Comments on: An Attempted Entrapment

By: George Maschke

George Maschke — Mon, 11 Nov 2013 10:13:44 +0000

Excellent point.

By: mary

mary — Mon, 11 Nov 2013 10:10:43 +0000

And when, pray tell, is entrapment appropriate?

By: Fascist Nation

Fascist Nation — Sat, 09 Nov 2013 02:06:53 +0000

It really frosts me with the trillions confiscated annually with the implied gun in purloined taxpayer dollars they are trying to set you up on computers running XP. Inexcusable!

By: George Maschke

George Maschke — Mon, 04 Nov 2013 20:57:01 +0000

J, it is not our normal policy to publish the names of individuals who contact us. But this case is an exception. It seems crystal clear that the e-mails were a set-up. It was certainly no attempt to buy our product: we’re not selling anything. All of the information on AntiPolygraph.org is available for free.

In documenting this attempted entrapment, I think it was important to provide the raw source of the e-mails that I received, which I did. The raw source includes the sender’s (supposed) name, e-mail address, and originating IP address. This is so that others can review and evaluate the evidence for themselves.

By: George Maschke

George Maschke — Mon, 04 Nov 2013 20:44:58 +0000

Mat, Thank you for this advice, which I think is sound. When I first received the e-mail, I was indeed concerned about possible malware, so I opened the PDF with Document Viewer on a virtual machine running Linux from a Live CD ISO file. I didn't notice anything fishy about the file itself. However, if you, or any other reader, have the skills to check the PDF file for a malicious payload, you can extract it from the EML file, which is available here.

By: George Maschke

George Maschke — Mon, 04 Nov 2013 20:34:27 +0000

Indeed! It seems that the e-mails I received were sent by, or at the behest of, a U.S. government employee or contractor. Whether it was officially sanctioned is another question, the answer to which remains unclear. But either way, I don’t think this entrapment attempt was in any way appropriate.

By: Sten

Sten — Mon, 04 Nov 2013 18:46:03 +0000

Twenty years ago I saw a similarly amateurish attempt by someone “working with” the Air Force OSI to disguise the fact they were working from an Air Force system. It’s disappointing that they’re still struggling to disguise email sources.

By: J

Mon, 04 Nov 2013 17:45:57 +0000

One recommendation, I’d remove the name of the sender of the initial message in the various places it appears. On the off chance that this was a genuine, if clumsy, attempt to buy your product by some Iraqi rebel, publishing his name might put him in physical danger. On the other hand, if it’s fake, there’s really nothing to be gained by publishing the exact and full name he used; it doesn’t really add anything substantive to the post.

By: Dood

Dood — Mon, 04 Nov 2013 17:45:42 +0000

Did it ever occur to the posters above that he open the pdf via google’s view document feature, or otherwise online.

And no, on a good OS pdf’s do not offer much of a security risk.

By: J

Mon, 04 Nov 2013 17:39:32 +0000

Depends on the OS and the PDF reader. I have no idea what Mr. Maschke used but, for example, I doubt an infected PDF would succeed if it were opened in evince or xpdf on a Linux machine, rather than Adobe’s reader.