Sharing for context: the article does not clearly say whether this scam was entirely completed over Tor, or only partially - the "over 200 proxy servers" sounds like come other proxy network - but it's a fine example of the sort of thing I have been talking about and what all those CAPTCHAs we experience are meant to be preventing, in this case: helping scammy hoaxy e-books on Amazon:
http://www.zdnet.com/article/exclusive-inside-a-million-dollar-amazon-kindle-catfishing-scam/ Moore was just one of hundreds of pseudonyms employed in a sophisticated > "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based > business hoodwinked Amazon customers into buying low-quality ebooks, which > were boosted on the online marketplace by an unscrupulous system of bots, > scripts, and virtual servers. [...] These books were associated with a publisher's email account used to > collect royalties on all the ebook and physical books that were sold. > (Shershnyov used his own personal email address, along with other > accounts.) Each account was responsible for publishing hundreds of ebooks. > If one account was caught or disabled, it wouldn't upend the entire scheme. These accounts worked together to artificially inflate the number of ebooks > downloaded, thus raising the ranking of each ebook in Amazon's charts. That > visibility helped to draw in real readers. The server hosted a table containing 83,899 fake Amazon accounts (an easy > feat given that, when we checked, Amazon doesn't verify email accounts). *At > any given time of the day, dozens of those accounts could be pushed through > one of over 200 proxy servers -- provided by a third-party internet company > -- which makes it harder for Amazon to detect the logins.* The server > installed the Selenium web driver, a browser automation tool, which > simulates a real person typing in the accounts' usernames and passwords, > one after the other. Not all logins will be successful. Some are blocked or banned. If that > happens, the table would log the the failure, and move on to the next > account. [...] The *downloads would be tunneled over the Tor anonymity network*, masking > the IP addresses of the server, making it tougher for Amazon's systems to > spot the fraudulent downloads. It can take just a few days for an ebook to rise up the charts and increase > visibility -- these books can easily reach the Top 100 list, particularly > in niche categories. Has anyone here had a CAPTCHA on Amazon over Tor, recently? This sort of thing is why... -a -- http://dropsafe.crypticide.com/aboutalecm -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
