Vigilante Hackers use Old West Tactics for Justice

← Back to Stories (view on slashdot.org)

Vigilante Hackers use Old West Tactics for Justice

Posted by CowboyNeal on Thursday May 26, 2005 @02:56PM from the lord-loves-a-hangin' dept.

dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.

19 of 532 comments (clear)

Min score:

Reason:

Sort:

justice by Artana+Niveus+Corvum · 2005-05-26 14:58 · Score: 5, Interesting

I truly often wish that sort of justice were legal... When the law can't back itself up and the people can...

--
-----------------------------------------
Remove the Greed which plagues mankind.
1. Re:justice by JockAMundo · 2005-05-26 16:09 · Score: 5, Interesting
  
  I've often thought of writing a script to flood bogus data into scam sites
  
  I do this all the time. It is easy with the Firefox Web Developer extension. I just turn the post into a get, remove the field limits, and fill the fields with hundreds of characters. I usually take some text from Project Gutenberg. Then I stuff the big GET into a wget command in a looping bash script and let it run for a few hours. These sites are usually just php mailers, and so I get the satisfaction of filling a scammers mail box.
  
  Probably useless, but it makes me feel better.
  
  (arg, slashdot says I'm a script!, that is it, I done coding for the day and I'm going for a beer)
2. Re:justice by irving47 · 2005-05-26 18:35 · Score: 2, Interesting
  
  Sorry, but I can't buy the slippery slope argument. Some issues are black and white. Just because there are OTHER sites that aren't as easy to prove are doing something illegal doesn't mean you give a pass the the ones who are *blatantly* attempting to rob someone blind.
  If I see someone getting pickpocketed and I can aid them in getting their money back,... What am I going to do? Stand idly by and not say anything?
  
  --
  I had a sucky sig.
Jury nullification by XanC · 2005-05-26 15:01 · Score: 5, Interesting

If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.
1. Re:Jury nullification by crymeph0 · 2005-05-26 15:32 · Score: 5, Interesting
  
  Agreed. From the end of TFA:
  
  We would rather see the industry itself find solutions.
  
  And while your industry is sitting around doing nothing about these fake sites set up in countries where the local police care more about rounding up dissidents than stopping fraud, people are losing their life savings. I'll take my chances with the vigilantes. Even if they make mistakes, at least they're doing something
  
  --
  It should be illegal to say that freedom of speech should be limited.
2. Re:Jury nullification by spongman · 2005-05-26 16:09 · Score: 2, Interesting
  
  they can't make it legal. they can, however, choose to ignore the law.
3. Re:Jury nullification by darkonc · 2005-05-26 16:30 · Score: 2, Interesting
  
  Just as long as they don't take out the entire server. A lot of these sites are hosted on hijacked and otherwise innocent boxes. If it's a multi-hosted box, you could easily end up taking out a couple hundred unrelated websites.
  Even for a single-hosted box, the person running the box may not be aware of what it's doing.
  Those caveats having been stated, however, I think that it's a nice thing to see being done. I've sent emails to the sites being spoofed suggesting that they ask for this sort of change, but I've never seen it actually done. They seem to either do nothing, or shut down the website -- no inbetween.
  
  --
  Sometimes boldness is in fashion. Sometimes only the brave will be bold.
4. Re:Jury nullification by crymeph0 · 2005-05-26 17:20 · Score: 5, Interesting
  
  Don't get me wrong, this is not how things should be, but to turn your question around: What happens when your parents/friends/@other_close_ones get hit by a phisher, and "due process" doesn't protect them, because the industry is still "searching" for a solution?
  
  --
  It should be illegal to say that freedom of speech should be limited.
5. Re:Jury nullification by Anonymous Coward · 2005-05-27 02:32 · Score: 1, Interesting
  
  Then we will have upheld the Constitution, instead of tearing it to shreds.
Comment removed by account_deleted · 2005-05-26 15:09 · Score: 2, Interesting

Comment removed based on user account deletion
Re:gov. crackdown by masterpenguin · 2005-05-26 15:17 · Score: 2, Interesting

did the hackers that defaced the KKK and other Raciest websites several years ago ever get caught? Sometimes I think that the govt turns a blind eye to things that relieve the pressures of trying to regulate the internet. Self regulation can work in small doses.
Re:Retribution by jarich · 2005-05-26 15:17 · Score: 3, Interesting

I have a little PHP script that I use whenever I get a phishing email
Come on... post the script!

--
Agile Artisans
Re:Retribution by lukewarmfusion · 2005-05-26 15:19 · Score: 3, Interesting

I wouldn't be surprised if law enforcement actually used this technique.

Seriously, how hard is it to find a phishing site's servers and the owners? I forward links, emails w/headers, whois info (one guy had his real name, address, etc. in the whois for the domain!), etc. to the authorities any time I get the emails. If you can find the hosting company, server, etc. and track down the account owner, that might work.
But if that information is false, giving them a valid account with a "honeytoken" like you describe would be a great way of continuing your search. It's more likely that the scammer has taken precautions on their hosting account than they will when they try to use the invalid account information.
Vigilante activism by Anonymous Coward · 2005-05-26 15:33 · Score: 5, Interesting

Speaking of vigilante activism
#!/usr/bin/perl # This is a perl script I wrote to piss off the phishers. What this # script does is generate fake credit card numbers that look like real # credit card numbers. This way, I can add bogus information to # phishing sites that looks legitimate # License: Public domain sub verify { my($cardnum) = @_; my($a,$b,@cc); for($a = 0;$a < 16; $a++) { $cc[$a] = substr($cardnum,$a,1); } for($a = 0; $a < 16; $a+= 2) { $b = $cc[$a] * 2; if($b > 9) { $b -= 9; } $cc[$a] = $b; } $b = 0; for($a = 0 ; $a < 16; $a++) { $b += 0 + $cc[$a]; } return $b % 10 == 0; } for(;;) { $d = "54"; # Some phishing sites only accept cards where the # first numbers look like they come from a bank # This looks like a generic US MasterCard number # (MasterCard is actually 5[1-5], but I'm too # lazy to make the second digit a random number # from 1 to 5) for($c = 2 ; $c < 16; $c++) { $d = $d . int(rand(10)); } #print $d . "\n"; if(verify($d) == 1) { print $d . "\n"; sleep(1); } }
Self policing society by mollog · 2005-05-26 16:15 · Score: 5, Interesting

I see this as another example of the self-policing that goes on here on the internet. Slashdot is another example on several levels. For example, this forum provides a means for people to express their feelings about a variety of subjects. And this forum is not mob rule, we moderate each other, and we moderate the moderations. Inflammatory and extremist talk is not tolerated silently.

On another level, Slashdot is the pulpit where the topic of freedom gets a lively and ongoing discussion. Freedom to use and create software, freedom to exchange ideas, data, tools, freedom of expression, etc., etc.

The 'net is not quite the free-for-all that some believe. And this self-regulation, self-policing, self-examination that is already the norm, is proof of the responsibility and maturity of so many here who make the net what it is; a cool place now, and a thing of hope for the future. So the idea of people going out and disrupting bad behavior on the 'net is a virtual tradition. To me this is a very good sign.

Let's continue working to keep the gummint's clumsy hands off the 'net. I know they made the net, but it has grown in size and importance because of public involvement.

--
Best regards.
It was fake; here's the real one by rkuris · 2005-05-26 17:01 · Score: 3, Interesting

#!/usr/bin/perl
do {
my ($cc, $sum) = '54' . (join '', (map { $_ = int rand 10 } (1..13))) . '0';
foreach $digit (split //, $cc) { $sum += $digit; }
foreach $digit (split /.(.)/, $cc) { $sum += $digit; }
$cc =~ s/.$//;
print $cc, 9 - ($sum % 10), "\n"
} while (sleep 1);

--
Get rid of everything Micro and Soft: Buy Viagra and/or Linux
Re:Retribution by Masa · 2005-05-26 20:10 · Score: 2, Interesting

One question:

What if you generate and submit a valid, existing, card number by accident?
Re:Retribution by SteelV · 2005-05-26 20:12 · Score: 2, Interesting

Wouldn't it be ironic if one of your randomly generated entries actually turned out to be a real person, with all the correct information, and he got it stolen because of that? Highly, highly unlikely, but interesting to think about.
COME ON, DO IT! by Anonymous Coward · 2005-05-26 20:18 · Score: 1, Interesting

http://www.aa419.org/vampire/ladvampire.html

Just repeating the URL for clarity's sake.

EVERYBODY, open that URL in a new window/tab and let it run. You can have it in the background or minimise it. In fact, make it your start page if you don't already have any useful start page.

Let's use the Slashdot effect for something good - overloading nigerian scammers' fake websites.