Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Do You Think of Online Vigilantes?

Posted by Cliff on from the digital-justice-or-online-nuisance dept.

gwoodrow asks: "I'm a member of the (primarily) Mac community Spymac. I originally joined for the 1 gb of email, but eventually found myself joining in on discussions in the forum. Today, I received an email from a supposedly anonymous Spymac member ("supposedly" because the smart guy didn't mask his IP). Basically, it said that he or she had harvested 10,000 member screen names/email addresses from Spymac's pages and that this, paired with the ability to view individual member's profiles, created a major problem because of the extent of information so readily available. The email this person sent out and the forum discussion that follow are available here. All cracks and personal opinion about Spymac aside, what do Slashdot members think of online 'vigilante' justice?" "Some viruses are released with little notes within that say things like - 'this is why you need to do X or Y to fix your software' Some hackers have also gained infamy by hacking a major system allegedly to help. Do you support such actions and why? Are virus/trojan writers, hackers, and spammers doing a noble deed or going about things in the wrong way? If you don't agree generally, are there exceptions when online vigilantes are fully in the right? Is the accessibility of vulnerabilities a good excuse to partake in such actions, or should there be ethical bounds regardless?"

18 of 273 comments (clear)

  1. Vigilantes, I support you! by Anonymous Coward · · Score: 5, Funny

    Please don't hack my computer at 127.0.0.1. Thanks!

    1. Re:Vigilantes, I support you! by RLiegh · · Score: 5, Funny

      Damn; whoever that is has some GREAT porn!!!

    2. Re:Vigilantes, I support you! by jayhawk88 · · Score: 4, Funny

      The sun rises in the east and sets in the west.
      Spring follows Winter follows Fall follows Summer follows Spring.
      The moon follows its phases across the sky, the constallations move in the same patterns that they have for 10,000 years, and the planets dance the same waltz they have since the dinosaurs roamed the earth.

      Yet none of these things is as predictable as a "127.0.0.1" joke in a Slashdot article about hacking.

  2. If you know who it is by John+Harrison · · Score: 5, Interesting

    Report it to the authorities. Alternately, post the info here on /. and then don't worry about it. Somebody will do something, and it won't be you.

    --
    Lasers Controlled Games!
  3. i'll just kick your door in by vena · · Score: 5, Interesting

    to show you how much you need a deadbolt.

    yeah, no, that sounds like a bad idea.

  4. What do I think? by pedantic+bore · · Score: 4, Interesting
    They're criminals.

    This is like me punching someone in the nose and saying "Why didn't you take karate lessons, for crying out loud? It's your own fault it's so easy for me to punch you. You should consider this assault a personal favor."

    --
    Am I part of the core demographic for Swedish Fish?
  5. Assumption of anonymnity by Stubtify · · Score: 5, Informative

    Why is it people expect to be anonymous online still? If you want to interact with people and have them know your name, birthday, address, etc then that's up to you. However no one is stopping you from using a fake last name/address/bday and still interacting on the same level. Why is it people put personal data in obvious places, and then get mad when someone shows how easy it is to discover that data.

  6. Yes and No by Cranx · · Score: 4, Insightful

    Discovering weaknesses is good. Exposing them publicly without giving the vulnerable company time to fix them is bad.

    1. Re:Yes and No by Dr.+GeneMachine · · Score: 4, Insightful

      Quite right. Which leads to the question why this guy had to collect 10000 screen names + user data? It would have sufficed to show that it can be done and to report it to the company, and, if the company shrugs it off, to the user base. Finding and reporting weaknesses is one thing, exploiting them yourself for greater effect is at least questionable.

      --
      This comment does not exist.
  7. Sumbling is okay... by applef00 · · Score: 5, Insightful

    My opinion has always been that if you stumble across somthing, then you should absolutely tell those that need to know, and NOT the general public (at the very least, not until those responsible have had a reasonable chance to repair whatever the problem was). However, purposely breaking in to private servers to show how much they need to beef up security (or similar such actions) is tantamount to breaking in to someone's home to show how bad their door locks are; it's breaking and entering, and it's a crime. If you want to do penetration testing, you really need to get permission from the owner before they start tearing in to their system.

  8. Do you know what the word "Vigilante" means? by autopr0n · · Score: 4, Informative

    Because it seems like you don't. A vigilante is someone who tries to bring people to justice by working outside of the law. The key here is that they are doing something which they belive is moraly right.

    From your description, it sounds like someone just... grabbed some published information and started threatening people with it. There's no indication in your writeup that this person was even trying to do something 'good'.

    --
    autopr0n is like, down and stuff.
  9. Re:reportchildporn.com by julesh · · Score: 5, Insightful

    anyone who uses p2p apps should join up. they request that you only report websites and stuff, but ips and timestamps are probably fine. all the reports are forwarded to the appropriate law enforcement agency.

    Problem is, without downloading it, how do you tell what's child porn? Don't tell me you can tell by the filename, because you can't. There are people out there who label ordinary stuff as child porn. I don't know why, maybe because that makes more people download it (??).

    And if I had downloaded some, I'd delete it quick and not tell anyone, just in case. Call me paranoid, but too many people have got themselves in trouble by trying to help out lately.

  10. Speed of the Internet vs The speed of Justice by cluge · · Score: 5, Interesting

    Considering the lack of speed and sometimes lack of ability when it comes to investigating cyber crimes, on line vigilante's may be the only option. This type of behavior does 2 things.

    1. It provides some deterrant

    2. It forces law enforcement to step up to the plate.

    Example? There is an on line porn site that has pictures of a girl, about the ago of ten having hard core sex with an adult. I found out because a domain I admin with a catch all e-mail was recieving bounces from this sites spam. I reported it. Nothing happened for a few days so I traced the actual source of the pictures to a freeserver. The pictures were removed in minutes, I continued to follow the sites from free server to free server until it stopped working (I haven't checked in a while).

    I made that persons life more difficult and hopefully caused him to leave more "trails". Each free server admin I talked to said that they would save any logs that they had. Now why couldn't the police do what I did for the 2 weeks or so?

    cluge
    AngryPeopleRule

    --
    "Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
  11. As long as they wear...... by ericdano · · Score: 4, Funny
    AS long as they wear tight fitting clothes, have whips, and basically look like Catwoman or Sandra Bullock all will be well.

    Maybe I'll misbehave a little to get some "punishment" ;-)

    --
    It's either on the beat or off the beat, it's that easy.
    I moderate therefore I rule!
    --
  12. Vigilance != "vigilante" by Doc+Ruby · · Score: 5, Interesting

    Vigilance, watching for problems that affect our community, and then telling the community about noticed problems is what is known as "civic duty". Using authorized access to community resources, then notifying the community that such access creates risks greater than they accepted, or expected, is a community service. Especially when that access, authorized by the community itself (eg. via a webserver), has subtler implications than are discernable to most members of the community (eg. non-techs). If we see something going wrong, it's our responsibility to tell people about it. That makes everyone safer.

    Vigilantes do more than just find problems. They act on their information, using their judgement to change the problem, supposedly into a solution. But justice is a specialized process, like science. When unqualified people engage in risky acts with dangerous consequences, they expose the rest of the community to unacceptable danger. Looking for problems, and telling us about them, protects us. Acting on one's own, especially without telling the rest of us, creates risks as severe as, or worse than, the "problem" being "solved".

    Eternal vigilance is no vice.
    (with no apologies to Barry Goldwater)

    --

    --
    make install -not war

  13. Re:vigilantes DO damage by Artifakt · · Score: 4, Insightful

    First, I agree with you, if you mean that it's better to hear the news from a typical vigilante that to only find out when your most sensitive information appears in the hands of a competitor or plastered all over the net.
    Second, that's part of a larger picture. If you get hacked by a script kiddee, and he only appears to get to your web server, the same questions apply. Are you lucky to get the wake up call from a mere website defacement insead of finding a trojan that's been sitting for months in accounts recievable? Possibly, but how do you know the intruder only got in as far as it first appears, and how do you know no one else better than him hasn't done more? I'ts all a spectrum, from a vigilante who really didn't screw up anything, to one who accidentally did some damage, to a web site defacement that's easy to fix and relatively harmless, to harvesting personnel information for head hunters, to harvesting customer information for spam lists, to the most serious crimes that can cost a company millions.
    Anybody who falls victim to one of the less serious sorts can breathe a sigh of relief that it wasn't one of the worse ones, and for their blood pressure's sake they probably should, but they still need to think about what it implies about their chances the next time will be successful, and for worse consequences.

    --
    Who is John Cabal?
  14. Re:Stumbling is okay... by wassy121 · · Score: 4, Interesting

    I completely agree. I have been both the stumblee, and the stumbler. When I accidently found all the social security numbers of everyone in my school, I emailed the teacher that posted the datafile to a public portion of our shared server (retard). He promptly fixed the problem, and never said anything else about it besides a humble 'thanks'.

    I also have done white-hat work. It is kind of polite to find those 'nice' hackers that will get in through a known hole and just put a HACKER_README in /root. Says how he got in, and that I should close the hole. No rootkit, no security compromise (trust me, I looked for quite some time). This was quite possibly the best kind of vigilante. Saw the problem, exploited it to show that (s)he could, and left.

    I say this guy went a little far with 10k emails. I think 100 would have proven his point, but who am I to judge?

    --
    --If I said something interesting it probably wasn't correct
  15. Re:cover all yer bases by Doomdark · · Score: 4, Informative
    And if good old Noah's flood did happen it might have screwed up the climate something rotton so there goes the basis for carbon dating (carbon ratios in the atmopshere).

    Doh. "might have screwed up"? I'll counter with "no it wouldn't". Care to explain why exactly that would have made it invalid, or skew results significantly enough to produce multiple magnitudes of order discrepancies? And your "Adam and Eve" angle was truly bizarre: are you claiming they lived in there for eons before that supposed 6000 year period started? Or that unlike the bible says, there was a specific, gasp, l Granted, similar excuses are rather common with fundamentals, but I'd expect more from someone who truly tries to convince crowd (Slashdot readers) that supposedly has stronger natural science background than the average US population.

    Your comment is either fundamentalists sly take on abusing the (too) common relativist attitude of too many people (even educated ones have), or part of that apathic relativist agenda. "In fairness' sake, let's consider unfounded claims of one non-open minded party, no matter how easily debunkable they are" (as in trying to claim evolution a "controversial" subject when it's not one at all). That's not fairness, that's being gullible and letting fanatic minority abuse the good nature of people (well, plus bad self esteem less educated folks have WRT anything smelling of "science").

    The debates between fundamentalists with their cemented views (having painted themselves in corner with fundamentalist interpretation of their holy book, be it bible, quran or whatever) and scientists (or people with strong natural science background) are uneven battles of wits, one side generally being unarmed. The end result is that "intelligent design" proponents end up pointing ostensible contradictions in tiny details, and trying to convince those completely derail whatever theory are railing against.

    Finally, note that while I do consider fundamentalist believers bunch of ignorant cuckoos, I have no problem with normal pragmatic religious people. Most christians do NOT believe in literal interpretation of the bible; only the vocal minority in US of A tries to present different picture.

    --
    I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes