Vigilante Hackers use Old West Tactics for Justice

dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.

justice

[Artana+Niveus+Corvum]

I truly often wish that sort of justice were legal... When the law can't back itself up and the people can...

Re:justice

[JockAMundo]

I've often thought of writing a script to flood bogus data into scam sites

I do this all the time. It is easy with the Firefox Web Developer extension. I just turn the post into a get, remove the field limits, and fill the fields with hundreds of characters. I usually take some text from Project Gutenberg. Then I stuff the big GET into a wget command in a looping bash script and let it run for a few hours. These sites are usually just php mailers, and so I get the satisfaction of filling a scammers mail box.

Probably useless, but it makes me feel better.

(arg, slashdot says I'm a script!, that is it, I done coding for the day and I'm going for a beer)

Jury nullification

[XanC]

If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.

Re:Jury nullification

[crymeph0]

Agreed. From the end of TFA:

We would rather see the industry itself find solutions.

And while your industry is sitting around doing nothing about these fake sites set up in countries where the local police care more about rounding up dissidents than stopping fraud, people are losing their life savings. I'll take my chances with the vigilantes. Even if they make mistakes, at least they're doing something

Re:Jury nullification

[crymeph0]

Don't get me wrong, this is not how things should be, but to turn your question around: What happens when your parents/friends/@other_close_ones get hit by a phisher, and "due process" doesn't protect them, because the industry is still "searching" for a solution?

Re:Retribution

[jarich]

I have a little PHP script that I use whenever I get a phishing email

Come on... post the script!

Re:Retribution

[lukewarmfusion]

I wouldn't be surprised if law enforcement actually used this technique.

Seriously, how hard is it to find a phishing site's servers and the owners? I forward links, emails w/headers, whois info (one guy had his real name, address, etc. in the whois for the domain!), etc. to the authorities any time I get the emails. If you can find the hosting company, server, etc. and track down the account owner, that might work.
But if that information is false, giving them a valid account with a "honeytoken" like you describe would be a great way of continuing your search. It's more likely that the scammer has taken precautions on their hosting account than they will when they try to use the invalid account information.

Vigilante activism

Speaking of vigilante activism

#!/usr/bin/perl
# This is a perl script I wrote to piss off the phishers. What this
# script does is generate fake credit card numbers that look like real
# credit card numbers. This way, I can add bogus information to
# phishing sites that looks legitimate
# License: Public domain
sub verify {
my($cardnum) = @_;
my($a,$b,@cc);
for($a = 0;$a < 16; $a++) {
$cc[$a] = substr($cardnum,$a,1); }
for($a = 0; $a < 16; $a+= 2) {
$b = $cc[$a] * 2;
if($b > 9) {
$b -= 9;
}
$cc[$a] = $b;
}
$b = 0;
for($a = 0 ; $a < 16; $a++) {
$b += 0 + $cc[$a];
}
return $b % 10 == 0;
}
for(;;) {
$d = "54"; # Some phishing sites only accept cards where the
# first numbers look like they come from a bank
# This looks like a generic US MasterCard number
# (MasterCard is actually 5[1-5], but I'm too
# lazy to make the second digit a random number
# from 1 to 5)
for($c = 2 ; $c < 16; $c++) {
$d = $d . int(rand(10));
}
#print $d . "\n";
if(verify($d) == 1) {
print $d . "\n";
sleep(1);
}
}

Self policing society

[mollog]

I see this as another example of the self-policing that goes on here on the internet. Slashdot is another example on several levels. For example, this forum provides a means for people to express their feelings about a variety of subjects. And this forum is not mob rule, we moderate each other, and we moderate the moderations. Inflammatory and extremist talk is not tolerated silently.

On another level, Slashdot is the pulpit where the topic of freedom gets a lively and ongoing discussion. Freedom to use and create software, freedom to exchange ideas, data, tools, freedom of expression, etc., etc.

The 'net is not quite the free-for-all that some believe. And this self-regulation, self-policing, self-examination that is already the norm, is proof of the responsibility and maturity of so many here who make the net what it is; a cool place now, and a thing of hope for the future. So the idea of people going out and disrupting bad behavior on the 'net is a virtual tradition. To me this is a very good sign.

Let's continue working to keep the gummint's clumsy hands off the 'net. I know they made the net, but it has grown in size and importance because of public involvement.

It was fake; here's the real one

[rkuris]

#!/usr/bin/perl
do {
my ($cc, $sum) = '54' . (join '', (map { $_ = int rand 10 } (1..13))) . '0';
foreach $digit (split //, $cc) { $sum += $digit; }
foreach $digit (split /.(.)/, $cc) { $sum += $digit; }
$cc =~ s/.$//;
print $cc, 9 - ($sum % 10), "\n"
} while (sleep 1);