This post mixes two of my favorite topics: computer security and sailing.
On one of the many sailing boards I visit, there was a posting for crew positions on the Team Compass Point boat for the 2006 Sydney-Hobart and Gosford-Lord Howe Island Races. I was curious about this, so I requested the information—sending them an e-mail. What I received appears to be a fairly sophisticated scam, based on a hacked server in New Jersey, and a creative mixture of truth and fiction.
The race information packet I received was very generic, with photos that could have come of any website. To give the packet some authenticity, it appears that they did use an actual photo of Phil Chisholm, the skipper of the Team Compass Point boat. They are also using the e-mail address seen in the legitimate press releases and stories covering Team Compass Point. However, there were a few definite warning signs that this was not a legitimate opportunity.
First, the packet was so generic and poorly designed, it is very unlikely that a team of this caliber would have sent out materials of this quality. Having worked in the graphic design industry, I can say that the PDF file was very poorly designed for what should be a high-level marketing piece. Also, there were no identifying logos in the materials, or either the races or the companies involved, and none were visible in either photo. When was the last time you saw a sailboat race photo that didn’t have a million logos plastered over it.
Second major warning point was the fact that they only accepted bank transfer for payment. What international level race company can’t accept credit cards? Yeah, right.
The third warning point was a website which said that Phil had chosen his crew for the Sydney-Hobart race. A crew of eight, to man a 38′ sailboat. If the crew has been selected, how can they be offering crew positions?
A fourth warning point was when the website listed in all of the materials did not come up. What came up instead was a error webpage for an Australian ISP, woosh.com. However, after doing a little digging, I found that the website domain, www.compasspointenterprises.com that is used in the literature doesn’t exist in the records of ARIN or APIC. These are the primary DNS name registries for the Americas and the Asian/Pacific regions of the world.
A little more investigation showed that the website was resolving to a US-based IP address, 126.96.36.199, which is assigned to Datapipe, a Hoboken, New Jersey-based ISP. Yet, this US-based website was mirroring the error page of an Australian ISP. Hmmm—that’s very fishy, isn’t it. It is also very creative…as it does make it appear that the website you are going to for the error page is that of an Australian ISP, which would make sense, as the real Compass Point Marine is an Australian company.
It appears that a DNS server over at Datapipe, and possibly other machines have been compromised to pull this off. If the DNS servers weren’t compromised, then there shouldn’t be any way to get to a web page for the Team Compass Point website, as they don’t have a DNS registry entry.
Many sailors interested in participating in racing at the Sydney-Hobart level have the means to pay to play. This appears to be a fairly sophisticated scam aimed at fleecing those sailors out of their money. I just thought you should know how creative the scammers seem to be getting.
Note: I don’t believe that Phil Chisholm or the real Team Compass Point have anything to do with this apparent scam.