Tuesday, November 27, 2007

Marion Lynn's Continuing Rat-Out

Here are complete transcripts of the screenshots which Marion Lynn has posted of AOL instant messenger chat sessions between himself and Steve Joseph on his wildly verbose blog: spamgossip.blogspot.com. This should save you many hours of reading through his blather and get you some of the more interesting / useful data he's been posting.

I figured it helps if the text is indexed and searchable. :)

AOL IM Session between Steve Joseph and Marion Lynn, Sunday July 15, 2007
StaySpamming1 = Steve Joseph (bulkerforum username: Lizza and flores9xx)
SpringLilCobra = Marion Lynn (bulkerforum username Nick Danger)
Screen capture image of this chat session as posted by Marion Lynn on Nov. 24, 2007 on spamgossip.blogspot.com:
http://img113.imageshack.us/img113/857/lizza3sb0.jpg

SpringLilCobra [1:05AM]: Well, how many boxes do you have running?
StaySpamming1 [1:05AM]: UDP Flood/HTTP Flood/Mass website hit. sure does the trick
StaySpamming1 [1:05AM]: 1!!!!
StaySpamming1 [1:06AM]: an that's how WEAK BF IS!
ARe you certain that the box cannot be traced?
StaySpamming1 [1:06AM]: Indeed.
StaySpamming1 [1:06AM]: If you read the bottom
SpringLilCobra [1:06AM]: I am going to try [t site] tonight then
StaySpamming1 [1:06AM]: you get logged into his server
SpringLilCobra [1:06AM]: the bottom of the site or the bottom of the program?
SpringLilCobra [1:07AM]: I haven't downloaded yet
StaySpamming1 [1:07AM]: yea
StaySpamming1 [1:07AM]: It reads his server that you're logged into
SpringLilCobra [1:08AM]: When you use the DoS tool?
StaySpamming1 [1:08AM]: Yeah.
StaySpamming1 [1:08AM]: it has nice stuff on it tho man
StaySpamming1 [1:08AM]: E-Mail verifier
StaySpamming1 [1:08AM]: Email spammer
StaySpamming1 [1:08AM]: everything!
StaySpamming1 [1:08AM]: Md5 hash cracker
StaySpamming1 [1:08AM]: etc
SpringLilCobra [1:08AM]: Ok. Is this tuff all clean?
StaySpamming1 [1:08AM]: Mp3 player. ...etc
StaySpamming1 [1:08AM]: I hope so...LOL
SpringLilCobra [1:08AM]: stuff
StaySpamming1 [1:08AM]: I haven't ever truly digged INTO it yet but I've been using it for one year
So far no probs
SpringLilCobra [1:09AM]: Ok
StaySpamming1 [1:09AM]: i do see them logged on me tho
StaySpamming1 [1:09AM]: subnet
StaySpamming1 [1:09AM]: i see im logged into his server via-netstats
StaySpamming1 [1:09AM]: SO yeah I see that I sent 'SYN' attacs....off
StaySpamming1 [1:09AM]: planetlabs2.cs.umass.edu:3127
StaySpamming1 [1:09AM]: so I guess im fine
SpringLilCobra [1:10AM]: CAn anyone else get that info?
StaySpamming1 [1:10AM]: As in his?
SpringLilCobra [1:10AM]: Well, no, who was logged in
StaySpamming1 [1:10AM]: yeah loads on your netstats. But it will give you a new login server they don't use the same one/share wise
StaySpamming1 [1:10AM]: its just made to see that you got that program connected to you
SpringLilCobra [1:10AM]: Ok
SpringLilCobra [1:11AM]: will they give out the info as to who was using the program at any given time?
StaySpamming1 [1:11AM]: im testing on bf now. but nicely
StaySpamming1 [1:11AM]: lol no cus
StaySpamming1 [1:11AM]: the coder/owner
StaySpamming1 [1:11AM]: Passed away
SpringLilCobra [1:11AM]: they can't get in can they?
StaySpamming1 [1:11AM]: His staff left up all of his servers which are paid for - hmm for another 2 years
StaySpamming1 [1:11AM]: there's no way they can
StaySpamming1 [1:12AM]: He has about 900000000000 servers hooked up to His own server.
SpringLilCobra [1:12AM]: heh, heh
SpringLilCobra [1:12AM]: How did he do THAT?
StaySpamming1 [1:12AM]: So by the time they got done scanning each ip down to the ground it would be 2-3 years later. hes seriously got about 9000000000000000000000000000000000000000000000000000000000 servers connected to that
StaySpamming1 [1:12AM]: Well he exploits ip's daily/proxies etc
StaySpamming1 [1:12AM]: An runs via remote desktop connection or through VNC
SpringLilCobra [1:13AM]: be damned


Note that I had a bracketed section there at the 1:06am mark:

SpringLilCobra [1:06AM]: I am going to try [t site] tonight then


That line was crossed out in the image, which appears to have been printed (poorly) and then hand-obfuscated using a magic marker. The bracketed section is a guess but it looks pretty close.

AOL IM Session between Steve Joseph and Marion Lynn, Monday July 16, 2007
StaySpamming1 = Steve Joseph (bulkerforum username: Lizza and flores9xx)
SpringLilCobra = Marion Lynn (bulkerforum username Nick Danger)
Screen capture image of this chat session as posted by Marion Lynn on Nov. 24, 2007 on spamgossip.blogspot.com:
Page 1:
http://img86.imageshack.us/img86/2412/lizza1ww0.jpg
Page 2:
http://img138.imageshack.us/img138/1262/lizza2dc7.jpg

StaySpamming1 [2:12PM]: :D
StaySpamming1 [2:12PM]: I should sign up and become a detective.
StaySpamming1 [2:12PM]: I'm so good at doing what I do.
StaySpamming1 [2:12PM]: :D
SpringLilCobra [2:12PM]: Yeah, maybe! What up?
StaySpamming1 [2:12PM]: I found someone on Bulkerforum
StaySpamming1 [2:13PM]: Who is someone truly HATED
StaySpamming1 [2:13PM]: Someone who is a BIG Scammer
SpringLilCobra [2:13PM]: Who dat?
StaySpamming1 [2:13PM]: Someone WHO is Known for hurting people
StaySpamming1 [2:13PM]: But it's gonna be fun
StaySpamming1 [2:13PM]: You ready to see world war 3?
SpringLilCobra [2:13PM]: Yeah but let me get my head down first!
StaySpamming1 [2:13PM]: Watch as soon as I get my friend to pick up payment
StaySpamming1 [2:13PM]: He's going to come on the forum saying
StaySpamming1 [2:13PM]: THIS MOTHER FUCKER RIPPED ME OFF
StaySpamming1 [2:13PM]: HE TOOK MY MONEY AND DIDN'T SEND ME THE TOOLS
StaySpamming1 [2:14PM]: Then I told my friend to reply
SpringLilCobra [2:14PM]: Ok.
StaySpamming1 [2:14PM]: ' i'm sorry you have scammed way too many people on here not to mention you scammed me personally. Hmm the sad part is. It sucks to get scammed DON'T IT BITCH!?
StaySpamming1 [2:14PM]: :D
StaySpamming1 [2:14PM]: Muahahah I'm evil!
SpringLilCobra [2:14PM]: heh, heh
StaySpamming1 [2:14PM]: I hate this cock sucker w/a passion.
StaySpamming1 [2:14PM]: MichaelP
StaySpamming1 [2:14PM]: Sound familiar?
StaySpamming1 [2:14PM]: Rings a bell! Ding ding!
SpringLilCobra [2:15PM]: MastaP= TBanks
StaySpamming1 [2:15PM]: Now hes got no idea I know who he is and has no idea I got his information
StaySpamming1 [2:15PM]: How you figure that one out?
StaySpamming1 [2:15PM]: Only idiot that thinks he's a thug? MastaP make em say uhhhhhh!!!!!!! LOL!
SpringLilCobra [2:15PM]: Initials: MichaelP=MP=MastaP
StaySpamming1 [2:16PM]: AHHHH!!!!! Very smart
SpringLilCobra [2:16PM]: People tend to stick with the same initials even when the cahnge names
StaySpamming1 [2:16PM]: MichaelP
StaySpamming1 [2:16PM]: ROFL
StaySpamming1 [2:16PM]: well I know
StaySpamming1 [2:16PM]: nofx = michaelP
StaySpamming1 [2:16PM]: and Mailerdemon? thats Michael P
SpringLilCobra [2:16PM]: Really?
StaySpamming1 [2:16PM]: But please don't tell him :)
StaySpamming1 [2:16PM]: Yeah
StaySpamming1 [2:16PM]: MailerDemon is MichaelP
SpringLilCobra [2:16PM]: Hell, no, I won't tell him!
StaySpamming1 [2:16PM]: We're pulling a ring on him today
StaySpamming1 [2:16PM]: I told phantom
StaySpamming1 [2:16PM]: Phantom told me NOT to tell anybody
StaySpamming1 [2:17PM]: or he kicks me off BF
SpringLilCobra [2:17PM]: You guys are EVIL!
StaySpamming1 [2:17PM]: I said I wouldn't but I trust ya
StaySpamming1 [2:17PM]: :D
SpringLilCobra [2:17PM]: Thanks!
StaySpamming1 [2:17PM]: No not really. Did you know he lives 15 mins from me?
SpringLilCobra [2:17PM]: No shit?
StaySpamming1 [2:17PM]: He lives in Sprint valley/Santee
StaySpamming1 [2:17PM]: I live in san diego
SpringLilCobra [2:17PM]: This is TB right?
StaySpamming1 [2:17PM]: Hes 10 mins if that from me. take the 94 east
StaySpamming1 [2:17PM]: Nah
StaySpamming1 [2:17PM]: Tony Banks - another clown
StaySpamming1 [2:17PM]: This is MichaelP
StaySpamming1 [2:17PM]: Most known scammer.
StaySpamming1 [2:17PM]: He's scammed about 900k in funds prior.
SpringLilCobra [2:18PM]: Ok but do you know who he really is?
StaySpamming1 [2:18PM]: He's got about 5 ferraris? However you spell that
StaySpamming1 [2:18PM]: Michael P?
SpringLilCobra [2:18PM]: Yeah
StaySpamming1 [2:18PM]: Michael Persado
StaySpamming1 [2:18PM]: Yeah
StaySpamming1 [2:18PM]: Address an all
SpringLilCobra [2:18PM]: shit!
StaySpamming1 [2:18PM]: social
StaySpamming1 [2:18PM]: Banking
StaySpamming1 [2:18PM]: etc
StaySpamming1 [2:18PM]: yeah I got him good
SpringLilCobra [2:18PM]: Is he on spamhaus?
StaySpamming1 [2:18PM]: 2102 Commerce Drive, San Jose, CA, 95131
Acc#: 8146 216224
Routing#: 121000248

SWIFT: WFBIUS6S
StaySpamming1 [2:18PM]: He fucking sure as fucking hell should be
StaySpamming1 [2:18PM]: Hes a mob man
StaySpamming1 [2:19PM]: Works w/mob
SpringLilCobra [2:19PM]: oops
StaySpamming1 [2:19PM]: Hes a sick person and I'm going after his balls!!!!!
SpringLilCobra [2:19PM]: Keep YOUR head down!
StaySpamming1 [2:19PM]: newspammer? = anti
StaySpamming1 [2:19PM]: just so you no
SpringLilCobra [2:19PM]: YOu got your phone fixed?
StaySpamming1 [2:19PM]: Yeah I had a trojan on it
StaySpamming1 [2:19PM]: :)
StaySpamming1 [2:19PM]: via landline VOIP
StaySpamming1 [2:19PM]: :)
SpringLilCobra [2:19PM]: Yeah, pretty obvious on Newspammer
StaySpamming1 [2:19PM]: Newspamer = anti 100%
StaySpamming1 [2:20PM]: works for spam-court
StaySpamming1 [2:20PM]: as undercover agent blow job
SpringLilCobra [2:20PM]: shit
StaySpamming1 [2:20PM]: Secondly
StaySpamming1 [2:20PM]: Spliffs?
StaySpamming1 [2:20PM]: That's an Anti w/new spammer
StaySpamming1 [2:20PM]: and there's one more!!!
StaySpamming1 [2:20PM]: Who is the other dumb fuck theres three of them :(
StaySpamming1 [2:20PM]: Spliff/newspamer
SpringLilCobra [2:20PM]: dunno; haven't been watching that calose
SpringLilCobra [2:20PM]: close
StaySpamming1 [2:20PM]: http://bulkerforum.biz/viewtopic.php?t=1858
StaySpamming1 [2:21PM]: Look how he jumps on the cock.
StaySpamming1 [2:21PM]: spam-court


AOL IM Session between Steve Joseph and Marion Lynn, from an unknown date in 2007
StaySpamming1 = Steve Joseph (bulkerforum username: Lizza and flores9xx)
SpringLilCobra = Marion Lynn (bulkerforum username Nick Danger)
Screen capture image of this chat session as posted by Marion Lynn on Nov. 24, 2007 on spamgossip.blogspot.com:
http://img124.imageshack.us/img124/1933/lizza4ld4.jpg

SpringLilCobra [11:55AM]: bark!
StaySpamming1 [11:55AM]: woof
SpringLilCobra [11:55AM]: and name?
StaySpamming1 [11:56AM]: hmm maybe fbi van
StaySpamming1 [11:56AM]: or maybe bustervna
SpringLilCobra [11:56AM]: cound be
StaySpamming1 [11:56AM]: busterVanswelyuh
StaySpamming1 [11:56AM]: lol
SpringLilCobra [11:56AM]: they still there?
SpringLilCobra [11:56AM]: mihgt not even be for you
StaySpamming1 [11:56AM]: ehhhhhh yeah earlier today
StaySpamming1 [11:56AM]: I had a moron have enough balls at 4:34 am
SpringLilCobra [11:56AM]: could be watching someone else
StaySpamming1 [11:57AM]: Took pictures of the housing structure
SpringLilCobra [11:57AM]: yours?
StaySpamming1 [11:57AM]: They didn't think I was awake. But I sure was awake yeah my house
SpringLilCobra [11:57AM]: mmmmmm......................................
StaySpamming1 [11:57AM]: Which I know from back in 2001 thats waht they did last time
StaySpamming1 [11:57AM]: Look @ housing. Check the windows, side houses
SpringLilCobra [11:57AM]: did they hit you then?
StaySpamming1 [11:57AM]: Escape routes. Back then yeah
SpringLilCobra [11:57AM]: charges filed or not?
StaySpamming1 [11:57AM]: They're using the same structure plan they did last time. Using stupid things
StaySpamming1 [11:57AM]: Back then? Yeah One filed
SpringLilCobra [11:58AM]: did you win?
StaySpamming1 [11:58AM]: Dropped however. Illegally obtained those filings. Yeah
SpringLilCobra [11:58AM]: What are they after this time, do you know?
StaySpamming1 [11:58AM]: I only had one thing in the house which was a stupid ass bullshit excuse. Back then? for cc-fraud
StaySpamming1 [11:58AM]: wire fraud
StaySpamming1 [11:58AM]: bank theft, you name it
SpringLilCobra [11:58AM]: mmmmmmmmmmmm.......the whole thing!


So we learn a few things:

Steve Joseph has a criminal background
Steve Joseph can and will perform a DDOS attack against sites he doesn't like. (In this case bulkerforum.biz, but it could just as easily have been any website.)
Steve Joseph is aware of numerous hijacked servers and has access to them.

And of course:

Marion Lynn is someone who I doubt anyone could trust with any sensitive information whatsoever.

The current list of users of the bulkerforum.biz forum whose identity and personal data Marion Lynn has exposed:

Username              Real Name
===========================================
6yrmailer Chris Brown
7yearbulker Chris Brown
BillyBob James Bragg
chromewave Josh Eveloff
corleonem Michael A Watson
countzero Brian Chabot
cujo2236 Cory Grattan
cyborg Joshua Triska
David David Oleg Barsky
dealmaster Ryan Kiel
dollar Christopher J. Brown
frankrizzo Matthew Kahn
gc420 Pramod Subramanian
kiddhyper Dante Jimenez
leego Greg Tift
liquidpoop William G Woosley
lizza Steve Joseph
mastap Joshua Burch
medamasta Parag Chaubal
MichaelP77 Michael Persaud
nedford Philip Loyd
phantom Norman Keith Holmes
R8N Joshua Burch
rackspace06 Pramod Subramanian
ronn Chang Peng Seong
salesguy77 Joel Peterson
servman Adam J Minic
tylerdurden Ryan Ginster


He seems to have forgotten one of the bigger fish on that forum: Crypto.


Username Real Name
===========================================
Crypto Victor Goncearencu


Phantom was a nice one to have, but digging deeper into Crypto would probably yield a lot more interesting information about the illegal spam business as a whole. :)

[On the advise of legal counsel I have amended this post to omit the email addresses of the users who have been exposed by Marion Lynn. You can dig around spamgossip.blogspot.com if you want to find them. Sorry I couldn't shorten the route for you. :) ]

Oh and by the way: To Michael Persado and others who have attempted to get me to divulge the personal data of Joshua Burch: tell me something I did not know. Unless you don't post anonymously, that kind of data will more than likely never show up on this blog. Be a man.

SiL / IKS / concerned citizen

No comments: