Slashdot Mirror
Vigilante Hackers use Old West Tactics for Justice
dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.
i love how gov. agencies will probably crack down on the hackers defacing the phishing sites, but do little to nothing about the phishing sites/people themselves its all about the quick solution, not trying to go towards the deeper problem
Larson added, "We would rather see the industry itself find solutions."
So would we.
It's CoyboyNeal. With a nickname like that, of course he'd reference the old west.
We just don't see enough people hanging from trees for marrying outside their race.
Oh, your concept of right and wrong is different from mine?
The problem is, it's not justice, it's retribution.
filter: +3. Hey, look! all the trolls went away!
If you don't have a trial with evidence, all you are doing is creating cycles of revenge, with no resolution. With a justice system, wrongs can be righted, and then we are done with the matter.
There is no justice system that is totally perfect, but resorting to vigilantism when justice isn't perfect would make the situation much much worse.
Computers are useless. They can only give you answers.
-- Pablo Picasso
Unfortunately, it seems to take FOREVER for the law to make a difference in these cases, if anything is ever done at all. The simple fact is that it's difficult, at best, to try to track and arrest an international criminal. I'm generally not one for vigilantes, but when it takes 5 months to catch the bastard legally, I'm all for taking the sucker out of business by other means.
I have a little PHP script that I use whenever I get a phishing email. The script generates fake credit card numbers, expiration dates, etc. and repeatedly hits the phishing site's form dumping in random info.
;)
Any halfway intelligent phisher would record the IP address of each submission and just dump all of mine when he saw there were bogus, but it makes me feel good that I at least wasted some of his time
"People that quote themselves in their signatures bother me" - athakur999
So where is the FBI and the DHS when you need them? I would have thought that outright fraud would be considered more of a crime than downloading a crappy quality avi of a movie. Obviously the money of rich people like George Lucas is more of a priority than that of normal citizens. We are quickly becoming a society where the most heinous act you can commit is to put a dent into company profits.
Blessed are the 1337, for they shall pwn the earth.
Unfortunately, this specific *type* of working around the legal route to justice will only stengthen the tactics/creativity used by "bad guys"(c). It's introducing the darwin effect, and will only kill off the stupid for s short time.. until they learn they much up the anty. In time that will only make it harder to detect the scams. While its cool in the short run, it's only helping the bad guys evolve.
kinda cool though.
** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
and meanwhile, while all of this time is passing waiting for arrests and trials, they fraudulent websites are robbing people who don't know any better. I don't fully endorse the defacing the sites but it's something and it works quicker than waiting for the justice system to catch up. It's not a resolution, but it is a deterent, not to mention if the justice righted the wrongs and we were already "done with the matter" the vigilantes wouldn't have fake sites to deface.
"Plans are for fools! Oglethorpe, the plutonian (Aqua Teen Hunger Force)
a userfriendly comic where Pitr is upset at being spammed. He discovers that the mail servers are Linux and are inseucre. The next clip is of a guy behind a computer frowning at "su: user does not exist." Theres a followup comic where all of the spammers Internet Traffic are routed to Mars. "But Mars doesn't have any... oh." All this really means is that eventually phishers and scammers will get smarter and run TrustedBSD, OpenBSD, SELinux, or some other hardened variant using mainly static pages and highly developed systems. It's really a never ending battle.
Hacking into these legitimate companies doesn't do anything to hurt the scammers.
If the vigilantes take down the scam site, then they may prevent some people from falling victim to it. It may not hurt the scammer, but it might protect the innocent.
And, frankly, these "legitimate companies" should do more to prevent the use of their services for fraudulent purposes. Say, writing a script to search though the hosted material for the phrase "bank account" and flag any occurrences for human review.
I can't say I approve of this behavior...but it might have a positive effect, as well.
Hacking into these legitimate companies doesn't do anything to hurt the scammers.
?
You think that it doesn't hurt phishers when their "closer" is rendered inoperational? Maybe I'm wrong, but I'm going to bet that some phisher that used their botnet to send out millions of emails (losing a number of their bots in the process) is going to be pretty pissed when some whitehat knocks their server offline before all of the morons enter their username and password.
Slippery slope argument? In this case it's pretty clear that GOOD came out of this, did not make any situation much much worse.
Actually, slippery slopes sometimes start like this. With a clear cut case of right and wrong. But tomorrow it might be used as precedents for other actions. For example, DMCA "violators" might find their site defaced with a sign that says: "This software brakes the law and the author is a criminal".
When someone bypasses the rule of the law and proper procedures and takes justice into his own hands, and "the system" looks the other way or even condones the action, it opens the door to all other sort of vigilantism.
No sig
Aren't we the same people that worry about the goverement taking away our right of do process with the Patriot act. I'm sure the goverment probably uses some of the same reasoning. "It would take month to get this court order to tap the phone line"
That said I really don't care about these sites getting defaced, if they accidently deface a legitimite site well then I think they should be punished.
500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
It sounds like you are saying that if a person comes up with a new fraud scheme, he can't be tried and convicted. I think fraud is a very flexible term. Basically, any transaction in which Fraudster deceives "Mark" in order to get Mark to do something (transfer info, money, goods, whatever), that's fraud. It doesn't matter if you do it on the street corner, out of a brick and mortar shop, or on the internet -- the key is deception as the basis of an exchange. The problem with fraud isn't so much its definition, it's finding the fraudster and getting legal jurisdiction over him or her. A brand new innovative scam? If you can get the guy into court, he'll not get off merely because it's new.
What changed under Obama? Nothing Good
Like I said I don't fully endorse what they're doing, and one of the reasons why is because it can spiral out of hand. But I can understand the intent and I can appreciate standing up for the average consumer who doesn't know that they are getting taken advantage of, there is some sort of neighborhood justice there. It's not good, but I don't think it's bad either, I'd say it falls in a favorable area of gray and as long as it stays there, I can live with that.
"Plans are for fools! Oglethorpe, the plutonian (Aqua Teen Hunger Force)
Problems like these should be solved by technology. The time and energy of talented hackers is wasted on vigilanteism. The digital world has new rules and new capabilities.
Sorry, I know good engineering work is harder, much less exciting, and much less satisfying than hacking the enemy directly, but why play whack-a-mole when you can make them obsolete? Ok, enough ranting. I hope y'all had fun.
Care about electronic freedom? Consider donating to the EFF!
The problem with vigilantes is this:
What happens when they come after YOU, and you don't have due process to protect you?
-d
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
True, but your own post still holds true. Way back before the MPAA and RIAA and others recently started making congress pass laws making copyright infringment a bazillion times illegal, copyright law already made it illegal to copy and distribute someone else's music. Whether by singing a cover of it without the appropriate royalties, cassette, cd, or the internet, it didn't matter.
There is nothing new under the sun, these days. In the end it all boils down to the same crimes, just in new ways.
*Massively ignorant rant deleted.*
-- Don't hate me cuz I'm ugly
Good news, we hate you because you're stupid, your looks never came up.
Could someone tell these guys to bring down all those Al Qaeda (and assorted copycats) websites with beheadings and terrorist messages on them?
FAA Certified Flight Instructor
This is, of course, the problem with vigilante justice, and the reason it is illegal. The 'outmoded' idea of due process that makes our legal system too slow do deal with phishing and other fraudlent sites are designed to make sure the only the guilty are punished, and that the punishment is comensurate with the crime. If I get my paypal 'change your password' scam-of-the-week email, go to the site it points to, hack in, and shut down their webserver, I have maybe stopped some crimes being committed. But I refuse to trust myself to do so without disrupting anyone elses business, leaving the server open for other spambots and the like, or in general causing a mess. In the world where the chances of the perpetrator being caught were high, by hacking in myself, I might even destroy evidence that could be used to legally prosecute them.
From the second link in your google links...
"This type of argument is by no means invariably fallacious, but the strength of the argument is inversely proportional to the number of steps between A and Z, and directly proportional to the causal strength of the connections between adjacent steps. If there are many intervening steps, and the causal connections between them are weak, or even unknown, then the resulting argument will be very weak, if not downright fallacious."
ie: The strength of the slippery slope argument can be measured by calculating probability of (A leading to B) and (B leading to C) and (C Leading to...) Unless one of those probabilities is zero, it is a valid chain of logical reasoning.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Robin Hood stole from the rich and gave to the poor. He wasn't leading some vigilante lynch mob.
That aside I think it's kind of alright. Not that I think this sort of vigilance is the best solution I can think of - but if nobody else is doing anything about it, then why not let them. But as always, there's an incedibly thin line between this (good) kind of vigilance and the bad kind. Let's hope that it's not a trend that catches on too much.
"Live free or don't."
Although this is a "neat trick to pull on phishers", what you don't realize is that if you do this, especially in an automated fashion like this, there is a chance (however small) that you'll hit someone's actual credit card numbers. It actually happens from time to time. call your bank for frequency on that. not too often, but it does happen.
Moreover, most phishers have already obtained a company's credit card verification numbers, and can and will verify the numbers they get anyway. and I'm fairly certain that can be automated as well, anyway. Sure, you can take a couple of clock cycles. big deal.
- For instance, in the recent article about 911 and Vonage, virtually every post supporting Vonage and calling the victim 'stupid' was modded *up*, whereas virtually every one criticizing Vonage for it's misleading marketing material was modded *down*.
- In a recent article about militarizing space, virtually every article criticizing the Administration and misreading the various treaties was modded *up*, while pointers to correct interpretations of the treary was modded *down*.
- In virtually every article about the Shuttle, posts praising Soyuz are modded *up*, and posts pointing out that it's not as safe as propoganda would have you believe is modded *down*.
The same can be seen in any article about MicroSoft, SCO, and a vast variety of other topics.Slashdot is indeed ruled by a mob - a mob extremely intolerant of dissident views and facts that fail to meet it's fore-ordained conclusions.
Certainly - If you define 'freedom' as 'I can do whatever the hell the I want without any restrictions or respect for other peoples rights, except maybe the people I agree with'. The same Slashdot that gets annoyed about GPL violations is the same Slashdot who openly espouses theft of *other peoples* IP.And that's the ultimate tragedy of vigilante justice - it's almost always represents the views of the 'men on white horses', not those of society.
It's almost utterly unregulated and unpoliced - except for very small corners. And virtually all of those small corners are intolerant of anything 'not them'. They aren't about freedom - they are about bigotry and isolationism.Yep, but like all things , there are alot of bent Coppers (as in corupt) . .
Mob rule follows the loudest idiot and it can be rather dangerous if unatended . Not that i disgree in principle with swift vigilante justice against phishers , its just it can get out of hand
The only things certain in war are Propaganda and Death. You can never be sure which is which though
In this case, they're marking the site so that later 'marks' recognize that the site isn't legitimate -- but otherwise leave it up and functional. Yes, it might run over some forensic info, but given the dearth of arrests for these scams, it's rather productive to save some newbie's but (and bucks) from these people.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
"vigilance"
You keep using that word. I do not think it means what you think it means.
Another one bites the dust
Dude...not everyone on here speaks English natively. Don't be such a prude.
Right. It is the federal government's exclusive right to shred the constitution --- they are doing a great job of it.