Slashdot Mirror
Vigilante Hackers use Old West Tactics for Justice
dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.
I truly often wish that sort of justice were legal... When the law can't back itself up and the people can...
-----------------------------------------
Remove the Greed which plagues mankind.
that's why my citibank fansite was defaced!
i love how gov. agencies will probably crack down on the hackers defacing the phishing sites, but do little to nothing about the phishing sites/people themselves its all about the quick solution, not trying to go towards the deeper problem
"The Geeks, the Pasty and the Unbathed"
__________
|rip/\/\aster
...but we had the same story, by a different news source a day or 2 ago.
If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.
Dear Sir,
My name is Dr. Samouismai from the royal family of Nigeria and I would like to offer you a proposal that you may find compelling.
I have recently come into an inheritance of goatse pics and I feel that I can not hold all of it safely. I would propose that if you agree I will hold 26 million of these pics in trust for you to deposit at whatever place you wish to keep them.
I would like to meet to arrange this as soon as possible. If this deal succeeds, I would also like to discuss the possibility of you acquiring my collection of 4.3 million woopie cushions.
Sincerely,
I forgot my real name but I usually go by Jack Ass
Most scam artists are smart enough to set up sites from free hosting companies, or use stolen credit cards to purchase paid hosting from legitimate hosting companies.
Hacking into these legitimate companies doesn't do anything to hurt the scammers.
eTrade SUCKS
Larson added, "We would rather see the industry itself find solutions."
So would we.
There has been a long history of hackers doing good on the internet. I think this is just another step in that story. Hackers have been misrepresented in the media for many years, and I for one am glad to see that for once they're getting some good press.
It's CoyboyNeal. With a nickname like that, of course he'd reference the old west.
We just don't see enough people hanging from trees for marrying outside their race.
Oh, your concept of right and wrong is different from mine?
n/t
I just wish they were carrying AK-47s -- and using them -- against the scammers/phishers/etc.
RHCE; are you certified? Karma: ambiguous.
The people will police themselves when the law cannot. It's just sad to think that the one true hack that can't be completely controlled is the human one. Social engineering will be around as long as people fail to get a clue.
"There are more important things than stopping terrorism. Upholding the Constitution is one of them." - Ars Forumer.
Even though its not legal what the 'white hat hackers' are doing - Who is going to put in a report against them? If the phishers report them, they end up reporting themselves to the authorities in the same instance. By the way, most comic book heroes are known as vigilantes - small price to pay, dont you think?
Comment removed based on user account deletion
I have a little PHP script that I use whenever I get a phishing email. The script generates fake credit card numbers, expiration dates, etc. and repeatedly hits the phishing site's form dumping in random info.
;)
Any halfway intelligent phisher would record the IP address of each submission and just dump all of mine when he saw there were bogus, but it makes me feel good that I at least wasted some of his time
"People that quote themselves in their signatures bother me" - athakur999
So where is the FBI and the DHS when you need them? I would have thought that outright fraud would be considered more of a crime than downloading a crappy quality avi of a movie. Obviously the money of rich people like George Lucas is more of a priority than that of normal citizens. We are quickly becoming a society where the most heinous act you can commit is to put a dent into company profits.
Blessed are the 1337, for they shall pwn the earth.
The links these so-called vigilantes place on those de-faced sites saying:
;)
:D
_ __
"link to the bank's real web site"
he he he he he he
Regards
Arash Partow
_______________________________________________
Be one who knows what they don't know,
Instead of being one who knows not what they don't know,
Thinking they know everything about all things.
http://www.partow.net/
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
In keeping with old west customs, when hijacking a web page use the following phrases:
"YEEEE HAWWWWW, RIDE 'em cowboy"
"I know what your thinking, did I use 5 scripts or did I use 6, well today is your lucky day, punk."
"SSHHHAANNNNNNNNNNNEEEEEEEEE!!!!!!!!!!!!"
im out of ideas, feel free to continue
Check journal for info on Anti-TextBook, an idea by me.
We'd only expect an article about the Old West and technology from Cowboy Neal.
Hacker-man, Hacker-man
Does whatever a hacker can
pwns fake websites, any size
Catches phishers, just like flies
Look out! There goes the Hacker-man!
Is he strong? Listen, Bud!
He's got caffinated blood.
Can he type from a chair?
Take a look over there.
Hey there, there sits the Hacker-man!
In the chill of night,
At the scene of the crime
Like a streak of light
He arrives just in time
Hacker-man, Hacker-man
Friendly neighborhood Hacker-man
Wealth and fame, he's ignored
Action is his reward
To him, life is a great big bang-up
Wherever there's a scam-up
You'll find the Hacker-man!
a userfriendly comic where Pitr is upset at being spammed. He discovers that the mail servers are Linux and are inseucre. The next clip is of a guy behind a computer frowning at "su: user does not exist." Theres a followup comic where all of the spammers Internet Traffic are routed to Mars. "But Mars doesn't have any... oh." All this really means is that eventually phishers and scammers will get smarter and run TrustedBSD, OpenBSD, SELinux, or some other hardened variant using mainly static pages and highly developed systems. It's really a never ending battle.
Hacking into these legitimate companies doesn't do anything to hurt the scammers.
If the vigilantes take down the scam site, then they may prevent some people from falling victim to it. It may not hurt the scammer, but it might protect the innocent.
And, frankly, these "legitimate companies" should do more to prevent the use of their services for fraudulent purposes. Say, writing a script to search though the hosted material for the phrase "bank account" and flag any occurrences for human review.
I can't say I approve of this behavior...but it might have a positive effect, as well.
fighting fire with fire sometimes works...
That or it just makes a bigger fire.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
it doesn't seem like defacing the site would send much of a message--aren't they generally hosted on compromised boxes, by someone who has hundreds of other compromised boxes?
wouldn't it be a better idea to find the people behind them (it's not too hard...) and go from there?
The white hats, the black hats, and the 1337...?
Instead of defacing websites?
If they are smart and talented enough to break into a webserver, they could use those skills to set up some sort of clearinghouse for phish sites to avoid that could be done as some sort of proxy + RBL for phish sites. Better yet, program a web proxy program that does something simple:
Compare the href tags in downloaded webpages with the displayed links. If the 'root' domains don't match, imbed a warning in the HTML page before it is sent to the browser for the user to see. The proxy could be programed to look out for spoofery involving internet giants like eBay PayPal and the like. Of course this could be construed as a copyright violation for modifying someone else's webpage (unless you happen to be Google with their Google Cache).
"They missed a spot: http://www.microsoft.com/"
Giggle giggle *SNORT* tee hee.
Thanks for the laugh! My anti-M$ bias needed a little stroking today.
"Derp de derp."
online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them
Besides the fact that self justice generally is a bad idea, how pointless is it if there are thousands and thousands of those sites?
And it seems pretty obvious to me that it will be easier to set up new sites than taking down existing ones.
If you really want to do something against those scammers you need to follow the money trail.
but it's not going to make much of a difference. some reasons being... most scammers put up sites knowing that they'll be temporary and/or of little harm to their financial/legal status if taken down or investigated. hack all you want, it costs them nothing to put one up again. also, pretty much every human action is incentive driven... scammers are driven by the promises of easy money with very little start up costs, while those "hacking for justice" have the harder job of breaking into a site (at least harder than it would take to put one up) with only personal satisfaction as a payoff. the result being, there will always be more scammers than people fighting them... until the same incentive, like being paid to, exists.
ok,
..so some not so good guys doing some bad stuff
... it's the wild f&*($'n west.
/nev/dull/c
(ie. hacking into webspaces (to host phishing sites (highly illegal))
get their hacked stuff hacked into, by these good guy white hat hackers
(super-Gandalfian data-magus overlords), who take over and expose
(0wn3d 45535) the bad guys to show them who really has the net going on..
so how does law and copyrights fit into all of this ,
get on yer horse and ride (use linux),
Cthulhu Saves -- in case He's hungry later.
#!/usr/bin/perl
# This is a perl script I wrote to piss off the phishers. What this
# script does is generate fake credit card numbers that look like real
# credit card numbers. This way, I can add bogus information to
# phishing sites that looks legitimate
# License: Public domain
sub verify {
my($cardnum) = @_;
my($a,$b,@cc);
for($a = 0;$a < 16; $a++) {
$cc[$a] = substr($cardnum,$a,1); }
for($a = 0; $a < 16; $a+= 2) {
$b = $cc[$a] * 2;
if($b > 9) {
$b -= 9;
}
$cc[$a] = $b;
}
$b = 0;
for($a = 0 ; $a < 16; $a++) {
$b += 0 + $cc[$a];
}
return $b % 10 == 0;
}
for(;;) {
$d = "54"; # Some phishing sites only accept cards where the
# first numbers look like they come from a bank
# This looks like a generic US MasterCard number
# (MasterCard is actually 5[1-5], but I'm too
# lazy to make the second digit a random number
# from 1 to 5)
for($c = 2 ; $c < 16; $c++) {
$d = $d . int(rand(10));
}
#print $d . "\n";
if(verify($d) == 1) {
print $d . "\n";
sleep(1);
}
}
Whoever modded you "troll" must have no sense of humor. That's one of the funniest things I've seen lately.
The higher the technology, the sharper that two-edged sword.
, they could use those skills to set up some sort of clearinghouse for phish sites to avoid that could be done as some sort of proxy
Because it doesn't take much intelligence, talent or initiative to 0wn a web server that is running unpatched software?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Its all well and good until someone feels cheated by a real bank, and defrauds their site. Justice is best handled by an organized police force. To bad no such thing really exists on the internet.
I am currently discussing this topic on my site. Would harmlessly spoofing phishing sites in order to shock unsuspecting victims into learning about this particular danger be legal? eg: could you setup your own phishing site which instead of stealing info, instead educated the victim once they fell in the trap? or would this also be illegal?
--------------------- Turn evil by smiling.
I believe our Founding Fathers, well-versed in the technology of the day, said it best:
Raise your children as if you were teaching them to raise your grandchildren, because you are.
That doesn't appear to be their method. They're taking the more old-school path of actually breaking into and defacing these sites.
It should be illegal to say that freedom of speech should be limited.
Hack the phishing server, fire up a torrent tracker and post a link to some US chart music or movie downloads. ref: http://yro.slashdot.org/article.pl?sid=05/05/25/22 6228&tid=95&tid=17
That way, the FBI, RIAA, MPAA will all be round there in about 10 minutes flat.
Contribute to the online videogame encyclopedia: GamerWiki
I take issue with this statement. Yes horses are not as popular as they once were, but that doesn't mean they are completely out of the picture. Why you automatically assume that everyone else subscribes to your horseless worldview, I have no idea.
My genetic programming website: http://www.helpmefigurethisout.com/
"When Justice is outlawed. . .The just become the outlaws."
I support them. It's another mark for Whitehat's. I only truly wish that more people would take it in to thier own to do what they do. They no doubt will be sought for defacing the websites. But, I'm almost certian that everyone here would agree that what they did is justice. When laws have restricted those from doing what the law can not do it only opens it up for more violaters. I say that our society should form a gathering to further promote justice that laws are bounded from.
When some is being stabbed you would step in right? If you step in so will every one else with half a brain and a good heart.
'Warning - This was a Scam Site...If you would like to aid us in our future attacks on scam sites please enter your credit card number and expiration date in the fields provided below.'
Parent post is clearly a fake, it claims the code is Perl, but I could read and understand all of it.
POWER TO THE PEOPLE!
Although changed I rise again the same.
But I still see the ultimate fighting back as assuring that there's no "back" to fight from, i.e. work around the spam/scamers, don't go where they lurk, and you'll have less fights to extricate yourself from!
It has been noted, fighting back only gets you in trouble with the gov., while they go on coddling the assholes. The funny thing is, the decent people consistently fail to get a clue about who their government's favorite kind of person is, 'cuz then they'd move where they're more welcome, taking their IT skills with them.
If they were Irish what would they use the rope for?
Problems like these should be solved by technology. The time and energy of talented hackers is wasted on vigilanteism. The digital world has new rules and new capabilities.
Sorry, I know good engineering work is harder, much less exciting, and much less satisfying than hacking the enemy directly, but why play whack-a-mole when you can make them obsolete? Ok, enough ranting. I hope y'all had fun.
Care about electronic freedom? Consider donating to the EFF!
It's about time.
Sometimes I comment just to hear myself typing.
The majority of people who fall for these scams are elderly persons (principally women) who have little internet experience and don't understand things like "http://68.12.34.5/wellsfargo" is probably not the real deal.
That aside, I am at a loss to explain your argument against banks. Your words imply that you dislike them because they loan money to wealthy inviduals who create the dredded "corporations." I'm curious who is it that you think gives the "working stiff" a salary to put food on the table, anyway? Has it occurred to you that an "economy" is somehow involved in creating the wealth which finances things like homeless shelters? Do you realize how critical banks are to the economy? How many are you willing to toss into poverty to exact your vengeance on those so presumptuous as to be better off than yourself?
At any event, as a college student, I can tell you that banks don't just give loans to the wealthy (I don't even have a regular job). And almost everyone, regardless of income level, has a bank account, from which they often make money off of having their money loaned to these evil rich.
When things get complex, multiply by the complex conjugate.
In the sense that if no one comes forward asking for charges to be pressed then it is legal.
I mean, think about it, who would be asking for the charges to be pressed?
The website owners. The very ones committing fraud. If they want to contact the government and say that some haxors are getting in there way of some harmless fraud then I say, go for it.
Vigilante Hackers use Old West Tactics for Great Justice Move Zig
Yeah, I'd say you captured the spelling skills of those vigilantes. Judging by /., anyway.
The Boondock Saints
The entirety of your statement is completely devoid of any signs of intelligence.
This can only lead to the conclusion that you are, in fact, a lower form of life (akin to amoeba or possibly bacterial fungus) or someone endevoring to 'channel' some such thing.
An alternate theory is that this is some form of free-form expresionist art. If that's the case I find it intreguing but reprehencible.
A final alternate theory is that perhaps you are a small shell script gone awry.
Perhaps we should have a poll? I'm curious about which theory most others would think more likely.
If you're hearing rhetoric about Linux, open source, or Mac and everyone's bashing Microsoft, you've found Slashdot.
I see this as another example of the self-policing that goes on here on the internet. Slashdot is another example on several levels. For example, this forum provides a means for people to express their feelings about a variety of subjects. And this forum is not mob rule, we moderate each other, and we moderate the moderations. Inflammatory and extremist talk is not tolerated silently.
On another level, Slashdot is the pulpit where the topic of freedom gets a lively and ongoing discussion. Freedom to use and create software, freedom to exchange ideas, data, tools, freedom of expression, etc., etc.
The 'net is not quite the free-for-all that some believe. And this self-regulation, self-policing, self-examination that is already the norm, is proof of the responsibility and maturity of so many here who make the net what it is; a cool place now, and a thing of hope for the future. So the idea of people going out and disrupting bad behavior on the 'net is a virtual tradition. To me this is a very good sign.
Let's continue working to keep the gummint's clumsy hands off the 'net. I know they made the net, but it has grown in size and importance because of public involvement.
Best regards.
Here's his lame phishing site: http://66.246.90.93/~testing/ebay/secupdate.html
. php
And here is full shell access to his web server via a web page: http://manta.dnsvelocity.com/~testing/cgi-bin/mzz
I'm a Middle East (1917-1995) Historian by day and an Old West Historian by night.
This really isn't an "Old West" tactic, but a tactic used in the United States, UK and other nations with a tradition of Common Law or the inclusion of extensive non-statutory law reflecting a consensus of centuries of judgements by working jurists.
As times changed laws became codified and the power of the People to enforce the law were erodded in the United States and other countries.
A Judge had to own 500 acres of land without debt on the land and they had the power to cherry pick what they wanted in terms of the law for the circumstances. Law then was terrible complicated, looking at a History of American Law by Lawrence M. Friedman shows that it's terrible complex and not nearly codified enough to just throw out a list of laws and punishments. Since the law on the frontier was often a copy/paste affair and made up by the Judges and not codified, a Judge had the power to make up laws. Like Evesdroping in 1808 or Droping a Dead Body into a River in 1821. Federal Judges started to go wild with common law crimes after U.S. V. Hudson and Goodwin in 1812.
This case allowed a Federal Judge or define a crime and issue a punishment for it. Codification would stop this by defining what was a crime, and stop a Judge from making up a crime.
A Posse wasn't normally a group of people acting as vigilanties, but a Posse is a group deputized by a Law Enforcment agent (Town Marshal, Sheriff, Federal Agent, etc) for a fixed duration or event since communities didn't have large standing forces.
Some examples from an essay I found on the web a while back while researching the law in the 1860s
Citizen's Arrest
Students of the law should note that both a statutory and common law basis for a certain degree of "vigilante behavior" is well founded. Indeed, in an era of lawlessness it is important that readers be advised as to their lawful right to protect their communities, loved ones and themselves by making lawful citizens' arrests.
First, what is an arrest?
We can thank Black's Law Dictionary for a good definition: "The apprehending or detaining of a person in order to be forthcoming to answer an alleged or suspected crime." See Ex parte Sherwood, (29 Tex. App. 334, 15 S.W. 812).
Historically, in Anglo Saxon law in medieval England citizen's arrests were an important part of community law enforcement. Sheriffs encouraged and relied upon active participation by able bodied persons in the towns and villages of their jurisdiction. From this legacy originated the concept of the posse comitatus which is a part of the United States legal tradition as well as the English. In medieval England, the right of private persons to make arrests was virtually identical to the right of a sheriff and constable to do so.
A strong argument can be made that the right to make a citizen's arrest is a constitutionally protected right under the Ninth Amendment as its impact includes the individual's natural right to self preservation and the defense of the others. Indeed, the laws of citizens arrest appear to be predicated upon the effectiveness of the Second Amendment. Simply put, without firepower, people are less likely going to be able to make a citizen's arrest. A random sampling of the various states as well as the District of Columbia indicates that a citizen's arrest is valid when a public offense was committed in the presence of the arresting private citizen or when the arresting private citizen has a reasonable belief that the suspect has committed a felony, whether or not in the presence of the arresting citizen.
District of Columbia Law 23- 582(b) reads as follows:
(b) A private person may arrest another -
(1) who he has probable cause to believe is committing in his presence -
(A) a felony, or
(B) an offense enumerated in section 23-581 (a)(2); or
(2) in aid of a law enforcement officer or special policeman, or other person authorized by law to make a
Remember the basic rule of the FBI: "Don't embarass the Bureau." Visualize TV coverage of truckloads of donuts arriving at the Hoover Building.
The FBI's excuse for not solving crimes is supposedly that they're working on terrorism, but that's what we pay Homeland Security $33 billion for.
Think about how much banks contribute to society; some fat bastard sits there in a fancy building, waiting for someone who doesn't need money, to come in and deposit their riches that they stole off the working class stiffs. Then mr. piggy-banker gives the rich man more money so they start another (legal) scam called a *corporation*.
Sure am glad I borrowed money to go to college and borrow more to buy a house before you decided to kill the banking system.
Banks may have some bad parts, but without one, I'd be renting and paying money to The Man rather than owning the place I live in.
- Working Stiff
We have to protect ourselves, and yet the Department of Homeland Security has no problem stepping up to the plate and prosecuting people like elitetorrents.org, and the FBI has no trouble finding time to requisition the servers of www.indymedia.org .
Sure am glad at least somebody is looking out for me.
-- force and mind are opposites; morality ends where a gun begins ayn rand
... or maybe we can just convince the hackers that there's a terrible injustice being done by slashmath?
The issue isn't an illegal act that can be proscuted it's an illegal act outside of the practical reach of the law. However the lack of power of the law to reach the crooks will also protect the White Hats to some extent.
What happens in Ebonia Stays in Ebonia.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
What are the phishers going to do anyway? Complain to the FBI that some bad person took down their fake bank? Heh, probably...
These vigilantes better watch out, though. Law enforcement has a way of coming down harder on people who make them look like they're not doing their jobs, whether that's true or not, and especially if it's true.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Contrary to apparently popular mentality, this is not a good thing. Laws exist for a reason. If they can find these servers and hack/deface them, then they should be able to search the drives and find out whom the owners are (or where they are coming from). From that point, they could be sued and further legal action could be brought. Defacing the sites only makes the bad guys remaster their machines/relocate them, or harden their systems more.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
Here I am, minding my own business, trying to protect people by setting up a very similar web site to their bank so I can "store" their credit card numbers for them, and some jackass goes and defaces my web site.
I never felt so insulted in all my life. Well, then. If that's people's gratitude, I'll just stop that and if they lose their credit cards, they're on their own.
*Massively ignorant rant deleted.*
-- Don't hate me cuz I'm ugly
Good news, we hate you because you're stupid, your looks never came up.
... and not by the ISPs, who are going to make more money by selling the phisher a second, third, or 100th account ...
I agree that what they did was justice, and justifiable. If the phishers aren't happy, they're free to "tell it to the judge", but I don't think they'll be in too much of a hurry to do that.
Could someone tell these guys to bring down all those Al Qaeda (and assorted copycats) websites with beheadings and terrorist messages on them?
FAA Certified Flight Instructor
The only thing evil needs to triumph, is for good men to do nothing.
*DrugCheese rants*
#!/usr/bin/perl //, $cc) { $sum += $digit; } /.(.)/, $cc) { $sum += $digit; }
do {
my ($cc, $sum) = '54' . (join '', (map { $_ = int rand 10 } (1..13))) . '0';
foreach $digit (split
foreach $digit (split
$cc =~ s/.$//;
print $cc, 9 - ($sum % 10), "\n"
} while (sleep 1);
Get rid of everything Micro and Soft: Buy Viagra and/or Linux
Is it strictly a /. phenomenon that rich bastards, etc. loose things instead of losing them? Maybe this spelling anomaly is confined to those in the community who do not use banks but instead stuff their hard-earned dollars in holes strategically cut into hard-to-find places on their mattresses. I hope they do not loose their secret mattress treasure maps.
I'll be your candy shop of infinite deliciousity if you'll be my discotheque of endless rump-shaking.
Too bad this is all they can do to these scums.
A good and thorough thrashing would do wonders on these low lifes.
I fully, 100% support the actions of these vigilantes. When the law fails or refuses to distribute justice, it falls to the people to take the law into their own hands.
Thank you to everyone involved and keep up the great work!!
ravenspear, that is the funniest thing I've read on the interweb in WEEKS. TRULY clever writing. I'm saving that piece for a colleague
Nobodies Prefect
Tidbits for Techs Technology Blog
It worries me that no one here has given a thought to who may be behind these scams. Organized crime may be behind phishing "Fools rush in" and all that.
...the people running those fraudulent sites will end up getting the hackers thrown in prison for terrorism or something.
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
From the second link in your google links...
"This type of argument is by no means invariably fallacious, but the strength of the argument is inversely proportional to the number of steps between A and Z, and directly proportional to the causal strength of the connections between adjacent steps. If there are many intervening steps, and the causal connections between them are weak, or even unknown, then the resulting argument will be very weak, if not downright fallacious."
ie: The strength of the slippery slope argument can be measured by calculating probability of (A leading to B) and (B leading to C) and (C Leading to...) Unless one of those probabilities is zero, it is a valid chain of logical reasoning.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
lol, where are my mod points when I need them
Frylock: "We should have cloned twenties, Jackson wouldn't have given a fuck."
I am normally not for vigalante justice.
But in this case no-one is being hurt. The only thing that happens is some innocent people cannot use the fake website. It's not like a DDOS attack on a Phisher site (which causes very real problems for others), it's a sublte and free manipulation of the world that really has no downside.
Sort of related is an article I just read today, basically noting that in a world where people can so easily reach out for information they are better off with news and help from people who know more than "officals" who are inherantly removed from the situation do. In the same way why should we wait for the goverment crackdown of Phishers than can never fully come because of resource drain, and instead fix the problem as best we can? Defacing Phishing sites seems like an optimal approach as it denies them the reason (money) for continuing.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
How is this flaimbait? I was making a reference to the movie Boondock Saints, which explores the idea of two Irish vigilantes in Boston who kill the criminals in the city who would not otherwise be persecuted. It was certainly not meant as a flame, and rather relevant to the discussion if you caught the reference. I apologize to any offended, though I must say that my last name is O'Hanlon!
And that should be prosecuted, and mentally fix all the other spelling errors as well.
Once again we(I) bow and pay our(my) respects to the boys(and girls) in black(or whatever color they may have on) Thank you. I think in a land that has almost no enforcement, it is nice to have these individuals who will help the vulnerable. Don't get me wrong, I wouldn't want it a harshly controlled environment, where you say the wrong thing and get in trouble; but i think for these individuals to take on this, is actually a noble thing for them to do... heheh.. next thing you know, they will be writing worms that use a newly found vulnerability of a piece of software, or OS, and automaticly patch the whole before it can be exploited. and then make it so it is self terminating after a certain date.
How long before we see some spamcop like site for reporting phising (sp?) sites ?
I know I've had varing degrees of success with dealing with some of the scams I've recieved in the email. I think the quickest I've had was getting the site removed within 1 hour (of me getting the email advertising it).
The problem is getting sites in places like Russia etc removed. It's a case of Email through a server in china, whois info has an address in Brazil and the site is hosted in an ex-eastern block country.
Call me when they're beating the crap out of them and kicking them out of the saloon, like that scene in "Unforgiven" where the Sheriff goes all midevil on Eastwood's ass...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Robin Hood stole from the rich and gave to the poor. He wasn't leading some vigilante lynch mob.
That aside I think it's kind of alright. Not that I think this sort of vigilance is the best solution I can think of - but if nobody else is doing anything about it, then why not let them. But as always, there's an incedibly thin line between this (good) kind of vigilance and the bad kind. Let's hope that it's not a trend that catches on too much.
"Live free or don't."
My email address contains _nospam, so far so good.
"This is particularly true where the nature of an act (like some innovative new form of online fraud, for example) hasn't been really contemplated by the justice system before."
Although fraud is the strongest law in just about every country for this sort of thing it isn't the only international law being broken. For one, there is trademark law. I would think companies would fight for their trademarks more. In every phising case the fraudster uses the trademarks to foster confusion. That is different from the clasical brick & morter fraud scam. It isn't like your brick & morter scammers can hang a shingle out saying, "Chase Manhattan Bank" and be taken seriously.
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
http://www.aa419.org/vampire/ladvampire.html
Just repeating the URL for clarity's sake.
EVERYBODY, open that URL in a new window/tab and let it run. You can have it in the background or minimise it. In fact, make it your start page if you don't already have any useful start page.
Let's use the Slashdot effect for something good - overloading nigerian scammers' fake websites.
http://www.aa419.org/vampire/ladvampire.html
I'm hijacking this spot to repeat an important post made further down the page.
EVERYBODY, open that URL in a new window/tab and let it run. You can have it in the background or minimise it. Bookmark it. In fact, make it your start page if you don't already have any useful start page.
"The Lad Vampire" automatically reloads images from fake bank websites used by scammers, exhausting their bandwidth quota.
Let's use the Slashdot effect for something good - overloading nigerian scammers' fake websites.
this reminds me of a board script kiddy friend of mine. 15 year old kid with bot-nets in the septuple digits.
often when he was utterly bored he would ask me to give him something to take down. after about 15 minutes of watching television commercials, i'd have a good collection of URL's from bunco scams like www.11homebusiness.com.
For chuff's sake, get a chuffing grip!
The only people who fall for these things are the ones with no common sense. They are the same ones who, a few thousand years ago, would have been some wild creature's dinner. That's one of the reverse benefits {malefits?} of progress; it has allowed people to survive who would otherwise have perished through simple unfitness to do so, in turn lowering the mean fitness-for-survival of the human race as a whole. Nature keeps coming up with dafter and dafter idiots, but thanks to our idiot-friendly society, the wolves and the tigers are still starving.
For starters, why the chuff would a bank with which you don't even have an account send you an e-mail message? And why the chuff would they use a strangely-named GIF image of some awkwardly-phrased and badly-spelt text, asking you to confirm or update your details and including a bunch of meaningless words? Why the chuff would your own bank send you almost the same message -- but with a few changes to the "text" and a different name for the GIF image?
No bank would ever ask you to confirm your details in such an insecure way as over the Internet. No bank will ever ask you for your payment card PIN -- if it ever gets lost, they will just send you a new card and PIN. Similarly with passwords -- you pick a new one. The plaintext is never stored, just the scrambled form. What you entered is re-scrambled, and only the scrambled forms are compared. And if you want to update anything like your address if you move house or your name if you get married, you have to fill out a stackload of forms in a branch, in front of Bank staff.
You don't need to be a full-on computer security expert to know all this. You just need to have a bit of common sense, and to have read the literature the bank were legally obliged to give you when you opened your account.
IMHO, if you are stupid enough to get hit by a phishing scam, you deserve to lose everything -- and stand as an example to the rest of us. So we can say "Ha ha, at least I'm not that stupid" or "Oo-er, I'd better be careful".
Je fume. Tu fumes. Nous fûmes!
There are almost no "working class" people left anymore in our disposable society. We all have mobile phones, computers and DVD players in the glorious reign of Tony Blair -- therefore we cannot, by definition, be working-class! The real jobs have been exported overseas, and all we have left is a consuming class: if they have jobs at all, it is something crap like sanitising telephones or cutting sandwiches {until kitchen knives are banned for safety reasons; then we will all have to put up with imported frozen sandwiches and pay the former sandwich-cutting former taxpayers dole money}. In the end, they will have no useful skills to help them survive: They need the Company's wages {to buy their naff polyester tracksuits, daft boots and counterfeit Burberry bags} more than The Company needs their labour. It is the Capitalist Wet Dream come true.
..... the bank won't be able to afford to pay you so much interest on your account if they have to reimburse some stupid rich tosser who fell for a phishing scam.
Why not get involved with your local LETS, offering a service to completely de-Microsoft people's computers and train them up in the use of Firefox {Web}, OpenOffice {word processing}, Evolution {e-mail} and PHPMyAdmim {database}? If you can do enough work for enough people, then you can almost end up doing without pound notes altogether. I say almost because there some things you still need to buy for which there aren't yet any shops that accept payment by barter.
First and foremost, the cost of housing needs to be brought down by any means necessary. Impose a duty on house sales: the higher the price, the higher the duty. Invest this money in building more council houses. When renting a home is cheaper than buying one {as it should be -- after all, you pay rent for as long as you live in a place, but you only pay a mortgage for a fixed term}, house prices will come down.
And if you have a bank account, remember you will end up paying for the phishing scams
Je fume. Tu fumes. Nous fûmes!
If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.
Jury nullification may mean that the accused doesn't go to jail/prison or face fines, but that doesn't mean that life is easy. Simply being arrested (regardless of conviction) can be devastating to many people in high tech professions. It will show up on background checks, it will keep you from getting security clearances...
I'm not commenting either way on the vigilantes, I'm just pointing out that jury nullification doesn't make something legal, it just means that the government doesn't punish you directly.
For me they're doing the thing that should been done by for long time by the authority. Well done.
If someone attempts to rob from myself or someone else in the street, I am allowed to restrain that person and prevent the crime if I have the capability, even if the acts against that person would nominally be illegal (for example restraining them or knocking a knife out of thier hand). How is this significantly different? The owners of these sites are commiting a felony, and those who take out the sites are preventing a crime. If they attack a site which was legitimate or destroy someone elses property then they undergo due process, thats why you must be very careful when intervening to prevent a crime. However there is nothing illegal (or wrong for that matter) with preventing the crime if you are capable of being selective about it is there (such as selectively defacing the offending site)?
Maybe this falls into some legal grey area I'm not aware of (incidentally I'm from the UK so my legal system and your legal system may be different).
So, basically, any advertisement (which "makes" customers buy goods, which may, or may not, have the advertised qualities...) is fraud?
You've come rawther close to describing criminal false advertising.
When people get an email from a site like this they should complain to the ISP and datacenter hosting the site. The reason is that most will take swift action against phishers. The ISPs and datacenters I have dealt with usually take action within 24 hours. (That's a pretty fast response--they usually have the site suspended far before the 24 hours). And most send copies of the site including logs to the police.
Don't just take the the thought that someone else will report them. Try it some day.
Now, that being said, if you ever run across an ISP which doesn't care, well let's just say they probably deserve it.
Quality Hosting e3 Servers
Cat got your tongue? (something important seems to be missing from your comment ... like the body or the subject!)
Best Slashdot Co
In England in the 18th century many juries found blatantly guilty people "Not guilty" of sheep-stealing because the penatly (death or transportation to Australia) was too severe given the circumstances.
This is an important principle which recognizes the sovereignty of citizens as being supreme at least in some instances.
Sam
blog.sam.liddicott.com
"vigilance"
You keep using that word. I do not think it means what you think it means.
Shooting and killing and criminal cought in the act of shooting someone else is generally illegal (in civilized countries at least). However police get an exception from this rule, and are in fact expected to do it.
Hacking and taking down websites with crimminal intent is something the police should be allowed (and even required) to do.
Sindri Traustason.
Awesome!! If you're reading this, congratulations, now just kill the spammers and we'll give you honors Star Wars IV style.
Stories of vigilante 'justice' remind me of a story in the UK where the media whipped up a storm about peadeophiles. Several people on the sex-offender register were hounded out of their homes and some assaulted. You may call this justice.
When the ringleader of one mob saw that a local woman was a peadeotrician, they stopped reading after the first few letters and she was attacked.
Vigilantes are all good and well when they get it right, but when they get it wrong they are just a lynch mob.
b3 4phr41d 0f my 4bov3-4v3r4g3 c0mpu73r kn0wI3dg3!
MadDwarf
For a Few Paypal Donations More
The Good, the Bad and the iPod
Revenge of the Big Endian Chiefs [The Battle of Little Big Architecture]
[% slash_sig_val.text %]
... which literaly means outside the law, so if someone killed an 'outlaw' they would not be punished because the law doesnt protect the outlaws
By reading this, you have given me brief control of your mind.
Hmm, actually, when I wrote it I wasn't entirely sure of it myself, but after looking it up in my good old Oxford Advanced Learner's Dictionary I'm a bit more sure (not entirely sure still).
It says: vigi-lance n watchfulness; keeping watch; exercise ~. ~ committee (chiefly US) self-appointed group of persons who maintain order in a community where organization is imperfect of has broken down.
So perhaps: s/kind of vigilance/way of excercising vigilance/g
Btw, I'm not a native speaker - as you might have guessed. Though, I still think most people understood what I tried to say. Hopefully... :)
"Live free or don't."
A different, somewhat less problematic approach has been used by Artists Against 419 They link to images from 419 web sites to slurp their bandwidth which often shuts them down for a while when they exceed bandwidth limitations imposed by their hosting provider.
If you mod me down, I shall become more powerful than you could possibly imagine.
"...on the website SecurityFocus by the purported "white-hat" British hacker group called The Lad Wrecking Crew." I blame names like 'The Lad Wrecking Crew" on the royalty, m'self.
Show of hands, how many people think that these 'doers of good' are still going to be prosecuted?
:P.
Ok, now put your arms down, it's starting to smell in here
In all seriousness, the phishers compromise someone's account and lay their data, then these 'vigilantes' come along and nuke it away, essentially making the unfortunate victim even worse off.
Why romantanticize the exploits of people with the emotional age around five years?
Chill. It was a joke, an obscure reference and nothing more. I got it, and I'm sure a lot of other people do too. In fact, the first person to respond to this with the allusion source wins...
Laziness, check. Impatience, check. Hubris, double check!
to reupload the scam to a different fake url and start over. How long does it take to hack the site? I don't think this kind of "war" is sustainable given the level of automation in web design+spam today.
keyboard not found! press any key to continue...
If you do not take precautions against your server being hijacked, you are guilty by omission. Taking down an insecure server is the morally right attitude, if it's likely that the same server will be hijacked again. If a sysadmin has an insecure server, he will probably do nothing to secure it if the only consequence is some phisher's site being defaced. But if the entire server is taken down, then probably the administrator will take some precautions to secure the server in a safer way.
A physical world analogy is if you see a car parked in the street with the keys in the ignition and no one near. The right thing to do would be to remove the keys and deliver them to the police. By doing this you may be preventing the rightful owner to use his car, but you are also preventing children from taking the car and doing harm to innocent people.
Think if there was a distributed tool where people could submit sites and have a ton of clients spew bad data. it would take a good bit of oversight to make sure this power was only used for good, but it stands a great chance at putting a hurt on spammers/scammers. brilliant!
Have they no pity? Who will stop these vigilantes?
6. Audible Alarm (not shown)
-from a Cuisinart product owner's manual.
Hey cool. I've been doing that myself for the past year with a Perl script designed to repeatedly stuff forms with junk. Every time someone goes phishing in my mailbox they'll net a catch of old boots and rubber tires. I'd like to think that the script serves up enough junk data that they'll have a hard time finding people that did fall for their bait.
Any halfway intelligent phisher It's the comedy that keeps me coming back to /.
Just follow the money trail, right?
The problem is:
You can use stolen credit cards to pay for servers.
You can use public hot spots to access your servers.
You can use fake IDs to open bank accounts to transfer the money to. When you withdrawn the money, do it at a different branch so no one's waiting for you.
Easier then robbing a bank.
"That's so plausible, I can't believe it!" - Leela
Why doesn't microsoft release a toolbar or even just a little box on IE that works like there antispyware. People can submit sites for review that they believe are phishing and if a normal user using IE comes upon it it will blink red and say SITE IS MOST LIKELY A SCAM SITE or something like that. If microsoft has this on by default then wouldn't that help stop most cases of this?
http://seanism.com/
we should be seening bounties on fraudulent parties which can be collected by those that successfully take them out be what ever means. This way government regulations should get in the way and hacking skills can be used for profit, how nice would that be.
-Tim Louden
Didn't RTFA, but I don't support any form of vigilante justice. The simple reason? They're wasting valuable time. While they're playing games hacking into a sever to post "Haha, I rooted a scam site," they could have just coded some simple firewall rules that anybody could use, and simply publish a list of scam ips and domains on a daily/hourly basis. If they want to help, code something to prevent such sites from showing up at all, like introducing software to recognize pages that are asking for personal information, and rejecting their loading if they aren't already in the user's pre-approved list of legit sites.
Problem solved... legally. It's already done for spam blocking, though noticibly slower. Spyware tools already have the simple functionality to use modified Windows host files.
Fact is, whoever is doing this, they just wanted press, and to be "l33t", and get some type of hero status, which Slashdot happily gave them. What they aren't doing is making any difference. Those scam sites were most likely already hacked to begin with, and the perp is just moving from one to another daily.
Self regulation isn't about playing cowboys and indians on the net. It's about empowering other individuals with tools so they can regulate their own experience, not so you can regulate it indiscriminantly for them by attacking others.
Vigilantes are not solutions. Not only do they answer to no one, but if they are the solution, what happens when they get bored hacking scam sites? Obviously those making money will have far more patiences than them. It's just a matter of time, unless an effort and solution is really organized legitimately, so that it becomes perpetual.
Cleaning the net one sed at a time! s/sex/sermons/; s/hot/holy/; s/goats/thebible/; www.holysermonswiththebible.com
Seriously, the bandaid fix is a large part of what is wrong with the world. Too many people getting rich off of temporary fixes that keep them in business rather than permanent solutions that put them out of business by actually solving the problem.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
But to drive this thread back to the topic at hand... who wants to bet the only reason they're doing this is that they have the urge to crack servers and figure that scammers aren't likely to sue them?
Check out my sci-fi/humor trilogy at PatriotsBooks.
I don't understand why is it a "thin line". If you see someone getting mugged, you have the physical strength and there is no police around, why shouldn't you intervene?
Those sites are stealing more money from each person than someone taking your wallet on the street and can keep misusing one's identity for many years afterwards. They often reside in jurisdiction where police would rather combat massive real-world violence than bother with some web sites (as well they should!). If you have the skills, you should go and wipe out then next phishing link that shows up in your inbox.
A thin line would be DDoSing Gator. As much as it's tempting to beat up the bastards trying to sell a 100 magazine subscriptions to an old lady who dreams of winning some sweapstakes...
He's an AC so most people won't see it.
Why is it that when you believe something it's an opinion, but when I believe something it's a manifesto?
I have a lot of super powers! I can talk endlessly about computers, putting even the most vile criminal asleep. I have the ability to repel women! And my most super power is that of the ability to thrive without sunlight or real food (just chips and soda) for months!
rm -rf
It's awesome.
Why is it that when you believe something it's an opinion, but when I believe something it's a manifesto?
I assumed CowyboyNeal referred to Neal Cassady, the driver of Ken Kesey's bus Further as chronicled in "An Electric Kool-Aid Acid Test", and the real life Dean Moriarty from Kerouac's "On the Road". Linky: Neal Cassady
The road to hell is paved with good intentions.
Insightful Informative Flamebait Troll Funny
The road to hell is paved with good intentions.
That's what I mean... As I said, to some extent I think it's alright they do this (the cracking of the scammers). My concern is that the trend spreads and someone crosses the thin line between good and bad vigilante-hood? ( E.g.: Will some RIAA/MPAA-fanboys start hammering down http://thepiratebay.org/ because what they (TPB) are doing is illegal where the crackers come from? (And no, this is NOT a discussion on whether or not sharing .torrents is legal/illegal, good/bad or anything like that - it's JUST an example.)
Don't get me wrong, I'm all for seeing those scammers get some of what they deserve - I'm merely a bit afraid that the trend will catch on to other areas that some of us actually care about. (Yeah, I'm an insensitive clod - I don't give a hoot about scammers.) ;-p
"Live free or don't."
you can add "Any post critical of mainstream evolutionary theory" to that list...
/. post I had the primative audacity to call into question the report that miniature skeletal remains found in a cave were pre-human homonids. I thought they might be midgets or something.
/.? I didn't even mention creation/evolution debate, I just questioned facts. It seems sometimes there ISN'T room for any kind of dissenting opinion.
I'm not a creationist, but in a recent
I was flamed like I was jerry falwell for being a 'creationist', modded up at first, then modded way down as a flamer...
what's the deal
Thank you Dave Raggett
Link.
<BChikapa> Holy shit. Calisa, are you watching this thing on Fox
<Calisa> no.
<BChikapa> This guy was in a boat, and a swordfish JUMPED OUT OF THE WATER AND STABBED HIM IN THE FACE.
<Calisa> [SA]HatfulOfHollow finally got them.
<BChikapa> I don't know if it's sadder that you made that joke, or that I got it.
Comment removed based on user account deletion
True, when they're within U.S., U.K. or Canadian borders but I'm encountering more and more outside same and finding the sites up long after I've pinged them and discovered that the entire site and apparent 'host' is nothing more than one big phishing hole. Some of the URLs might change slightly but they were all going back to the same motherships albeit with different info.
Complaining to their upstream providers, or APNIC (for example) is like spitting into the wind.
Thus spake the SysGoddess
LETS == Local Exchange Trading Scheme. Basically a group of people, all with useful skills and assets, who come together and perform work for one another in exchange for favours. No hard currency changes hands. A committee is usually required when you have more than about 20 members, to keep track of who did what and decide what is worth how much.
..... but when some brown inevitably comes your way, you aren't going to refuse just because you've already had your Green Gloop, and you just crank up the severity of your habit}. Why teach a cat to bark, when you can learn to appreciate meows instead? I recently shew a computer-illiterate friend how to use KWord, Gaim &c. She has since tried Windows and doesn't think it is any easier .....
Check up on http://www.lets-linkup.com/. Note, every group will be different.
The WINE project is an utter red herring IMHO and may even prove to be damaging in the long term -- like those textured soya protein burgers that only serve to legitimise meat eating. Or like methadone {keeps you from wanting gear at first
Je fume. Tu fumes. Nous fûmes!
thanx for the info on bartering!
as far as the wine project, well if you think about it alittle further, the more wine is able to handle *ALL* programs written specifically for m$ (which from my understanding, they are getting MIGHHHHHTY close), the less people will *have* to buy m$.. which means.. m$ eventually goes outa business!! :)
I will gladly loose all of life's battles.. in order to win the war..