Sunday, May 17, 2009

Wolfram|Alpha - pretty much useless

Wolfram|Alpha is now open for business. It has lofty aims:
Wolfram|Alpha's long-term goal is to make all systematic knowledge immediately computable and accessible to everyone. We aim to collect and curate all objective data; implement every known model, method, and algorithm; and make it possible to compute whatever can be computed about anything.
So I thought I'd throw a few questions at it that reflect some of my current or recent interests. It failed almost completely. Here are the questions. Except when otherwise noted, every one of these questions produces the response "Wolfram|Alpha isn't sure what to do with your input."
  • compare salaries paid to males to salaries paid to females
  • do men earn more than women
  • salaries of doctors (this gets a graph of doctor salaries)
  • salaries of male doctors
  • how much do female doctors earn
  • salaries of doctors by gender
  • Salaries of nurses (this gets a graph of nurse salaries)
  • amount nurses earn
OK, it isn't up to speed on gender-income issues. And it can't translate "amount X earn" into "income of X". Ask Jeeves it ain't. How about more general sociological stats? I asked it
  • life expectancy in different countries
It didn't know what to do with that input, but it did suggest I ask it about "life expectancy" so I did. And got—a truncated list by country (what I'd asked for in the first place) but omitting the US and other middle-ranked places. By contrast, wikipedia lists all countries twice, first as sourced from the CIA fact book and second from a UN list. It looks as if Wolfram|Alpha has used the CIA list, as it has Macau at the top, which it is with the CIA but not the UN list. Wikipedia then gives an exhaustive link-list to rankings of countries by dozens of other metrics.

Then I asked it
  • Rate of infant mortality by nation
Easily cribbed from the CIA factbook but it didn't know.
  • Cost of health insurance
This produced a short list of insurance companies headed by Costco!
  • graph heart disease by age
  • heart disease versus age
No result for either of these. Turning to astronomy, I asked,
  • tell about interstellar dust grains
  • cosmic dust
Wolfram knew nothing. N.B. Wikipedia redirects "interstellar dust" to "cosmic dust" and has an interesting article.
  • nearest stars with planets
It offered "nearest stars" as a suggestion and this produced a plain-text list of star names without distances or other data. The list ended in an ellipsis and the message "Computation timed out." Note that Wikipedia has an exhaustive list of the 100 nearest stars with distance, stellar class, R.A. and Dec., and noting which are known to have planets.
  • extrasolar planets
This gave a list of exactly 3 (more than 100 are known), 55 Cancri d, e, and f, and again "Computation timed out." Under the same heading wikipedia has a lengthy article with a discussion of discovery methods and a table of interesting discoveries.

In short, Wolfram|Alpha is not simply distant from its lofty goals, it is ridiculously, laughably distant from them. Perhaps it answers questions in some domains adequately. Perhaps for some areas of knowledge it actually offers more than you can get by entering the same string in the Wikipedia search box. But I haven't seen any.

Wednesday, May 13, 2009

Fallout continues to scatter

Yesterday Marian re-checked the online listing of charges against the now-closed card. It included a $79 charge dated 5/11, the day after the card was cancelled!

A hasty call to Citicard security produced the not-very-reassuring explanation that the charge had been "pending" when the account was closed. Great. So cancelling a card doesn't automatically cancel any charges pending against it?

Today she went over it again to finally sort out the real (through 5/8) and the bogus charges, and one on 5/9 stood out: a $36.95 purchase from ticketsnow.com. All the other bogus charges were placed the morning of May 10.

So I called ticketsnow and inquired. Yes, they had processed an order for a single ticket to see Joel Ostine in Minneapolis on 5/29. It was on its way to me now, fed-ex.

Joel Ostine! He's a (gag, ptui!) revival minister!

I'm still baffled as to the purpose of any of this. Some person unknown, the night of 5/9 and the morning of 5/10, placed a bunch (now nearly 20) of small orders for a wide variety of products with a wide range of legitimate online retailers. There was no particular pattern to the purchases, other than not one of them was anything that I would ever, ever consider buying: quack and fringe health or beauty products, get-rich-quick schemes, and (gag, ptui!) Joel Ostine.

They used my credit card, my name, my correct email, my correct address. So there was no attempt to disguise the purchase from me or delay my finding out about it. And the types of stuff bought were not (thank goodness) the kind of thing that could destroy a reputation. Just small quantities of useless junk.

There is no way that anybody could have benefited financially from doing this. The only practical effect was to cause minor irritation and a few hours of wasted time cleaning up.

So why was it done? If it was a prank, it was pretty pointless. If it was an inept fraudster debugging some kind of automated stolen-card testing script, he was a really bad programmer. It's all just strange.

Tuesday, May 12, 2009

Curiouser and Curiouser

Yesterday I took the time to check all the vendors that had acknowledged the fake orders. Neighbor Thane had earlier suggested they were related because at least two of the domains had been registered using the same domain "anonymizer" service.

(That's a service that blocks people from using a "whois" query to learn the name and address of the party who registered a domain name. For Mac users, you can perform a Whois using the Network Utility.)

However when I checked the full list of 14 vendors, I found only those two had a domain service in common. Some of the others had their administrative name and address in the clear, a few used other anonymizer services.

The vendors were located in all different parts of the USA, plus one in Canada and one in Singapore. While Marian spotted similar boiler-plate language on a couple of sites, the others were quite various in design and layout. At least one has a very pleasant customer service operator as noted yesterday. Another actually called me to "welcome" me to their clientele. Although the caller was pretty clearly working from a call center in Mumbai, this was much more than I'd expect from a quick-buck shell company.

After getting mailing addresses for 11 vendors, I wrote up a letter informing them of the fraudulent order, stating no charge related to it would be paid, and demanding not to be on their mailing list or to have my name sold. Prepared envelopes and trudged off to the P.O. to send off 11 return-receipt-requested letters. $50 bucks in postage; maybe wasted money, but some of these vendors (like stay at home millionaire, about whom there are many complaints online) are very persistent once you express an interest.

Neighbor Michael thinks,
It looks to me like you have ordered something from a website whose computer has been hacked. The hacker then wholesales credit information to distributors (there's his or her money), who in turn re-package it and sell it tax exempt to users. In your case it looks like the user was testing the water. Was the card good? Did the cardholder have an alarm in place? etc. Having set off no alarm bells, he/she could then proceed to start ordering stuff big-time
Maybe. I've heard of people testing a stolen card number with a small purchase. However, this was more than a dozen purchases, which would surely be overkill. Plus, almost all sent confirmation emails (the Citicard fraud guy read me one transaction which hasn't shown up as email). Since I had never dealt with any of them, they didn't have my email address in their customer files, prior to the fraudster's order. So the fraudster had to have included my proper email with each fake order.

Seems to me, if I wanted to test a stolen card, one, I'd use an email address that came to me, not to the victim, and two, as soon as two orders cleared, I'd start ordering the 50-inch tvs. Not wait around for 10 more.

I can think of two other possible explanations. One, it's like Michael said, except that the fraudster was just getting into the game and testing his scripts. And had a bug in them, so he was running the same card over and over trying to get the code right.

Two, it is barely possible that the perpetrator didn't actually want to profit from the deal but only wanted to harrass me, personally. I am not aware of having any cyber-enemies like that... and if it was a case of cyber-harrassment, the orders would probably have included some porn. Thank goodness they didn't!

Sunday, May 10, 2009

How Does This Scam Work?

At 8:24 this morning (Sunday May 10), an email landed in my inbox, thanking me for my order for $5.69 worth of "Revatrol" at Renaissance Health Publishing.

By sheer good luck I was looking at my email while waiting for my wife to get ready to leave the house. "What?!?" said I, "I didn't order anything like that!"

I started poking around trying to find out about it when another email appeared, and another:

Many of these emails had my correct name and shipping address and home phone number! Around 8:26 I had totally freaked, yelled at Marian, who went to her computer and logged in to both credit card accounts and said none of these transactions had shown up yet. "Probably just spam," she thought.

The transactions all said they were charging to a credit card but didn't say what the card number was. I called Chase customer service on our more important card, the one we do not use online ever, and got a run-around, no help at all except that I could start a $7.99/month security alert and when my "welcome kit" arrived in "one to two weeks," it would have a security alert form on which I could check off the kinds of transactions to watch out for, and send it back. Thank you soooo much for your prompt service, Chase.

However, the last, 8:40 am transaction had what none of the preceding emails contained: the last four digits of the card number! That told me that the card involved was the one we use for online transactions. I called Citi and was immediately connected to the fraud line, where "Brian" was very helpful. He checked the account and read the last two transactions which were also small amounts for junk healthcare products -- but not one of the ones we'd had emails for.

Citi was happy to cancel the card, expedite shipping of a new one, and took note that no transactions in the last 24 hours were valid. I urged him to go further, clearly the scammers were at work right now and maybe could be traced? He was vague about that. Anyway, that was that; but tons of questions remain.

All the product websites that I checked look legit (junk products, but legit merchants) and the two whose phone numbers I dialed had phone menu systems ("please listen closely as our menu has recently changed"!). So, the big question, how is the scam supposed to work?

Are the various e-tailers all phony shell companies? Is the idea to make a bunch of charges under $10, collect from the card company, and vanish?

Maybe, but if the companies are phonies set up for this scam, then why make the simulation so elaborate? And above all, why go to the length of sending acknowledgement emails, which alert the victim to the fake charges even while they are happening?

But if the companies are real, then who benefits from this flurry of fake charges? Assuming my card was not the only one being hit this morning, real merchants are going to be hit with a shit-storm of complaints, and many if not all of the fraudulent charges will eventually be cancelled by the credit card companies. Real merchants would suffer almost as much pain as the victims.

In short, how was this scam supposed to work?

Monday update: there's been a sharp up-tick in the amount of spam I'm getting; fortunately Google mail filters it all. However, two more order-acknowledgement emails came in this morning,
  • Consumersdicountrx.com -- unknown amount, but I've joined their "best buy affiliate family."
  • Ultra Green Products (http://ultragreenproducts.com/).
The latter had a "confirmation number" and a customer service number which I called, and immediately reached a very pleasant rep who seemed sincerely dismayed to hear that the order was fraudulent. It was for a small amount, she said, $5.69, and had already been processed. I told her the credit card company would be taking that back as fraudulent.

The point here is, Ultra Green looks and acts like a legitimate business, not a front or a shell. At least, if it's a front, they've gone to a great deal of trouble to simulate a real business.