Is this e-mail for real? I don't know what this website is? I'm a little hesitant to go entering my name in there.


Dear FRC Team Mentors,

This letter is to both to congratulate you for having a successful FRC season, and also inform you of an opportunity for you and your team's principle team Mentors to receive a token of appreciation for your effort from the FIRST Senior Mentors.

Since we plan to have your name placed on each item, we wish to be assured of correct spelling of your names. Please go to the following web site to enter the names of the mentor/coaches who will be traveling with the team to Atlanta. We plan to have each mentor receive a personal presentation and only those in attendance at the Championship will be eligible.

Please visit this page and enter the full names of the principle mentors for your team (not chaperones, please) in spaces provided:

http://www.rackandroll.alakmalak.net/mentors/register.php


Thank you for your efforts!

Sincerely,

The FIRST Senior Mentors

Web Server Powered by Alakmalak Technologies (http://www.alakmalak.com/) Web Design India (http://www.alakmalak.com/)

http://www.rackandroll.alakmalak.net/

http://www.alakmalak.net/

http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2005-03,GGLD:en&q=site:rackandroll%2ealakmalak%2enet (http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2005-03,GGLD:en&q=site:rackandroll%2ealakmalak%2enet)

http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2005-03,GGLD:en&q=site:alakmalak%2enet

What weird results that last a quick and easy to do google search gives.
Illinois Institute of Technology??

Seems like a motherload of spoof sites on that one directory. Where are the intarweb police when you need them? LOL

Doubt it's real.. especially with the lame real close deadline.

I would call FIRST and find out if they know of anything about this.

Or wait for a FSM to reply here.. there are plenty available here on CD.

I wouldn't post my name or anything. Who knows where the heck that form is going.

:eek:

It is kinda strange though, typical "phishing, or spoof" sites like this if it is one, usually ask for an e-mail address and not just a list of names.. but maybe that's the trick.. it only asks for your phone number so they can sell it, and distracts you by making you provide a list of names.

Bottom line.. I would delete that e-mail or just forward it to FIRST.

Actually, Sanddrag.. PM me.. I have full headers turned on in my e-mail, so if you forward the original to me, we can see where it really originated from and if they masked their sent from e-mail addy to spoof FIRST.

PM Me and I'll send you my e-mail addy.

Considering the lack of contact information available, I would not trust the site.

There is no WHOIS information available on the domain. The email is from a random person (?).

Bottom line: DO NOT TRUST. This site is not GP-approved.

EDIT: Also, get the word out on this. Email your mentors and link them here.

I'm trying to roust someone who'll be able to tell for certain if this is legitimate or not, but in the meantime, I've pulled out some links that lead to personally identifiable information.

Considering the lack of contact information available, I would not trust the site.

There is no WHOIS information available on the domain. The email is from a random person (?), *removed*.

Bottom line: DO NOT TRUST. This site is not GP-approved.

EDIT: Also, get the word out on this. Email your mentors and link them here.

I don't know if this is legit or not. But the e-mail that you cited is not a random person. *removed* is the e-mail of Steve Cremer the Boston area Senior Mentor. I will shoot him an e-mail or give him a call to see what I can find about this.
-wayne

This really does not sound right if you ask me since the deadline is less than 23 hours away.

Whether it is legit or not (which it most certainly appears not to be), the fact that full names and phone numbers of FIRST team mentors are publically available is terrifying.

This needs to get shut down ASAP.

FIRST is in the big leagues now. Stuff like this should be on their own usfirst.org website. Either this isn't real or someone had a good idea that is not so good. Either way, I don't like it.

I don't know if this is legit or not. But the e-mail that you cited is not a random person. *Removed* is the e-mail of Steve Cremer the Boston area Senior Mentor. I will shoot him an e-mail or give him a call to see what I can find about this.
-wayne

Thanks, Wayne. Let us know what you find.

The e-mail was sent to Steve's @usfirst.org e-mail address in addition to a BCC to all of the main contacts, but it's so easy to create an @aol.com e-mail address that it seemed plausible that it wasn't legit.

If it is legit, it might be prudent for those involved to make it so that everyone's identifiable information is not so easily found.

I don't think it's real. Because why not just e-mail, I know our senior mentor always e-mails and stays in contact with all the team coaches and team captains as much as possible, so unless Ms. Lutz e-mails me personally specifically from her e-mail address, I don't trust that site. It's a little too fishy, especially with the short notice due date and lack of info. If it's that important, then I'm pretty sure the senior mentors would e-mail the team contacts, coaches and captains from their FIRST e-mail addresses. Besides, our senior mentor already has the colorado teams list of mentors going to Atlanta because she already asked for them herself.

If it is legit, it might be prudent for those involved to make it so that everyone's identifiable information is not so easily found.

See that's the thing I love about FIRST. Even if this does turn out to be legit, we are at least doing something right and moving the program in a nice direction by letting some people who may not be as web savy as some of us to keep things in a "safe place" such as the FIRST site, and not just on a random server in India. :ahh:

I'll admit sometime I see some things I am skeptical about when they pop us here on CD and not on the FIRST site.***



***(Divisions listings anyone? Yeah.. kinda.. Sorry to say I was skeptical, cause the page that has the spot assigned to be linked by FIRST... well, at 12 noon today, those links were not there but the Division list was already well on it's way to being fully analyzed here on CD.)

http://www.usfirst.org/community/frc/content.aspx?id=432&menu_id=80

The links are finally FIRST approved at this time.. lol
Let's just hope they have the same information as the Division list everyone has started pre-event scouting by here on CD. :-x

The mentor recognition project is a legitimate one. It was started and is being implemented by some of our FIRST Senior Mentors, the ones who deserve more recognition and thanks than we can possibly give them. It is a daunting task, trying to recognize all the mentors who will be in Atlanta next week.
This is a bit late getting out - the project has been in the works for some time now - but I'm sure it's just a case of there being only so many hours in a day... and as many of you know, the last three weeks found some of us working in Hartford for several days, then Boston for several days, then Rhode Island last weekend. So this week we're all playing catch up preparing for Championships (and catching up on our sleep).
I'm sure that Steve would still like to have the info about your team mentors, even if you choose not to use that website.

The recognition project is legit.
Steve Cremer in Boston is heading this up.
But I was not aware they were going to implement this way. If you feel more comfortable, email Steve with the names.
They are trying to capture names of mentors attending the Championship from all the programs.

Getting a server error. We'll email Steve

Bandwidth Limit Exceeded

The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.
Apache/1.3.37 Server at www.rackandroll.alakmalak.net Port 80

I assume this includes NEM's?

Thanks Kathie and Jenny for the quick replies!!

I'm sure this puts some people at ease now. lol

I assume this includes NEM's?

I included me, so go for it!

What was that email again?

I assume this includes NEM's?

Mark,
Of course!!!!!
The NEM's are recognized as important members of a team.:)
The NEMO annual meeting is even listed in the "Essential Information" this year.

To address the other questions:

Not all areas have Senior Mentors. Steve is trying to reach out to the areas where he might not be able to capture the mentor names.
I sent him the 50 that I know of attending from Maryland from FVC, FLL and FRC. We have mentors (and a student from each team) from many of the Baltimore area teams attending after an invite from Team 1727, the Chesapeake RCA winner. A stuffed bus!

I was asked by Steve Cramer from FIRST to post his e-mail.
scremer@usfirst.org.

Steve works for FIRST and is collecting the names of 4 mentors from each team to be able to give them a special gift delivered to their pit at the Championship.

YES this is for real ..... I checked.

The problem is that the response to the link he provided cannot handle the traffic ( I offered Chiefdelphi.com next year).

Time is short! He needs your team number and the 4 mentors you want to get a gift - ONLY four please.

E-mail him if you have not already done so.

[QUOTE=Mike Martus;613452]
The problem is that the response to the link he provided cannot handle the traffic ( I offered Chiefdelphi.com next year).

Hi! This is a random person named Jackie Moore. I serve as the FIRST Senior Mentor for Illinois. I am working with Steve Cremer to try to recognize the many wonderful mentors who work tirelessly with the students on FIRST teams, but are often overlooked in the big picture. I apologize in advance for the length of this post.

Let me start by replacing some mis-information with facts.

The URL to the web page in question was communicated ONLY to primary contacts of teams officially registered to attend the Championship. It was not publicly shared anywhere else (other than by the person who posted it on Chief Delphi). The page requested (NOT required) ONE phone number - that of the person completing the form - to be used only if there were questions about the names supplied. There was (by design) no request for contact information for any of the mentors.

The only way anyone could access the resulting data would be to hack into the site and hack into the database. A successful hack would generate only a list of names. There was no way this information could be harmful to anyone. In fact, the delay in getting the email out was in some ways linked to the desire to be as careful as possible about protecting the privacy of the mentors we wanted to honor. (We also couldn't contact all teams until all teams were identified after the 5th week events) There never was a 'public listing of mentor names and phone numbers' nor was that data ever contained in the resultant database. Anyone who has such a list obtained it illegally from some other source.

To collect the names of the mentors to be recognized, I obtained the services of a student at IIT (that would be the Illinois Institute of Technology reference 'uncovered' by the person looking for the source of the presumed hoax). This student's willingness to help is consistent with the great mentor support we in Chicago have enjoyed from IIT. In fact, last year, IIT's Office of the President underwrote our local Mentor Recognition Event. This is in addition to the financial support IIT provides the Midwest Regional Event and the great support they give local teams. The particular student helping us on this effort happens to have a global business providing internet services.

I am extremely disappointed and personally offended that the fact that this student is from India intensified the belief that the site was a hoax. The alleged search for the truth, readily revealed the truth (company name, site owner, etc), but it wasn't seen as truth because the search was really for proof of a hoax. Would the same conclusion have been drawn if the domain name sounded more "American" or if the site owner's name had been Johnson? Afterall, the approach taken by this web developer is similar to many big name companies who host sites for their clients.

For his willingness to serve, this student's server suffered a denial of service attack which sadly seems to have originated from within the FIRST community. The center letter of FIRST stands for RECOGNITION and should be secondary only to Inspiration. Why then, is it so hard to believe that someone truly wanted to recognize mentors?

For those questioning why the URL was used to gather the information, please be aware that while some of you are fortunate to have a Senior Mentor in your area, most teams do not. While some Senior Mentors offered to help by supplying names, if we only collected the names of the teams being served by the 20 Senior Mentors, we would miss more than half of the mentors at the Championship. Relying on email only, meant that someone would have had to manually enter what could easily be 3,000 names, resulting in 3,000 opportunities to introduce an error. If each team's main contact entered the names, we would then have fewer opportunities for error, and a more manageable process for completing our recognition plans.

Unfortunately, someone decided they did not like that approach and deliberately trashed the database. This occurred sometime between the midnight posts proclaiming the site was a hoax and therefore should be shut down, and 9:00am. As a result, Steve Cremer has been frantically entering names for the past few days so we can be ready for the Championship. In addition, an entrepreneur and supporter of FIRST has become the victom of a hacker. The destructive action against the IIT student's server and database is not being taken lightly. We are activley pursuing the identity of the hacker and appropriate action will be taken.

I truly appreciate the offer of Chief Delphi to host such an application next year, but the problem was not one of bandwidth. The problem was the direct result of malicious activity. Once we determine WHY the site was targeted, we can then begin planning how to better capture the data we need to recognize what I consider to be FIRST's most valuable resource - the team mentors. In the meantime, I hope any teams whose mentors are present and do NOT get recognized at the Championship understand that this is not intentional. I, along with the other Senior Mentors, look forward to personally meeting and thanking as many of you as possible at the Championship.

I am extremely disappointed and personally offended that the fact that this student is from India intensified the belief that the site was a hoax.
Nobody said anything about the site owner's nationality. The main "proof of a hoax" seemed based on the impossibly short deadline, the fact that other pages on the site also asked for personal information, and the lack of obvious identification on the original email. I think it's reasonable to expect that official communication from FIRST would come from an official FIRST source, not from an AOL address.
...the problem was not one of bandwidth...
No?
Bandwidth Limit Exceeded

The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.
Without looking at the server logs, it seems plausible that this was just the "slashdot effect" of having a URL published in a spot where a large number of curious people see it all at once.

The only way anyone could access the resulting data would be to hack into the site and hack into the database. A successful hack would generate only a list of names. There was no way this information could be harmful to anyone. In fact, the delay in getting the email out was in some ways linked to the desire to be as careful as possible about protecting the privacy of the mentors we wanted to honor. (We also couldn't contact all teams until all teams were identified after the 5th week events) There never was a 'public listing of mentor names and phone numbers' nor was that data ever contained in the resultant database. Anyone who has such a list obtained it illegally from some other source.I'm sorry, but I believe your above statements are not true. Look, go see it. It is there. It is not hacked: it is insecure. Malicious people can prey on our mentors with this publicly accessible data. This is not safe. Outside people know that these are FIRST team mentors, who will be out of town for a few days they have a full name, and a full phone number, and with that, can easily obtain a home address. I wouldn't want to return home after Atlanta to find my door busted through, and all my valuables gone. I appreciate your efforts in recognizing the mentors, but I don't think their recognition needs to come at the cost of putting them at risk for home invasion, or identity theft due to an insecure website done last minute. This is the day and age of internet safety and security. Your publicly accessible list is not safe, nor secure. Please make it so. FIRST prides itself on safety. It shouldn't be limited to only the pit area.

The only thing that set alarms off in my head was the fact that a phone number was asked for. I'm used to short, often rushed, deadlines in the FIRST community, the book submission being one of them. I didn't see the actual website, however, just a warning of exceeded bandwidth. I still didn't provide any phone numbers when I emailed Steve, but not because I didn't have any onhand, but because anyone can make up an email address with anything as the @address.com using AOL now.

I hope this is for real, and I don't doubt now that it isn't.

Sorry, but may I suggest that FSM emails not be posted in public forums? I believe they are sent to specific emails only and are not for general release.

Jackie,

While I thank you for your concerns regarding this issue, I hope that you realize that those who were weary were trying to protect their mentors.

Personally, I wasn't too fond of the idea. It was not a usfirst.org website, nor a usfirst.org email address. That automatically raises red flags to someone whose father's credit card has been stolen 4 times, 2 of which were online transactions. Yes, we were only asked to provide names, however when I clicked on the link sent in the email sent to me, the page did not exist, I had to follow the link in this thread.

Which brings me to my next point on how the site likely was hacked. The email's content was posted in this thread in an attempt to verify validity. There are hundreds of spiders here each day, and I imagine that the website was logged onto by one of those.

I am continuously grateful to all of the senior mentors out there and hope that they can all step out of the shadows a bit so that if a similar mass blast needs to be sent out in the future, we'll all know who it is from, and trust without confusion

Quite a bit more trust would have been established if it had been hosted by FIRST, NEMO, a team, or some other group associated with FIRST. It would also have been helpful to say on the page who was handling this (FIRST, NEMO, a team, a state planning group, individuals, etc). The lack of these clues, in addition to the very large security hole (both for privacy and for the server), made many of us seriously question the validity of the whole setup.

Having said that, I wish to apologize to Steve Cremer and the FIRST community at large for playing a major role in taking down the server. By taking out a legitimate site, no matter what other good doing so did, I did wrong. Nothing I say above or below changes this.

(Detailed explanation deleted by Mike Aubry Team 47 Chief Delphi)



(Detailed explanation deleted by Mike Aubry Team 47 Chief Delphi)

Understand that at the time I had good interests in mind -- protecting the FIRST community from phishing attacks.

This is also a good lesson for all those involved - webmasters writing forms, PR people writing pages, and all of us keeping our eyes out. I misunderstood the intent of the website, partly from the lack of information on the site, partly from my lack of research. I learned about unintended consequences and Murphy's law (I try to do a good thing and it turns out I'm hindering another good thing and hurting my own community).

Again, none of this excuses the fact that I unknowingly attacked and took down a legitimate site trying to accomplish an honorable goal -- recognizing mentors. Everyone involved (which is almost everyone in FIRST) has a right to dislike me for it.

If you wish to talk to me more, I will be at championships.

PS - You'll find every spoofed team has a team number greater than or equal to 2500.

The way I took out the site was twofold - flooding the database until any space quotas were filled and taking up bandwidth by requesting the listing page.

...

Understand that at the time I had good interests in mind -- protecting the FIRST community from phishing attacks.

...

Again, none of this excuses the fact that I unknowingly attacked and took down a legitimate site trying to accomplish an honorable goal -- recognizing mentors. Everyone involved (which is almost everyone in FIRST) has a right to dislike me for it.

Wow. Just.... wow. I understand that you realize this was wrong, but do you realize that this action would have been wrong even if it was not a legitimate site? This action is simply never appropriate.

Please, to you and any others reading this. Learn to be a good net citizen and handle things like an adult. Actions like this are unacceptable and are the kinds of things that give smart, computer-savvy students like yourself a bad name.

This is very disappointing. I thought our community was better than that.

This is very disappointing. I thought our community was better than that.This member of our community was acting to protect the safety of many other members of our community. While what he did may not be right, it was with good intentions, and for the greater good really. Anyone could take the information from that site, call up these mentors, and say "Hi, I'm calling from FIRST, and it appears that there was an error in processing your Championship registration payment. I need to verify your credit card information or you will be dropped from the event." or any number of other spoofs to sieze the identity of the innocent. He acted in the name of safety, and for that, we shall not punish him.

This member of our community was acting to protect the safety of many other members of our community. ... He acted in the name of safety, and for that, we shall not punish him.
No. Good intentions do not excuse completely inappropriate behavior.

Correct action would have been contacting FIRST, contacting the owner of the site, posting here on CD, contacting the senior mentors, any number of things. Many of those things were already being done anyway.

Breaking the law (yes, he broke a federal law doing this!), even if you claim the intentions are valid, is not acceptable!!!

No. Good intentions do not excuse completely inappropriate behavior.True, but likewise, good intentions (honoring our mentors) do not excuse pure ignorance (the publicly accessible list).

And in regards to breaking the law, I have about six thousand spam e-mails. I'm not spending tax dollars to investigate every one of those and lock up every one of those senders, and I'm thinking the rest of America wouldn't either.

But, I'm beginning to engage in a one-on-one discussion here, which is against CD rules, so,I'll stop now.

It's the championship folks! Let's leave CD behind, and admire the incredibly awesome artforms about to show their stuff in this oh so magnificent game we play!

This member of our community was acting to protect the safety of many other members of our community. While what he did may not be right, it was with good intentions, and for the greater good really. Anyone could take the information from that site, call up these mentors, and say "Hi, I'm calling from FIRST, and it appears that there was an error in processing your Championship registration payment. I need to verify your credit card information or you will be dropped from the event." or any number of other spoofs to sieze the identity of the innocent. He acted in the name of safety, and for that, we shall not punish him.

There's an old saying: "The road to hell is paved with good intentions"

Doing wrong, even while intending to do good, is wrong. The proper thing to have done was to report the possible phishing to the proper people (in this case the webmaster of the site, FIRST, and possibly the FBI {as federal laws may be being broken}).

Vigilanteeism (and thats what this is) is never acceptable, and should not be condoned by any community, especially one that proports itself as being GP.

It is my hope that Astronouth7303 and the rest of the CD community have learned from this experiance that it is better to work within the system than to take it upon oneself to go outside the laws.

I've thought about this, and I do have to agree. The creation of the site to recognize the mentors seemed like a rushed effort. The takedown of the site was also a rushed effort. Neither was done properly. Both sides did some wrong here, and everyone has learned something, and I think we can move on. Can I get a thread close?

All,
I'll try to make this short and sweet, please bear with me though.

Stating the obvious - Mistakes were made.
Anyone reading this, Please - LEARN from these mistakes.

After studying the time line of the posts, it's obvious that Astronouth react very rapidly to the thread initiation, in an attempt to protect - but the approach taken was done in a way that we would ever condone.

His action was executed, prior to confirmation by trusted CD mentors, KathieK and RoboMOM and later by our team leader Mike Martus.

I will be closing this thread, but before I do that I will be deleting the detailed methodology that Astronouth used to accomplish what was done. I do not want anyone reading this and turning around and using it elsewhere. We do not need or want to be associated with such activity.

Thanks for listening, if you want to discuss my actions contact me via message - or look me up in Atlanta.

Mike Aubry
Lead Engineer
Chief Delphi - Team 47