Spam in your fridge? Yeah sure, but what about spam from your fridge?

Well in light of the recent fascination and media-hype about spam from a new range of devices dubbed, the “Internet of Things”  I thought I post some information.

The media-hype is a little surprising in some ways as this ‘hack’ is old news, old technology and has been happening for years.  I first identified and tested for it publicly with the Spam and Open Relay Blocking System’s (SORBS) automated proxy tester.  The only thing that is different is now is the devices that can be exploited.  It used to be home routers, and computers directly connected to the Internet, but now it’s phones (Smart, VOIP and others), it’s Televisions, it’s Fridges, Cameras (usually security cameras, but not always), Digital Video Recorders, Set-Top boxes (Satellite receives, cable receivers, and Media Players etc), Audio Amplifiers, and many many more…

It was published by Proofpoint that ‘Thingbots” are sending spam.  Unfortunately it was taken by the media that “Thingbots” are the resulting robots from someone breaking into these devices and installing some software that sends spam, in a similar way that hackers try to trick people to download malicious software to their computers and laptops.  Whilst this is possible and undoubtably will happen in the near future, this is completely wrong at the present time.  Thingbots is a reference to the device being and ‘thing’ and being commanded to do something other than it’s designed purpose, regardless as to what that device or it’s purpose is.

For example, a ‘smart fridge’ is designed to keep food cool, keep track of the contents and alert the owner (maybe by email) if there is a problem with the fridge itself or with some of the contents (eg, like there being no milk left.)  The fridge is not designed evade security/anti-spam systems and to proxy or relay emails to a third party, but is is currently possible via a variety of devices.  How, you might ask, well I’ll get into that below, but first you might be asking why are these devices even connected to the internet?  Well it’s because people do not have a clue from a security perspective.  Neither the people that own the device nor (in a lot of cases) the designers.  The manufacturers are embedding computers into the devices and as a home appliance manufacturer (whether it be a fridge, a TV or other device) they are not experienced in IT Security, its not their job (yet) to be concerned with security, they want the functionality at the cheapest price.  To this end, they get people in their IT developer section (if they even have one, some just ask another supplier to provide them with the embedded software) straight from University, or school, with one very experienced manager most of which have no idea about security of the devices but they can code….  Worse, they make fatal management decisions giving the commands.. “Make it work!  Make it work quickly. Make it work cheaply!” When they have a developer that says, “Hey, what about security?” the answer comes back, don’t worry about it, it’s in the home, it’s safe behind the owners’ firewall, or “well put a password on it!”.. and so it begins..

Why this is bad..

Seems like a no brainer, the device is behind a firewall, it’s being NAT’d (Network Address Translation) so it’s not available on the Internet.. or is it?

Well most of these devices are running one of two Operating Systems, Windows or Linux, both operating system types have embedded versions, ‘Embedded Windows’ for Windows, or ‘BusyBox’ for Linux (amongst others, but that seems the most common.)

I’m not going to mention Embedded Windows here at all as I know nothing about it, and to be honest, at the moment, I don’t want to…  personal prejudice and all that..

Now in the case of Linux, the kernel itself is mostly secure and requires detailed and specialised knowledge to break into in the later versions.  The problem is they kernel is just part of the OS.  Linux is a UNIX variant and as such it relies on many applications as part of the OS for configuration, testing and usability. In the case of BusyBox these applications are often special versions that are cut down and trimmed as much as possible to save on space as embedded devices are usually limited on available memory, and they are all rolled into the same executable that operates as a multi-purpose tool “The Swiss Army knife of Embedded Linux” (it is given multiple names but only stored once in memory, and depending on the name you use to execute it, will depend on what function it performs.)  This is great, it makes devices very easy to build and makes it very versatile, for example, the Patriot Box Office, AC Ryan, Masscool and CinemaTube media players all run on the Realtek RTD1073 chipset BusyBox and a Linux kernel is an ideal OS for the device..  However, they are yet another example of the Internet of Things..  and in the case of the Masscool device a particularly good example of whats wrong…

My Masscool Media player…

I bought it in 2010 as it was one of the first HD capable media players that I could find with a good review, it also was one of the only ones with a HDMI port on the back..  Very quickly I found that it wouldn’t play some of the updated media formats so I went looking for firmware updates.  Non available, I relegated the box to the junk pile for a couple of years…  Recently I set up my games room and thought I’d get it out again and see if I could hack it to work with Plex as this is an XMBC fork that works well as a Media Server and has a DNLA server built in and the DNLA server can be hacked to transcode to various formats.

My first job was to see if I could get a firmware update, and went looking again.  What I found was two things, first, Masscool had not released a single update to the media player and in fact had stopped producing any Media Players.  Second, there is a sub-culture around the Patriot Box Office media players and firmware updates, and on the forums I found someone had posted the PBO unit was the same Chipset and board layout as a Masscool device. So I found a PBO firmware on their official site, downloaded it and started the firmware update to install it.. 30 seconds later I was told it was not made for this device and the update was aborted.  After this, the unit was a ‘brick’ .. it had killed it.  It could have been the boot code, it could have been something else.. don’t know but to many it would be dead and useless junk now, to me it was an opportunity to play.  I had no concerns about ‘bricking it’ as it was already bricked so I looked for hardware modifications and found with an old mobile phone sync cable I could interact with the Realtek chip directly and as such I could load just about any firmware I wanted on it.  The box within a few minutes was back operating in a really nice version of the Patriot Box Office software and playing all those newer media formats that I wanted to get in the first place.  Of course having “hacked” it I suddenly had all the details of what it’s running and how it could be easily attacked.  I had the default passwords, it was already listening for Telnet connections but I had been unable to get the information to logon to it until I hacked it… So I logged on and found that the Busybox installation had been complied with the ‘telnet’ option and therefore it is a device that can be a “ThingBot”.

More on how to exploit later…

My Dreambox DM500HD…

At home I have two Dreamboxes, a DM500HD and a DM800. both running ‘Enigma 2’, running OpenPLi 3.0 and OpenPLi 2.1 respectively… Running on an IBM STBx25xx Digital Set-Top Box Integrated Controller, and a 400 MHz Broadcom 7400 respectively.  Enigma 2 is another Busybox embedded device, however is significantly different from other media devices as it is being actively developed, supported, upgraded and patched.  All being said, by default DreamBoxes and the VU Plus, VU Duo devices and any other ‘Enigma 2’ device have a default password, login and open telnet port, in the case of Dreambox devices it is ‘root’ with a password of ‘dreambox’.  Worse, not only does it have telnet built in, it also has a web interface which by default is NOT password protected and allows you to get to all the system settings, including login security options and files with passwords…!

Further as this is a ‘feature rich’ device with whole store full of plugins and applications most of which are written in Python which is also embedded in the OS as an application.  This device is definitely a ‘ThingBot’, and it would be very easy to create a ‘Bot’ application that could be installed used to do a variety of other things – including compromise other devices.

So why would it be on the Internet?  Well simple (and in fact I put mine on the Internet) you can watch TV from anywhere in the world using the webinterface and if you had an Andriod or iOS based smart phone or tablet you can download an application to give you TV on the device anywhere in the world.. (and it works very well with Apple iPads, I use it when I visit the USA as all 600 channels over there seem to be full of rubbish and it works well on the hotel wireless!)

My D-Link DNS-325 Disk Arrays (Home NAS devices)…

I have two at home, one has two 2T drives, the other has two 3T drives, one is a backup for the other and is mass storage for me, it’s based on the 1.2 GHz Marvell® 88F6281 (Kirkwood) chipset..  I moved all my Music from my Macs to there, I moved all my Movies there, I moved all my photos there… and they are both full, so I bought a new Netgear this Christmas (more on that below.)  Now these devices are also Busybox based… what a surprise you may say.. no windows so far.. well that’s because I don’t buy windows anything, so this is all going to be something Linux based and mostly Busybox.. so anyhow, plugins available for it, eg, you can put a Database server (MySQL) on it, you can run a blog server on it, and of course you can put custom plugins on it by putting them in the root of the shared drive and rebooting it.. or using the web-interface. This includes adding an SSH server.. but why bother?  It has a telnet server built in, and you don’t even need to use a username and password (in fact you can’t even set it to have a username and password unless you are quite technical as any changes are automatically lost when you reboot as the password has to be saved to the boot flash and it is not using the provided tools.)

Again once you’re in you can telnet out elsewhere..

 My Netgear RN10400 NAS…

Built on the Marvell® Armada 370 1.2GHz chipset, it is also Linux though this is built on Debian Linux 7.1 (ReadyNAS version 6.x firmware) and unlike the others it’s secure(ish) by default.  You have to turn on shell access via the web-interface before you can get access to the shell.  However, unlike the others it has an extensive online plugin ‘store’ and you can install everything from a RADIUS server to a MySQL database server (by default with no credentials for root access) to your own blog and website.  However, like the Engima 2 systems it is also extensively supported by the manufacturer and community so firmware patches are forthcoming on a regular basis.

Would this be on the Internet, well yes, many of the applications are designed to give simple ‘SOHO’ services at low cost, so it is very likely this device will be placed on the Internet, either directly or by using the ‘DMZ’ or ‘Port Forward’ capabilities of most home routers.  Being a linux server under the hood, and not just a Busybox embedded device it also runs most if not all software that will run on a Debian Linux PC.. in fact it can even compile and run third party software that does not have packages capable of being installed on the NAS.

My Yamaha RX-A1030 A/V Receiver…

My latest toy, and very impressive one at that.. complete with it’s own gigabit network interface on the back.  As I only got it a month ago I haven’t had time to poke around with it above look at the web-interface, port-scan it, and install the ‘Tablet’ remote control application.  What I found was as follows:

michelle$ nmap -p1-65535

Starting Nmap 6.40 ( ) at 2014-01-21 13:07 CET
Nmap scan report for
Host is up (0.0030s latency).
Not shown: 65529 closed ports
80/tcp open http
1040/tcp open netsaint
1900/tcp open upnp
8080/tcp open http-proxy
10200/tcp open unknown
50000/tcp open ibm-db2

Nmap done: 1 IP address (1 host up) scanned in 11.06 seconds


Whoopsie!  More on that a little later, but I can tell you it has an iTunes streaming service , as well as ‘Net Radio’ and AirPlay.  (The important one to note here is the UPnP port.. more below)

My Thomson ‘Smart’ TV…

Another new addition (I got it at the same time as the Yamaha) and have not yet poked around with it, but it has it’s own App Store and Web Browser.. which is Embedded Opera and when you hit a webpage, with Flash content, it automatically attempts to download the flash plugin..  Do I really need to mention all the Flash vulnerabilities recently?  As for the scan it only has port 13000 open, which I have no idea about yet except it isn’t as webservice.

My LG Smart TV…

Another device (and one I haven’t poked around with) except I know it is embedded Linux and has various plugins available, including the Plex media client which historically has been written in Python.  LG have had a bad rap with their Smart TVs because of the fact they have been caught ‘calling home’, however like the Thomson and most other Smart TVs it is running embedded Linux.

So what about it…?

Well enough of the list of ‘ThingBots’ or devices that could be made to be ThingBots (Not even going to go into what on the LG Blu-Ray player and Melita HD Cable Set-top box – both Linux based)..  As you can see many of these devices are running an OS that is available in the mainstream and therefore compilers, software and plugins are available.  Some are securely setup by default, but most are not.

Some of these devices you can expect to see put on the Internet with out a security by the naive or experimenter, others you would not..  Or would you?

You see one of the problems with many of these devices is they all want to get access to the Internet, and even if you don’t give them access most of them are equipped to get access without you needing to know how.  Most people barely know how to setup a home router, so there is no way they would be able to configure port forwarding if needed, and certainly they would not know how to do that securely for protocols such as H.323 (video conferencing protocol that also used in MSN Messenger for example) so to get around this back in the late 1990s developers came up with UPnP aka Universal Plug and Play.

UPnP (Universal Plug and Play)…

This protocol/software is built into most routers, home-firewalls and devices.  It is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other’s presence on the network and establish functional network services for data sharing, communications, and entertainment. UPnP is intended primarily for residential networks without enterprise-class devices.

The UPnP technology is promoted by the UPnP Forum. The UPnP Forum is a computer industry initiative to enable simple and robust connectivity to stand-alone devices and personal computers from many different vendors. The Forum consists of over eight hundred vendors involved in everything from consumer electronics to network computing.

The concept of UPnP is an extension of plug-and-play, a technology for dynamically attaching devices directly to a computer, although UPnP is not directly related to the earlier plug-and-play technology. UPnP devices are “plug-and-play” in that when connected to a network they automatically establish working configurations with other devices.

The UPnP architecture allows device-to-device networking of personal computers, networked home appliancesconsumer electronics devices and wireless devices. It is a distributed, open architecture protocol based on established standards such as the Internet Protocol Suite (TCP/IP), HTTPXML, and SOAP. UPnP control points are devices which use UPnP protocols to control UPnP devices.

The UPnP architecture supports zero configuration networking. A UPnP compatible device from any vendor can dynamically join a network, obtain an IP address, announce its name, convey its capabilities upon request, and learn about the presence and capabilities of other devices. Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers are optional and are only used if they are available on the network. Devices can disconnect from the network automatically without leaving state information.

UPnP was published as a 73-part international standard, ISO/IEC 29341, in December, 2008.

What does this mean? well simply a UPnP device can tell the UPnP enabled firewall or router can open the ports without your knowledge – WITHOUT ANY AUTHENTICATION!

This is why back in 2002, Juniper Networks issued the following statement about their lack of support for UPnP in their devices:


Support for Universal Plug and Play (UPnP)


Universal Plug and Play Some chat programs are UPnP aware


NetScreen investigated UPnP, and have decided not to embrace this technology (as of mid 2002). Several factors went into this decision: a compromised host (say, with a trojan) could open the firewall entirely and permit other attacks and intrusions; all of the UPnP specs indicated that it is designed for the residential environment which is not NetScreen’s target market.


So how do they do it?

Follows is a series of images that show how it can be done.  I will *not* be showing how to manipulate a UPnP firewall remotely, I will also not be doing this remotely as my network is secure against things like UPnP especially as my border is protected with a Juniper SSG520.

First the D-Link DNS-325 NAS…

Spamming through a D-Link DNS-325

Now the Dreambox DM500HD (Remembering where the password is the default is ‘dreambox’ – which the malware “linux.darloz” is known to exploit):

Dreambox DM500HD proxy spam example.

The DM800 will work the same way, and in fact one could even install their own spamming program or proxy server using these set top boxes as this video will show:


Until both manufacturers and end users understand the security risks of devices on the Internet any device is is an attack vector for spammers and hackers, and as that device may not be monitored you could have the FBI, NSA, Interpol or Australian Federal Police (or other law enforcement) come knocking on your door to arrest and jail you for something you know nothing about…  Like trying to hack a nuclear reactor in Korea…

The final word…

I don’t have an Internet enabled fridge, and unless a manufacturer “donated” one to me I doubt I’ll ever have one (and no, I don’t need a new fridge, my Samsung 2009 side-by-side is perfect for my needs).. so no I can’t show you how to hack a fridge, just the same way I couldn’t show my employer.  All I know is, “yup there is at least one out there that is hacked” it might not be the fridge is hacked, it might be another device sharing the connection, but the spamming host is showing an Internet enabled fridge when querying it… one can only draw conclusions.

New Computer for Xmas? From Amazon? Watch out you might need a HazMat suit….!!

What is it with me, I seem to attract trouble at the moment, either that or I just don’t take s**t like others do…

So I’m not going to talk about the ripoff known as Ebay seller StuffUSell who sells stuff that they know doesn’t match the description… that’s Ebay and par for the course… No this is about someone you would think would know better… Amazon…!

Yeah the price of globalisation.. they’re so big in every country that when searching for stuff you don’t even see Ebay at the top of the list anymore, you just see 100’s of Amazon links leaving you little choice about where you can purchase items…  Even if they can’t/won’t deliver.

Many of you the readers know I live in Malta (Europe, not the town in the USA) it’s a small island in the middle of the Mediterranean sea and unfortunately getting stuff that is available to the rest of the world can be a task… and it’s not cheap (sometimes as much as double to RRP.)  For this reason I often use online services such as Amazon to get what I need at a reasonable price, paying extra for shipping.  Obviously because of Tax and VAT I prefer to order from Amazon EU/UK where ever possible.

So what is the subject about, you’re thinking.. well simple are you in Europe, are you thinking about ordering a computer/tablet for Christmas 2013…?  Well my advice is avoid Amazon at all cost as you might find yourself without what you are waiting for until after Christmas, with the excuse the Item you are ordering has a HAZMAT sticker on it and we can’t ship it to you…

Here’s the screenshot of the item I ordered over a week ago.. (click for hi-res version)

Thecus N4510UR 12TB NAS
Thecus N4510UR 12TB NAS

So as you can see ‘Ordered on 21 November 2013’ .. however lets take a look at ‘My Orders’ (click for hi-res)…

My Orders at Amazon
My Orders at Amazon

So I didn’t get any delivery, so I checked the order status, found it not yet dispatched so I got onto Customer Support (politely at first)… and after 24 hours I got this response:


I am writing to let you know about your order #202-2620275-0284318.

I have received an update from our fulfillment center stating that this item has been held up at JKPT this is because the item has been identified as having HAZMAT control on it and therefore can not be shipped to the address used as we can not ship this type of product to an overseas address.

I hope this helps you.

We loo forward seeing you again soon.

Warmest regards,

Ruban S.

It’s like ‘WFT?!?!?!’ HAZMAT?!?!??!  its a computer – it doesn’t even contain battery backup batteries!!

I got back to Customer support (again politly(ish) at first).. and couldn’t get a response as to what “JKPT” is … eventually I persuaded the Customer Support person to email me later what it meant, I got the following:


I’m writing regarding your order #202-2620275-0284318.

Please be informed that, JKPT is a condition that an item is put into when we have no shipping method for the item due to HAZMAT regulations. It is usually to either an overseas address or a PO box address, locker or a parcel motel type place.

If we can be of further assistance, you can reply directly to this e-mail. You can reach us by chat or phone from this link:

Customer Service can be reached by phone and chat 7 days a week 06.00 to midnight, local UK time.

If you need to call us, we can be reached on Freephone (within the UK) 0800 496 1081. International customers can reach us on +44 207 084 7911.

We look forward to seeing you again soon.

Warmest regards,

Babuvignesh S.

At this point I got a little narcky and phoned them on the 0800 number for the UK and pointed out, that the address for delivery is a real address that they have delivered to previously, and that whilst they are correct ‘overseas’ pretty much everywhere in Europe could be classified as such if the origination point is Jersey as they previously indicated… and again the response:


Regarding your Order No: 202-2620275-0284318, we’ve got an update from our fulfilment team:

”  I’m sorry but this item has been held up at JKPT this is because the item has been identified as having HAZMAT control on it and therefore can not be shipped to the address used as we can not ship this type of product to an overseas address ”

Warmest regards,

Thangjam M

Then 24 hours later I get this:


I’m sorry for the inconvenience caused to you with the restrictions to Malta.

I do understand your concern regarding the item being allowed to ship to Malta.

I’ve checked and can see that my colleague has already contacted appropriate department to investigate this issue.

As it is not yet possible to provide you with a resolution, we continue to work hard to provide an update and we still expect to be in contact with you on the date provided by my colleague, November 29, 2013.

Please accept my apologies for the inconvenience; we want to be sure to address this matter as thoroughly as possible.

If you don’t hear back from us by November 29, 2013, please contact us again by replying directly to this email.

I hope this helps. We look forward to seeing you again soon.

Warmest regards,

Imran A.

So the moral, if you want/need something quick (even as a business user buying business class items) don’t bother with Amazon, and certainly if it’s a computer or tablet (as tablets are computers).. go down the high street and buy over the counter – even if it costs more or takes your time, at least you’ll get it, and the shop is likely to be still there next time you need something!!


UPDATE [5th December 2013], this just in from Amazon:


We’re writing about your order 202-2620275-0284318 which included the following:



Thecus N4510UR 12TB (4 x 3TB) 4 Bay 1U Rackmount NAS with McAfee Antivirus Protection


Unfortunately, due to delivery restrictions on such items, we won’t be able to send you this item and have cancelled it from your order.  This is because this item contains flammable, pressurised, corrosive, environmentally hazardous or otherwise harmful substances classified as dangerous goods under the European Agreement concerning the International Carriage of Dangerous Goods by Air.

Although the amount of these substances in these products is usually quite limited, these products need to be transported in a certain way to ensure that they are handled with care and are therefore assigned to a specialist carrier.  Unfortunately this means that we can’t dispatch this to any destination outside of mainland UK.

We’re sorry for any inconvenience caused and hope to see you again soon.

Warmest regards

Customer Service Department

Please note: This e-mail was sent from a notification-only address that can’t accept incoming e-mail.  Please don’t reply to this message.

So there you have it, if you are buying a computer from Amazon (UK) and are not in the UK they cannot and will not ship the item – even if it is marked as being sold by Amazon Europe (S.a.r.L.) and even if it is marked as available for delivery to your country…

UPDATE 2:  Bit the bullet today, and went to one of the local computer stores and bought the non rackmount version of the NAS, found for €1123.00 (less than Amazon) I was able to get a 16TB version.. then I thought about it…  We’re on an island, everything is flown in.. but wait, Amazon said it was a HAZMAT marked item….!

Air Malta… You thought Ryan Air / EasyJet were bad!

A warning of bad service and the dangers of using online shopping services…

Air Malta

WARNING: Do not use AIR MALTA’s online ticket booking system if you want to fly….  here’s why…

First what happened to me, then I will paste response from Air Malta (and explain what they said for those that don’t ‘get it’.)  You will agree, that if you have see the programs made by English TV companies about cheap airline ‘EasyJet’ that often cheapest is not the best.  For that reason and that reason alone I have never used EasyJet, I have always gone with the more expensive ‘Air Malta’ when traveling to the UK. Never again.

Around the 5th December 2012 I decided to go back to the UK for a couple of days before Christmas to see my mother and to do some Christmas shopping.  I booked time off work, I booked a hotel, I booked car rental, all for the few days 16th December 2012 to 19th December 2012… Then I booked the flights using ‘Air Malta’s online service…  For just 3 days this amounted to more than €800.00, an ‘expensive’ shopping trip to say the least, but has I hadn’t seen my mother for 2 years (and she’s 73) I figured that I should even though I am extremely busy with work…

On the 16th December my friend Naomi and I went to the airport a couple of hours early (so I thought) turns out I had made a simple mistake, we had arrived at the airport 2 hours before we were due to arrive in London.. and that was some 20 minutes after the flight left Malta…  This was explained to me, and unlike those on TV, I realised that it was my stupid error and that I had only myself to blame, so I asked if they could move the tickets to the next available flight, Air Malta indicated they couldn’t and that I would have to buy new tickets for the first flight the following day.  They informed me that it would be €241.80 for the new outgoing tickets, I handed them my credit card and it was charged.  About to leave the desk the 2 representatives started speaking together with a look of concern on their faces, my friend Naomi being a native Maltese speaker understood what was being said and let out an exclamation, I asked for an English translation, and she (not the Air Malta staff) told me that they had said that I would need to purchase return tickets as well as the computerised booking system had automatically cancelled without refund the return tickets.  I informed them that I had paid for the tickets,  and was going to be at the Airport on Wednesday evening for the return flight, they informed me I would be refused boarding with no rights to recourse.  I immediately demanded a refund and was given the refund of the tickets I had just purchased and was told I would need to contact their Customer Care center the following day.

I called their customer care number multiple times, and received no response.. few minutes of being on-hold followed by a ‘click’ and was disconnected for each call.

I emailed via their website asking for contact details of a manager.  I received an email response telling me I could not speak to a manager and should forward me complain to their email address: I wrote the following letter:

Ref: ICCHO019286

Here is a brief description of events:

I arrived at MIA at 17:25 Sunday 16th Dec 2012 for the KM102 flight.  It was pointed out to me that my ‘2 hours early’ was actually 35 minutes after departure because I had mis-read the itinerary and the departure time was actually I was ‘arriving early’ for was the arrival time in London.  I felt an idiot, but mistakes happen.  I requested from the Air Malta desk at MIA to see if I could move the flights to the next available, they after 10 minutes on the computer said that they couldn’t access the booking as I was a ‘no show’ and therefore I would need to buy a new ticket.  They informed me the price would be €241.90 for the flight the following morning (at 7:50am) I agreed and handed my credit card to pay for tickets for myself and Naomi Xuereb (my traveling partner) and the staff appropriately charged my credit card.

I was then informed that because I was a ‘no show’ on the first flight, the tickets for my return had been automatically cancelled and they would need to book new tickets for my return at a cost exceeding €500 (or I could travel on another day at lower cost)  I informed them that I had not taken my ticket, I had not canceled it, and it was at least 72 hours from that point and they had no right to cancel my flight.  They informed me (both working staff) that it was ‘the way the computer works’  I told them I would be at the airport on Wednesday evening presenting my tickets and I would should not deny me boarding, they informed me that my ticket was invalid and I would be refused and stranded in London.  I informed them that that was unacceptable and they should refund me immediately for the unused tickets, they refused saying the tickets were ‘lost’ and I would need to contact customer care.

A short discussion/argument ensued and I demanded a refund in disgust for the €241.90 I had just paid.  I returned home with Naomi and called AVIS and’s customer care inquiring about a refund giving the full list of events.  They both offered their sympathy and indicated they would attempt to refund my bookings (I had prepaid) as the circumstances were unusual to say the least.  They have since indicated that this is not possible.

I am therefore requesting politely in the first instance that you refund my out of pocket expenses.  This amounts to:

€544.40 (Booked flights with AirMalta – Ref: NCWIVM)

€192.16 (Lost hotel cost for 18th-19th Dec 2012: UKP146.88 @ Exchange Rate of 0.7873 (1.2702) + 3% commission [HSBC Malta current rates])

€124.50 (AVIS Car Rental: UKP95.76 @ Exchange Rate of 0.7873 (1.2702) + 3% commission [HSBC Malta current rates])


€861.06 [Sub total]


€241.90- (less amount for replacement ticket that I was able to purchase should Air Malta have not canceled my return ticket, because it was my initial mistake.)


€619.16 [Total]


I think you would agree that it is a reasonable request to compensate me for my losses due to ‘the way the computer is programmed’.  I would suggest you amend your computer system programming to avoid other similar incidents as the Air Malta staff indicated that this issue had occurred with someone else on the same day, and as Air Malta is already having Financial issues it would not be a very good idea to have people like myself dissatisfied with Air Malta’s service as it is likely to cause you considerable negative publicity and therefore lost of profits for your investors (not to mention more lay-offs for all staff.)  There is an old saying “a satisfied customer will tell 3 friends, an angry customer will tell 100 people”  Mr Joe Debono Grech found out just how many people I can tell when I’m angry just a few months ago, I pray that you do not have to find out how many people I will tell if this is not resolved satisfactorily.

I look forward to a prompt response.




… I received a response a few hours later indicating that their relevant department would respond to my request soon.

3 Days later…

I emailed them again indicating I had not had a response.

I then received the following:

Dear Mrs. Sullivan,

Customer Care Ref: ICCHO019286

Further to our previous correspondence, please note that we have duly noted the contents of your e-mail and would like to advise you as follows.

Please allow us to express our sincere apologies for any inconvenience that you may have experienced whikst using our services.

We wish to emphasise that here at Air Malta, ensuring total customer satisfaction is one of the maxims that guide our mission as a leading service provider in the travel and transportation industry.

Unfortunately, there may be isolated instances where this required level is felt not to have been provided.  However, this does not detract from the importance of us continually trying to reach the highest possible levels of customer satisfaction.

One of the steps taken in this direction has been to ensure that our clients have full access to the Terms and Conditions of Carriage.  In fact, these may be easily located on the Air Malta website (  It is indeed in these Terms and Conditions that one will find that if the passenger does not show up for any flight without advising Air Malta in advance, then Air Malta may cancel the passenger’s return or onward reservations.

We consider Article 5.6 in the latter Conditions, which you freely accepted to form part of our Contract of Carriage upon purchasing your Air Malta flight ticket, to be very clear.  Consequently, Air Malta cannot and will not be liable for any loss or damage arising from the failure to comply with the Terms and Conditions, which clearly state that any changes need to be done prior departure.  In effect, Air Malta’s General Conditions of Carriage regulate the contractual relationship that exists between Air Malta and your good self in this case.  Such Conditions are in line with IATA’s (i.e. the International Air Transport Association) recommended practices. It is ultimately the responsibility of the passenger, as with any other contract, to read through such Conditions prior to purchasing his flight ticket.

For your ease of reference, the aforementioned Article 5.6 states as follows:


Please be advised that if you do not show up for any flight without advising us in advance, we may cancel your return or onward reservations.  However, if you do advise us in advance, we will not cancel your subsequent flight reservations.

You will appreciate that you have violated Article 5.6 of the Contract of Carriage in force between Air Malta and your good self when you failed to show up for flight KM102 on the 16th December, without any advance notice being given to Air Malta.  As a result of your actions Air Malta had every right, pursuant to the aforementioned quoted Article, to cancel your subsequent flight reservations.

In these circumstances we believe that Air Malta acted according to the conditions of the ticket agreement, however if you feel that the matter could have been handled more effectively then please accept our sincere apologies.

Whilst trusting to have informed you accordingly, please do not hesitate to contact us should you require any further assistance.

Yours sincerely,

Lilian Farrugia

Customer Care Representative

Air Malta Plc

Customer Care

Sky Parks Business Centre, Level 2

Malta International Airport, Luqa LQA4000

E-mail: URL:


So for those that “don’t get it” Air Malta will, if you don’t take a flight and don’t inform them in advance, cancel all your flights for all passengers on your itinerary and will refuse a refund of all costs associated with those flights (including the tickets for flights not yet taken that you would have otherwise taken.) … And you thought EasyJet was bad for charging people for new tickets when passengers turn up 10 minutes late for check-in…  At least EasyJet and RyanAir don’t cancel without refund all your flights in the future.

My advice to people is simple… Don’t fly Air Malta at all… and if you have no choice, don’t book your flights online with Air Malta, and what ever happens book all the flights individually because if one person on your ticket fails to arrive at the airport on time, you’ll have your flights cancelled without refund… including any return..  At least if you have a separate ticket and separate itinerary for each person and flight they cannot use ‘Rule 5.6’ to cancel tickets.. though I expect they will soon amend policy to to cancel anything in your name should you fail to show up for any flight…

Oh, and for reference (and have heard this from others as well) … their ‘Frequent Flyer’ program.. I am a member, I cannot get any credits for my flights (and haven’t for the last 3 years except for the very first flight)… and I fly some 60,000 air mails per year on average…  Others I know have only been credited Economy miles for Business class flights, and several time I have had issues with Air Malta (particularly flying out of London) for being just 1kg overweight… on one occasion they attempted to charge me an addition €150…

So the message is simple…

Use EASYJET or RYAN AIR and discard Air Malta to the bin of ‘never fly with these idiots’…



Two years on..

Well almost two years on but the abuse I suffered at the hands of my ex (Katie Crothers) is still affecting my life in a negative way..  Seems no matter what I do there is always someone that knows her, there is always someone that wants to know me that I have the suspicion is just a friend of hers probing for more information….  Checking the logs of the webserver shows continual stalker activity..  and now the TV has ads about how to recognise it..  well just as an experiment I followed the link on the TV and filled out the form remembering how I was 2 years ago today, and here is the result:
‘This is ABUSE’

I suspect I’m never going to get over this issue, ever, even with psychiatric help, please be aware, and please do not fall victim to a pathological abuser.  If you think you are a victim, go to the website: fill out the form honestly and read the results.

Facebook, why didn’t I receive that update…?

Noticed how sometimes you don’t get notified of someone’s update, an event or a post in your interest lists/groups?  Missed that party for your friends’ birthdays?  Here’s why…
So many of you will have seen posts similar to the following:

Facebook is now pushing administrators to pay to promote every post/update from their page. In an attempt to make page administrators and users pay for “promoted posts,” Facebook will now only notify 7% of you receive each update posted. Meaning that now, in order to receive all messages/posts from things you have ‘liked’, you must do the following:

1) Go to the the page (eg: for ‘Shells Shots’).

2) Hover your mouse over where it says “LIKED” and click on “ADD TO INTERESTS LISTS”

For users/friends:

1) Goto their timeline, or hover over their name in one of their posts in your newsfeed.

2) Hover the mouse over the ‘Friends’ Button.

3) Click ‘Settings’

4) Click ‘All updates’

By doing this, you will be able to see all posts for pages and friends alike in your news feed. Please “share” this post with your friends.

Note: They also set the ‘Sort’ on the newsfeed to only put the top posts (those that have paid to be at the top) at the top, change it to ‘most recent’ to see what people are posting when they post..

Please share this post/information with everyone so all can know what Facebook are doing…!

Thank you!!

 So what does it mean?
Well simply it’s the response to Facebook‘s latest attempt to get money for its investors.  Facebook’s stock is falling, people are loosing money, the company is failing… Privacy is required by many people, and laws have mandated it so they can’t sell your data to others as they once did, advertising is failing particularly as mobile devices don’t see most of it…  They need to make money…
So as most users of Facebook (the reported billions of users) are not actually real users (eg my Ex Katie Crothers has/had three “Officially her” accounts, plus at least 30 fake accounts in various alias names (eg Leon Mconnell etc) that she created to attack my account with, then later stalk me to try and to ‘collect evidence’ for my former employer to take me to court for breach of a non-disclosure agreement and right waiver that prevents me from taking them to court over the sexual harassment and discrimination I suffered whilst employed.)  Then we have those like me, where I have 3 accounts, one for me publicly, one for my closest only friends, and one that I use to investigate people with (as part of my job, and for evidential evidence against the stalking and harassment.)  Finally, I know many other people that have at least 2 accounts, one for employers, one for friends etc… So based on knowing many people with 2 legitimate accounts, I would suspect that Facebook’s user Total of 1.01 billion is actually around half that, despite their pathetic attempts to weed out fake accounts.
So back to the original question… what does it mean?
Well simply, they need to make money, and make money fast, so as they cannot get money from the fake accounts, and they can’t get people to pay for the newsfeeds they are relying on companies to pay for their ‘page’ posts to ensure that all their users get the updates.  The problem with this is they are targeting the vast majority of pages by asking for payment to those pages that have less than 5000 ‘likes’, ie all the less known ones.  The ones where people want to get themselves up on the limits so they don’t have to pay…
Here’s the problem though… it didn’t work, the little people won’t pay when the big ones get it free, and they worked out that if they have a second phone number and access to a limitless number of email addresses (like me) they can create ‘fake’ accounts, in this case the ‘fake’ is because they don’t represent a real person, they are the company, someone that can post adverts when they are your friend and you get them in your newsfeed as ‘Pages’ used to do…
To combat this, Facebook has been changing your ‘Newsfeed’, first they changed the ‘Sort Order’, it used to display the latest posts at the top, now by default it only displays ‘Top Stories’ – these ‘stories’ are those that go viral, ones that get shared, ones that get ‘liked’ ones that get lots of comments.  So when this happened, I amongst many others told people how to change it back..
Go to the ‘News Feed’ and hover your mouse over ‘Sort’ and select ‘Recent Updates’ instead of ‘Top Stories’ (Note that ‘Top Stories’ only shows ‘Sort’, where after it’s changed it says, ‘Sort: Recent Updates’ – quite deliberate so you as a user don’t realize.)
Problem is everyone changed it back when they saw the posts alerting them to the change, so they change it back every so often, because they want you to always see ‘Top Stories’ first…
So their next attempts (and the current issue) is to make everyone suffer the ‘promoted posts’ issue…  As a user, only 7% of your friends will only see any post you make, if you get a lot of people ‘Like’ing or ‘Comment’ing on your post it goes up the ‘Top Stories’ list and more of your friends *may* see the post…
Sooner or later Facebook is going to have to bite the bullet and start charging people for access.  The problem they have with that is the user base will fall dramatically, their number of active users will probably be just a small percentage of their current total..  Why is fairly obvious, fake accounts will vanish, people will only have access if they have access to a credit card, and of course some will refuse to pay as there are free alternatives out there…
So here’s a list of the Advantages I see with a ‘pay for’ Facebook (and I’m only talking about paying $5 per year as this would if they insist that majority of their 1.01b users are real, $5.05b in revenue):
  • Fraud and Fake accounts will be stamped out (one account per credit card number.)
  • Revenue is generated.
  • People will not abandon stolen accounts so readily.
  • They can better ensure that children (under 18s) are not allowed access without their parents knowledge.
  • Abuse by stalkers and harassers will be greatly reduced (it won’t stop it though, stalkers are psychotic and determined.)
  • Spam and other abuse will be reduced (though it is unlikely to stop it.)


  • Many people will just stop using it in favour of ‘free’ services.
  • The real figure of Facebook users can be accurately calculated, audited and reported (and if it is significantly lower will decimate the Stock Price.)
  • “Stolen accounts” trade will increase on the black market.
  • Facebook ‘Phishing’ attempts will greatly increase as abusers will attempt to steal other people’s accounts.
  • Facebook will have a contract with end-users so their legal obligations will significantly increase (terminating an account someone has paid for will require due cause/process and is auditable by a court – this would have significantly helped me in my received abuse and harassment by my ex..  Facebook would not want to get involved in such cases, but they would have no ability to get away from it.)