1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Would you? Just curious...

Discussion in 'BlackHat Lounge' started by thedarkest12, May 13, 2014.

  1. thedarkest12

    thedarkest12 Regular Member

    Joined:
    Nov 23, 2009
    Messages:
    475
    Likes Received:
    127
    Occupation:
    Digital Marketing
    Location:
    Manchester, UK
    Home Page:
    A client of mine went out of business a few months ago. I have a copy of their database of 100k users from when we handled their constant contact marketing campaigns.

    Subsequently somebody has bought the Intellectual Property of the bankrupt business form the liquidator.

    Would you use the 100k emails in a marketing campaign, or would you stay far away from it?
     
  2. UrsuAke

    UrsuAke Power Member

    Joined:
    Sep 28, 2011
    Messages:
    700
    Likes Received:
    978
    Occupation:
    SEO Specialist.
    Location:
    Romania, land of choice
    Call yourself Donald Duck and use it.
     
  3. thedarkest12

    thedarkest12 Regular Member

    Joined:
    Nov 23, 2009
    Messages:
    475
    Likes Received:
    127
    Occupation:
    Digital Marketing
    Location:
    Manchester, UK
    Home Page:
    Haha, would you set up an offshore account and send from an offshore email provider. Not someone like Constant Contact, as they just wont let me upload the list without opt in data.

    Also, the client at the time told me they had email monitoring software installed that embedded 'sleeper' emails. If someone sent an email campaign that was not from them, then the company monitoring the sleeper emails could detect a breach of the email data, and pinpoint approximately when the list was extracted. Ever heard of that.

    I'm not worried about the original owner as they've gone out of business, more the new owner who bought this data.
     
  4. Trepanated

    Trepanated Supreme Member

    Joined:
    Sep 18, 2010
    Messages:
    1,395
    Likes Received:
    5,325
    Yes, that's quite common - emails, database contact records etc.

    Cartography companies often include fake streets in A-Zs too so they know when someone has stolen their data.
     
    • Thanks Thanks x 1
  5. thedarkest12

    thedarkest12 Regular Member

    Joined:
    Nov 23, 2009
    Messages:
    475
    Likes Received:
    127
    Occupation:
    Digital Marketing
    Location:
    Manchester, UK
    Home Page:
    Is there any way around that warning system? Or any way you could suggest the previously client 'gave' you the data for marketing usage. Or is it a big no no, now somebody else has bought that data from the liquidator/insolvency practitioner?
     
  6. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,132
    Likes Received:
    28,587
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Obviously, if you get caught using the Data by the new owner, then it could cause you legal trouble.

    The key phrase here is "if you get caught".
     
    • Thanks Thanks x 1
  7. nsbbeachguy

    nsbbeachguy Newbie

    Joined:
    May 3, 2014
    Messages:
    18
    Likes Received:
    1
    Is it possible that the people who now have possession of the database aren't aware that it is "proprietary list" that no one would have access to?
     
  8. nsbbeachguy

    nsbbeachguy Newbie

    Joined:
    May 3, 2014
    Messages:
    18
    Likes Received:
    1
    Do the new owners have the "sleeper emails" ? Is there any way to find out?
     
  9. umerjutt00

    umerjutt00 Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 28, 2011
    Messages:
    3,649
    Likes Received:
    1,910
    Occupation:
    Ninja
  10. tb303

    tb303 Power Member

    Joined:
    Dec 18, 2011
    Messages:
    601
    Likes Received:
    280
    would someone like to elaborate what a 'sleeper email' is? Is it an email address inserted to the list that is monitored by the persons owning the list?
     
  11. thedarkest12

    thedarkest12 Regular Member

    Joined:
    Nov 23, 2009
    Messages:
    475
    Likes Received:
    127
    Occupation:
    Digital Marketing
    Location:
    Manchester, UK
    Home Page:
    Yeah, I'd never heard the term before, and I still do not know if it was a legit thing. I was told by the owner of the list (client who went out of business) that Constant Contact put them in touch with a third party firm who for a monthly fee, and a fee per 1000 email addresses, have software that creates 'sleeper email' accounts and inserts them to signup to that mailing list. Those email accounts are dormant and ONLY EVER registered with that mailing list.

    The software monitors the emails that inbox to ensure they belong to that client, and the headers all match from the URL etc.

    If at any stage a 'different' company or email appears in that inbox, since it is not used anywhere else, they know the data was compromised.

    They insert sleeper email accounts at different times, so they can also almost pinpoint at which point the data was compromised.

    I'd never heard of this, so I contacted Constant Contact and asked if I could have this third party referral, which nobody at Constant Contact ever replied.

    If it was a made up idea, it's a bloody good idea for a new business haha, and if it's legit, I can't find any reference online to a company that does provide this, and works with Constant Contact.

    Though it is a good deterent as I have no idea if it's safe to use this, or if the new client has taken over the above contract for data security.

    I'd thought of opening an offshore company, using an offshore IP, sending a mail blast to a one page squeeze page to Opt-In, and do that all anonymously in case there is any heat just to test. But thought I'd check here first...
     
    • Thanks Thanks x 1
  12. carlo6662012

    carlo6662012 Newbie

    Joined:
    Apr 23, 2014
    Messages:
    29
    Likes Received:
    1
    oh no. thats risky.
     
  13. nam6641

    nam6641 Supreme Member

    Joined:
    Nov 15, 2008
    Messages:
    1,476
    Likes Received:
    914
    Location:
    East Coast
    Post the list online in an obscure location which is publicly accessable and say "here's a list of clients I'm no longer using if anyone wants it". Now go and use the list. If there is a sleeper email in there then you can show them where you found the list online.
     
  14. igniteimages

    igniteimages Regular Member

    Joined:
    Apr 2, 2013
    Messages:
    393
    Likes Received:
    168
    'Sleeper emails' are very common and used extensively by any company that sells lists.

    In the good old days of direct mailing there would be false addresses in the list that would go to the list broker.

    Often lists are sold on licence, eg. You are allowed to mail the list once, and once only. Having sleeper emails enables the list to be monitored.

    My concern for you would be that the new owners have not only bought the list but also the connection with the list broker (or whoever is monitoring the list).

    If the list is the main asset that the new owners have bought you have to assume they have done some due dilligence about its integrity and will be seriously p***ed off if someone is using it. A list of 100k may be a valuable asset and you run the risk of a significant bill.
     
  15. Panda power

    Panda power Junior Member

    Joined:
    Apr 6, 2013
    Messages:
    179
    Likes Received:
    14
    It is really knowledgeable share that gives me some information about sleeper mail. Excellent quote :)