Slashdot Mirror
Artists Against 419 Takes On Scammers
419scammers writes "Hello,
The following site is an anti scammers 419 site (plus associated scams) which has started to receive a great deal of publicity in a number of countries national publications. Their fifth international flash mob has now started. Have a look at the monthly flash mob link. Enjoy." An anonymous reader adds "More than 50 identified websites of the Nigeria-Connection are being targeted and the first ones has been already disabled. It was a very bad idea to copy the website of an innocent lawfirm..."
Comment removed based on user account deletion
I had fun with one of these guys here.
---
Never criticize religion on Slashdot. You will be modded down for "Troll" no matter how factual it is.
It was a very bad idea to copy the website of an innocent lawfirm..." *watchs the lawsuits and lawyer from the innocent lawfirm attack*
This signature was left intentionally blank.
"Innocent Law Firm"
- Shouldn't it be "An innocent until proven guilty law firm?"
"If we knew what we were doing, it wouldn't be called research, now would it?' -Albert Einstein-
How do we know we're actually participating in a DDoS against a 419 site and not a legitimate business?
This kind of mob mentality is a little unsettling. I guess it doesn't matter as far as slashdot is concerned though. They'd take down a bus full of nuns if they were a website.
This is going to be a major Slashdotting with a useful purpose!
for good 419 sport try Ebola Monkey Man (n.b. site is in no way racist despite the name)
Cure cancer.. and stuff! www.team45.info
The Funny thing about all these anti-419 ideas - especially the laws - is that it's probably easier to take out the stupid people here than it is to take out the stupid scammers in Nigeria.
The new Microsoft Email Initiative has promised to do just that- Every time people use their mail client, clippy will pop up with questions like:
Will you:
a) Give money away to people you don't know.
b) Double click nude.pics.exe.vbs.exe.jpg.exe
c) Mail this pyramid scheme to 30 other people
d) None of the above
419 Eater has been around for a while and is pretty well known for messing with these scammers. Take a look at some of the pictures scammers have sent them and listen to the audio recordings. Some of these scammers really need to brush up on their pop-culture.
"Q: Why are there so many broken images on your site? A: That's not a bug! It's a feature! If you can see any picture it means that a website of a 419 criminal is still not down. But they have to pay a price for it! Actualy our aim is to present only broken images at our web site." So to answer your question, by slashdotting the site, we are helping take down the 419 sites.
Well as much as I hate 419 scammers I still can't bring myself to think of them as scum quite on the same level as mass spammers.
Think of them as the internet's version of the lion, culling the weak and gullible thereby keeping the species healthy.
Heh... now I have another site besides /. to constantly hit the refresh button on!
Not only that, but it hurts spammers!
...
Having many people actively (as opposed to automatically) participate against scammers indicates a mass disapproval of them. Each node in a manual DDoS requires one human being deciding that participating is worth his time.
Let's write a program to download page content continuously.
I'll be glad to do this.
- Zav - Imagine a Beowulf cluster of insensitive clods...
It's a great idea. While the artists against 419 scammers have to serve up the HTML, they've hijacked the images, eg:
t ;
<img src="http://www.some-419-scam-site.ng/logo.jpg"&g
So maybe a 1 KB of HTML vs. usually 10 to 20 KB of images, and that's for each image. You could easily add a 1 pixel frame which loads up dozens of images from the scam sites.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
I don't understand exactly what are the 419 scammers? I was unimpressed with the site it looks very poorly done. Not what I would expect from geeks wanting to strike back at scammers.
SCAMI@HOME will constantly steal bandwidth from these unsuspecting scammers, now there's a good use for my CPU cycles.
~ there are 10 types of people in this world, those that can read binary and those that can't
It seems that they are taking a page from Publishers Clearing House and using a trivial amount of peronalization to get people to open the email. I wonder if the victims will actually check to see if such a relative exists, or allow greed to take over. It is like those ad that say 'the government owes you thousands of dollars.'
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Here is a game where you chase logos from the sites with your mouse, and if your cursor goes over them, they reload on the edges of the page.
Thing is, you can speed them up, and they automatically go towards your cursor. Even in the background (try it with a trillian window). And it's more addictive than you'd think.
Many 419 mugus suffer from their small and weak penises, don't have any major education and need lots of stock opportunities to put their money into. It's only gentle to help them by having their email addresses fed into as many spammers' databases as possible.
Basically this, 419ers are basically scammers. They try to get you to give them you bank information or credit information or just give them lots of money by making you think they're a bank or an investment firm.
The idea is you're stealing bandwidth to cost them a lot of money and wipe their site off the internet.
Are you attacking a good guy or a bad guy? That's a good question. You don't know, do you? You could be attacking a bad guy but you're taking down a small business internet provider that got duped themselves and you just ran up their bill thousands of dollars putting them out of business. You could be attacking a bad guy but their site is running off zombied machines in a hospital so you just shut down their network and killed a few people. Someone could have compromised that site and changed the pictures to ones on humanitarian websites and you're hurting the good guy. I don't know, you don't know. Who does?
And that is why a DDoS is generally regarded as a bad thing by everyone no matter who it's against.
Use wget from a few well connected machines to spider the 419'ers fake sites in an endless loop. Shouldn't take long to wipe 'em out. :-)
Artists Against 419
A "419 Scam" is the attempt to defraud people of their money by claiming that they need to send money and/or account details in order to recieve a large ammount of funds. If any victim actually cooperates, they're told that they need to send more. Spam is commonly used because of the relatively low cost of sending massive e-mails, and the fact that the scammers net thousands of dollars from each fool that bites. The name comes from the chapter of Nigerian number in law that says this is illegal there, yet a majority of these scams come from there.
flash mobs
This is a concept that comes from people who send text messages to a mailing list of bunch of friends that says something cool is going on, so anybody free should come join them. In cities, this can cause 100s of people to show up on the "if you contact 10 friends, and they contact 10 friends..." principle. Singer Avril Lavigne is currently doing a tour of unadvertised events at shopping malls, which have attracted up to 6000 people that more or less depends on the first people to see the sign announcing the event telling their friends, and having those friends tell others. This group is encuraging a simple Slashdotting against 419ers, which is basically the same principle. More people showing up than expected causes problems...
Create one huge webpage with lots of images linked to the spammers website (you know which ones, natural viagra, xanax, etc), and let's run THEM out of business as well!
I'll gladly visit that page while I'm waiting for Spamcop to process the reported spam
The Lad Vampire attack downloads 5 large images from the 50-something target sites continuously. It doesn't require refreshing or turning off cache, and uses all available bandwidth. Opera tells me I've got 10,000 images so far for about 240MB in just under 20 mins.
Organizing communities to attack hostiles is a good idea, and lately I've seen a lot of mails pretending to be from Citibank, apparently linking to citibank.com, but instead hiding the URL by using HTML, and sending the user to a different page instead.
These new phishing scams have been covered by the media, and basically it opens a popup with the address field hidden, and it uses HTML/JS to recreate a fake one, giving the impression that one is actually at citibank.com.
An example of a received spam, which claims to link to web.da-us.citibank.com, but really links to a page which opens a popup. The address of the popup is:
http://www.strongerinfobase.us/scripts/sys.php
This page gathers credit card info. Maybe if there was a site to gather these addresses, hundreds or thousands of people could cooperate and submit so much nonsense - either random crap or seemingly real, but fake, CC info. That way, the scammers would have to wade through thousands of fake entries.
Maybe someone could even write a script to spam the scammers into oblivion :)
Clever signature text goes here.
Unfortunately, scammers and spammers often have a lot more available bandwidth than typical artists or honest business sites. Even worse, you toss up your anti-419 page that throws unwanted traffic at a page, and you increase the scammer sites rating. The various sustained DOS attacks on SCO gave SCO an Alexa Rating in the low thousands. A smart scammer might use the DOS attack to set cookies for merchant programs, and end up making money for the person you are trying to attack. We seem to forget that both good and bad publicity drive valuable traffic to sites.
B: So you're saying robbing from the clueless and senile is better than actually selling a product?
Member of Orkut? Annoyed with spam?
Previous topic on the same subject ...
0 4210
http://yro.slashdot.org/article.pl?sid=03/11/16/2
Skiers and Riders -- http://www.snowjournal.com
Hello, my name is Solomon Chang, and I am a legal representative of a certain Cowboy Neil, who has a similar sig to yours on Slashdot. Recently, my client, a strong supporter of Artists Against 419, passed away, and has left behind an account with a hell of a lot of Karma on Slashdot. However, Hemos and Commandante Taco have dictated that the account be furthermore untouched should such an unfortunate occurance transpire. However, if you should be willing, your sig matches my client so closely that we may be able to trick VA Systems into sending his Slashdot password so that we may both reap the benefits of 1337 hax0r status. However, my firm would require the access information of your Slashdot account (i.e. username and password), so if interested, please send your information and we will proceed from there. You will need to hurry, as the Commandante will attempt to acquire the Karma for himself if/when he discovers the account to be deactivated.
In sincerest regards and utmost urgency,
Skevin
"Twice half-assed makes an ass whole." --Solomon K. Chang
Mechanical/Formatting - The sites are decent, (i.e., not foreign spam bad) but they have enough errors and inconsistencies that I think they aren't up to the caliber of an international financial organization. If they really have any international dealings, they can afford a decent marketing firm or department to do their web site.
Sitebuilders - Look for systematic naming, formatting, and telltale HTML tags. Again, I wouldn't trust a financial org that uses a sitebuilder.
Plagiarized Wording - Try Googling some of the complex wording. A number of them show up word for word on other sites.
Take for example, financialsecurities.org.uk. The wording "has a highly experienced team of professionals providing unbiased and highly qualified services exclusively to its clients in selected technology & health care industries which drive the high-tech revolution" appears only at this site. Notice also the >>high tech revolution<< punctuation that appears afterwards.
Now it's possible that Viscardi is plagiarizing financialsecurities.org.uk, but Viscardi leaves a phone number, so you can call them and ask about it.
Now sure, this isn't hard evidence, but the consistency of clues on so many sites tells me these people (the artists) have gone through some work to come up with such a reasonably self-consistent list.
Flash Mob
419
nohup rm -rf ~/. >& zen &
The issue to this is that if you look at the headers that most browsers send to the site they request files from there's a referrer tag. A site owner can actually with minimal effort block requests unless they are referred from their own site... This seems like a lost cause to me.
I can count to 1023 on my hands. Ask me about #132.
It is automated. RTFA. The pages automatically reload, or you can download scripts.
Their site features just about every grammatical mistake one can make.
English is not every person's first language.
They also accused me of stealing their bandwidth by going to their page. That seems to be a strange accusation coming from a group that is going out to crash other people's sites.
No they didn't. In fact they encourage people to, "...bookmark this site and revist us as often as possible", and, "link to us from your web site!".
Why is this guy's post modded "Informative"? I suppose wrong information is still informative, but jeez, people!
Show me on the doll where his noodly appendage touched you.
I've always wished that I could take down a scammer with help from the Slashdot crowd when I've seen an obvious scam, such as the one in my previous post. Now, maybe Slashdot can post a story every now and then about this site to remind people about it, and the next daily "scammer slam"... :)
(By the way, there was an obvious typo in my last Subject. It was supposed to be "community attacks". Oh well.)
Clever signature text goes here.
I'm sorry, but DDoS'ing 419 sites seems really stupid. You might take their site down temporarily but you're also wasting just as much of your own bandwidth and affecting other more important services.
The 419'ers exploit stupid people. These efforts don't address either the stupidity of people or the illegal activities of the scammers. It seems more like a publicity stunt to call attention to the artists than a legitimate and effective effort to stop 419ers.
While I don't condone the activities of the 419'ers, they don't bother me that much. Turn on the television and it'll take you about ten minutes before you see a commercial from an American company that's basically doing the same thing, misleading people into giving them money for something that is questionable. I have trouble distinguishing the current spate of weight-loss and penis enlargement pills from the tactics of 419'ers.
I figure anyone stupid enough to fall for these schemes will do so eventually, so we might as well let them learn from their mistakes sooner rather than later. That also goes for the goofy fake-cashiers check scams being perpetrated on people posting online classified ads. If you're selling something for $3000 and someone sends you a check for $6000 and wants you to wire the difference to another country, you're a fool who needs to be parted from your money.
This guy actually managed to get the scammer to send him money. He ended up donating it to charity, but none the less, that's pretty impressive. Worth a read if you've got nothing better to do.
http://www.419eater.com/html/stev_ebe.htm
Should perhaps mention that wrt to flash mobs, Larry Niven AFAIK was conceptual inventor. Although his mobs were more ordinary communications, and relied on teleporation transportation, the concept really isn't that different from what's happening now.
I haven't seen any quotes from Mr. Niven about it (yet) but I do know that several people who know him are quite amused...
Cheers!
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
While I would agree with you most of these sites are running on $8.95/month hosting and so don't have that kind of customization.
AF-Design, web development.
Why 419, where did this number come from?
:)
On a side note, are the '420' people more susceptible to '419' scams?
So if you had a 500 by 500 image built up of 10 by 10 images it would be 2500 images loaded on every page load.
Talk about artistic slashdotting.
In addition to the points raised by others, the easiest way to avoid the referrer issue is to have their HTML page load up in a 1 pixel frame. That way, it's their referrer header for the images and, because the frame is only 1 pixel wide/tall, the user can't see the content anyway.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
For modem users - Cube 419
For cable users - Scammers Nightmare
And here's an alternative - Lad Vampire
Come on, don't be shy, give them some good slashdotting - it's good fun for the whole family!
by having a bunch of individuals DDoS'ing the 419 sites they are not having to use their own bandwidth...
a bunch of slow connections can do much more damage than a few faster connections.
It makes me wonder if they are DOSing more than just 419ers.
Looking at the hit counter on their web page, showing ~330K hits, I'd be suprised it this is in the slightest bit effective...
The quantity of traffic you generate simply isn't that great when you can get a $9.95 hosting deal that allows 500MBytes per month or more.
Bandwidth is cheap. Loading the same image multiple times is a waste of space unless you don't cache in your browser (and elsewhere). If you have access to your web server config (even on shared servers sometimes) you can easily configure so others can't do this by requiring the referrer to be your own site.
RG
To annoy scammers - If you are the lucky recipient of a scam email, use the email address you're supposed to reply to to 'register' on a few porn sites - the mail scammers themselves will soon be flooded by spam email...
Comment removed based on user account deletion
I personally visit all of the scam sites and fill their forms with false data. I figure if a good chunk of people did the same thing, the scam would become pointless as it would cost too much to weed out the valid data from the invalid data.
On their site they listed some other websites.
I found a fantastic online banking presence. It looked very professional!
What did strike me as odd though... was the annoying POP up ad that jumped out at me. I suppose they are just a bit of a progressive banking instititution and using that money to pass the savings on to the customer!
Really, if you are going to scam people at least give it some good effort.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Quite an interesting idea they have here. From Artists Against 419's FAQ:
Wouldn't it be more effective to start a Denial of Service attack (DoS) against this 419 sites?
We here at artists against 419 don't recommend any illegal practices! Such an attack might be more effective, but its less art.
Also from their FAQ:
Aren't you fighting abuse with abuse?
It's art! Sometimes art hurts, but there are no civil casualities in this battle.
You're right about the grammatical mistakes, though. Maybe artists aren't the best spellers.
Everybody with any sense hates spammers and scammers, and any measures we take against them seem like spitting into the ocean.
I have to think that even the most rational and law-abiding among us have at least fantasized briefly about launching attacks of various sorts against spammers and spam gangs. Innumerable fiendishly clever ideas for how to accomplish this have been launched right here on Slashdot--usually to be rebutted by wiser and/or more technically savvy heads.
The lovely thing about 419-baiting is that they're low-hanging fruit. They're accessible. Unlike the spoofers and joe-jobbers, they leave themselves right out in the open. It's as if they've hung a digital KICK ME sign on their virtual butts.
Revenge is sweet.
DUCT TAPE: The Election Supervisors' Secret Weapon
This seems to be a round-about and innefficient way to do a DDoS (Distributed Denial of Service) attack. They should just automate the thing as opposed to having people sitting and clicking as they seem to plan on doing. I think the thing that seperates this from being a DDoS attack is that it's totally voluntary and people can do it at will. (CTRL R anyone?). That aside, anyone willing to sit there and reload the page is doing it at their own discretion, paranoid that they might miss something. Most (all?) DDoS attacks are from unwitting and unknowing computer users. I'm no expert at how this works, but to be on the safe side, I reloaded voluntariy a few times. Sorry if those images are hosted off of an unwitting host. If they can fake an email address, chances are that they are useing someone else's bandwidth to host their images. HOpefully not, but ya never really know.
A RTFA shows that the site in question encourages you to either disable your browser cache or use a javascript-based alternative. They also note that the scammers could work around it but the fact that a lot of them HAVEN'T says something....
It is here: http://www.freewebs.com/kinomakoto/lv-0305.html
It's all worth mentioning there's to more flash mobbing than just loading the images; they also encourage people to contact the hosts of the sites, call the authorities, and basically attack the 419ers from every angle.
Some nitpicking - if someone manages to zombie a hospital machine, that means someone is already in danger of dying. Which is precisely why hospitals don't put their critical computer systems in a public network and tend to have pretty high security standards on those as well =)
(Yeah, and the fact that they have the account numbers in the source of their web page should tell you something too, never minding the lack of SSL).
Hmm... for the real lazy, it appears that any odd number between 2206076832141101 and 2206076832141165 (among others) will work
Free Software: Like love, it grows best when given away.