Mathowie 1, Travel Agency Shenanigans 0 September 3, 2014 9:28 AM Subscribe

Mathowie has a Medium post detailing ongoing legal demands by Sundance Vacations to delete a 2010 Ask Metafilter thread about their business, and later demanding personal information about users in that thread. Short version: Sundance, or somebody claiming to be from Sundance, may have doctored an unrelated court order to aim it at Metafilter. The story has been picked up at BoingBoing, Popehat (where Ken White has praise for how our fearless leader handled the situation) and presumably elsewhere as well.
posted by Holy Zarquon's Singing Fish to MetaFilter-Related at 9:28 AM (240 comments total) 72 users marked this as a favorite

Oh snap! Good work, mathowie.
posted by ThePinkSuperhero at 9:32 AM on September 3, 2014 [8 favorites]

Yeah, it's super weird. Working here sometimes feels like being a kind of Pokemon trainer for wild strains for chutzpah.
posted by cortex (staff) at 9:33 AM on September 3, 2014 [107 favorites]

So the company is now claiming they had nothing to do with it. I figured this might happen, since the emails we got weren't from an official address of their domain but instead came from sundancevacationlegal@gmail. Here's the full original email with headers and the PDF attachment over at dropbox if you want to see the message from them.

That someone completely unrelated to the company would do such a thing (and I exchanged several follow-up emails with them) seems pretty fucking far-fetched. How could this NOT be someone working at the company?
posted by mathowie (staff) at 9:36 AM on September 3, 2014 [18 favorites]

So not just craven Memory Hole-ers, but also actually fraudulent in a criminally sort of way? Nice combination!

Last week a co-worker mentioned a timeshare that they had signed up for, and I realized that I hadn't heard much about the whole business model in a while. I guess it hasn't improved much with time.
posted by wenestvedt at 9:37 AM on September 3, 2014

mathowie: How could this NOT be someone working at the company?

Plausible deniability?
posted by wenestvedt at 9:38 AM on September 3, 2014 [2 favorites]

What did the lawyers say, the firm in Mississippi who were also used as part of the scam? Do they know about this yet? Were I professionally misrepresented like that, I'd be beyond pissed.
posted by bonehead at 9:44 AM on September 3, 2014 [2 favorites]

Last week a co-worker mentioned a timeshare that they had signed up for, and I realized that I hadn't heard much about the whole business model in a while. I guess it hasn't improved much with time.

The family in that Queen of Versailles documentary made their bajillions in timeshares, and that film documents that company's collapse. I wouldn't be surprised if the whole industry is in bad shape, and comically bad reputation may be one of their main problems.
posted by Think_Long at 9:48 AM on September 3, 2014 [4 favorites]

This shows up as one a gigantic .txt file for me -- is that working as intended, or is the PDF attachment supposed to be a separate file from the email?

That's how attachments get transmitted, as encoded text.
posted by mathowie (staff) at 9:54 AM on September 3, 2014

Wow - hard to imagine the court just ignoring that stunt. New levels of chutzpah indeed! And nice addition to your Labor Day weekend Matt. sheesh!
posted by leslies at 9:58 AM on September 3, 2014 [1 favorite]

mathowie: How could this NOT be someone working at the company?

Plausible deniability?

Implausible deniability.
posted by Mrs. Pterodactyl at 9:58 AM on September 3, 2014 [7 favorites]

if yer any good at internet you'll just translate the encoding on the fly.
posted by quonsar II: smock fishpants and the temple of foon at 9:58 AM on September 3, 2014 [12 favorites]

I wonder if they hired one of those "reputation fixers" and this is how they go about their business.
posted by Lyn Never at 9:59 AM on September 3, 2014 [7 favorites]

I'm curious about what other times MetaFilter has been forced, by court, to censor or remove information? I seem to recall that MeFi is OK with people shutting down accounts but won't remove their comments, even if they want them removed really really bad. I can imagine that they would be forced to comply with a legal requirement, however.
posted by rebent at 10:00 AM on September 3, 2014 [1 favorite]

Well played, #1. Metafilter strong!
posted by Lynsey at 10:07 AM on September 3, 2014 [3 favorites]

The most bizarre thing in this story is that the court asked to be sent a fax.
posted by Pyrogenesis at 10:08 AM on September 3, 2014 [5 favorites]

So Connie Smith, Brent Hazzard and John R. Reeves, all members of the Mississippi State Board, had their signatures and professional id numbers inserted into a fraudulent court document?
posted by boo_radley at 10:09 AM on September 3, 2014 [6 favorites]

"Sundance Vacations LLC" is also not an entity that exists in Mississippi or PA. It's possible they have a fictitious name/DBA/assumed name out as "Sundance Vacations LLC" (certain states allow "LLC" to be in assumed names but most do not) but from my admittedly incomplete knowledge of such things the entity name has to be cited on service of process if the entity is using an assumed name as its primary business name. I checked Delaware and Nevada as well, and no "Sundance Vacations LLC" there either.
posted by griphus at 10:11 AM on September 3, 2014 [1 favorite]

When Sundance demanded that critical posts be taken down from Metafilter, and provided an apparent court order from Mississippi, Matt did something very rare and special — he exercised critical thinking.

Well, rare maybe in others...
posted by chavenet at 10:12 AM on September 3, 2014 [8 favorites]

Nice detective work, mathowie.
posted by GrapeApiary at 10:26 AM on September 3, 2014 [1 favorite]

A little more research indicates there's a bunch of "Sundance Vacations" entities in PA, some of which have the address in the email Matt initially got, but none of them are "Sundance Vacations LLC".
posted by griphus at 10:26 AM on September 3, 2014

Congratulations on your courage and sang-froid, Matt, as well as your "critical thinking."

This is making me very proud of Metafilter.
posted by jamjam at 10:29 AM on September 3, 2014 [1 favorite]

A little more research indicates there's a bunch of "Sundance Vacations" entities in PA, some of which have the address in the email Matt initially got, but none of them are "Sundance Vacations LLC".

A fake court order, care of a fake company. Clearly, this is a missive from an alternate universe.

Dr. Bishop, please pick up the white courtesy phone.
posted by Sticherbeast at 10:37 AM on September 3, 2014 [14 favorites]

"That someone completely unrelated to the company would do such a thing (and I exchanged several follow-up emails with them) seems pretty fucking far-fetched. How could this NOT be someone working at the company?"

I'd be surprised if there weren't anyone out there doing a false flag thing as a roundabout way of attacking their enemies. I can see someone who felt screwed by this company doing this. Given that very few admins would do what you did, though, means that the likelihood of being successful is pretty low. Most admins would accept it at face-value and most of the few who debunk it would just ignore it (correctly thinking that any active engagement is likely to cost time and money). And if the admin initiates or incites legal action, well, wouldn't that dramatically increase the possibility that the false-flag person would be unmasked and find themselves in very serious legal trouble?

So, it seems unlikely and only something a very foolish person would do. Not that there aren't many such people, but I think this is the least likely possibility.

"I wonder if they hired one of those "reputation fixers" and this is how they go about their business."

That sort of has the same problem as the false flag possibility in that it would be high risk for little reward, given that there's non-felonious ways to do this and it's their business. The only thing that seems possible to me in this vein would be some fly-by-night sole proprietorship reputation service that's one dumb guy. Which doesn't seem that likely, but it's possible.

Both those possibilities are very small compared to a known unethical company just moving into felonious territory out of a combination of hubris, recklessness, and desperation. It's much more likely first of all because automatic compliance by admins is far more likely than what Matt did, which is their goal, but, unlike a reputation fixer, getting away with this day-to-day on an ongoing basis isn't their business. So you can imagine them thinking they'll get away with it. But, also, they're known to be unethical, anyway. So you can really imagine them thinking they can get away with it and, obviously, being willing to do it.

It's still really, really dumb, though. Putting aside the defensible assumption that someone like Matt wouldn't pursue legal action (as we see Matt hasn't), that court and those attorneys are pretty much the worst people to involve in a fraud. They have the resources and the incentive to respond to the fraud legally and despite what these folks might think, it won't be hard to link them with the email. Plus, you get this streisand effect.

It's really kind of interesting how much criminality is just foolish people being reckless and simply assuming they'll get away with it. Which they mostly do, until they don't, and then the costs far outweigh the benefits. But these sort of folk never really expect that the day will come when that happens.
posted by Ivan Fyodorovich at 10:40 AM on September 3, 2014 [5 favorites]

The company signs as “Sundance Vacations” as a signature. I run a company, and I always have to sign my full name as president of my company, never as the company name itself.

I have definitely seen documents where a company's name is used as a signature. Always struck me as weird. Unfortunately I have no idea which circumstances call for this rather than a signature of an officer of the company.
posted by mullacc at 10:43 AM on September 3, 2014 [1 favorite]

The most bizarre thing in this story is that the court asked to be sent a fax.

Not bizarre at all. Lawyers and the courts are one of the last bastions of faxing. When we were getting my mom's legal papers in order, and having to communicate with lawyers and government entities, everyone insisted on using the fax. Even financial institutions required us to fax over legal documents. Everyone balked at emailing documents.

I assume one of our MeFi Legal Eagles might be able to explain why this is so.
posted by Thorzdad at 10:47 AM on September 3, 2014 [3 favorites]

It's really kind of interesting how much criminality is just foolish people being reckless

I used to work for a state parole agency; my job involved compiling data from inmate records. I agree that it's definitely true that a vast number of criminals (well, the ones that got caught, anyway) are pretty dumb.
posted by Greg_Ace at 10:58 AM on September 3, 2014 [1 favorite]

Hah! I apparently filled something out at a baseball game a few years back that got me on Sundance's radar, and it sounded enough like a scam that the first place I went to was AskMe, and that question in particular.
posted by zombieflanders at 10:59 AM on September 3, 2014 [2 favorites]

I can't explain why it is so, but is still frustrating. When a financial institution faxes over a ten-page document in order for a beneficiary to claim a distribution from an IRA, for example, you have to fax the whole ten-page document back to them, even if the beneficiary only signs one page and initials one other.
posted by Curious Artificer at 11:00 AM on September 3, 2014 [1 favorite]

I will never understand why people do stuff where the cost is so much higher than the reward and there's a decent chance that the cost will pan out. One slightly bad thread about my company stays online vs. I potentially get fired/go to jail? I'm picking the thread every time.

I had a student basically do this same thing with me this semester- he never showed up to class and then edited an old Emergency Dean note to excuse himself from my exam by changing the date of the letter. I called the Dean's office to check on the date that he went to their office and it turned out that the Dean who signed the letter didn't even work there anymore. They also said that this kid was a frequent flyer in their office; always getting excused for something. He would have gotten a legit letter had he just shown up at the Dean's office and faked a cough, but instead, he was sent to student discipline and not allowed to graduate that spring.
posted by quiet coyote at 11:01 AM on September 3, 2014 [4 favorites]

I feel like this should be a post on the blue instead so it is high up on the list of results if someone googles "sundance vacations fraud".
posted by elizardbits at 11:05 AM on September 3, 2014 [13 favorites]

I wonder if they hired one of those "reputation fixers"

Quite likely.

and this is how they go about their business.

Possibly. However, it's worth noting that at least some "reputation fixer" companies would not engage in unethical methods to help their clients. Most PR agencies hired specifically to help rebuild a brand's reputation would never have done this.
posted by zarq at 11:05 AM on September 3, 2014 [1 favorite]

I'm curious about what other times MetaFilter has been forced, by court, to censor or remove information?

At least once
posted by Nonsteroidal Anti-Inflammatory Drug at 11:06 AM on September 3, 2014 [20 favorites]

The most bizarre thing in this story is that the court asked to be sent a fax.

Not really. It's a legally tested form of time stamped communication.
posted by Brandon Blatcher at 11:09 AM on September 3, 2014 [7 favorites]

At least once

This was my favorite assessment of that situation.
posted by zarq at 11:11 AM on September 3, 2014 [36 favorites]

I suspect that courts and governments still require faxes because that was the last time they changed the rules to account for new technology. (Though it also ignores the huge field of legal discovery software, for example.) Bet it's easier to get people to fax things than change the entire process.

For example, when I updated my passport recently, I could fill out the form online. But in order to submit the application, I had to print out the form, staple a physical picture to it, sign it, and mail it.

Yet, at the same time, my bank will let me scan a check and deposit it while still keeping the ACH system that takes 3 days to move bits of money from one state to another.
posted by fifteen schnitzengruben is my limit at 11:12 AM on September 3, 2014

This was my favorite assessment of that situation.
He wasn't in Young Guns and I can't flag that comment. =(
posted by soelo at 11:23 AM on September 3, 2014 [4 favorites]

FYI: If you buy a timeshare in NC you have five-count them, five-days to back out legally.

The more you know....
posted by St. Alia of the Bunnies at 11:36 AM on September 3, 2014 [2 favorites]

Not bizarre at all. Lawyers and the courts are one of the last bastions of faxing.

I was impressed it wasn't in WP5.1 format.
posted by Pogo_Fuzzybutt at 11:41 AM on September 3, 2014 [5 favorites]

my bank will let me scan a check and deposit it

Unless the edge is clipped, which my company's payroll office does every month...
posted by jeffamaphone at 11:42 AM on September 3, 2014

Oh man, the comments on that Chilling Effects post. Brilliant.
posted by Slackermagee at 11:50 AM on September 3, 2014 [1 favorite]

One slightly bad thread about my company stays online vs. I potentially get fired/go to jail? I'm picking the thread every time.

While I'm sure that this is a case of teh stoopid and nobody gave it a lick of thought, I'm not sure that a reasonable analysis would turn up any likelihood of legal repercussions here. If you read Popehat's other stuff very much you will see discussion of just how little (read:never) there are sanctions for over-reach in things like fake DMCA takedowns, for example.

My layman's read is that the legal system tends to shrug matters like this off unless they actually involve the system officially. Actually file fatuous libel suits? You may get smacked down and have fees assessed against you. Send these malarky documents, such that anyone trying to chase it down would have to subpoena Google for information and follow a trail? Disregarded.

Which is unfortunate because this sort of thing harms the perception of the legal system. But I don't see the misrepresented lawyers paying for a PI to figure this out and the police can't seem to figure out how to deal with online threats of physical harm when there's not a layer of deliberate obfuscation. So who's going to chase this down?
posted by phearlez at 11:54 AM on September 3, 2014 [1 favorite]

Most PR agencies hired specifically to help rebuild a brand's reputation would never have done this.

We always recommend that our clients respond to negative online reviews by engaging the reviewer in good faith and either acknowledging a problem (and dealing with it in a tactful way), or defending themselves online in an appropriate way if it is a troll.

With the latter, especially with tourism-related businesses, if you have happy customers they will support you if defend yourself.

If you have unhappy (ex) customers, then you have some soul-searching to do. But it's important to engage critics.

This sort of behaviour is absolutely bananas. It's illegal!
posted by Nevin at 12:02 PM on September 3, 2014 [7 favorites]

Whoever sent out the threat probably wasn't even thinking about it. They were just on cruise control.
posted by Faint of Butt at 12:05 PM on September 3, 2014 [7 favorites]

Here's a question with a series of replies about a fax being "a legal document," and some responses get to the fact that a faxed signature is as good as an original in most cases, so it's significantly faster than mailing a letter.

And apparently faxes still play a significant role in (nostalgic) college and professional football agreements, and almost all Japanese businesses and many Japanese homes still have fax machines, for sending in custom bento box orders, banking transactions, and the reliability that the yakuza don't find in purely electronic devices.
posted by filthy light thief at 12:06 PM on September 3, 2014

"Send these malarky documents, such that anyone trying to chase it down would have to subpoena Google for information and follow a trail? Disregarded."

This goes beyond that, doesn't it? This is an altered legal document used for legal purposes. Maybe I'm wrong, but my intuition is that that court and those attorneys will very likely pursue this.
posted by Ivan Fyodorovich at 12:07 PM on September 3, 2014

Forgery in Mississippi: Forgery is punished according to the value represented by the forged instrument or document. When the document is worth less than $500, penalties include a fine of up to $1,000, up to six months in jail, or both. When the value is $500 or greater, penalties increase to a fine of up to $10,000, at least two (and up to ten) years in prison, or both. (Miss. Code Ann. § 97-21-33.)

posted by zarq at 12:16 PM on September 3, 2014

I'd be beyond delighted to be wrong, but the fact that there's a criminal code violation to be pursued doesn't mean anyone will make the effort to find someone to charge. Much less pursue charges. My intuition tells me that if this goes anywhere it goes in a forward to some local PD detective who will not know how to pursue it and will drop it. But I'd be surprised even at that.
posted by phearlez at 12:20 PM on September 3, 2014

Whoever sent out the threat probably wasn't even thinking about it. They were just on cruise control.

I dunno, a lot of "thought" (well, planning, anyway) was put into creating these forgeries.
posted by Nevin at 12:28 PM on September 3, 2014 [1 favorite]

Nice work!
posted by OmieWise at 12:32 PM on September 3, 2014

It would be interesting to know if any real lawyer was involved in the preparation of the forgery, because while the AG might not be interested in perusing a case the Mississippi Bar might have something to say to that particular individual.
posted by George_Spiggott at 12:37 PM on September 3, 2014 [1 favorite]

FWIW - here's what I found by looking in the PDF:

The file was created by smallpdf.com using the package PDF Clown.
It was created August 30th.

It is nothing more than three pages with three images, nothing else.
Each image is 24 bits per pixel RGB, compressed with JPEG compression.

Here is an image from page 1 taken by extracting the image in Acrobat and then screen capping in PhotoShop and saving as PNG with non-destructive compression. I zoomed in on an area of interest and looked at the image through the blue channel.

Here's what I see - and these are my casual observations having worked in image manipulation and processing for 20 years:

1. the font for AUG doesn't match the rest of the date - like NOT AT ALL and there are no scanner artifacts or pronounced MCU block errors (likely from multiple JPG compression) in it as there are in the rest of the date.
2. The "initial" goes under the date and over "CHANCERY CLERK" - as it goes over the latter you van see how it appears to have been pasted over - as if someone had copied a section of the initial, typed in CHANCERY CLERK in a layer, then pasted the initial section back over the top.
3. In the word "COPY", the bottom of the O, P, and Y are shifted over exactly the same amount, indicating a paste alignment error. Had this been a scan error, the word 'FILED' would also have been likely affected. (if you look in the full document, you can see that the past error appears to affect the seal as well.
4. In looking at the whole document, there is obvious differences in the seal text and everything else around it. As before, only the seal text and the day and year have scanner/MCU block errors.

In my humble opinion, this document has been edited/assembled using a program such as Adobe PhotoShop and the work was done by a novice.
posted by plinth at 12:38 PM on September 3, 2014 [133 favorites]

I don't know how it would play in the U.S., but I've always liked Private Eye's stock reply for things like this: "We refer you to the reply given in the case of Arkell v. Pressdram".
posted by Grangousier at 12:49 PM on September 3, 2014 [22 favorites]

I dig that Sundance Vacations VP Bednar is a "certified associate professional" and I wish her all success on her way to becoming a full professional. I don't know what to make, tho, of her passion for "deviling into some exciting cultural celebration or tradition." Sounds fishy, Matt. Might want to call a lawyer and a cleric.
posted by octobersurprise at 12:49 PM on September 3, 2014 [2 favorites]

I have definitely seen documents where a company's name is used as a signature.

I've seen this many times for accounting firms signing off on company financial reports.
posted by grouse at 12:57 PM on September 3, 2014

Thanks for the detailed analysis, plinth!
posted by mathowie (staff) at 1:05 PM on September 3, 2014 [3 favorites]

"I'd be beyond delighted to be wrong, but the fact that there's a criminal code violation to be pursued doesn't mean anyone will make the effort to find someone to charge. Much less pursue charges. My intuition tells me that if this goes anywhere it goes in a forward to some local PD detective who will not know how to pursue it and will drop it. But I'd be surprised even at that."

I agree with your intuition generally, but in this case Matt communicated directly with the Mississippi court involved, whose personnel identified this as a forgery.

My intuition is that if you encounter a forged court document and you go to the police and try to get someone to do something about it, no one will care. But when the actual court itself is presented with evidence that someone forged one of its documents, then someone there will likely pursue the matter (and know how to do so effectively).

I wish a MeFi attorney would clue us in, but I have a feeling that the court itself can act when its own documents have been forged. I'd expect that to be an actual common occurrence, or concern, with the day-to-day operations of a court. Got an official court document? Maybe a bit of white-out and an alteration would be nice? People undoubtedly do this and so it seems to me that the court itself would have the authority and procedures to act against it.
posted by Ivan Fyodorovich at 1:05 PM on September 3, 2014

In my humble opinion, this document has been edited/assembled using a program such as Adobe PhotoShop and the work was done by a novice.

BIG EDDIE'S E-Z CHECK CASHING
Payday Loans * Jewelry * Reputation Repair * Phone Unlocking
posted by griphus at 1:08 PM on September 3, 2014 [9 favorites]

So you literally could tell from the pixels and having seen a few shops in your time, eh?
posted by Small Dollar at 1:12 PM on September 3, 2014 [34 favorites]

teh court order iz pastede on yay
posted by EmpressCallipygos at 1:22 PM on September 3, 2014 [8 favorites]

Man, plinth, scary. Remind me never to piss you off.
posted by RolandOfEld at 1:40 PM on September 3, 2014 [3 favorites]

Metafilter: a kind of Pokemon trainer ... nah, that's way too obvious.
posted by Melismata at 1:55 PM on September 3, 2014

Faint of Butt: Whoever sent out the threat probably wasn't even thinking about it. They were just on cruise control.

Nevin: I dunno, a lot of "thought" (well, planning, anyway) was put into creating these forgeries.

There was a subtle joke at play. To avoid completely ruining it, I'll simply suggest reading this, which zarq linked to upthread.

plinth just created the MetaFilter equivalent of "this looks shopped. I can tell from some of the pixels and from seeing quite a few shops in my time." Let's memify "In my humble opinion, this document has been edited/assembled using a program such as Adobe PhotoShop and the work was done by a novice."
posted by filthy light thief at 2:09 PM on September 3, 2014 [9 favorites]

Wow, that is some balls-out crazy right there.
posted by Eyebrows McGee at 2:18 PM on September 3, 2014

I love when you meddling kids unmask the bad guys. (Is it the caretaker? It's always the caretaker, isn't it?)
posted by rtha at 2:30 PM on September 3, 2014 [5 favorites]

How could this NOT be someone working at the company?

Well, it could be someone who was seeking a user's personal information.
posted by yohko at 2:32 PM on September 3, 2014 [3 favorites]

People undoubtedly do this and so it seems to me that the court itself would have the authority and procedures to act against it.

I think it's generally handled in the context of the case (by making you lose) and by reporting you to the bar for professional sanctions. If there is no case and no lawyer, I'm not sure what the court can directly do.
posted by smackfu at 2:33 PM on September 3, 2014

Another screw-up... they've got typos in two of the "defamatory subject article" links to be deleted:
a) Vactions rather than Vacations
c) shothread rather than showthread
IANAL, but I'd imagine it's rather important to get those details right if a court order is to be enforceable.

Also, the (d) flyertalk thread no longer exists, but google has it cached from Sept 1, 2014, so probably flyertalk owners got the same "court order" this past weekend and followed it.
posted by Kabanos at 2:50 PM on September 3, 2014 [5 favorites]

There was a subtle joke at play.

Oh please have some mercy for us linear thinkers
posted by Nevin at 3:14 PM on September 3, 2014 [2 favorites]

The most bizarre thing in this story is that the court asked to be sent a fax.

Not really. It's a legally tested form of time stamped communication.

Also, you can charge for sending that 20+ page fax, instead of an email.
posted by Brandon Blatcher at 3:20 PM on September 3, 2014

I wish a MeFi attorney would clue us in...

Happy to help. Speaking as both an attorney and a former law clerk, this is absolutely something I would take seriously and something that would be taken seriously by any number of judges I know. A subpoena isn't that difficult to get. The fact that often people don't bother to get them doesn't actually mean that your average Internet anonymity is worth a damn if a competent authority gets interested.

It's a matter of time, resources, and prerogative. I know nothing about Hinds County. If some judge in that courthouse decides to chase this down, with or without the help of a prosecutor, it's doable. If any of those attorneys—whom I assume have been notified—decide to chase it down, I'm positive they'll find a judge willing to sign whatever they need. I can tell you that I absolutely would. But that's my temperament, and I wouldn't necessarily fault another attorney for making a different choice.

I don't think I've ever encountered, in actual practice, someone forging a court document. Maybe that's a privilege of not having dealt extensively with certain types of attorneys. I've seen some pretty amusing mistakes (mostly cut-&-paste errors) but nothing this calculated and stupid. If the persons or company behind this get away with it, that's by luck of someone's resource decision. It's not the decision I'd make. I would get somebody charged or disbarred over it.
posted by cribcage at 3:35 PM on September 3, 2014 [23 favorites]

Another screw-up... they've got typos in two of the "defamatory subject article" links to be deleted:
a) Vactions rather than Vacations
c) shothread rather than showthread

clearly she should have consulted with council.
posted by quonsar II: smock fishpants and the temple of foon at 4:03 PM on September 3, 2014 [2 favorites]

In my humble opinion, this document has been edited/assembled using a program such as Adobe PhotoShop and the work was done by a novice.

Indeed! If you run it through the Unix command "strings" you can find some XML blobs in the JPEGs that appear to be an edit history. Unfortunately, nothing that is identifying. But it does clearly say 'stEvt:softwareAgent="Adobe Photoshop CC (Windows)"'.

If I'm interpreting things correctly, the original PDF to JPEG conversion was done on pdfaid.com. Only other interesting part is that on the 3rd page they used layers (named "Eric Morgan" and "Sundance Vacations") to overlay the corresponding signatures.
posted by sbutler at 4:15 PM on September 3, 2014 [13 favorites]

First thing that jumped out at me is that the plaintiff, Sundance Vacations, and the defendant, Eric Morgan, have the exact same handwriting. Check the "o", "u", "c", "n" & "i". Different pen nib size, though! That counts for something, right?
posted by lesli212 at 4:16 PM on September 3, 2014 [4 favorites]

Someone on /. made the argument that those names were signed with a signature font, not actually signed + scanned. The script "a" in particular is identical in all instances.
posted by sbutler at 4:18 PM on September 3, 2014 [4 favorites]

Another reason to tithe.
posted by Mr. Yuck at 4:18 PM on September 3, 2014 [1 favorite]

And now I'm wondering if the handwriting is actually a font? can anybody overlay repeated letters and see?
posted by lesli212 at 4:20 PM on September 3, 2014

or what sbutler said...
posted by lesli212 at 4:20 PM on September 3, 2014

Here's some more details for MeFi sleuths. The person originally contacted us using the IP: 65.115.36.4

From some quick lookups and traceroutes, it appears to be an IP block owned by a canadian company but I'm tracerouting to somewhere in Texas, so this is maybe an open Tor proxy point?

A string of emails came from a Brian Smith at sundancevacationlegal@gmail.com. Thanks to Google, that means this Google Plus profile is the person that emailed the document, and likely that Google could identify the user if the court pursued this.
posted by mathowie (staff) at 4:25 PM on September 3, 2014 [4 favorites]

Holy shit, doing a bit more IP digging, I get a Courtyard by Marriot in Pennsylvania from that IP, which is *drumroll* the state where Sundance Vacations is based.
posted by mathowie (staff) at 4:28 PM on September 3, 2014 [7 favorites]

How could this NOT be someone working at the company?

A Pro Bono Troll?
posted by homunculus at 4:28 PM on September 3, 2014 [5 favorites]

Yeah, the "sign the name of your company" thing weirds me out too. The invisible hand of the market should sign in invisible ink or not at all.
posted by Riki tiki at 4:29 PM on September 3, 2014

Yep, goes to a courtyard marriott which uses singledigits.com's service as a gateway provider.
posted by iamabot at 4:30 PM on September 3, 2014

I'm imagining if you're a dummy about how the internet works, you'd send illegal threatening documents from a public WiFi point that would have lax logging procedures. It'd have to be something you could drive to easily, send off, then go back to your home/office. A starbucks or a hotel seems like a good public-ish free WiFi point to exploit.
posted by mathowie (staff) at 4:39 PM on September 3, 2014 [2 favorites]

Wow, excellent work Matt. Love this.
posted by chococat at 4:49 PM on September 3, 2014 [1 favorite]

Remember, if Matt floats he's a witch!
posted by cjorgensen at 5:08 PM on September 3, 2014 [14 favorites]

Well, damn, this is some shit, ain't it?
posted by tonycpsu at 5:15 PM on September 3, 2014 [1 favorite]

I'd be surprised if there weren't anyone out there doing a false flag thing as a roundabout way of attacking their enemies.

Here's the thing that is nuts to me. This could be a random person trying to "get" the company from a semi-anonymous gmail account, but they emailed me about a specific thread the real company emailed me about a year and a half beforehand. I never told anyone (aside from the mods) about the email that happened in early 2013.

What are the chances a random enemy would email me about the same exact thread 18 months later? And try and use the same tactics, but in a more clumsy way?

The CEO of the company said the person that emailed me in 2013 is on vacation all week, and the first contact was from a hotel in Philly, about two hours from the company's HQ. What are the chances it was the same person asking me to remove the same thread while they were at the hotel outside of the Philly airport, staying there before they flew out for vacation?

Occam's Razor and all, but I don't think this is a false flag operation.
posted by mathowie (staff) at 5:19 PM on September 3, 2014 [17 favorites]

Holy shit, doing a bit more IP digging, I get a Courtyard by Marriot in Pennsylvania from that IP...

It'd be even more hilarious if the sender perpetrated their act in an area surveyed by video cameras.
posted by Pudhoho at 5:23 PM on September 3, 2014 [1 favorite]

Oh that razor? Someone's iPad got nicked and mr. Nick sits in Philly in a hotel having fun.
posted by Namlit at 5:29 PM on September 3, 2014

There's a lot about them all over the Interwebz.

But wait... the LinkedIn profile of John Dowd, the co-founder and president, says:

As President of the organization I take great pride in the many accomplishments of the company. Many years ago I lead the company to adopt an Honesty and Integrity statement that directs the behavior of all Sundance Vacations employees nationally.

So there you go. It can't be any of their employees, then.
posted by Wordshore at 5:33 PM on September 3, 2014 [14 favorites]

Someone should get reddit on this case.
posted by cjorgensen at 5:33 PM on September 3, 2014 [1 favorite]

Someone should get reddit on this case.

For a variety of reasons, this might be the most terrifying sentence on the Internet.
posted by Rock Steady at 5:45 PM on September 3, 2014 [59 favorites]

> And now I'm wondering if the handwriting is actually a font? can anybody overlay repeated letters and see?

Here's the "an" from Sundance and Morgan, the latter scaled down ~86%, overlayed.
posted by Westringia F. at 5:48 PM on September 3, 2014 [26 favorites]

Of course, if the same person/machine signed for both Sundance Vacations LLC, Plaintiff and Eric Morgan, Defendant, they're gonna have an awfully hard time adhering to orders #3, "The Plaintiff and Defendants are prohibited from having any contact with each other" and #4, "The Plaintiff and Defendants will not come within five hundred (500) feet of each other."

(And for that matter, who the hell is "Defendant Friedman" referred to in #5? That one almost makes it sound like the judge though the plaintiff was harassing the defendants rather than the reverse in whatever case it was lifted from.)
posted by Westringia F. at 6:00 PM on September 3, 2014 [5 favorites]

What are the chances a random enemy would email me about the same exact thread 18 months later? And try and use the same tactics, but in a more clumsy way?

19 out of 1008. I calculated.
posted by Wolfdog at 6:02 PM on September 3, 2014 [2 favorites]

Look, I am tired of looking. Are there naked photos of Matt on the internet or not?
posted by cjorgensen at 6:06 PM on September 3, 2014 [12 favorites]

Defendant Friedman

I can't believe I missed this until today, but yeah, I think that's some of the original court order they forgot to edit out.
posted by mathowie (staff) at 6:09 PM on September 3, 2014 [7 favorites]

My god, this is amazing.

Has anyone actually notified (yet) the lawyers whose names/signatures were copied? IANAL but if someone was forging my signature, I'm sure I'd want to know...
posted by equalpants at 6:15 PM on September 3, 2014

Three of the top five hits for "Sundance Vacations" on Google now are the Medium story, the Boing Boing post and a "Boycott Sundance Vacations" Facebook page which now leads with this story. The fourth is the original AskMe, whose appearance in search results is presumably what triggered this. Bullet, meet foot.
posted by George_Spiggott at 6:32 PM on September 3, 2014 [27 favorites]

They'll never find me, I'm hidden in a cloud. Or something. This is a great story, can't wait to see how it ends.
posted by arcticseal at 6:38 PM on September 3, 2014 [1 favorite]

From what I could tell from saving the PDF mathowie linked, using pdfinfo, pdfimages and exifinfo:

The PDF sent to matt was created using smallpdf.com
It contained three JPEG images, one for each page.
The JPEG images were all edited between 11:21am and 11:29am EDT on August 30th, 2014.
The JPEG images were modified by Adobe Photoshop CC on Windows.
The timestamp's time zone on the JPEG images appears to be using IST (India Standard Time). This might be something with my tools, I don't know from a data standpoint whether the actual timestamp in the document includes a time zone.
The "Creator Tool" for the JPEGs is pdfaid.com. I would be interested in seeing the original documents from Hinds County to see if they use this as a service, or whether that's unique to the alleged forger.
The original "instance" or "document" IDs for each page are 'b0920b1c-1b54-b64c-88fa-66dca496750e', 'a7de82cc-e549-df4c-97bc-2feed110c24b', and 'a184b895-032c-d04a-b886-01710e144703' respectively.
The full EXIF data output by exifinfo is here: Page 1, Page 2, Page 3

Note: all of the above is derived from free tools and should be considered apparently and/or allegedly correct. I am not a professional and make no representation of my expertise or the accuracy of that information.
posted by Riki tiki at 6:38 PM on September 3, 2014 [4 favorites]

The file was created by smallpdf.com using the package PDF Clown.

Apponysterical
posted by dfan at 6:42 PM on September 3, 2014 [22 favorites]

All kinds of bizarre stuff in that court order that sets off bells, as if they didn't give this any more than 30 minutes of their time. No idea why an official court order granting injunctive relief would be "submitted by" the plaintiff's attorneys and "agreed as to form and content" by the parties. I can't imagine the level of cocaine-fueled hubris involved for something like this to happen.
posted by naju at 6:49 PM on September 3, 2014 [3 favorites]

I never told anyone (aside from the mods) about the email that happened in early 2013.

I knew that Cortex bloke was dodgy...
posted by pompomtom at 6:52 PM on September 3, 2014 [2 favorites]

I can't imagine the level of cocaine-fueled hubris involved for something like this to happen.

I plan on using this the next time the sales team or execs at the company I work for mouth off, brag, or otherwise write checks with their mouth that their product just can't cash with it's capabilities.

Many thanks.
posted by RolandOfEld at 6:54 PM on September 3, 2014 [5 favorites]

The above, by the way, corroborates sbutler's findings using strings. Page 3 has information about a text layer named "Eric Morgan, Sundance Vacations". Page 2 has a text layer simply named "e". This may indicate a modification of the "Subject Articles" paragraph, replacing "(d)" with "(e)" in the cited range ("paragraph 7(a)-(e)") and adding "http://ask.metafilter.com/144921/Am-I-about-to-get-screwed-by-Sundance-Vacations" as entry "(e)" to the list of URLs in question.

With the same disclaimer as in my previous comment: I make no representation of the accuracy of this information.
posted by Riki tiki at 6:54 PM on September 3, 2014 [2 favorites]

Furthermore, in my experience Photoshop tends to name text layers according to the initial text they contain. On page 3, "SUNDANCE VACATIONS LLC ," precedes "ERIC MORGAN,", which precedes "Eric Morgan" as the alleged client of Connie Smith (attorney). This might indicate that the original editing was more simplistic (simply adding "Eric Morgan, Sundance Vacations" somewhere) but was later modified to fit the contours of the page and replace selected sections of the original document.

Disclaimer disclaimer etc. I make no representation of the accuracy of this information. If this weren't a legal matter about a company allegedly forging legal documents I would not be this neurotic about adding these disclaimers. I suggest others do so as well if they are making statements, but that suggestion is not based on any understanding on my part of their legal implications in any jurisdiction.
posted by Riki tiki at 7:01 PM on September 3, 2014

Now on Techdirt and Barely Legal.
posted by unliteral at 7:11 PM on September 3, 2014 [3 favorites]

From Barely Legal:

You see that string of letters and numbers on the right-hand side? “25CH1:13-cv-000259” isn’t just there for kicks. It’s the case identification number, and you can look it up right here. The -000259 case? Yeah, it’s not a Sundance Vacation lawsuit. Sundance Vacations apparently has never been party to a case in this court. (Though that might just change soon.)

I think you need to pony up $10 to access it though. If anyone's willing to shell out the money, it would be fun to compare the original document to the forged document!
posted by naju at 7:17 PM on September 3, 2014

A couple people looked up the number with that $10 account, it's some random thing from last year, I think a dispute about real estate or something.
posted by mathowie (staff) at 7:24 PM on September 3, 2014

I know that it's already been verified that it's a forgery, but the photoshopping job here is so terrible it reminds me of the Kamp Krusty episode where the video introduces Krusty's "bestest buddy in the whole wide world, [MR. BLACK]"
posted by Awful Peice of Crap at 7:30 PM on September 3, 2014 [4 favorites]

good job mathowie, i don't back down either, and i also enjoy going after folks who feloniously disrespect me. so far as i know, i'm the original coiner of the term "recreational litigation" and it can be a lucrative pastime.

personal information about my users? i've got all the personal information you need right here in my pants, and also strapped to my belt.

lawyers and fax machines. once upon a time in northern california in the early days of faxes, a senior partner stayed after hours in his office waiting for an important fax from a lawyer in japan. it didn't arrive on time, so he called japan and they agreed to refax it. it still didn't arrive, so he (repeat sequence several times). finally, he gave up and went home. next morning, he came to the office and told his secretary about it. the secretary said...

"sir, that's the COPY machine. the fax machine is down the hall." as you can imagine, it was chock-full of faxes from japan.

popehat is a fine blog.
posted by bruce at 7:30 PM on September 3, 2014 [2 favorites]

rtha nailed it. Cortex is Shaggy. That explains an awful lot.
posted by theora55 at 7:34 PM on September 3, 2014 [1 favorite]

Barely Legally != Barely Legal. Don't ask me how I know that.
posted by in278s at 7:34 PM on September 3, 2014 [2 favorites]

Barely Legally != Barely Legal. Don't ask me how I know that.

Yeah I missed the correct link upthread and googled. Don't make my mistake.
posted by immlass at 7:44 PM on September 3, 2014 [1 favorite]

The "Sundance Vacations" signature should be easy enough to detect from handwriting samples.
posted by Brian B. at 7:45 PM on September 3, 2014

Given how exact the match is, surely the Sundance Vacations & Eric Morgan signatures are electronic signatures and the font chosen by the app automatically.
posted by ish__ at 7:48 PM on September 3, 2014 [1 favorite]

God, I love this place.
posted by ThatCanadianGirl at 7:51 PM on September 3, 2014 [17 favorites]

Me too. I'd love to see the bad guys get their asses handed to them. Streisand, indeed.
posted by SpecialSpaghettiBowl at 8:03 PM on September 3, 2014

Given how exact the match is, surely the Sundance Vacations & Eric Morgan signatures are electronic signatures and the font chosen by the app automatically.
The font used is Signerica.
Oh! and sorry about the barely legal thing.
posted by unliteral at 8:07 PM on September 3, 2014 [13 favorites]

Matt, did the IP happen to trace back to the King of Prussia Courtyard Marriott? I ask because King of Prussia, PA is the location of the Greater Philadelphia Home Show this weekend which, strangely enough, lists "Phoenix Marketing/Sundance" as one of it's exhibitors.

I did google "Phoenix Marketing" and "Sundance Vacations" and it turns up some LinkedIn profiles of people who are currently working for both companies. Feels a little weird to link to them, though.

Sundance Vacations has a habit of exhibiting at home shows and other local fair type events.

So, is the person "on leave" or just out of the office at a conference?
posted by mosessis at 8:33 PM on September 3, 2014 [16 favorites]

couldn't help noticing that "brian smith", the g+ account associated with the gmail account in question, has the same last name as defense counsel connie smith. "connie" is a little informal for a professional style on court documents, doncha think?

if these are real mississippi lawyers whose names were misused, just let them know and they'll do the heavy lifting. every single california lawyer i know (which is quite a few) would be outraged in similar circumstances, and in california you can file a lawsuit against "does 1-100", take discovery from third parties (ISP's, google, the courtyard marriot in PA, etc.) to identify the malefactors, then amend your complaint to state their true names before you have it served on them.
posted by bruce at 8:49 PM on September 3, 2014 [1 favorite]

For example, when I updated my passport recently, I could fill out the form online. But in order to submit the application, I had to print out the form, staple a physical picture to it, sign it, and mail it.

Staple? Crap. I literally just mailed mine four hours ago, and I didn't staple the picture. I just threw it in the envelope. I'm totally going to jail.

Also: hee hee! CHOOT-spa. Another word I'll never be able to hear correctly again. See also: 'Aaron Burr'
posted by ctmf at 8:54 PM on September 3, 2014

Matt, did the IP happen to trace back to the King of Prussia Courtyard Marriott?

Nope, the downtown Philly one maps to the IP.
posted by mathowie (staff) at 8:54 PM on September 3, 2014

I never told anyone (aside from the mods) about the email that happened in early 2013.

One of whom left under stressful circumstances. Just sayin.
posted by Johnny Wallflower at 9:08 PM on September 3, 2014 [2 favorites]

What are you just sayin? I literally have no idea what you are implying.
posted by mathowie (staff) at 9:09 PM on September 3, 2014

Sorry, it was meant as a joke. I should have gone with "the letter came from inside the house!"
posted by Johnny Wallflower at 9:11 PM on September 3, 2014 [4 favorites]

I guess we know where airnxtz is working now.
posted by ROU_Xenophobe at 9:18 PM on September 3, 2014 [12 favorites]

Mathowie, I am not sure I agree with your identification of 65.115.36.4 as being in the IP address range assigned to the downtown Philly Courtyard by Marriott‎. While the routing prefix 65.115.36.80/29 (i.e. 65.115.36.80 - 65.115.36.87) is assigned to them, it is not clear to me that the neighboring block is assigned to them as well.
posted by RichardP at 9:38 PM on September 3, 2014

I am not sure I agree with your identification of 65.115.36.4 as being in the IP address range assigned to the downtown Philly Courtyard by Marriott‎

I don't know about it being in Philadelphia, but this Courtyard by Marriott logo pops up if you just visit the address on port 80.
posted by Monsieur Caution at 9:43 PM on September 3, 2014

mathowie: How could this NOT be someone working at the company?

Plausible deniability?

But how does that make any sense? Who would be setting up the plausible deniability, and why?
posted by John Cohen at 9:50 PM on September 3, 2014

Monsieur Caution, fascinating, I didn't think to just try loading the IP. I get that image along with some javascript that attempts to redirect to "http://phldcgw001ll.singledigits.com/common_ip_cgi/singledigits.cgi". Single Digits is apparently a "white-label network operator" with "2000+ clients including 7 of the top 20 largest hotels". So they are entirely plausible as an operator of the Marriott network.
posted by RichardP at 9:51 PM on September 3, 2014 [1 favorite]

I wish I could Sherlock as well as you.

I will add this: Freelancers and contracters don't generally have email addresses at the business they are contracted at, because that sort of thing, along with having an office, or an official title, or a business phone number, might cause the tax people to think they are actually employees.

Contractors sometimes work around this by creating official sounding email addresses through free services. Like Gmail.
posted by maxsparber at 9:52 PM on September 3, 2014 [4 favorites]

http://phldcgw001ll

I narrowed it down to any Philly Courtyard by Mariott via geolocation services online. There are three Courtyards by Marriott in Philly, an airport one, a south navy yards one, and a downtown location. Looking up the various locations, you will find the downtown location has "phldc" in its URL. I assume the gw001ll stands for "gateway 1" and I am assuming the matching subdomains put this at the downtown location.

Who would be setting up the plausible deniability, and why?

I just assume you do a thing that's illegal from a semi-anonymous network and you use a new official-seeming free email account to do it, so in the end you can say, there's no connection to our company here, it's some random person posing as us! but I'm not buying it. Same request from a similar location on earth leads me to believe it is likely from the same person.
posted by mathowie (staff) at 9:57 PM on September 3, 2014

This is like that scene in whatever that crime program is where they hand over the details to the tech guy and he "codes up a GUI in Visual Basic to do a trace on the IP", except not complete bullshit.
posted by EndsOfInvention at 4:03 AM on September 4, 2014 [10 favorites]

Wow.

I just think it's worth noting that "Do it from public wifi, that way you're TOTALLY anonymous!" was quite literally the logic of a 14 year old skiddy(which i know, because i later tracked him down) who cracked an account on my server and doxed me ten or so years ago.

You're really dealing with some high level operators, here.
posted by emptythought at 4:04 AM on September 4, 2014 [1 favorite]

When will these morons learn?

No one fucks with metafilter. Metafilter has friends. Metafilter iz smart. Metafilter nevah forgets.

Ask Google.
posted by spitbull at 5:11 AM on September 4, 2014 [10 favorites]

Remind me never to send you guys threatening letters with fake names & addresses.
posted by easily confused at 5:18 AM on September 4, 2014 [8 favorites]

Nobody pays $10 to grab a random court document for modification. Either that document was freely available on teh internets, or it has some association with the forger. Connie Smith is a family lawyer in Flowood, Mississippi. She may be able to shed some light here.
posted by Joe in Australia at 5:20 AM on September 4, 2014 [1 favorite]

Metafilter has a posse.

I like that.
posted by anotherpanacea at 5:29 AM on September 4, 2014

Hey guys! I'm making popcorn if anybody wants some.

*settles in to watch*
posted by Tomorrowful at 7:24 AM on September 4, 2014

Interesting that you chose a gavel to illustrate that piece!
posted by marienbad at 7:44 AM on September 4, 2014 [1 favorite]

On Slideshare: Sundance Vacations and Travel Advantage Network sell vacation packages. This is a case study of their marketing practices, side by side with FTC Truth in Advertising standards.
posted by Kabanos at 7:50 AM on September 4, 2014 [11 favorites]

re: candy bednar, who in the hell has a "career" in telemarketing and brags about it?
posted by quonsar II: smock fishpants and the temple of foon at 7:54 AM on September 4, 2014 [1 favorite]

I knew that trip I was offered was a fraud. Who would hold a film festival in Utah of all places?
posted by Drinky Die at 8:46 AM on September 4, 2014 [8 favorites]

Hey! Easily Confused! Never send Metafilter threatening letters with fake names & addresses! Okay?

Also: "Candy is well known for making herself readily available to whomever or whatever may show up at or on her desk.." PHRASING!
posted by Naberius at 8:51 AM on September 4, 2014 [8 favorites]

There are three Courtyards by Marriott in Philly, an airport one, a south navy yards one, and a downtown location. Looking up the various locations, you will find the downtown location has "phldc" in its URL. I assume the gw001ll stands for "gateway 1" and I am assuming the matching subdomains put this at the downtown location.

I am currently a 10 minute walk from the Navy Yard Courtyard Marriott and can easily make the Downtown Courtyard Marriott be a part of my route home from work. If being on site to check anything on their wifi would be helpful in any way, let me know what I can do.
posted by SpiffyRob at 8:58 AM on September 4, 2014 [5 favorites]

I love this place. Seriously.
posted by Twain Device at 9:01 AM on September 4, 2014

SpiffyRob: Two things you could try. Both would require being on the hotel wifi.

1. Check your public IP address. Perhaps the best way, chain of custody style, to do this would be with the contact form since it looks like that's how this individual initially contacted Matt. You can also just search online for "ip address" instead of waiting for the contact form email to CC you.

2. Does the redirect from http://65.115.36.4 work at either hotel? It ultimately directs to http://phldcgw001ll.singledigits.com/common_ip_cgi/singledigits.cgi which isn't listed on public DNS servers, but might be on the hotel's internal network.

It's possible for multiple locations to have the same external IP address, so the best case scenario here would be that the IP address is 65.115.36.4 at only one of the locations. If 65.115.36.4 is the external IP address at every Marriott, for example, we wouldn't know quite as much as if was just the external address for a single hotel.
posted by Nonsteroidal Anti-Inflammatory Drug at 9:36 AM on September 4, 2014 [2 favorites]

This thread is amazing, it is actually better then the film "Hackers"!

Great work everybody. Also,

"I know that it's already been verified that it's a forgery..."
posted by Awful Peice of Crap

Perfect!
posted by marienbad at 9:47 AM on September 4, 2014 [1 favorite]

From some quick lookups and traceroutes, it appears to be an IP block owned by a canadian company but I'm tracerouting to somewhere in Texas, so this is maybe an open Tor proxy point?

Obviously we have a better idea of where the address is based now, but for future reference, I like using BGP instead of a traceroute. Traceroute runs off of DNS whereas BGP shows who ARIN and company say controls the IP address itself (non-withstanding malicious actors, I suppose).

Sometimes BGP gives you too high of a level in detail, and in this case, 65.115.36.4 is an address that is owned by Qwest/Century Link. They're a residential and business ISP which would fit in with the email coming from a hotel's WiFi.
posted by Nonsteroidal Anti-Inflammatory Drug at 10:05 AM on September 4, 2014

I haven't seen a whois implementation in the last decade that didn't do ARIN lookups if you pass it an IP, btw. So `whois 65.115.36.4` will return that sort of information.
posted by phearlez at 10:12 AM on September 4, 2014 [2 favorites]

This thread is amazing, it is actually better then the film "Hackers"!

Everything is better than Hackers.

The Side Hackers is better than Hackers.
posted by Atom Eyes at 10:23 AM on September 4, 2014 [6 favorites]

It's an interesting diversion, wandering around the LinkedIn profiles of Sundance Vacations staff and, in the manner of the opening credits of Hong Kong Phooey, wondering who the culprit is. "Is it the worried-looking Director of IT? No. Is it the Digital and Social Marketing Consultant who includes Photoshop in his skills? No. Is it the..."
posted by Wordshore at 10:55 AM on September 4, 2014 [1 favorite]

in the manner of the opening credits of Hong Kong Phooey

GOD DAMN YOUR EYES I JUST GOT THAT SONG OUT OF MY HEAD LAST WEEK AFTER WRITING ABOUT IT FOR AN ARTICLE THREE YEARS AGO
posted by EmpressCallipygos at 11:02 AM on September 4, 2014 [15 favorites]

Had this been a scan error, the word 'FILED' would also have been likely affected. (if you look in the full document, you can see that the past error appears to affect the seal as well.

I've only looked at your crop, but FILED is affected -- the top pixels of the E and D are shifted roughly (but not exactly) the same amount, so I wouldn't rule out scanning issues.

But that's a minor point, there's enough stupidity in that little fragment even without that.

The timestamp's time zone on the JPEG images appears to be using IST (India Standard Time).

I think Exif uses "naive time", i.e. it's the local time of the photographer. There's no timezone information in the files.
posted by effbot at 11:04 AM on September 4, 2014

Get your attorneys to send this company an ESI preservation letter and a notice of claim or presuit demand. This is bullshit.
posted by dios at 11:14 AM on September 4, 2014 [7 favorites]

OMG Hong Kong Phooey actually exists? I used to watch that show when I was young at my grandparents. I thought I made it up as I didn't really remember that much about it and was bored out of my skull for that week. This is just a day of revelations.
posted by Carillon at 11:16 AM on September 4, 2014 [2 favorites]

This is making my morning. You guys are great.
posted by corb at 11:16 AM on September 4, 2014 [1 favorite]

Everything is better than Hackers.

You take that back.

#mwtbdltr
posted by sparklemotion at 11:33 AM on September 4, 2014 [6 favorites]

Did someone mention Hong Kong Phooey, number one super guy?
posted by Etrigan at 11:40 AM on September 4, 2014 [12 favorites]

Get your attorneys to send this company an ESI preservation letter

Seems wise, but whoever sent this appears to have done it from a separate Gmail account, using the Gmail web app (if you look at the email headers, the client IP is an RFC 1918 address; you don't even get any info about their ISP). If they have even the intelligence that God gave slime mold, they probably did this from a home computer.
posted by Kadin2048 at 11:43 AM on September 4, 2014

OMG Hong Kong Phooey actually exists?

Oh hell yeah. It was part of this whole Hong Kong/martial arts/kung fu craze that went through the U.S. in the mid-to-late 70s, right about the time that Bruce Lee was getting big and Kung Fu was on the air.

I had a whole theory in my article that it came after Nixon started working to build a rapport with China; suddenly everyone was all interested in China after it had been closed off for several decades, but China itself didn't have much in the way of movies or cultural stuff to share. However, Hong Kong was right next door to China and had a VERY active movie industry, so everyone pounced on that and suddenly martial arts and kung fu was a Thing.

Hong Kong Phooey was just part of the craze.
posted by EmpressCallipygos at 11:45 AM on September 4, 2014 [2 favorites]

NOW DO THE AMAZING CHAN CLAN
posted by Lentrohamsanin at 11:48 AM on September 4, 2014

Another fun fact - I learned that what it was that inspired Carl Douglas to write Kung Fu Fighting was: going to see a Bruce Lee movie immediately after going to the dentist, and thus he was stoned on painkillers while watching Enter The Dragon.
posted by EmpressCallipygos at 11:48 AM on September 4, 2014 [8 favorites]

I did not know that there's a Hong Kong Phooey movie in the works.
posted by arcticseal at 11:52 AM on September 4, 2014 [1 favorite]

i wish i didn't know.
posted by quonsar II: smock fishpants and the temple of foon at 11:54 AM on September 4, 2014 [8 favorites]

Seems wise, but whoever sent this appears to have done it from a separate Gmail account...

Those are all evidentiary issues. We aren't talking about criminal prosecution here; we are talking about a civil claim. In civil cases, the question is whether something is "more probable than not". So the question a jury would be faced is whether this Company, by or through its employees or its agents acting on its behalf, performed these acts. The "more probable than not" answer is obviously yes; who else would do this? And circumstantial evidence can support a jury's verdict typically in resolving such questions.

One just has to look at California or Pennsylvania law and identify appropriate causes of action, produce the evidence, note the improbability that a jury would conclude the company was not involved, and then discuss the extreme mental anguish this caused Matt. Hell, I can feel it in his writing.
posted by dios at 12:00 PM on September 4, 2014 [5 favorites]

> BIG EDDIE'S E-Z CHECK CASHING
> Payday Loans * Jewelry * Reputation Repair * Phone Unlocking

* Live Bait
posted by jfuller at 12:03 PM on September 4, 2014 [5 favorites]

We aren't talking about criminal prosecution here

I was.
posted by cribcage at 12:05 PM on September 4, 2014

I was.

Ok, thanks. But I wasn't, and that the back and forth at issue related to what I said, not you.
posted by dios at 12:08 PM on September 4, 2014

There is the thing that with all the hoo-haa online, in social media, the press et al, the culprit might very well be reading / following this thread intently.
posted by Wordshore at 12:12 PM on September 4, 2014 [2 favorites]

the culprit might very well be reading / following this thread intently.

it's me. sorry guyz!
posted by mullacc at 12:14 PM on September 4, 2014 [1 favorite]

it's me. sorry guyz!

No; I'm Spartacus.
posted by Wordshore at 12:17 PM on September 4, 2014

> The company signs as “Sundance Vacations” as a signature. I run a company, and I always have to sign my full name as president of my company, never as the company name itself.

Prenda Law/ AF Holdings/ Salt Marsh signed a filing as "Salt Marsh". Or maybe it was Mr. Anthony Saltmarsh. It's not going well for them.
posted by morganw at 12:24 PM on September 4, 2014

Prenda Law/ AF Holdings/ Salt Marsh signed a filing as "Salt Marsh".

So you're saying that Salt Marsh has a sinister secret?
posted by Etrigan at 12:33 PM on September 4, 2014 [7 favorites]

It's a lot easier for me to believe some freelancer with basic cut-n-paste skills (but still working for Sundance) did this for what is probably depressingly little money, than it is to believe some angry customer went to all this trouble to maybe smirch them a little, if it even worked. For all they knew, mathowie might just take the thread down, and then all that work is down the drain.

Now, what might be interesting is if any other websites came forward with the same kinds of emails and dodgy documents.
posted by emjaybee at 12:42 PM on September 4, 2014 [1 favorite]

Interesting that only the plaintiff and defendant's signatures (those that appear to be in the Signwhatevera font) are legible. The rest, those that are verifiable individuals, are unreadable, in the grand tradition.
posted by maryr at 1:07 PM on September 4, 2014

"It's a lot easier for me to believe some freelancer with basic cut-n-paste skills (but still working for Sundance) did this for what is probably depressingly little money, than it is to believe some angry customer went to all this trouble to maybe smirch them a little, if it even worked. For all they knew, mathowie might just take the thread down, and then all that work is down the drain."

Yeah, to be clear, I agree that this is extremely unlikely. I just thought it was possible because someone screwed-over by a company like this could easily be motivated to do stupid, unlikely-to-be-successful things in response. But the company itself is by far the more likely culprit.
posted by Ivan Fyodorovich at 1:09 PM on September 4, 2014

MATHOWIE pours the Scrabble pieces onto the table and puts aside the board. He forms the words "SUNDANCE VACATIONS" from
Scrabble pieces. Then he starts making anagrams from those letters.

Meanwhile, CORTEX and PB are poring intently over the IP LOGS.

PB: Hmm. Cortex... get me some cable... and an I/O interface please.

CORTEX obliges. Meanwhile, MATHOWIE has come up with the anagram: VACCINES UNDO SANTA

MATHOWIE: "Vaccines undo Santa." Does "Vaccines undo Santa" mean anything, you guys?

CORTEX: No.

PB: No.

PB keeps working.

PB: Cortex... get the diagnostics.

JESSAMYN and MATHOWIE find another: A NICE CANVAS DONUT.

JESSAMYN: How about "A nice canvas donut?"

CORTEX: Ew. No.

PB: Uh-uh.

They find another: A NUN'S CAT SCAN VIDEO

MATHOWIE: No, I...

JESSAMYN: No. No.

CORTEX probes different parts of the IP LOG with a test probe, and PB's terminal gives him a rapid readout.

PB: Uh huh. Got it. Move to another one.

The Scrabble letters start resolving into: NAIVE

PB: Mmm hmm. Give me another one. Stay in that quadrant.

The Scrabble letters now say NAIVE TAN CADS

PB: It's kind of like the same thing. Try another quadrant.

Something comes up on the monitor.

PB: Whoa. What was that? Go back one.

The monitor fills with data.

PB: Holy cow! What the hell is this?

HILARIOUSLY FAKE LEGAL DOCUMENTS stream across the screen.

Now the Scrabble letters say, NAIVE TAN CADS CON US

MATHOWIE: "Naïve tan cads con us."

posted by Rhaomi at 3:26 PM on September 4, 2014 [128 favorites]

Yeah, but when do we get world peace, an RV, and that agent's phone number?
posted by blurker at 3:29 PM on September 4, 2014 [6 favorites]

It's a lot easier for me to believe some freelancer with basic cut-n-paste skills (but still working for Sundance) did this for what is probably depressingly little money, than it is to believe some angry customer went to all this trouble to maybe smirch them a little, if it even worked. For all they knew, mathowie might just take the thread down, and then all that work is down the drain.

Personally, my theory is that only like 3 people work for sundance. Maybe 10, max. And that this is like, the "CEO" or something doing this because they're a diehard internet warrior determined to get their way, in oldschool livejournal fashion.
posted by emptythought at 3:33 PM on September 4, 2014 [3 favorites]

Has anyone contacted the FlyerTalk moderators to ask about the deleted thread referenced here? They might like to see this thread...
posted by RedOrGreen at 3:42 PM on September 4, 2014

I don't know whether to be terrified, angry, astonished, dumbfounded, or some mix of the above, that my long-forgotten question prompted all of this. I sure as hell know that I asked my question on the right site, though.

Thank you, Matt. Thank you.
posted by cheapskatebay at 3:43 PM on September 4, 2014 [44 favorites]

There's another layer indicated from the Photoshop data. It appears to be... a cocktail party?
posted by Navelgazer at 3:56 PM on September 4, 2014 [10 favorites]

I think there needs to be a dramatic reading of Rhaomi's screenplay in the next podcast.
posted by mogget at 5:08 PM on September 4, 2014 [30 favorites]

THIS:

I think there needs to be a dramatic reading of Rhaomi's screenplay in the next podcast.
posted by Wordshore at 5:18 PM on September 4, 2014

I wish rhaomi's screenplay passed the Bechdel test.
I also wish I would sleep more than 6 hours a night.

I wish for a lot of things.
posted by plinth at 5:34 PM on September 4, 2014

If this is an attempt to get all of their negative publicity off the Internet, they have so much other work ahead of them.
posted by 4ster at 6:12 PM on September 4, 2014 [4 favorites]

I doubt this was the work of a "freelancer." I work in this space (online marketing, online "reputation management") and have worked with my fair share of elance people (it was the client's idea) and a lot of the low-paid freelancers are pretty much out to lunch (due to the low, low rates they have very little motivation, so I don't blame them), and would never be motivated to do something like this. Even better-paid freelancers (of which I am one) would likely not want to bother with something like this.
posted by Nevin at 6:30 PM on September 4, 2014

jfuller: "BIG EDDIE'S E-Z CHECK CASHING
> Payday Loans * Jewelry * Reputation Repair * Phone Unlocking

* Live Bait"

You mean like this place?
posted by double block and bleed at 7:10 PM on September 4, 2014

Get your attorneys to send this company an ESI preservation letter and a notice of claim or presuit demand. This is bullshit.

What jurisdiction is the crime taking place in? They forged Mississippi documents, but did it from an IP in Pennsylvania, and I'm in Oregon. Ideally, I'd like to see real criminal felony charges, and a judge subpoena the Marriott WiFi records (to get the mac address of the network interface that was connected) as well as the Google Plus account IP info for two emails sent out of Gmail to me, and check those against their corporate computers.

A felony has been committed here, but so far everyone I've talked to (the law clerks, a newspaper reporter in PA, friends) seems kind of "meh" about the whole thing.
posted by mathowie (staff) at 8:26 PM on September 4, 2014 [7 favorites]

Oh, mathowie, I am so sorry this has been troubling. I have done some volunteer work as a crime victims advocate.
If you would like to pursue civil action your own lawyer will need to direct that.
Crimes are pursued by the county, state, or federal government. The typical process is that a crime is reported to the police and it is investigated. If there is enough evidence the case is charged by a county/state attorney. While you/others are the victim, the state chooses whether the case is pursued.

There are many victims here. The other attorneys as well as judge are also victims since their names were used to defraud. They will be excellent guides and advocates for you. They will be angry to learn their name and license has been used to commit a crime. If these attorneys have ever worked for the vacation company they may have extra skin in the game. You should definitely also notify the Mississippi Bar Assn so they are aware.

Start with contacting the other victims and asking how to start the case in Mississippi. It will likely involve the local police to start but may end up a federal matter since it is fraud over state lines. I know little about federal cases. You could try the FBI.
You may also want to contact the Mississippi Attorney General.
Local police departments are not very technical and you will probably have to provide and explain all evidence. I don't know how they will investigate so far away. That's part of why I suspect it will be a federal matter, if it can be charged at all.
posted by littlewater at 10:30 PM on September 4, 2014 [2 favorites]

I wonder if the perp only used the Marriott wifi network, or if they had to pay for, or sign anything at the business office in the Marriott - which might reveal their identity?
posted by Joh at 10:52 PM on September 4, 2014

Oh my goodness. Brent Hazzard is named as one of the vacation company attorneys but in real life he works for the county attorney - the group that is responsible for bringing the charges. The county attorney will be quite unhappy to see this misuse of his license.
http://www.hindscountyms.com/elected-offices/county-attorney
posted by littlewater at 11:04 PM on September 4, 2014 [8 favorites]

NB: All this riffing has inspired a nice Sneakers FanFare post.
posted by Rhaomi at 12:07 AM on September 5, 2014 [4 favorites]

Also, if this did not come from inside the actual company, the company has the clearest cause of legal action and an actual problem of reputation management. Metafilter was not harmed.
posted by spitbull at 3:11 AM on September 5, 2014

This is enough revenge. From now on googling Sundance Vacations will never be the same as it was.

I don't think Metatalk gets trawled by Google, and I don't know if it's possible to change things so that this particular post would start coming up in Google searches. However, since the Askme thread appears when you Google "Sundance vacations" (as mentioned above), I am wondering whether it might be a good idea to open the Askme thread briefly and add a >Meta< link to this thread. Or possibly something more substantive, with reference to today's date. After all, we don't want people thinking that because it's an old post from 2010, Sundance Vacations aren't still crooked.
posted by kisch mokusch at 4:20 AM on September 5, 2014 [1 favorite]

I'll be hitting up the two non-airport Marriotts this morning, so stay tuned.
posted by SpiffyRob at 4:31 AM on September 5, 2014 [3 favorites]

What jurisdiction is the crime taking place in? They forged Mississippi documents, but did it from an IP in Pennsylvania, and I'm in Oregon. Ideally, I'd like to see real criminal felony charges, and a judge subpoena the Marriott WiFi records (to get the mac address of the network interface that was connected) as well as the Google Plus account IP info for two emails sent out of Gmail to me, and check those against their corporate computers.

A felony has been committed here, but so far everyone I've talked to (the law clerks, a newspaper reporter in PA, friends) seems kind of "meh" about the whole thing.

This is a crime in Mississippi. Mississippi has jurisdiction, because its court's orders are being forged. Contact Robert S. Smith, DA for Hinds County at 601-968-6568.

Here is the statute which grants Mississippi jurisdiction. Someone got a court document from Mississippi, thus triggering the contacts needed to touch the county in Mississippi:

§ 97-45-11. Venue

For the purposes of venue under the provisions of this chapter, any violation of this chapter shall be considered to have been committed:

(a) In any county in which any act was performed in furtherance of any transaction violating this chapter; and

(b) In any county from which, to which or through which any access to a computer, computer system or computer network was made, whether by wire, electromagnetic waves, microwaves or any other means of communication.

this needs to be referred to the Hinds County DA, stat. They can do things we can't, like get search warrants. Then the culprit can be arrested for forgery.

Here is the relevant section of MS Code:

§ 97-21-35. Pleadings, process and other court papers, licenses, or written instruments generally

Every person who, with the intent to injure or defraud, shall falsely make, alter, forge, or counterfeit any instrument or writing being or purporting to be any process issued by any competent court, magistrate, or officer, or being or purporting to be any pleading or proceeding filed or entered in any court of law or equity, or being or purporting to be any certificate, order, or allowance, by any competent court, board, or officer, or being or purporting to be any license or authority authorized by any statute, or any instrument or writing being or purporting to be the act of another, by which any pecuniary demand or obligation shall be or purport to be created, increased, discharged, or diminished, or by which any right or property whatever shall be or purport to be transferred, conveyed, discharged, diminished, or in any manner affected, by which false making, forging, altering or counterfeiting any person may be affected, bound, or in any way injured in his person or property, shall be guilty of forgery.

Another route would be to contact the US Attorney for the Southern District of Mississippi, also in Jackson. They do not accept contact via E-mail, so you must telephone them at (601) 965-4480. The interstate nature of the crime might make the U.S. Attorney/FBI a better choice. Their Jackson contact information is here.

this would also be attempted fraud under 18 U.S.C. section 1349.

Depending on how many times they have done this (and it appears they have done this a lot), this is a 20 year felony. Plus conspiracy to commit forgery.
posted by Ironmouth at 5:19 AM on September 5, 2014 [14 favorites]

Downtown Courtyard Marriott:

My IP was reported as 65.115.36.4.

Attempting to go to that IP failed to load the redirect and it eventually timed out. However, hitting http://phldcgw001ll.singledigits.com/common_ip_cgi/singledigits.cgi directly redirected me to http://www.solutioninc.com

Heading south.
posted by SpiffyRob at 5:27 AM on September 5, 2014 [5 favorites]

MetaTalk is in fact indexed by Google, as far as I can tell.

I am wondering whether it might be a good idea to open the Askme thread briefly and add a >Meta< link to this thread.

I could be mistaken but I don't believe there's any sort of direct precedent for such a thing. At any rate I feel it would be against the spirit of threads closing when they're expected to close; the exception on Ask being that posters can provide a final update via the mods. Less technically, the thread is "from that time" and so is the information contained therein, really. It's archived, essentially, and as such I think it's reasonable to expect it not to change. I wouldn't be immediately comfortable making an exception there for the sake of what may well be taken as revenge, or as manipulating search indexes -- manipulating, because again it would be something we wouldn't normally do: there are plenty of links from Ask and MeFi to MeTa but they are generally placed by users in the normal context of a thread, including when it was posted and when it closed. Lastly I'd be cautious about setting such a precedent even if we did have a solid case to do so.

I know that's not your intent with this suggestion. And regardless, others may well feel differently about the idea. But from my as-a-mod perspective, these considerations would cause me to think twice before taking such a step, however small it may seem.
posted by goodnewsfortheinsane (staff) at 5:34 AM on September 5, 2014 [2 favorites]

any thread relating to this case should be preserved, as is, for evidentiary purposes.
posted by Ironmouth at 5:49 AM on September 5, 2014 [1 favorite]

I don't know, this seems like an update to me, falling squarely within the "open up an Ask post to provide a final update" precedent here.

I'm not advocating that it's done as much as I am saying it really doesn't seem different from the usual protocol here except that the OP did not originate the update.

On preview yes monkeying around with the thread is not the best idea. It's got evidential value and should remain untouched.
posted by sockermom at 5:51 AM on September 5, 2014

This is a post *about* metafilter so in goes in the grey, not the green, and anyway it's not a question, and also opening a question in ask just to update an old question is not a thing that's done.

There are often meTas made based on something that mathowie wrote, or based on something about metafilter from elsewhere. This seems to fall into both those categories.
posted by rtha at 5:57 AM on September 5, 2014

Based on the determinedness of the posters in this thread, including mathowie, I imagine this isn't ending at this metatalk thread. Since it's starting to look like it could mean jail time for some Sundance employees at most, and at least some amount of legal battles I don't think in a few months this post and the original Askme will even be on the same level as the new articles written about federal felony level fraud by the company popping up online.
posted by DynamiteToast at 6:04 AM on September 5, 2014

Navy Yard Courtyard Marriott:

My IP was reported as 50.204.192.125.

Attempting to go to 65.115.36.4 redirected me to http://phldcgw001ll.singledigits.com/common_ip_cgi/singledigits.cgi, which never resolved (same behavior when I try to hit that IP from any other place.)

You've got to go Downtown, George. It's all Downtown.

The one other thing I can check (but it may be overkill): There are two other Marriotts within a block of the Courtyard (a Residence Inn and a mothership.) Any use in checking those, or are we quite sure it was a Courtyard?
posted by SpiffyRob at 6:13 AM on September 5, 2014 [2 favorites]

This is enough revenge. From now on googling Sundance Vacations will never be the same as it was.

You've obviously not googled Sundance Vacations. They troll message boards and threaten bloggers a lot. They aren't concerned they look like unethical asses.
posted by cjorgensen at 6:17 AM on September 5, 2014

I wouldn't be immediately comfortable making an exception there for the sake of what may well be taken as revenge, or as manipulating search indexes -- manipulating, because again it would be something we wouldn't normally do: there are plenty of links from Ask and MeFi to MeTa but they are generally placed by users in the normal context of a thread, including when it was posted and when it closed. Lastly I'd be cautious about setting such a precedent even if we did have a solid case to do so.

I know that's not your intent with this suggestion. And regardless, others may well feel differently about the idea. But from my as-a-mod perspective, these considerations would cause me to think twice before taking such a step, however small it may seem.

The original question asks:
"Am I about to get screwed by Sundance Vacations?"
and
"If anyone has first-hand experience with this outfit, warnings (or favorable impressions), or links to travel forums or discussion groups that go into additional detail, I'd welcome your input."

The fact that the owner of this site has been harassed and threatened by them with legal action under false circumstances is exactly the sort of information the OP was asking for. If the thread were still open there's no question that someone would link to either mathowie's Medium article or this thread. It's information that the OP would definitely need to know and find helpful.

So when the OP's needs are out of the picture, what then? cheapskatebay no longer needs to know what sort of company Sundance Vacations is. But what about anyone else who might have similar concerns and looks for that information online in the future? Do we, as good netizens, have any responsibility to them? To provide them with all the information at our disposal and let them to draw a more informed conclusion? I think we do. Especially when it turns out the company probably engaged in illegal activity -- and definitely acted terribly towards mathowie (and apparently others).

AskMe is an extensive online information resource for more than just our members. From what I understand, it gets more non-member traffic than any other subsite. It serves as a hub of collected wisdom on all sorts of topics for anyone who looks for answers. Not just the original OP of any given question. Most mefites have probably used it to learn answers to questions asked by others. At one point or another, some nugget of knowledge AskMe will probably show up in a non-member's search results. Perhaps it will help them. At the risk of sounding grandiose, Ask has grown into a huge public service.

Don't we owe it to ourselves to help everyone be as informed as possible?
posted by zarq at 6:52 AM on September 5, 2014 [2 favorites]

A felony has been committed here, but so far everyone I've talked to (the law clerks, a newspaper reporter in PA, friends) seems kind of "meh" about the whole thing.

Too bad they didn't do something really awful like download that document from PACER or JSTOR so we could get federal prosecutors to give a shit.
posted by phearlez at 7:04 AM on September 5, 2014 [10 favorites]

Don't we owe it to ourselves to help everyone be as informed as possible?

we owe it to the community at large that they are prosecuted and that we don't mess up that prosecution by altering or changing a page which may be an exhibit in a trial against the owners.

A felony has been committed here, but so far everyone I've talked to (the law clerks, a newspaper reporter in PA, friends) seems kind of "meh" about the whole thing.

Too bad they didn't do something really awful like download that document from PACER or JSTOR so we could get federal prosecutors to give a shit.

have federal prosecutors been called yet? Also the document was very likely downloaded from a state court website very similar to PACER.
posted by Ironmouth at 7:07 AM on September 5, 2014 [1 favorite]

Downtown Courtyard Marriott:

My IP was reported as 65.115.36.4.

Thanks SpiffyRob, that's the exact same IP as the original contact. So I'm 1000% sure now that they sent it from that exact location, and it sounds like you just walked up and logged on and sent it, so they didn't even need to be staying there to get on the WiFi.
posted by mathowie (staff) at 7:15 AM on September 5, 2014 [3 favorites]

we owe it to the community at large that they are prosecuted

This is not an either/or situation.

and that we don't mess up that prosecution by altering or changing a page which may be an exhibit in a trial against the owners.

I'm not a lawyer. Serious question: has section 230 of the Communications Decency Act been struck down recently? (It might have. I'm unaware.)

Because my understanding is that it grants immunity to website owners/operators from certain kinds of legal liability that might arise from content created on their site(s) by users. This includes defamation claims. Not just that, they cannot lose immunity if they edit the content of a page in question for accuracy.
posted by zarq at 7:19 AM on September 5, 2014

Yeah, zarq, the CDA is still pretty tight and grants operators of forums pretty good insulation from what happens on their system by users.

I'm actually not stressed out about this at all, I wouldn't bother with a civil suit, I haven't suffered at all in this, it's mostly been amusing research and detective work for me.

Instead I'm looking at a company with two decades of shady dealings and disgruntled customers that seems like they might have broken a serious law to get what they want, and I'd like whoever did this pay for that mistake because they crossed a line into actual serious felony. I actually worked a summer part-time job in college for a timeshare company once (all I did was serve free food once a week when they'd have people come in for their "free" gifts), and everyone I found in the company selling timeshares was ultra sleezy. It was straight up Glenngary Glenross.
posted by mathowie (staff) at 7:29 AM on September 5, 2014 [12 favorites]

Well Ironmouth didn't expressly say IANYL in this thread so I think technically he's our lawyer now...
posted by DynamiteToast at 7:30 AM on September 5, 2014 [16 favorites]

But... but... it's such a great place to work!
posted by Naberius at 7:31 AM on September 5, 2014

Confirming what mathowie said above, I just sat down in the lobby, hit their gateway page, clicked continue and I was off to races.

This Courtyard is also right next to the Philadelphia Convention Center, so it's possible the sender was present for an event there. It is also possible they came into the city to get a Roast Pork from DiNic's.

Now I've got investigation fever. I wish there was more I could do, preferably something involving a disguise.
posted by SpiffyRob at 7:46 AM on September 5, 2014 [24 favorites]

Just start wearing a fake mustache - especially if you already have a real mustache - and the cases will find you!
posted by soelo at 7:50 AM on September 5, 2014 [10 favorites]

Go to the Convention Center and find out what was happening that weekend! And when they won't just flatly give you that information break through and rifle through their filing cabinets til you find it!

Yes I have been watching a lot of Veronica Mars lately, why do you ask?
posted by DynamiteToast at 7:51 AM on September 5, 2014 [7 favorites]

have federal prosecutors been called yet? Also the document was very likely downloaded from a state court website very similar to PACER.

That was just my gallows humor/obscure reference moment for the day, sorry.

U.S. Attorney Carmen Ortiz is loosed upon the world,
The timeshare plague is loosed, and everywhere
The ceremony of honesty is drowned;
The best are driven to suicide, while the worst
fake government documents with impunity.

posted by phearlez at 8:07 AM on September 5, 2014 [1 favorite]

According to the Convention Center calendar there were no events there that weekend 8/31. Probably because it was a holiday weekend. But that hotel is very centrally located. I've been in there before. And Marriotts usually have free wifi in their lobby.
posted by interplanetjanet at 9:12 AM on September 5, 2014 [1 favorite]

So...security camera footage next? This is a bit like 'Casino Royale'....
posted by Namlit at 9:16 AM on September 5, 2014

What jurisdiction is the crime taking place in? They forged Mississippi documents, but did it from an IP in Pennsylvania, and I'm in Oregon. Ideally, I'd like to see real criminal felony charges, and a judge subpoena the Marriott WiFi records (to get the mac address of the network interface that was connected) as well as the Google Plus account IP info for two emails sent out of Gmail to me, and check those against their corporate computers.

IANYL, but there are possibly multiple crimes here, with multiple victims, as well as the civil claims. The forgery, which is the meaty felony here, is in Mississippi's jurisdiction (or possibly federal jurisdiction) and is up to Mississippi or the Feds to pursue or not.

There is a possible criminal harassment issue here, though, of which you are the victim, and myriad possible civil claims. Talk to your lawyer(s) about what makes the most sense under Oregonian statues, because all of that should be doable there. (I think.)
posted by Navelgazer at 9:16 AM on September 5, 2014

Yeah, zarq, the CDA is still pretty tight and grants operators of forums pretty good insulation from what happens on their system by users.

GOOD! :)

I'm actually not stressed out about this at all, I wouldn't bother with a civil suit, I haven't suffered at all in this, it's mostly been amusing research and detective work for me.

Also good! :)
posted by zarq at 9:35 AM on September 5, 2014

I'm not very active at FlyerTalk either, but I've been there a really long time. I dropped a note to the forum mod where the thread was deleted and will let you know if they are also interested in looking into it further.
posted by Lame_username at 9:42 AM on September 5, 2014

There is a possible criminal harassment issue here, though, of which you are the victim, and myriad possible civil claims. Talk to your lawyer(s) about what makes the most sense under Oregonian statues, because all of that should be doable there. (I think.)

Oregon law seems to set harassment as a class B misdemeanor and as a criminal issue seems likely to be at the discretion of the Oregon prosecutors to pursue. Unless there's some statutory damage set out for this elsewhere I don't see how Matt has any sort of tort claim since he didn't suffer any real harm.
posted by phearlez at 9:43 AM on September 5, 2014

> I don't see how Matt has any sort of tort claim since he didn't suffer any real harm.

In CFAA hacking cases, one of the ways they determine the monetary damages to the victim (which influences federal sentences) is the investigation and clean up time, billed at are-sysadmins-paid-like-white-shoe-lawyer rates. The time to check out the original post, poster's history and to debunk the court order are worth something, no?
posted by morganw at 9:59 AM on September 5, 2014 [1 favorite]

Just speaking from a commonsense perspective here: Matt was uncommonly cool in the face of this. A normal website owner would have been totally buffaloed by this forgery and might easily have been tricked into hiring a lawyer, removing materials that generate revenue for their site, or some other costly action.
posted by LobsterMitten (staff) at 12:56 PM on September 5, 2014 [5 favorites]

(That is, agreeing with morganw, it definitely seems like this kind of thing can cause harm and lost time for the targeted site.)
posted by LobsterMitten (staff) at 12:57 PM on September 5, 2014

It seems to me that the best avenue for unofficial investigation at this point would be to find other sites e.g. FlyerTalk who have been emailed by sundancevacationlegal@gmail.com and compare notes with them. If they've slipped up even once in keeping the gmail and official email addresses separate then their deniability is gone.
posted by Busy Old Fool at 1:52 AM on September 6, 2014

Almost forgot -- from the Rejected Anagram Files:

A CANCAN VIDEO STUNS A SATANIC COVEN DUNS A NASCENT VINOUS CAD SEND A VACANT COUSIN A SIN COUNT ADVANCES A VACATED INN CONS US A NOVA DUNCE'S ANTICS VAIN CADS CANNOT SUE

posted by Rhaomi at 10:28 PM on September 6, 2014 [4 favorites]

VAIN CADS CANNOT SUE

The last one is the best.

How about SUNDANCE VACATIONS LLC =
COLLUDE IN VACANT SCANS and
CALL ENDS VAIN ACCOUNT
posted by Joe in Australia at 10:52 PM on September 6, 2014 [1 favorite]

Don't you mean secretary Bishop, stichermonster?

And everybody knows the tiny courtesy in-ear phones are yellow.
posted by tigrrrlily at 11:27 AM on September 7, 2014

I am very late to this meeting and have just read the Medium OP by Mathowie.

Just wanted to add taht I received some very officious sounding emails from a domain registrar in China asking if I had a local subsidiary as someone wanted an URL I own and use. This was followed up by an email within 24 hours from the company wanting to register the domain name and threatening to proceed with it in China and register the keyword as well.

I said. Whatever. They never wrote back. I think its a whole new level of extortion/scam/domainsquatting where they're waving their ownership of your domain name with a .cn at you.

/yeah a bit of derail but reading the OP made me think of this and though I'd pass it along as a fwiw in case it happens to anyone else.
posted by infini at 11:56 AM on September 7, 2014

I think its a whole new level of extortion/scam/domainsquatting where they're waving their ownership of your domain name with a .cn at you.

That's a fairly common scam.
posted by effbot at 1:26 PM on September 7, 2014 [2 favorites]

Thanks, effbot!
posted by infini at 6:52 AM on September 8, 2014

Yeah, I get the chinese fake trademark warnings all the time, they scared me at first until I found out they were low-level scams.
posted by mathowie (staff) at 9:45 AM on September 10, 2014 [1 favorite]

Depending on how many times they have done this (and it appears they have done this a lot), this is a 20 year felony. Plus conspiracy to commit forgery.

I decided to finally sit down and contact the Mississippi courts about this. I called the number you listed Ironmouth, and they shuffled me off to the Attorney General's office, who shuffled me through three more people before I got I think an actual AG.

I explained the story really quickly and stressed the forged court order as a felony and the guy only wanted to talk about it as a civil matter I should pursue on my own to get money for my time lost to this, and told me flat out their office has no power to go after the timeshare company or get IP records from Google to solve this. A real bummer, I wish someone there took it a bit more seriously, but I guess we need more evidence of a timeshare company employee being caught red-handed.
posted by mathowie (staff) at 10:06 AM on September 10, 2014 [8 favorites]

wow, that's nuts. so wrong. try U.S. attorney
posted by Ironmouth at 11:11 AM on September 10, 2014

Well, con-artists will be pleased to learn that forging/altering Mississippi court documents is something that no one will care about and is low-risk. That should work out well for Mississippi.
posted by Ivan Fyodorovich at 1:40 PM on September 10, 2014 [8 favorites]

« Older 2014 MeFi NHL Fantasy League is open | MeFite LoseIt Friends? Newer »

You are not logged in, either login or create an account to post comments

MetaTalk

Mathowie 1, Travel Agency Shenanigans 0 September 3, 2014 9:28 AM Subscribe

Tags

Share