Slashdot Mirror
Vigilante Hackers use Old West Tactics for Justice
dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.
Or Robin hood?
ajf
I truly often wish that sort of justice were legal... When the law can't back itself up and the people can...
-----------------------------------------
Remove the Greed which plagues mankind.
that's why my citibank fansite was defaced!
i love how gov. agencies will probably crack down on the hackers defacing the phishing sites, but do little to nothing about the phishing sites/people themselves its all about the quick solution, not trying to go towards the deeper problem
I'm glad somebody's doing something about this phishing / spimming epidemic, we really have no need for them .
"The Geeks, the Pasty and the Unbathed"
__________
|rip/\/\aster
...but we had the same story, by a different news source a day or 2 ago.
If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.
But are they Irish?
Dear Sir,
My name is Dr. Samouismai from the royal family of Nigeria and I would like to offer you a proposal that you may find compelling.
I have recently come into an inheritance of goatse pics and I feel that I can not hold all of it safely. I would propose that if you agree I will hold 26 million of these pics in trust for you to deposit at whatever place you wish to keep them.
I would like to meet to arrange this as soon as possible. If this deal succeeds, I would also like to discuss the possibility of you acquiring my collection of 4.3 million woopie cushions.
Sincerely,
I forgot my real name but I usually go by Jack Ass
Most scam artists are smart enough to set up sites from free hosting companies, or use stolen credit cards to purchase paid hosting from legitimate hosting companies.
Hacking into these legitimate companies doesn't do anything to hurt the scammers.
eTrade SUCKS
I am proud of doing it, and also informing people when a spammer has hacked into their site and posted a phishing site. I think it's the right thing to do, and am glad to see that there are others out there trying to do something.
Larson added, "We would rather see the industry itself find solutions."
So would we.
There has been a long history of hackers doing good on the internet. I think this is just another step in that story. Hackers have been misrepresented in the media for many years, and I for one am glad to see that for once they're getting some good press.
We just don't see enough people hanging from trees for marrying outside their race.
Oh, your concept of right and wrong is different from mine?
fighting fire with fire sometimes works...
You can tell I'm an aries because of my ram.
n/t
I'll raise your Citibank card with my King George XIII Washington Mutual.
I just wish they were carrying AK-47s -- and using them -- against the scammers/phishers/etc.
RHCE; are you certified? Karma: ambiguous.
The people will police themselves when the law cannot. It's just sad to think that the one true hack that can't be completely controlled is the human one. Social engineering will be around as long as people fail to get a clue.
"There are more important things than stopping terrorism. Upholding the Constitution is one of them." - Ars Forumer.
No I didn't read TFA
but if they resort to ddos attacks, the quality of service will be reduced for other users of that hosting company, best to get in contact with the hosting providers first, then if nothing is done, release the flying monkeys o/
Even though its not legal what the 'white hat hackers' are doing - Who is going to put in a report against them? If the phishers report them, they end up reporting themselves to the authorities in the same instance. By the way, most comic book heroes are known as vigilantes - small price to pay, dont you think?
Comment removed based on user account deletion
I have a little PHP script that I use whenever I get a phishing email. The script generates fake credit card numbers, expiration dates, etc. and repeatedly hits the phishing site's form dumping in random info.
;)
Any halfway intelligent phisher would record the IP address of each submission and just dump all of mine when he saw there were bogus, but it makes me feel good that I at least wasted some of his time
"People that quote themselves in their signatures bother me" - athakur999
My name is Dr. Samouismai from the royal family of Nigeria and I would like to offer you a proposal that you may find compelling. ...
Sincerely,
I forgot my real name but I usually go by Jack Ass
Grandma, grandma! My what short memory you have...
The procfs, the /dev/random, and the SIGHUP.
PS: An office is not justice; an office is a momentary duty performed on your behalf as a mercenary (for hire/bought/payed).
without prejudice
So where is the FBI and the DHS when you need them? I would have thought that outright fraud would be considered more of a crime than downloading a crappy quality avi of a movie. Obviously the money of rich people like George Lucas is more of a priority than that of normal citizens. We are quickly becoming a society where the most heinous act you can commit is to put a dent into company profits.
Blessed are the 1337, for they shall pwn the earth.
The links these so-called vigilantes place on those de-faced sites saying:
;)
:D
_ __
"link to the bank's real web site"
he he he he he he
Regards
Arash Partow
_______________________________________________
Be one who knows what they don't know,
Instead of being one who knows not what they don't know,
Thinking they know everything about all things.
http://www.partow.net/
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
In keeping with old west customs, when hijacking a web page use the following phrases:
"YEEEE HAWWWWW, RIDE 'em cowboy"
"I know what your thinking, did I use 5 scripts or did I use 6, well today is your lucky day, punk."
"SSHHHAANNNNNNNNNNNEEEEEEEEE!!!!!!!!!!!!"
im out of ideas, feel free to continue
Check journal for info on Anti-TextBook, an idea by me.
We'd only expect an article about the Old West and technology from Cowboy Neal.
Hacker-man, Hacker-man
Does whatever a hacker can
pwns fake websites, any size
Catches phishers, just like flies
Look out! There goes the Hacker-man!
Is he strong? Listen, Bud!
He's got caffinated blood.
Can he type from a chair?
Take a look over there.
Hey there, there sits the Hacker-man!
In the chill of night,
At the scene of the crime
Like a streak of light
He arrives just in time
Hacker-man, Hacker-man
Friendly neighborhood Hacker-man
Wealth and fame, he's ignored
Action is his reward
To him, life is a great big bang-up
Wherever there's a scam-up
You'll find the Hacker-man!
a userfriendly comic where Pitr is upset at being spammed. He discovers that the mail servers are Linux and are inseucre. The next clip is of a guy behind a computer frowning at "su: user does not exist." Theres a followup comic where all of the spammers Internet Traffic are routed to Mars. "But Mars doesn't have any... oh." All this really means is that eventually phishers and scammers will get smarter and run TrustedBSD, OpenBSD, SELinux, or some other hardened variant using mainly static pages and highly developed systems. It's really a never ending battle.
Hacking into these legitimate companies doesn't do anything to hurt the scammers.
If the vigilantes take down the scam site, then they may prevent some people from falling victim to it. It may not hurt the scammer, but it might protect the innocent.
And, frankly, these "legitimate companies" should do more to prevent the use of their services for fraudulent purposes. Say, writing a script to search though the hosted material for the phrase "bank account" and flag any occurrences for human review.
I can't say I approve of this behavior...but it might have a positive effect, as well.
Just mod him up, and let the political correctness be damned.
it doesn't seem like defacing the site would send much of a message--aren't they generally hosted on compromised boxes, by someone who has hundreds of other compromised boxes?
wouldn't it be a better idea to find the people behind them (it's not too hard...) and go from there?
The white hats, the black hats, and the 1337...?
Instead of defacing websites?
If they are smart and talented enough to break into a webserver, they could use those skills to set up some sort of clearinghouse for phish sites to avoid that could be done as some sort of proxy + RBL for phish sites. Better yet, program a web proxy program that does something simple:
Compare the href tags in downloaded webpages with the displayed links. If the 'root' domains don't match, imbed a warning in the HTML page before it is sent to the browser for the user to see. The proxy could be programed to look out for spoofery involving internet giants like eBay PayPal and the like. Of course this could be construed as a copyright violation for modifying someone else's webpage (unless you happen to be Google with their Google Cache).
After all, the quicker someone, anyone puts an end to the illegal (world) bank system, the better off all the poor and working stiffs will be.
The people who are *supposedly* defrauding innocent people, are actually only taking from the rich.
Those rich bastards are not loosing anything anyway (mostly) because the pig-banks will reimburse them.
Think about how much banks contribute to society; some fat bastard sits there in a fancy building, waiting for someone who doesn't need money, to come in and deposit their riches that they stole off the working class stiffs. Then mr. piggy-banker gives the rich man more money so they start another (legal) scam called a *corporation*.
I say use vigilantiism to burn the banks down (or better yet turn them into homeless shelters or clincs for the disabled) and arrest everyone involved with the banking industry for the last 50 years or so (to start out with) and give the 'scammers' a position of authority which they are earning. :)
-- Don't hate me cuz I'm ugly
I will gladly loose all of life's battles.. in order to win the war..
"They missed a spot: http://www.microsoft.com/"
Giggle giggle *SNORT* tee hee.
Thanks for the laugh! My anti-M$ bias needed a little stroking today.
"Derp de derp."
online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them
Besides the fact that self justice generally is a bad idea, how pointless is it if there are thousands and thousands of those sites?
And it seems pretty obvious to me that it will be easier to set up new sites than taking down existing ones.
If you really want to do something against those scammers you need to follow the money trail.
Now, when they drive up to the operators' houses and kick down their doors and then shoot them in the knee-caps as they're attempting to run away, that'll be cool.
We don't see enough of the community burning crosses on the lawns of people who are unwanted in our neighborhoods.
Oh, your definition of criminal is different from mine?
but it's not going to make much of a difference. some reasons being... most scammers put up sites knowing that they'll be temporary and/or of little harm to their financial/legal status if taken down or investigated. hack all you want, it costs them nothing to put one up again. also, pretty much every human action is incentive driven... scammers are driven by the promises of easy money with very little start up costs, while those "hacking for justice" have the harder job of breaking into a site (at least harder than it would take to put one up) with only personal satisfaction as a payoff. the result being, there will always be more scammers than people fighting them... until the same incentive, like being paid to, exists.
ok,
..so some not so good guys doing some bad stuff
... it's the wild f&*($'n west.
/nev/dull/c
(ie. hacking into webspaces (to host phishing sites (highly illegal))
get their hacked stuff hacked into, by these good guy white hat hackers
(super-Gandalfian data-magus overlords), who take over and expose
(0wn3d 45535) the bad guys to show them who really has the net going on..
so how does law and copyrights fit into all of this ,
get on yer horse and ride (use linux),
Cthulhu Saves -- in case He's hungry later.
#!/usr/bin/perl
# This is a perl script I wrote to piss off the phishers. What this
# script does is generate fake credit card numbers that look like real
# credit card numbers. This way, I can add bogus information to
# phishing sites that looks legitimate
# License: Public domain
sub verify {
my($cardnum) = @_;
my($a,$b,@cc);
for($a = 0;$a < 16; $a++) {
$cc[$a] = substr($cardnum,$a,1); }
for($a = 0; $a < 16; $a+= 2) {
$b = $cc[$a] * 2;
if($b > 9) {
$b -= 9;
}
$cc[$a] = $b;
}
$b = 0;
for($a = 0 ; $a < 16; $a++) {
$b += 0 + $cc[$a];
}
return $b % 10 == 0;
}
for(;;) {
$d = "54"; # Some phishing sites only accept cards where the
# first numbers look like they come from a bank
# This looks like a generic US MasterCard number
# (MasterCard is actually 5[1-5], but I'm too
# lazy to make the second digit a random number
# from 1 to 5)
for($c = 2 ; $c < 16; $c++) {
$d = $d . int(rand(10));
}
#print $d . "\n";
if(verify($d) == 1) {
print $d . "\n";
sleep(1);
}
}
Whoever modded you "troll" must have no sense of humor. That's one of the funniest things I've seen lately.
The higher the technology, the sharper that two-edged sword.
, they could use those skills to set up some sort of clearinghouse for phish sites to avoid that could be done as some sort of proxy
Because it doesn't take much intelligence, talent or initiative to 0wn a web server that is running unpatched software?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Its all well and good until someone feels cheated by a real bank, and defrauds their site. Justice is best handled by an organized police force. To bad no such thing really exists on the internet.
I am currently discussing this topic on my site. Would harmlessly spoofing phishing sites in order to shock unsuspecting victims into learning about this particular danger be legal? eg: could you setup your own phishing site which instead of stealing info, instead educated the victim once they fell in the trap? or would this also be illegal?
--------------------- Turn evil by smiling.
DO this at home!
I believe our Founding Fathers, well-versed in the technology of the day, said it best:
Raise your children as if you were teaching them to raise your grandchildren, because you are.
Hack the phishing server, fire up a torrent tracker and post a link to some US chart music or movie downloads. ref: http://yro.slashdot.org/article.pl?sid=05/05/25/22 6228&tid=95&tid=17
That way, the FBI, RIAA, MPAA will all be round there in about 10 minutes flat.
Contribute to the online videogame encyclopedia: GamerWiki
I really hope this is flamebait. Else, you're just an idiot.
If it was really such a bad deal, do you really think people would borrow money? If anything, banks create more lending by creating more efficient lending. With more efficient lending and competition among banks, you get lower interest rates for borrowers. Congratulations sir, you are an idiot.
The small band of vigilantes who are fighting the Chinese frauds are typically Westerners. We have a setup akin to "Star Wars": a small group of rebels are fighting the Chinese empire.
I take issue with this statement. Yes horses are not as popular as they once were, but that doesn't mean they are completely out of the picture. Why you automatically assume that everyone else subscribes to your horseless worldview, I have no idea.
My genetic programming website: http://www.helpmefigurethisout.com/
"When Justice is outlawed. . .The just become the outlaws."
I support them. It's another mark for Whitehat's. I only truly wish that more people would take it in to thier own to do what they do. They no doubt will be sought for defacing the websites. But, I'm almost certian that everyone here would agree that what they did is justice. When laws have restricted those from doing what the law can not do it only opens it up for more violaters. I say that our society should form a gathering to further promote justice that laws are bounded from.
When some is being stabbed you would step in right? If you step in so will every one else with half a brain and a good heart.
"Forget it. 14 year old Linux-zealots just don't get your point."
Of course they don't. That's why you hear some of them in the copyright threads, mixing in civil rights, hitler, gandhe, etc. Some of us here are old enough (and the right skin color) to remember.
'Warning - This was a Scam Site...If you would like to aid us in our future attacks on scam sites please enter your credit card number and expiration date in the fields provided below.'
Or are you saying that because there are poor people in the world, it's not OK for me to attempt to improve my lot? Not particularly at the expense of anyone -- but I'd like to move out of a small apartment with a mostly absentee landlord, get a slightly newer car, upgrade my computer a bit more often... And as best I can tell, that all gets harder without banks. And if you're saying that I shouldn't improve my position until others are better off, I have news for you -- there are a lot of reasons why those people aren't better off, and addressing them is a much better idea than dismantling the global economy that is actually (theoretically) capable of helping them in protest.
Parent post is clearly a fake, it claims the code is Perl, but I could read and understand all of it.
POWER TO THE PEOPLE!
Although changed I rise again the same.
But I still see the ultimate fighting back as assuring that there's no "back" to fight from, i.e. work around the spam/scamers, don't go where they lurk, and you'll have less fights to extricate yourself from!
It has been noted, fighting back only gets you in trouble with the gov., while they go on coddling the assholes. The funny thing is, the decent people consistently fail to get a clue about who their government's favorite kind of person is, 'cuz then they'd move where they're more welcome, taking their IT skills with them.
Problems like these should be solved by technology. The time and energy of talented hackers is wasted on vigilanteism. The digital world has new rules and new capabilities.
Sorry, I know good engineering work is harder, much less exciting, and much less satisfying than hacking the enemy directly, but why play whack-a-mole when you can make them obsolete? Ok, enough ranting. I hope y'all had fun.
Care about electronic freedom? Consider donating to the EFF!
It's about time.
Sometimes I comment just to hear myself typing.
In the sense that if no one comes forward asking for charges to be pressed then it is legal.
I mean, think about it, who would be asking for the charges to be pressed?
The website owners. The very ones committing fraud. If they want to contact the government and say that some haxors are getting in there way of some harmless fraud then I say, go for it.
Vigilante Hackers use Old West Tactics for Great Justice Move Zig
Yeah, I'd say you captured the spelling skills of those vigilantes. Judging by /., anyway.
You have the depth of thought of a 12-year old. If you're younger, congratulations.
I see this as another example of the self-policing that goes on here on the internet. Slashdot is another example on several levels. For example, this forum provides a means for people to express their feelings about a variety of subjects. And this forum is not mob rule, we moderate each other, and we moderate the moderations. Inflammatory and extremist talk is not tolerated silently.
On another level, Slashdot is the pulpit where the topic of freedom gets a lively and ongoing discussion. Freedom to use and create software, freedom to exchange ideas, data, tools, freedom of expression, etc., etc.
The 'net is not quite the free-for-all that some believe. And this self-regulation, self-policing, self-examination that is already the norm, is proof of the responsibility and maturity of so many here who make the net what it is; a cool place now, and a thing of hope for the future. So the idea of people going out and disrupting bad behavior on the 'net is a virtual tradition. To me this is a very good sign.
Let's continue working to keep the gummint's clumsy hands off the 'net. I know they made the net, but it has grown in size and importance because of public involvement.
Best regards.
Here's his lame phishing site: http://66.246.90.93/~testing/ebay/secupdate.html
. php
And here is full shell access to his web server via a web page: http://manta.dnsvelocity.com/~testing/cgi-bin/mzz
I'm a Middle East (1917-1995) Historian by day and an Old West Historian by night.
This really isn't an "Old West" tactic, but a tactic used in the United States, UK and other nations with a tradition of Common Law or the inclusion of extensive non-statutory law reflecting a consensus of centuries of judgements by working jurists.
As times changed laws became codified and the power of the People to enforce the law were erodded in the United States and other countries.
A Judge had to own 500 acres of land without debt on the land and they had the power to cherry pick what they wanted in terms of the law for the circumstances. Law then was terrible complicated, looking at a History of American Law by Lawrence M. Friedman shows that it's terrible complex and not nearly codified enough to just throw out a list of laws and punishments. Since the law on the frontier was often a copy/paste affair and made up by the Judges and not codified, a Judge had the power to make up laws. Like Evesdroping in 1808 or Droping a Dead Body into a River in 1821. Federal Judges started to go wild with common law crimes after U.S. V. Hudson and Goodwin in 1812.
This case allowed a Federal Judge or define a crime and issue a punishment for it. Codification would stop this by defining what was a crime, and stop a Judge from making up a crime.
A Posse wasn't normally a group of people acting as vigilanties, but a Posse is a group deputized by a Law Enforcment agent (Town Marshal, Sheriff, Federal Agent, etc) for a fixed duration or event since communities didn't have large standing forces.
Some examples from an essay I found on the web a while back while researching the law in the 1860s
Citizen's Arrest
Students of the law should note that both a statutory and common law basis for a certain degree of "vigilante behavior" is well founded. Indeed, in an era of lawlessness it is important that readers be advised as to their lawful right to protect their communities, loved ones and themselves by making lawful citizens' arrests.
First, what is an arrest?
We can thank Black's Law Dictionary for a good definition: "The apprehending or detaining of a person in order to be forthcoming to answer an alleged or suspected crime." See Ex parte Sherwood, (29 Tex. App. 334, 15 S.W. 812).
Historically, in Anglo Saxon law in medieval England citizen's arrests were an important part of community law enforcement. Sheriffs encouraged and relied upon active participation by able bodied persons in the towns and villages of their jurisdiction. From this legacy originated the concept of the posse comitatus which is a part of the United States legal tradition as well as the English. In medieval England, the right of private persons to make arrests was virtually identical to the right of a sheriff and constable to do so.
A strong argument can be made that the right to make a citizen's arrest is a constitutionally protected right under the Ninth Amendment as its impact includes the individual's natural right to self preservation and the defense of the others. Indeed, the laws of citizens arrest appear to be predicated upon the effectiveness of the Second Amendment. Simply put, without firepower, people are less likely going to be able to make a citizen's arrest. A random sampling of the various states as well as the District of Columbia indicates that a citizen's arrest is valid when a public offense was committed in the presence of the arresting private citizen or when the arresting private citizen has a reasonable belief that the suspect has committed a felony, whether or not in the presence of the arresting citizen.
District of Columbia Law 23- 582(b) reads as follows:
(b) A private person may arrest another -
(1) who he has probable cause to believe is committing in his presence -
(A) a felony, or
(B) an offense enumerated in section 23-581 (a)(2); or
(2) in aid of a law enforcement officer or special policeman, or other person authorized by law to make a
Remember the basic rule of the FBI: "Don't embarass the Bureau." Visualize TV coverage of truckloads of donuts arriving at the Hoover Building.
The FBI's excuse for not solving crimes is supposedly that they're working on terrorism, but that's what we pay Homeland Security $33 billion for.
"This is similar to what we've experienced before in the Old West," Cassidy said.
I definitely laughed when I read this line.
But seriously, if people with time on their hands want to defang phishing sites, more power to them.
To all the people worried that the authorities will track these guys down and prosecute them: I don't think these so called 'white-hat' hackers will jump to the top of law enforcement's todo list.
We have to protect ourselves, and yet the Department of Homeland Security has no problem stepping up to the plate and prosecuting people like elitetorrents.org, and the FBI has no trouble finding time to requisition the servers of www.indymedia.org .
Sure am glad at least somebody is looking out for me.
-- force and mind are opposites; morality ends where a gun begins ayn rand
I've never seen a movie that had a harder time trying to pick it's genre
... or maybe we can just convince the hackers that there's a terrible injustice being done by slashmath?
The issue isn't an illegal act that can be proscuted it's an illegal act outside of the practical reach of the law. However the lack of power of the law to reach the crooks will also protect the White Hats to some extent.
What happens in Ebonia Stays in Ebonia.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
What are the phishers going to do anyway? Complain to the FBI that some bad person took down their fake bank? Heh, probably...
These vigilantes better watch out, though. Law enforcement has a way of coming down harder on people who make them look like they're not doing their jobs, whether that's true or not, and especially if it's true.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Contrary to apparently popular mentality, this is not a good thing. Laws exist for a reason. If they can find these servers and hack/deface them, then they should be able to search the drives and find out whom the owners are (or where they are coming from). From that point, they could be sued and further legal action could be brought. Defacing the sites only makes the bad guys remaster their machines/relocate them, or harden their systems more.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
Check out the screenshot of the hacked website... somebody is still using OS 9!
Here I am, minding my own business, trying to protect people by setting up a very similar web site to their bank so I can "store" their credit card numbers for them, and some jackass goes and defaces my web site.
I never felt so insulted in all my life. Well, then. If that's people's gratitude, I'll just stop that and if they lose their credit cards, they're on their own.
Thats a very good idea!!! When I first read it, it reminds me of the "VOID DO NOT COPY" on originals when u send them to kinko's to be photo scanned. I think embed images would be the best..
Have back ground, 70% transparent images, would require a new image format. The embed file would require a key to be send back to not display, only if the key is correct and coming from a trusted site (not sites, any plural =s CRAP SECURITY).
People look over the SSL lock and dont care. If they see these images saying in the back ground "Stop now your an idiot for continuing" then maybe, just maybe my mom won't screw us over again!
... and not by the ISPs, who are going to make more money by selling the phisher a second, third, or 100th account ...
I agree that what they did was justice, and justifiable. If the phishers aren't happy, they're free to "tell it to the judge", but I don't think they'll be in too much of a hurry to do that.
Could someone tell these guys to bring down all those Al Qaeda (and assorted copycats) websites with beheadings and terrorist messages on them?
FAA Certified Flight Instructor
The only thing evil needs to triumph, is for good men to do nothing.
*DrugCheese rants*
#!/usr/bin/perl //, $cc) { $sum += $digit; } /.(.)/, $cc) { $sum += $digit; }
do {
my ($cc, $sum) = '54' . (join '', (map { $_ = int rand 10 } (1..13))) . '0';
foreach $digit (split
foreach $digit (split
$cc =~ s/.$//;
print $cc, 9 - ($sum % 10), "\n"
} while (sleep 1);
Get rid of everything Micro and Soft: Buy Viagra and/or Linux
Is it strictly a /. phenomenon that rich bastards, etc. loose things instead of losing them? Maybe this spelling anomaly is confined to those in the community who do not use banks but instead stuff their hard-earned dollars in holes strategically cut into hard-to-find places on their mattresses. I hope they do not loose their secret mattress treasure maps.
I'll be your candy shop of infinite deliciousity if you'll be my discotheque of endless rump-shaking.
Heck pardner, defacing sites is for kids!
We'll know that Old West Justice has been served when crackers and phishers start showing up dead, hanging from the rafters. A fitting end fer 'em too, if I say so myself.
Too bad this is all they can do to these scums.
A good and thorough thrashing would do wonders on these low lifes.
I fully, 100% support the actions of these vigilantes. When the law fails or refuses to distribute justice, it falls to the people to take the law into their own hands.
Thank you to everyone involved and keep up the great work!!
ravenspear, that is the funniest thing I've read on the interweb in WEEKS. TRULY clever writing. I'm saving that piece for a colleague
Nobodies Prefect
Tidbits for Techs Technology Blog
It worries me that no one here has given a thought to who may be behind these scams. Organized crime may be behind phishing "Fools rush in" and all that.
This is merely the immune system of the internet kicking in
...the people running those fraudulent sites will end up getting the hackers thrown in prison for terrorism or something.
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
Sheeeez, should be obvious. It's not vigilante hackers doing the "right thing" and hacking scammer websites. It's other scammers hacking their competitors. Basic Business 101.
So back in the late 90's when DoS and DDoS attacks were still viable wasys to take down a website, I brought down kkk.org, free-rapes.com, and nsp.org (fascists). Why not start taking SOCIAL JUSTICE into our own hands?
Direct action, in its simplest of form, is very effective. The problem of course is the open-space of diversity. Phishers are obviously morally misanthropic to cyber-space but there are issues that permeate the digital border to realms other than our bank accounts. Such realms as hate, dehuminization, and freedom of speech, could be extricated from the web if we made the web hostile enough.
From the second link in your google links...
"This type of argument is by no means invariably fallacious, but the strength of the argument is inversely proportional to the number of steps between A and Z, and directly proportional to the causal strength of the connections between adjacent steps. If there are many intervening steps, and the causal connections between them are weak, or even unknown, then the resulting argument will be very weak, if not downright fallacious."
ie: The strength of the slippery slope argument can be measured by calculating probability of (A leading to B) and (B leading to C) and (C Leading to...) Unless one of those probabilities is zero, it is a valid chain of logical reasoning.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
lol, where are my mod points when I need them
Frylock: "We should have cloned twenties, Jackson wouldn't have given a fuck."
I am normally not for vigalante justice.
But in this case no-one is being hurt. The only thing that happens is some innocent people cannot use the fake website. It's not like a DDOS attack on a Phisher site (which causes very real problems for others), it's a sublte and free manipulation of the world that really has no downside.
Sort of related is an article I just read today, basically noting that in a world where people can so easily reach out for information they are better off with news and help from people who know more than "officals" who are inherantly removed from the situation do. In the same way why should we wait for the goverment crackdown of Phishers than can never fully come because of resource drain, and instead fix the problem as best we can? Defacing Phishing sites seems like an optimal approach as it denies them the reason (money) for continuing.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Once again we(I) bow and pay our(my) respects to the boys(and girls) in black(or whatever color they may have on) Thank you. I think in a land that has almost no enforcement, it is nice to have these individuals who will help the vulnerable. Don't get me wrong, I wouldn't want it a harshly controlled environment, where you say the wrong thing and get in trouble; but i think for these individuals to take on this, is actually a noble thing for them to do... heheh.. next thing you know, they will be writing worms that use a newly found vulnerability of a piece of software, or OS, and automaticly patch the whole before it can be exploited. and then make it so it is self terminating after a certain date.
If anyone can tell me what exactly is either cool, innovative, wonderful, awesome, or so damn interesting about Google I will offer up my mod-points for whoring. I don't think anyone can come with a convincing argument. As usual, media drummed it up and you let it ring in your reptile brain. It's a search engine. It may even be the best search engine. And it has an extensively sized mailaccount. And supposedly they're not doing this for money or some other stupid horseshit from more reptiles. But no one sees it just for what it is, a well-executed Yahoo runner-up. Google is Titanic and the iceberg it is about to hit is the fact that they haven't innovated worth shit since innoculation and crowning.
http://live-shot.com/
How long before we see some spamcop like site for reporting phising (sp?) sites ?
I know I've had varing degrees of success with dealing with some of the scams I've recieved in the email. I think the quickest I've had was getting the site removed within 1 hour (of me getting the email advertising it).
The problem is getting sites in places like Russia etc removed. It's a case of Email through a server in china, whois info has an address in Brazil and the site is hosted in an ex-eastern block country.
Call me when they're beating the crap out of them and kicking them out of the saloon, like that scene in "Unforgiven" where the Sheriff goes all midevil on Eastwood's ass...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
no jury nullification?
Just leave this website up in a tab in the background whenever you can: http://www.aa419.org/vampire/ladvampire.html
My email address contains _nospam, so far so good.
"This is particularly true where the nature of an act (like some innovative new form of online fraud, for example) hasn't been really contemplated by the justice system before."
Although fraud is the strongest law in just about every country for this sort of thing it isn't the only international law being broken. For one, there is trademark law. I would think companies would fight for their trademarks more. In every phising case the fraudster uses the trademarks to foster confusion. That is different from the clasical brick & morter fraud scam. It isn't like your brick & morter scammers can hang a shingle out saying, "Chase Manhattan Bank" and be taken seriously.
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
http://www.aa419.org/vampire/ladvampire.html
Just repeating the URL for clarity's sake.
EVERYBODY, open that URL in a new window/tab and let it run. You can have it in the background or minimise it. In fact, make it your start page if you don't already have any useful start page.
Let's use the Slashdot effect for something good - overloading nigerian scammers' fake websites.
then sites that use an open source OS
then the churches that aint like our own.
vigilante justice is NOT cool.
http://www.aa419.org/vampire/ladvampire.html
I'm hijacking this spot to repeat an important post made further down the page.
EVERYBODY, open that URL in a new window/tab and let it run. You can have it in the background or minimise it. Bookmark it. In fact, make it your start page if you don't already have any useful start page.
"The Lad Vampire" automatically reloads images from fake bank websites used by scammers, exhausting their bandwidth quota.
Let's use the Slashdot effect for something good - overloading nigerian scammers' fake websites.
this reminds me of a board script kiddy friend of mine. 15 year old kid with bot-nets in the septuple digits.
often when he was utterly bored he would ask me to give him something to take down. after about 15 minutes of watching television commercials, i'd have a good collection of URL's from bunco scams like www.11homebusiness.com.
For chuff's sake, get a chuffing grip!
The only people who fall for these things are the ones with no common sense. They are the same ones who, a few thousand years ago, would have been some wild creature's dinner. That's one of the reverse benefits {malefits?} of progress; it has allowed people to survive who would otherwise have perished through simple unfitness to do so, in turn lowering the mean fitness-for-survival of the human race as a whole. Nature keeps coming up with dafter and dafter idiots, but thanks to our idiot-friendly society, the wolves and the tigers are still starving.
For starters, why the chuff would a bank with which you don't even have an account send you an e-mail message? And why the chuff would they use a strangely-named GIF image of some awkwardly-phrased and badly-spelt text, asking you to confirm or update your details and including a bunch of meaningless words? Why the chuff would your own bank send you almost the same message -- but with a few changes to the "text" and a different name for the GIF image?
No bank would ever ask you to confirm your details in such an insecure way as over the Internet. No bank will ever ask you for your payment card PIN -- if it ever gets lost, they will just send you a new card and PIN. Similarly with passwords -- you pick a new one. The plaintext is never stored, just the scrambled form. What you entered is re-scrambled, and only the scrambled forms are compared. And if you want to update anything like your address if you move house or your name if you get married, you have to fill out a stackload of forms in a branch, in front of Bank staff.
You don't need to be a full-on computer security expert to know all this. You just need to have a bit of common sense, and to have read the literature the bank were legally obliged to give you when you opened your account.
IMHO, if you are stupid enough to get hit by a phishing scam, you deserve to lose everything -- and stand as an example to the rest of us. So we can say "Ha ha, at least I'm not that stupid" or "Oo-er, I'd better be careful".
Je fume. Tu fumes. Nous fûmes!
I think it is great todo that.
Sometimes I often wish I could do that too, it is so annoying with all spam and frauds and crap.
If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.
Jury nullification may mean that the accused doesn't go to jail/prison or face fines, but that doesn't mean that life is easy. Simply being arrested (regardless of conviction) can be devastating to many people in high tech professions. It will show up on background checks, it will keep you from getting security clearances...
I'm not commenting either way on the vigilantes, I'm just pointing out that jury nullification doesn't make something legal, it just means that the government doesn't punish you directly.
For me they're doing the thing that should been done by for long time by the authority. Well done.
and let God sort them out - Its the American way
If someone attempts to rob from myself or someone else in the street, I am allowed to restrain that person and prevent the crime if I have the capability, even if the acts against that person would nominally be illegal (for example restraining them or knocking a knife out of thier hand). How is this significantly different? The owners of these sites are commiting a felony, and those who take out the sites are preventing a crime. If they attack a site which was legitimate or destroy someone elses property then they undergo due process, thats why you must be very careful when intervening to prevent a crime. However there is nothing illegal (or wrong for that matter) with preventing the crime if you are capable of being selective about it is there (such as selectively defacing the offending site)?
Maybe this falls into some legal grey area I'm not aware of (incidentally I'm from the UK so my legal system and your legal system may be different).
So, basically, any advertisement (which "makes" customers buy goods, which may, or may not, have the advertised qualities...) is fraud?
You've come rawther close to describing criminal false advertising.
When people get an email from a site like this they should complain to the ISP and datacenter hosting the site. The reason is that most will take swift action against phishers. The ISPs and datacenters I have dealt with usually take action within 24 hours. (That's a pretty fast response--they usually have the site suspended far before the 24 hours). And most send copies of the site including logs to the police.
Don't just take the the thought that someone else will report them. Try it some day.
Now, that being said, if you ever run across an ISP which doesn't care, well let's just say they probably deserve it.
Quality Hosting e3 Servers
Cram your sploit up your blog and go fuck yourself
Cat got your tongue? (something important seems to be missing from your comment ... like the body or the subject!)
Best Slashdot Co
You wouldn't be able to complete the tcp handshake and feed the phisher's server any bogus info (you need the sequence number from the ack the server sends "you"). Depending on how the server chooses its sequence numbers you might be able to guess them, but doing so is non-trivial.
In England in the 18th century many juries found blatantly guilty people "Not guilty" of sheep-stealing because the penatly (death or transportation to Australia) was too severe given the circumstances.
This is an important principle which recognizes the sovereignty of citizens as being supreme at least in some instances.
Sam
blog.sam.liddicott.com
Shooting and killing and criminal cought in the act of shooting someone else is generally illegal (in civilized countries at least). However police get an exception from this rule, and are in fact expected to do it.
Hacking and taking down websites with crimminal intent is something the police should be allowed (and even required) to do.
Sindri Traustason.
Awesome!! If you're reading this, congratulations, now just kill the spammers and we'll give you honors Star Wars IV style.
spam/phishing could have been eliminated ages ago.
what have the hackers been doing all this time?
- trying to take down sites like amazon and ebay that are actually useful
- writing viruses in BASIC. (use to be hackers were real hackers and knew assembly.)
in a blog 2 years ago i challenged hackers to take down scam and child porn sites. what did they do? they wrote more virus in BASIC.
way to go guys, yer real heroes
Stories of vigilante 'justice' remind me of a story in the UK where the media whipped up a storm about peadeophiles. Several people on the sex-offender register were hounded out of their homes and some assaulted. You may call this justice.
When the ringleader of one mob saw that a local woman was a peadeotrician, they stopped reading after the first few letters and she was attacked.
Vigilantes are all good and well when they get it right, but when they get it wrong they are just a lynch mob.
b3 4phr41d 0f my 4bov3-4v3r4g3 c0mpu73r kn0wI3dg3!
MadDwarf
????????????????????? I don't get it... thanks for taking the credit.
For a Few Paypal Donations More
The Good, the Bad and the iPod
Revenge of the Big Endian Chiefs [The Battle of Little Big Architecture]
[% slash_sig_val.text %]
"Larson added, 'They could get it wrong just as vigilantes in the Wild West got it wrong. We would rather see the industry itself find solutions.'"
Yeah well the wild west wouldnt have been wild if they solved the outlaw problem and had significant enforcement of law now would it? Its not "dont hack, wait for the industry to fix things", thats backwards. I say coutinue hacking these phishers UNTIL the industry addresses the problem.
Mike
I heart the RIAA & MPAA, im sure its mutual...
... which literaly means outside the law, so if someone killed an 'outlaw' they would not be punished because the law doesnt protect the outlaws
By reading this, you have given me brief control of your mind.
A different, somewhat less problematic approach has been used by Artists Against 419 They link to images from 419 web sites to slurp their bandwidth which often shuts them down for a while when they exceed bandwidth limitations imposed by their hosting provider.
If you mod me down, I shall become more powerful than you could possibly imagine.
"...on the website SecurityFocus by the purported "white-hat" British hacker group called The Lad Wrecking Crew." I blame names like 'The Lad Wrecking Crew" on the royalty, m'self.
Show of hands, how many people think that these 'doers of good' are still going to be prosecuted?
:P.
Ok, now put your arms down, it's starting to smell in here
In all seriousness, the phishers compromise someone's account and lay their data, then these 'vigilantes' come along and nuke it away, essentially making the unfortunate victim even worse off.
Why romantanticize the exploits of people with the emotional age around five years?
omgomgomg mpu!!
The above conflicts with the pervailing argument that there are too many laws, and you might invariably break one.
to reupload the scam to a different fake url and start over. How long does it take to hack the site? I don't think this kind of "war" is sustainable given the level of automation in web design+spam today.
keyboard not found! press any key to continue...
If you do not take precautions against your server being hijacked, you are guilty by omission. Taking down an insecure server is the morally right attitude, if it's likely that the same server will be hijacked again. If a sysadmin has an insecure server, he will probably do nothing to secure it if the only consequence is some phisher's site being defaced. But if the entire server is taken down, then probably the administrator will take some precautions to secure the server in a safer way.
A physical world analogy is if you see a car parked in the street with the keys in the ignition and no one near. The right thing to do would be to remove the keys and deliver them to the police. By doing this you may be preventing the rightful owner to use his car, but you are also preventing children from taking the car and doing harm to innocent people.
Think if there was a distributed tool where people could submit sites and have a ton of clients spew bad data. it would take a good bit of oversight to make sure this power was only used for good, but it stands a great chance at putting a hurt on spammers/scammers. brilliant!
Have they no pity? Who will stop these vigilantes?
6. Audible Alarm (not shown)
-from a Cuisinart product owner's manual.
Hey cool. I've been doing that myself for the past year with a Perl script designed to repeatedly stuff forms with junk. Every time someone goes phishing in my mailbox they'll net a catch of old boots and rubber tires. I'd like to think that the script serves up enough junk data that they'll have a hard time finding people that did fall for their bait.
Any halfway intelligent phisher It's the comedy that keeps me coming back to /.
Let me translate that quote for you:
"We can't get law enforcement to take action and we find it cheaper to suck up the losses or pass them on to you. In the meantime we'll make a token rejection of vigilantism that amounts to a tacit approval."
Just follow the money trail, right?
The problem is:
You can use stolen credit cards to pay for servers.
You can use public hot spots to access your servers.
You can use fake IDs to open bank accounts to transfer the money to. When you withdrawn the money, do it at a different branch so no one's waiting for you.
Easier then robbing a bank.
"That's so plausible, I can't believe it!" - Leela
Why doesn't microsoft release a toolbar or even just a little box on IE that works like there antispyware. People can submit sites for review that they believe are phishing and if a normal user using IE comes upon it it will blink red and say SITE IS MOST LIKELY A SCAM SITE or something like that. If microsoft has this on by default then wouldn't that help stop most cases of this?
http://seanism.com/
If people are going to deface websites daily regardless of the law as it is, I presonally would rather them do so against illegal sites than putting pictures of penii on a childrens website. It's illegal, and it sets precidents, but theyve already been set, and the laws were already being broken. At least now they are being broken in a manner that (in some aspects) is actually beneficial to internet society.
we should be seening bounties on fraudulent parties which can be collected by those that successfully take them out be what ever means. This way government regulations should get in the way and hacking skills can be used for profit, how nice would that be.
-Tim Louden
Didn't RTFA, but I don't support any form of vigilante justice. The simple reason? They're wasting valuable time. While they're playing games hacking into a sever to post "Haha, I rooted a scam site," they could have just coded some simple firewall rules that anybody could use, and simply publish a list of scam ips and domains on a daily/hourly basis. If they want to help, code something to prevent such sites from showing up at all, like introducing software to recognize pages that are asking for personal information, and rejecting their loading if they aren't already in the user's pre-approved list of legit sites.
Problem solved... legally. It's already done for spam blocking, though noticibly slower. Spyware tools already have the simple functionality to use modified Windows host files.
Fact is, whoever is doing this, they just wanted press, and to be "l33t", and get some type of hero status, which Slashdot happily gave them. What they aren't doing is making any difference. Those scam sites were most likely already hacked to begin with, and the perp is just moving from one to another daily.
Self regulation isn't about playing cowboys and indians on the net. It's about empowering other individuals with tools so they can regulate their own experience, not so you can regulate it indiscriminantly for them by attacking others.
Vigilantes are not solutions. Not only do they answer to no one, but if they are the solution, what happens when they get bored hacking scam sites? Obviously those making money will have far more patiences than them. It's just a matter of time, unless an effort and solution is really organized legitimately, so that it becomes perpetual.
Cleaning the net one sed at a time! s/sex/sermons/; s/hot/holy/; s/goats/thebible/; www.holysermonswiththebible.com
thanx for the idea.. but i can't find anything specific about *LETS*? can u give more info? I'm in the states tho
The *WINE* project is another thing i'm investigating as a great way to put m$ outa-their-missery.
I will gladly loose all of life's battles.. in order to win the war..
Seriously, the bandaid fix is a large part of what is wrong with the world. Too many people getting rich off of temporary fixes that keep them in business rather than permanent solutions that put them out of business by actually solving the problem.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
sorry, i shoulda put the link to The Wine Project http://www.winehq.com/ in my last post
I will gladly loose all of life's battles.. in order to win the war..
He's an AC so most people won't see it.
Why is it that when you believe something it's an opinion, but when I believe something it's a manifesto?
I have a lot of super powers! I can talk endlessly about computers, putting even the most vile criminal asleep. I have the ability to repel women! And my most super power is that of the ability to thrive without sunlight or real food (just chips and soda) for months!
rm -rf
It's awesome.
Why is it that when you believe something it's an opinion, but when I believe something it's a manifesto?
-1 flamebait
Insightful Informative Flamebait Troll Funny
The road to hell is paved with good intentions.
you can add "Any post critical of mainstream evolutionary theory" to that list...
/. post I had the primative audacity to call into question the report that miniature skeletal remains found in a cave were pre-human homonids. I thought they might be midgets or something.
/.? I didn't even mention creation/evolution debate, I just questioned facts. It seems sometimes there ISN'T room for any kind of dissenting opinion.
I'm not a creationist, but in a recent
I was flamed like I was jerry falwell for being a 'creationist', modded up at first, then modded way down as a flamer...
what's the deal
Thank you Dave Raggett
Link.
<BChikapa> Holy shit. Calisa, are you watching this thing on Fox
<Calisa> no.
<BChikapa> This guy was in a boat, and a swordfish JUMPED OUT OF THE WATER AND STABBED HIM IN THE FACE.
<Calisa> [SA]HatfulOfHollow finally got them.
<BChikapa> I don't know if it's sadder that you made that joke, or that I got it.
Comment removed based on user account deletion
True, when they're within U.S., U.K. or Canadian borders but I'm encountering more and more outside same and finding the sites up long after I've pinged them and discovered that the entire site and apparent 'host' is nothing more than one big phishing hole. Some of the URLs might change slightly but they were all going back to the same motherships albeit with different info.
Complaining to their upstream providers, or APNIC (for example) is like spitting into the wind.
Thus spake the SysGoddess
thanx for the info on bartering!
as far as the wine project, well if you think about it alittle further, the more wine is able to handle *ALL* programs written specifically for m$ (which from my understanding, they are getting MIGHHHHHTY close), the less people will *have* to buy m$.. which means.. m$ eventually goes outa business!! :)
I will gladly loose all of life's battles.. in order to win the war..