting a Stripe account those days.
The hoops and shenanigans we had to go through as a small start-up doing online card processing in those early days were wild.
7/7
Lisa Gets Politik
@tim Oh, I'd love to hear more about credit card processing. I'm working with a start up Member owned Co-Op and we're trying to find an economical way of accepting SNAP benefits. It's literally the only reason we have our Heartland account, and we lose money every month in fees.
Tim W (admin (and human))
@lisagetspolitik I know less about anything specialty today, bit I know (or at least used to know) a lot about the landscape of 20 years ago! 😀
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.