Vigilante Hackers use Old West Tactics for Justice

dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.

justice

[Artana+Niveus+Corvum]

I truly often wish that sort of justice were legal... When the law can't back itself up and the people can...

Re:justice

[JockAMundo]

I've often thought of writing a script to flood bogus data into scam sites

I do this all the time. It is easy with the Firefox Web Developer extension. I just turn the post into a get, remove the field limits, and fill the fields with hundreds of characters. I usually take some text from Project Gutenberg. Then I stuff the big GET into a wget command in a looping bash script and let it run for a few hours. These sites are usually just php mailers, and so I get the satisfaction of filling a scammers mail box.

Probably useless, but it makes me feel better.

(arg, slashdot says I'm a script!, that is it, I done coding for the day and I'm going for a beer)

ahhh...

that's why my citibank fansite was defaced!

Jury nullification

[XanC]

If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.

Re:Jury nullification

[crymeph0]

Agreed. From the end of TFA:

We would rather see the industry itself find solutions.

And while your industry is sitting around doing nothing about these fake sites set up in countries where the local police care more about rounding up dissidents than stopping fraud, people are losing their life savings. I'll take my chances with the vigilantes. Even if they make mistakes, at least they're doing something

Re:Jury nullification

[ScentCone]

If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.

Not really. For example, if a person doesn't have appropriate charges brought up against them (or there are no such statutes), then there will never be an option for a jury to exercise. The jury might elect not to convict on something, but they can't cause a conviction (on other counts) where there should be one. This is particularly true where the nature of an act (like some innovative new form of online fraud, for example) hasn't been really contemplated by the justice system before.

Re:Jury nullification

[MetalliQaZ]

The problem with vigilantes is this:

What happens when they come after YOU, and you don't have due process to protect you?

-d

Re:Jury nullification

[digidave]

Let me know how that BOIP (Bullet Over IP) goes.

Re:Jury nullification

[crymeph0]

Don't get me wrong, this is not how things should be, but to turn your question around: What happens when your parents/friends/@other_close_ones get hit by a phisher, and "due process" doesn't protect them, because the industry is still "searching" for a solution?

I agree

[Dancin_Santa]

We just don't see enough people hanging from trees for marrying outside their race.

Oh, your concept of right and wrong is different from mine?

Re:I agree

[MoneyT]

How do you erode the rule of law where the law does not attempt to rule?

Hacker Man!

[clayasaurus]

Hacker-man, Hacker-man
Does whatever a hacker can
pwns fake websites, any size
Catches phishers, just like flies
Look out! There goes the Hacker-man!

Is he strong? Listen, Bud!
He's got caffinated blood.
Can he type from a chair?
Take a look over there.
Hey there, there sits the Hacker-man!

In the chill of night,
At the scene of the crime
Like a streak of light
He arrives just in time

Hacker-man, Hacker-man
Friendly neighborhood Hacker-man
Wealth and fame, he's ignored
Action is his reward

To him, life is a great big bang-up
Wherever there's a scam-up
You'll find the Hacker-man!

Re:Hmmmm

[ergo98]

Hacking into these legitimate companies doesn't do anything to hurt the scammers.

?

You think that it doesn't hurt phishers when their "closer" is rendered inoperational? Maybe I'm wrong, but I'm going to bet that some phisher that used their botnet to send out millions of emails (losing a number of their bots in the process) is going to be pretty pissed when some whitehat knocks their server offline before all of the morons enter their username and password.

Re:Report yourself to the authorites?

[Adrilla]

By the way, most comic book heroes are known as vigilantes

Well most comic book heroes have great powers, or amazing tools and weapons and um...oh yeah...They Don't Exist!

Vigilante activism

Speaking of vigilante activism

#!/usr/bin/perl
# This is a perl script I wrote to piss off the phishers. What this
# script does is generate fake credit card numbers that look like real
# credit card numbers. This way, I can add bogus information to
# phishing sites that looks legitimate
# License: Public domain
sub verify {
my($cardnum) = @_;
my($a,$b,@cc);
for($a = 0;$a < 16; $a++) {
$cc[$a] = substr($cardnum,$a,1); }
for($a = 0; $a < 16; $a+= 2) {
$b = $cc[$a] * 2;
if($b > 9) {
$b -= 9;
}
$cc[$a] = $b;
}
$b = 0;
for($a = 0 ; $a < 16; $a++) {
$b += 0 + $cc[$a];
}
return $b % 10 == 0;
}
for(;;) {
$d = "54"; # Some phishing sites only accept cards where the
# first numbers look like they come from a bank
# This looks like a generic US MasterCard number
# (MasterCard is actually 5[1-5], but I'm too
# lazy to make the second digit a random number
# from 1 to 5)
for($c = 2 ; $c < 16; $c++) {
$d = $d . int(rand(10));
}
#print $d . "\n";
if(verify($d) == 1) {
print $d . "\n";
sleep(1);
}
}

Mod parent down

Parent post is clearly a fake, it claims the code is Perl, but I could read and understand all of it.

Self policing society

[mollog]

I see this as another example of the self-policing that goes on here on the internet. Slashdot is another example on several levels. For example, this forum provides a means for people to express their feelings about a variety of subjects. And this forum is not mob rule, we moderate each other, and we moderate the moderations. Inflammatory and extremist talk is not tolerated silently.

On another level, Slashdot is the pulpit where the topic of freedom gets a lively and ongoing discussion. Freedom to use and create software, freedom to exchange ideas, data, tools, freedom of expression, etc., etc.

The 'net is not quite the free-for-all that some believe. And this self-regulation, self-policing, self-examination that is already the norm, is proof of the responsibility and maturity of so many here who make the net what it is; a cool place now, and a thing of hope for the future. So the idea of people going out and disrupting bad behavior on the 'net is a virtual tradition. To me this is a very good sign.

Let's continue working to keep the gummint's clumsy hands off the 'net. I know they made the net, but it has grown in size and importance because of public involvement.

Re:Self policing society

[DerekLyons]

I see this as another example of the self-policing that goes on here on the internet. Slashdot is another example on several levels. For example, this forum provides a means for people to express their feelings about a variety of subjects. And this forum is not mob rule, we moderate each other, and we moderate the moderations. Inflammatory and extremist talk is not tolerated silently.

Only so long as the inflammatory and extremist talk isn't something disliked by the Slashdot Hivemind... If it is, inflammatory and extremist talk is *encouraged* where it's not outright rewarded.

• For instance, in the recent article about 911 and Vonage, virtually every post supporting Vonage and calling the victim 'stupid' was modded *up*, whereas virtually every one criticizing Vonage for it's misleading marketing material was modded *down*.
• In a recent article about militarizing space, virtually every article criticizing the Administration and misreading the various treaties was modded *up*, while pointers to correct interpretations of the treary was modded *down*.
• In virtually every article about the Shuttle, posts praising Soyuz are modded *up*, and posts pointing out that it's not as safe as propoganda would have you believe is modded *down*.

The same can be seen in any article about MicroSoft, SCO, and a vast variety of other topics.

Slashdot is indeed ruled by a mob - a mob extremely intolerant of dissident views and facts that fail to meet it's fore-ordained conclusions.

On another level, Slashdot is the pulpit where the topic of freedom gets a lively and ongoing discussion. Freedom to use and create software, freedom to exchange ideas, data, tools, freedom of expression, etc., etc.

Certainly - If you define 'freedom' as 'I can do whatever the hell the I want without any restrictions or respect for other peoples rights, except maybe the people I agree with'. The same Slashdot that gets annoyed about GPL violations is the same Slashdot who openly espouses theft of *other peoples* IP.

And that's the ultimate tragedy of vigilante justice - it's almost always represents the views of the 'men on white horses', not those of society.

The 'net is not quite the free-for-all that some believe. And this self-regulation, self-policing, self-examination that is already the norm, is proof of the responsibility and maturity of so many here who make the net what it is; a cool place now, and a thing of hope for the future.

It's almost utterly unregulated and unpoliced - except for very small corners. And virtually all of those small corners are intolerant of anything 'not them'. They aren't about freedom - they are about bigotry and isolationism.

"Old West Tactics"

[Wyatt+Earp]

I'm a Middle East (1917-1995) Historian by day and an Old West Historian by night.

This really isn't an "Old West" tactic, but a tactic used in the United States, UK and other nations with a tradition of Common Law or the inclusion of extensive non-statutory law reflecting a consensus of centuries of judgements by working jurists.

As times changed laws became codified and the power of the People to enforce the law were erodded in the United States and other countries.

A Judge had to own 500 acres of land without debt on the land and they had the power to cherry pick what they wanted in terms of the law for the circumstances. Law then was terrible complicated, looking at a History of American Law by Lawrence M. Friedman shows that it's terrible complex and not nearly codified enough to just throw out a list of laws and punishments. Since the law on the frontier was often a copy/paste affair and made up by the Judges and not codified, a Judge had the power to make up laws. Like Evesdroping in 1808 or Droping a Dead Body into a River in 1821. Federal Judges started to go wild with common law crimes after U.S. V. Hudson and Goodwin in 1812.

This case allowed a Federal Judge or define a crime and issue a punishment for it. Codification would stop this by defining what was a crime, and stop a Judge from making up a crime.

A Posse wasn't normally a group of people acting as vigilanties, but a Posse is a group deputized by a Law Enforcment agent (Town Marshal, Sheriff, Federal Agent, etc) for a fixed duration or event since communities didn't have large standing forces.

Some examples from an essay I found on the web a while back while researching the law in the 1860s

Citizen's Arrest

Students of the law should note that both a statutory and common law basis for a certain degree of "vigilante behavior" is well founded. Indeed, in an era of lawlessness it is important that readers be advised as to their lawful right to protect their communities, loved ones and themselves by making lawful citizens' arrests.

First, what is an arrest?

We can thank Black's Law Dictionary for a good definition: "The apprehending or detaining of a person in order to be forthcoming to answer an alleged or suspected crime." See Ex parte Sherwood, (29 Tex. App. 334, 15 S.W. 812).

Historically, in Anglo Saxon law in medieval England citizen's arrests were an important part of community law enforcement. Sheriffs encouraged and relied upon active participation by able bodied persons in the towns and villages of their jurisdiction. From this legacy originated the concept of the posse comitatus which is a part of the United States legal tradition as well as the English. In medieval England, the right of private persons to make arrests was virtually identical to the right of a sheriff and constable to do so.

A strong argument can be made that the right to make a citizen's arrest is a constitutionally protected right under the Ninth Amendment as its impact includes the individual's natural right to self preservation and the defense of the others. Indeed, the laws of citizens arrest appear to be predicated upon the effectiveness of the Second Amendment. Simply put, without firepower, people are less likely going to be able to make a citizen's arrest. A random sampling of the various states as well as the District of Columbia indicates that a citizen's arrest is valid when a public offense was committed in the presence of the arresting private citizen or when the arresting private citizen has a reasonable belief that the suspect has committed a felony, whether or not in the presence of the arresting citizen.

District of Columbia Law 23- 582(b) reads as follows:
(b) A private person may arrest another -
(1) who he has probable cause to believe is committing in his presence -
(A) a felony, or
(B) an offense enumerated in section 23-581 (a)(2); or
(2) in aid of a law enforcement officer or special policeman, or other person authorized by law to make a