Slashdot Mirror
Vigilante Hackers use Old West Tactics for Justice
dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.
I truly often wish that sort of justice were legal... When the law can't back itself up and the people can...
-----------------------------------------
Remove the Greed which plagues mankind.
that's why my citibank fansite was defaced!
i love how gov. agencies will probably crack down on the hackers defacing the phishing sites, but do little to nothing about the phishing sites/people themselves its all about the quick solution, not trying to go towards the deeper problem
"The Geeks, the Pasty and the Unbathed"
__________
|rip/\/\aster
If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.
Dear Sir,
My name is Dr. Samouismai from the royal family of Nigeria and I would like to offer you a proposal that you may find compelling.
I have recently come into an inheritance of goatse pics and I feel that I can not hold all of it safely. I would propose that if you agree I will hold 26 million of these pics in trust for you to deposit at whatever place you wish to keep them.
I would like to meet to arrange this as soon as possible. If this deal succeeds, I would also like to discuss the possibility of you acquiring my collection of 4.3 million woopie cushions.
Sincerely,
I forgot my real name but I usually go by Jack Ass
Larson added, "We would rather see the industry itself find solutions."
So would we.
There has been a long history of hackers doing good on the internet. I think this is just another step in that story. Hackers have been misrepresented in the media for many years, and I for one am glad to see that for once they're getting some good press.
We just don't see enough people hanging from trees for marrying outside their race.
Oh, your concept of right and wrong is different from mine?
Comment removed based on user account deletion
I have a little PHP script that I use whenever I get a phishing email. The script generates fake credit card numbers, expiration dates, etc. and repeatedly hits the phishing site's form dumping in random info.
;)
Any halfway intelligent phisher would record the IP address of each submission and just dump all of mine when he saw there were bogus, but it makes me feel good that I at least wasted some of his time
"People that quote themselves in their signatures bother me" - athakur999
The links these so-called vigilantes place on those de-faced sites saying:
;)
:D
_ __
"link to the bank's real web site"
he he he he he he
Regards
Arash Partow
_______________________________________________
Be one who knows what they don't know,
Instead of being one who knows not what they don't know,
Thinking they know everything about all things.
http://www.partow.net/
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
Hacker-man, Hacker-man
Does whatever a hacker can
pwns fake websites, any size
Catches phishers, just like flies
Look out! There goes the Hacker-man!
Is he strong? Listen, Bud!
He's got caffinated blood.
Can he type from a chair?
Take a look over there.
Hey there, there sits the Hacker-man!
In the chill of night,
At the scene of the crime
Like a streak of light
He arrives just in time
Hacker-man, Hacker-man
Friendly neighborhood Hacker-man
Wealth and fame, he's ignored
Action is his reward
To him, life is a great big bang-up
Wherever there's a scam-up
You'll find the Hacker-man!
a userfriendly comic where Pitr is upset at being spammed. He discovers that the mail servers are Linux and are inseucre. The next clip is of a guy behind a computer frowning at "su: user does not exist." Theres a followup comic where all of the spammers Internet Traffic are routed to Mars. "But Mars doesn't have any... oh." All this really means is that eventually phishers and scammers will get smarter and run TrustedBSD, OpenBSD, SELinux, or some other hardened variant using mainly static pages and highly developed systems. It's really a never ending battle.
Hacking into these legitimate companies doesn't do anything to hurt the scammers.
If the vigilantes take down the scam site, then they may prevent some people from falling victim to it. It may not hurt the scammer, but it might protect the innocent.
And, frankly, these "legitimate companies" should do more to prevent the use of their services for fraudulent purposes. Say, writing a script to search though the hosted material for the phrase "bank account" and flag any occurrences for human review.
I can't say I approve of this behavior...but it might have a positive effect, as well.
Hacking into these legitimate companies doesn't do anything to hurt the scammers.
?
You think that it doesn't hurt phishers when their "closer" is rendered inoperational? Maybe I'm wrong, but I'm going to bet that some phisher that used their botnet to send out millions of emails (losing a number of their bots in the process) is going to be pretty pissed when some whitehat knocks their server offline before all of the morons enter their username and password.
Instead of defacing websites?
If they are smart and talented enough to break into a webserver, they could use those skills to set up some sort of clearinghouse for phish sites to avoid that could be done as some sort of proxy + RBL for phish sites. Better yet, program a web proxy program that does something simple:
Compare the href tags in downloaded webpages with the displayed links. If the 'root' domains don't match, imbed a warning in the HTML page before it is sent to the browser for the user to see. The proxy could be programed to look out for spoofery involving internet giants like eBay PayPal and the like. Of course this could be construed as a copyright violation for modifying someone else's webpage (unless you happen to be Google with their Google Cache).
By the way, most comic book heroes are known as vigilantes
Well most comic book heroes have great powers, or amazing tools and weapons and um...oh yeah...They Don't Exist!
"Plans are for fools! Oglethorpe, the plutonian (Aqua Teen Hunger Force)
#!/usr/bin/perl
# This is a perl script I wrote to piss off the phishers. What this
# script does is generate fake credit card numbers that look like real
# credit card numbers. This way, I can add bogus information to
# phishing sites that looks legitimate
# License: Public domain
sub verify {
my($cardnum) = @_;
my($a,$b,@cc);
for($a = 0;$a < 16; $a++) {
$cc[$a] = substr($cardnum,$a,1); }
for($a = 0; $a < 16; $a+= 2) {
$b = $cc[$a] * 2;
if($b > 9) {
$b -= 9;
}
$cc[$a] = $b;
}
$b = 0;
for($a = 0 ; $a < 16; $a++) {
$b += 0 + $cc[$a];
}
return $b % 10 == 0;
}
for(;;) {
$d = "54"; # Some phishing sites only accept cards where the
# first numbers look like they come from a bank
# This looks like a generic US MasterCard number
# (MasterCard is actually 5[1-5], but I'm too
# lazy to make the second digit a random number
# from 1 to 5)
for($c = 2 ; $c < 16; $c++) {
$d = $d . int(rand(10));
}
#print $d . "\n";
if(verify($d) == 1) {
print $d . "\n";
sleep(1);
}
}
I believe our Founding Fathers, well-versed in the technology of the day, said it best:
Raise your children as if you were teaching them to raise your grandchildren, because you are.
Hack the phishing server, fire up a torrent tracker and post a link to some US chart music or movie downloads. ref: http://yro.slashdot.org/article.pl?sid=05/05/25/22 6228&tid=95&tid=17
That way, the FBI, RIAA, MPAA will all be round there in about 10 minutes flat.
Contribute to the online videogame encyclopedia: GamerWiki
I take issue with this statement. Yes horses are not as popular as they once were, but that doesn't mean they are completely out of the picture. Why you automatically assume that everyone else subscribes to your horseless worldview, I have no idea.
My genetic programming website: http://www.helpmefigurethisout.com/
'Warning - This was a Scam Site...If you would like to aid us in our future attacks on scam sites please enter your credit card number and expiration date in the fields provided below.'
So where is the FBI and the DHS when you need them?
Having a doughnut.
Parent post is clearly a fake, it claims the code is Perl, but I could read and understand all of it.
Problems like these should be solved by technology. The time and energy of talented hackers is wasted on vigilanteism. The digital world has new rules and new capabilities.
Sorry, I know good engineering work is harder, much less exciting, and much less satisfying than hacking the enemy directly, but why play whack-a-mole when you can make them obsolete? Ok, enough ranting. I hope y'all had fun.
Care about electronic freedom? Consider donating to the EFF!
I see this as another example of the self-policing that goes on here on the internet. Slashdot is another example on several levels. For example, this forum provides a means for people to express their feelings about a variety of subjects. And this forum is not mob rule, we moderate each other, and we moderate the moderations. Inflammatory and extremist talk is not tolerated silently.
On another level, Slashdot is the pulpit where the topic of freedom gets a lively and ongoing discussion. Freedom to use and create software, freedom to exchange ideas, data, tools, freedom of expression, etc., etc.
The 'net is not quite the free-for-all that some believe. And this self-regulation, self-policing, self-examination that is already the norm, is proof of the responsibility and maturity of so many here who make the net what it is; a cool place now, and a thing of hope for the future. So the idea of people going out and disrupting bad behavior on the 'net is a virtual tradition. To me this is a very good sign.
Let's continue working to keep the gummint's clumsy hands off the 'net. I know they made the net, but it has grown in size and importance because of public involvement.
Best regards.
I'm a Middle East (1917-1995) Historian by day and an Old West Historian by night.
This really isn't an "Old West" tactic, but a tactic used in the United States, UK and other nations with a tradition of Common Law or the inclusion of extensive non-statutory law reflecting a consensus of centuries of judgements by working jurists.
As times changed laws became codified and the power of the People to enforce the law were erodded in the United States and other countries.
A Judge had to own 500 acres of land without debt on the land and they had the power to cherry pick what they wanted in terms of the law for the circumstances. Law then was terrible complicated, looking at a History of American Law by Lawrence M. Friedman shows that it's terrible complex and not nearly codified enough to just throw out a list of laws and punishments. Since the law on the frontier was often a copy/paste affair and made up by the Judges and not codified, a Judge had the power to make up laws. Like Evesdroping in 1808 or Droping a Dead Body into a River in 1821. Federal Judges started to go wild with common law crimes after U.S. V. Hudson and Goodwin in 1812.
This case allowed a Federal Judge or define a crime and issue a punishment for it. Codification would stop this by defining what was a crime, and stop a Judge from making up a crime.
A Posse wasn't normally a group of people acting as vigilanties, but a Posse is a group deputized by a Law Enforcment agent (Town Marshal, Sheriff, Federal Agent, etc) for a fixed duration or event since communities didn't have large standing forces.
Some examples from an essay I found on the web a while back while researching the law in the 1860s
Citizen's Arrest
Students of the law should note that both a statutory and common law basis for a certain degree of "vigilante behavior" is well founded. Indeed, in an era of lawlessness it is important that readers be advised as to their lawful right to protect their communities, loved ones and themselves by making lawful citizens' arrests.
First, what is an arrest?
We can thank Black's Law Dictionary for a good definition: "The apprehending or detaining of a person in order to be forthcoming to answer an alleged or suspected crime." See Ex parte Sherwood, (29 Tex. App. 334, 15 S.W. 812).
Historically, in Anglo Saxon law in medieval England citizen's arrests were an important part of community law enforcement. Sheriffs encouraged and relied upon active participation by able bodied persons in the towns and villages of their jurisdiction. From this legacy originated the concept of the posse comitatus which is a part of the United States legal tradition as well as the English. In medieval England, the right of private persons to make arrests was virtually identical to the right of a sheriff and constable to do so.
A strong argument can be made that the right to make a citizen's arrest is a constitutionally protected right under the Ninth Amendment as its impact includes the individual's natural right to self preservation and the defense of the others. Indeed, the laws of citizens arrest appear to be predicated upon the effectiveness of the Second Amendment. Simply put, without firepower, people are less likely going to be able to make a citizen's arrest. A random sampling of the various states as well as the District of Columbia indicates that a citizen's arrest is valid when a public offense was committed in the presence of the arresting private citizen or when the arresting private citizen has a reasonable belief that the suspect has committed a felony, whether or not in the presence of the arresting citizen.
District of Columbia Law 23- 582(b) reads as follows:
(b) A private person may arrest another -
(1) who he has probable cause to believe is committing in his presence -
(A) a felony, or
(B) an offense enumerated in section 23-581 (a)(2); or
(2) in aid of a law enforcement officer or special policeman, or other person authorized by law to make a
Here I am, minding my own business, trying to protect people by setting up a very similar web site to their bank so I can "store" their credit card numbers for them, and some jackass goes and defaces my web site.
I never felt so insulted in all my life. Well, then. If that's people's gratitude, I'll just stop that and if they lose their credit cards, they're on their own.
Could someone tell these guys to bring down all those Al Qaeda (and assorted copycats) websites with beheadings and terrorist messages on them?
FAA Certified Flight Instructor
#!/usr/bin/perl //, $cc) { $sum += $digit; } /.(.)/, $cc) { $sum += $digit; }
do {
my ($cc, $sum) = '54' . (join '', (map { $_ = int rand 10 } (1..13))) . '0';
foreach $digit (split
foreach $digit (split
$cc =~ s/.$//;
print $cc, 9 - ($sum % 10), "\n"
} while (sleep 1);
Get rid of everything Micro and Soft: Buy Viagra and/or Linux
From the second link in your google links...
"This type of argument is by no means invariably fallacious, but the strength of the argument is inversely proportional to the number of steps between A and Z, and directly proportional to the causal strength of the connections between adjacent steps. If there are many intervening steps, and the causal connections between them are weak, or even unknown, then the resulting argument will be very weak, if not downright fallacious."
ie: The strength of the slippery slope argument can be measured by calculating probability of (A leading to B) and (B leading to C) and (C Leading to...) Unless one of those probabilities is zero, it is a valid chain of logical reasoning.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
"vigilance"
You keep using that word. I do not think it means what you think it means.
Oh. My. God. We must stop that evil hydrogen NOW! Think of the children!!