Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Webmasters Get Phished?

Posted by Cliff on from the gone-phishing dept.

SirJorgelOfBorgel asks: "Many of us run webservers. Some of us just for fun - hosting many of the 'less important' stuff around on the web, others professionally. Though you always try to keep your webserver secure there's always the possibility you get hacked. What do you do, then?" You would think that, by doing the right thing and reporting the incident to the proper authorities, they would do the right thing and go after the hackers, right? This may not be the case. Here's a cautionary tale on what may happen if you follow that line of reasoning. The real question here is: what else could SirJorgelOfBorgel have done to make things turn out as he expected? "It happened to me a few months ago, and the hacker installed a phishing website. Of course I found that out within a few hours and removed it (and patched the used vulnerability). To be helpful, I packed the whole folder, relevant logs, etc, and sent them -- accompanied by a letter explaining what happened -- to the fraud reporting email address of the bank that was the target of the attempt. That's what we all would do, right?

To my surprise however, instead of them trying to found out who it was that made the attempt (an email address where the phished usernames/passwords were transmitted to was clearly visible in the source), they had me disconnected from the Internet and put on an ISP blacklist. Took me some cash and a lot of time to even get reconnected to the Internet. And there I thought they would be happy with this information.

In light of this, if you should ever notice a phishing attempt, would you still report it, knowing it might get yourself in a lot of trouble? I for one, probably won't.

Furthermore, though I know it is my own responsibility to make sure my PCs are well protected, would there be any legal action I should/could take to get reimbursed for my losses? (The bank is a US bank, I am not a US citizen.)"

55 comments

  1. Waste of time... by Saeed+al-Sahaf · · Score: 1

    they had me disconnected from the internet and put on an ISP blacklist. The sad truth is that for the average person, it's just a waste of time to try to contact the proper authorities in cases like this. Most of the time, they will simply ignore you, so you have expanded time, energy, and perhaps money for absolutely nothing but aggravation. Delete and move on...

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
    1. Re:Waste of time... by The+Clockwork+Troll · · Score: 2, Funny

      If you have figured out a way to expand time, energy, and money, then I'd say the downtime was worth it and you'll make up your losses in short order.

      --

      There are no karma whores, only moderation johns
    2. Re:Waste of time... by Anonymous Coward · · Score: 0

      Amazon has already patented that. Move along.

    3. Re:Waste of time... by macdaddy357 · · Score: 1

      It is simple actually. No "good deed" will go unpunished. Look out for number one. That bank's problem was not the webmaster's problem. Here is another example: If you go into a public restroom, and someone has trashed the place, do not point it out to management. They will only accuse you of doing it, so find another place to use the can.

      --
      How ya like dat?
    4. Re:Waste of time... by Anonymous Coward · · Score: 0

      Yea, I have been bitten trying to help someone out too. Take this site for instance:

      http://www.biddingatauction.com/lotsearch.cfm

      They have a SQL injection exploit available at the very page listed above. If you put some mal-formed requests in there, it will dump out a Coldfusion error (along with the full SQL statement they are using) Using some simple SQL commands, you could clear any of their tables, add rows to their tables, or change auction prices (sheesh) I made a nice long letter about it, showed them how to fix it, and documented exactly what was wrong. Guess what, its 6 months later, and it still vulnerable. (shrug) Oh well!

  2. They sound justified by Karma+Farmer · · Score: -1, Troll

    Sooo... someone used your webserver to defraud a bank. And, upon learning of this, some people at the bank took action to have your webserver removed from the net.

    That sounds right, frankly. In fact, I wish it would happen more often. I really have very little sympathy for people who put insecure servers on the internet.

    1. Re:They sound justified by Anonymous Coward · · Score: 2, Insightful

      That's only right if in fact he had not already removed the phishers site. He was trying to do the bank a favor after having already cleaned up the mess on his end. He also claims to have provided them with everything the phisher site had including logs. This type of information can be invaluable in tracking down who/where the person originating the site was from and protecting anyone that was dumb enough to use the phishing site. Instead of taking note that the phising site was down and that this person had diligently done what he could they took a knee jerk reaction and had his site not only shut off by his ISP, but blacklisted. Those actions shouldn't have even been possible, and they certainly aren't right.

    2. Re:They sound justified by metalhed77 · · Score: 0, Troll

      Because your server is impervious 100% of the time right? And this could NEVER happen to you.

      --
      Photos.
    3. Re:They sound justified by Anonymous Coward · · Score: 0

      No sympathy huh?
      Post your server's IP address and lets see who's insecure.

    4. Re:They sound justified by frp001 · · Score: 1

      Errr.. Let me see... 127.0.0.1

      --
      May I use your sig please?
    5. Re:They sound justified by cecille · · Score: 1

      I have very little symphathy for people who expect perfection of everyone and go around putting themselves on a high horse. Before you go around making rude comments about someone else's perceived shortcomings, I would like you to honestly state that your server has never gotten hacked, you've never had a computer virus or downloaded a piece of spyware, and never had any sort of computer security accident. I'd be willing to bet the the VAST majority of people on this website have had some peice of computer equipment compromised in some way. And while this isn't desirable, it is certainly understandable - we're not perfect. At some point, everyone is going to install some bad software, click on a bad attachment, forget to close something on their server, be a bit slow off the mark with the patches etc. Mistakes and accidents happen, and it doesn't necessarily mean that the person is stupid or a bad admin.

      On a slightly different note, what if the poster was just learning about server administration? Would you be absolutely intolderant of mistakes made there too? Is there no room for a learning curve or do we now expect people to be all-knowing computer geniuses from birth? Tell me honestly that you've never before made a single error and then maybe you'll be allowed to make arrogant and rude remarks to people about how they're not good enough for your high standards.

      --
      ...no two people are not on fire.
  3. So by Shaklee39 · · Score: -1, Troll

    What does phishing have to do with this? Or do you even know what that means?

    1. Re:So by orkysoft · · Score: 2, Funny

      The fact that the intruders put a phishing website on SirJorgelOfBorgel's machine, perhaps?

      What does reading have to do with this? Or do you even know what that means?

      --

      I suffer from attention surplus disorder.
    2. Re:So by NevermindPhreak · · Score: 1
      the webmaster did not get phished, as is the title of this article. a phishing site was put up in place of the website he administrates, when said website was hacked. maybe you should do a bit of that "reading" stuff you talk about. :-P

      of course, the grandparent should really just let typos like that go. this is slashdot, after all.

  4. Folder? by keesh · · Score: -1, Flamebait

    Folder? IMAP has folders. Filesystems have directories. Sounds to me like you ran IIS on a public-facing machine, in which case you deserve everything you got.

    1. Re:Folder? by bluephone · · Score: 3, Interesting

      I used to be all militant about that too. Then I realized it didn't really make any difference at all. MacOS always called them folders. With Windows 95, the MS world changed to that term too (albeit slowly). Frankly, it's a more accurate term for the metaphor, as a directory is a list, rather than a container. And it's faster and easier to say and type. The world changes. I decided to quit yelling at the tide.

      --
      jX [ Make everything as simple as possible, but no simpler. - Einstein ]
    2. Re:Folder? by eyeye · · Score: 1

      Dont read too much into it, sometimes i forget myself and call directories folders (and hope nobody notices ^_^ ).

      --
      Bush and Blair ate my sig!
    3. Re:Folder? by ultramkancool · · Score: 0

      I too call them back and forth (I was a dos (directory) then windows(folder) now unix(directory)). But most people don't care what you call them even on KDE 3.4 they call them folders. I prefer directory personaly.

    4. Re:Folder? by Anonymous Coward · · Score: 0

      I think that's a shitty attitude and so I've hacked your website at 127.0.0.1, asshole.

    5. Re:Folder? by xrayspx · · Score: 3, Insightful

      Sounds to me like you ran IIS on a public-facing machine, in which case you deserve everything you got.

      Yes, of course, everyone running IIS is completely incompetant. There is no good reason ever to run IIS. Everything you can do in .Net you can just as easily do in PHP or Perl.

      I am a Unix guy, I don't run Windows on my personal machines. I don't run Windows on my (primary) work machines. I do, however, know that it is very possible to run a site of reasonable security on IIS.

      Unix people (mainly noobs) with militant "you deserve what you get" attitudes are a serious detriment here. Plenty of OSS apps get badly hacked as well. Lately we've seen stats programs, and even freaking ZLIB expose remote code execution vulns.

      I'm not saying "don't trust open apps", I'm saying "don't blanket condemn closed apps", especially when someone asks a simple question which deserves a simple answer. Show me where he says "I run IIS".

      --
      I like music
    6. Re:Folder? by Anonymous Coward · · Score: 0

      You bastard! That's my site, too!

    7. Re:Folder? by yuri+benjamin · · Score: 1

      "Folder" rolls off the tongue more easily, being only 2 syllables as opposed to 4 syllables in "directory". OTOH, in written form when posting on *nix mailing lists, I shorten it to "dir" as in "How do I do XYZ to all the files in dir 'foo'?"

      When telling my wife where I saved a document, I tell her what "folder" it's in because that's the metaphor her gui (kde) uses.
      I remember some desktop gui I used back in the eighties used drawers rather than folders. Can't recall where I saw that.

      --
      You make the mistake of thinking you can educate the fundamental stupidity out of people. You can't.
  5. US Banks by SlackBastardNetworks · · Score: 5, Insightful

    Having dealt with banks (and other industries) in the US many times in the past, I'd like to point out that the average bank has a limited IT department, and the people working there tend to be below par by Slashdot standards. Again, I'm talking about averages here, so keep the "i wok at bank weth fiv otur giys wee al expirts!!1!" flames to yourself.

    That said, it's important to remember that they're not going to actually read any explanations you attach to anything you send them. What they will do is look over the attachments, make their own determination as to what happened, and go tearing off in a random direction, convinced of the righteousness of their crusade.

    So how do you notify them of the phisher without being bitten yourself? Complain about phishing emails coming from the address in question. Don't mention a website. Certainly don't mention your own server. Is this dishonest? Yes, technically. But if you're competent and you know they're not (or at the very least suspect they're not) it's more a case of tailoring the information to suit the audience. You don't explain moral values and arguments to a guard dog, you simply point at the intruder and tell the dog to "sic 'em!".

    There are other US industries to be wary of, with regards to IT: insurance, legal offices, professional medical offices (hospitals, doctors, dentists, chiropractors, etc). The smaller offices tend not to know what's going on, the larger ones tend to push everything off on an IT department that's entirely too small for its own good (and may be staffed with less than the best), and they all tend to make demands that don't coincide with consensual reality.

    Why is it like ths? From what I've seen it's a matter of not having IT people, or letting someone who doesn't understand what's needed do the hiring. They end up with a lot of paper tigers, or worse. I remember one insurance office that had hired an agent's neighbor - a 13 year old self-proclaimed 'firewall expert'. It took me two weeks and nearly $1000 of their money to sort out the mistakes he'd made (and find/remove all the snoopers he'd left behind).

    In a nutshell, try not to use big words when dealing with US banks, and only give them the information they need to point them in the right direction. While your mileage may vary, it's a good practice, because it will protect you.

    I'm sorry, but I don't have any advice on how to recover your losses with regards to the actions the bank took.

    1. Re:US Banks by rylin · · Score: -1, Troll

      Dear SlackBastardNetworks,
      in Our bank [citibank.com] - "Citibank" - we pride ourselves on the fact that we only hire people with a SlashDot [slashdot.org] UserID less than 100000.
      We meticulously screen our employees from time to time, to make sure we do not have employees that are a liability.

      In fact, I feel so strongly about our bank that I'll give you a 8% monthly interest on your savings account, if you just Sign up [citibank.com] for a new account.

      Kind regards,
      Citibank.

    2. Re:US Banks by identity0 · · Score: 1

      Ooh! Ooh! I'm looking for a job! Where do I apply, and do I have to be as... flexible... as your mascot?

    3. Re:US Banks by clambake · · Score: 2, Informative

      and the people working there tend to be below par by Slashdot standards

      Worked at a company that dealt with banks a couple of years ag, and I have to agree. MORE THAN ONE of them used the name of the bank backwards a the passwords to thier vpns... seriously people, BANKS!

    4. Re:US Banks by tod_miller · · Score: 1

      i wok at bank weth fiv otur giys wee al expirts!!1!

      I find so many phishing sites still up a week after the email timestamp, when I finally check my phishy-email folder.

      I email the url, and email to the site contacts, ISP, lots of other info. I am thinking of making a firefox plugin called ' report phish ' which will email from a whois lookup, the nameserver admin, the webserver admin, the hosting guys, any personal email found on that root site, also the reply to address or any valid address in the site, any company that is being scammed (paypal) PLUS the TLD owner countries ecrime police, plus the registered companies tld ecrime police.

      If I install a vanilla windows 2003 web edition server, and someone hacks it, and puts up a phishing scam, is it Microsofts fault for installing a trjoan OS, no matter of intent as read, or do they cover themselves by saying this product is not designed to be connected to a public network?

      It is sure as hell advertised as such, and I think them not having liability (or any other server manuf.) is like a car company making cars with failing brakes, and saying these cars are not meant to be driven in the small print.

      Or is it my fault for being stupid enough to think I can run a web host out of the box?

      Interestingly, as everyone gets a 10mbit connection, surely hosting companies are screwed? Artificially stopping people hosting their own websites is like telcos stopping VoIP.

      --
      #hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
    5. Re:US Banks by Anonymous Coward · · Score: 0

      Complain about phishing emails coming from the address in question. Don't mention a website. Certainly don't mention your own server.

      Light, don't do it that way! Suppose the bank (or a government) had noticed your site in the handful of hours it was actually someone else's phishing site; you wouldn't have any proof that it wasn't you that put the thing up.

      Get in touch with an FBI agent via email or phone, but don't send him your evidence yet. Say exactly what your logs say: that at time X, someone hacked your site with exploit Y and set up a phishing site for bank Z, and that you still have all these logs. Ask him if he wants the logs. The important point is to create a dialog. You want a question/response type conversation going on, so that you know you're not just dumping messages into a black hole. That's step one.

      Step two is to announce (preferably here, so that we know) the name of the bank. This bank shut down your website. There are two main possible reasons the bank moved against you. First, the IT guys are very retarded and don't have the reading comprehension to have known that the phishing site was already down. In that case, they probably followed some standard operating procedure for shutting down phishing sites. The second reason is that the bank lawyers outlined a standard operating procedure for dealing with phishing sites, and the IT guys were forced to follow it. In either case, the SOP probably involves reporting the case to the FBI. You may already have a case file open against you.

      As far as getting renumeration from the bank, I'd say you have a decent case. The bank basically took shutdown actions against a random website, as there was no phishing site at the location they wanted shut down.

      Next to lastly, all of this advice should be considered wrong if your website is something along the lines of www.citybank.com or www.bankamerica.com. Lastly, it's important to tell us the name of the bank involved and what URL you're using so that we can judge for ourselves whether or not to do business with that bank.

    6. Re:US Banks by WebCrapper · · Score: 1

      Back before identity theft got popular, I was starting a business and stumbled across an incorp site that was obviously made out of FrontPage... Since I worked with FP at the time, I knew that it could empower the idiot masses, so I viewed the code. Low and behold, it was storing the form to the site. This form had everything you needed to take over someones life - Their name, business name, 2 addresses, CC info, shareholder info with their SSN's, cc info - everything.

      I emailed the site owner and even gave my phone number so they could call if they wanted to - stupid me... The lawyer called his local police, said that I broke into his website and was stealing his business (not the idents mind you) and he had my phone number and he wanted to press charges.

      Luckily, my local, somewhat competent, police dept got a faxed copy of the email and just called me up and told me what he was attempting to do. They politely told me that they'd take care of it, but don't contact the guy again.

  6. Report to someone who can do something about it. by 3.2.3 · · Score: 1

    I don't know about your state, but I reported a phisher to my state bureau of investigation, because the phisher was targetting a state employee credit union, and the sbi pursued it.

    I think your only liability is not to report it. Just report it to law enforcement instead.

    If someone intentionally interferes with your business, yes, you should sue the fuck out of them. Especially if they have the ability to pay, like a bank.

    However, I'm puzzled by this vulnerability you patched to prevent phishing. I, too, don't think you know what it means.

  7. Perraps your actions had nothing to do with it ... by dougmc · · Score: 4, Interesting
    To be helpful, I packed the whole folder, relevant logs, etc, and sent them - accompanied by a letter explaining what happened - to the fraud reporting email address of the bank that was the target of the attempt. That's what we all would do, right?
    What seems quite likely is that these actions really had nothing to do with it.

    When I get a phishing attempt, I generally report them to the institution being impersonated, especially if it's more convincing than normal. I imagine that some other people do the same. It's entirely possible that other users reported `your' phishing site, and the bank was already in the process of getting it shut down when they received your email.

    ... if they ever received your email. Lots of places don't really read their abuse@ addresses, or filter it so heavily that most everything gets filtered.

    And if they did get your email, and it was received by the right people, they probably don't care. Your site cost them money, even if you claim that you weren't directly responsible, and they'll do what they can to stop it from happening again.

    Ultimately, the right answer is to keep your system secured enough so this doesn't happen. Your email after the fact was the Right Thing [tm] to do, at least morally, but I'll bet if you had checked with your attorney, he'd have suggested not sending it at all. as it could be used as evidence if the bank decided to sue you.

    It's not right, but it's the way things are ... being a Good Guy [tm] just doesn't pay anymore.

  8. Re:Report to someone who can do something about it by swimin · · Score: 2, Informative

    I think the Original Post meant that his website had been taken over as part of a phishing scam, and he patched the vulnerability that allowed the takeover.

  9. Re:Report to someone who can do something about it by Questy · · Score: 3, Insightful

    Better yet...

    Do the one thing the bank will do nearly anything to prevent... Publicize it far and wide. Let everyone know the bank, their name, and the cities affected wherein people whose information was compromised live. Once their customer base is all over their phone lines demanding information that only you can provide.

    Of course, unless you signed an NDA in which case...ignore me. :)

    --
    #!/Jerald
  10. Re:Report to someone who can do something about it by Karma+Farmer · · Score: 3, Funny

    Great idea. That will prove that his intentions were honorable, and the bank's actions were misguided.

  11. name of institution, please by Anonymous Coward · · Score: 0

    Dude, don't expect anything to change if you don't post the name of the bank, the name of the ISP that bent over for them, and details such as the names of any individuals you talked to.

    Hell, I could be doing business with these guys right now, and you are not even going to warn me ?

  12. For unix, "directory" is right. by chl · · Score: 1
    In the unix world, "directory" is (was?) exactly the right word, since in the typical unix file system, a directory is just a list that matches inode numbers to names, just like the (phone) directory from which this metaphor is derived.

    Of course, people may choose not to care.

    chl

    1. Re:For unix, "directory" is right. by bluephone · · Score: 3, Interesting
      from a programming perspective, sure, it is correct. From a human perspective, it's sorely lacking. Most coders and/org *nix fans fail to recognize that the wider world of people think in human terms, not programming terms. This is another reason why the standard *nix method will not "take over the world". Maybe it's time the metaphor evolved. Yes, it's not an actual container, but it is a metaphorical container, therefore the directory term fails in the metaphor sense despite being technically correct from the programmatical metaphor.

      We evolve. Join the club.

      --
      jX [ Make everything as simple as possible, but no simpler. - Einstein ]
    2. Re:For unix, "directory" is right. by chl · · Score: 1
      Actually, I think it is also a useful metaphor in the human perspective. It is just a different metaphor than the one with the containers and I do not personally mind if people choose a different model to represent what is going on in that strange gray box. I could not even tell you if my coworkers use Folder or Directory.

      chl

    3. Re:For unix, "directory" is right. by Tim+C · · Score: 1

      I'd be surprised if any modern filesystem didn't work in more or less that way - eg a big list of filenames pointing to the actual locations of the start of the files on the disk.

      But as the GP says, the users of the computer don't think of it that way. They think of putting/saving a file *in* the folder, not saving it on disk somewhere and adding the link to it to a given directory.

      --
      It's official. Most of you are morons.
  13. NAME NAMES! by Anonymous Coward · · Score: 3, Insightful

    When you have a story like this, backed up with documented facts (I hope), and you go to the "press" (slashdot is the "press", sad but true), you need to state the names of all companies involved.

    I need to know your company's name, so I avoid your insecure web servers.

    I need to know the bank's name, so I can avoid ever reporting anything to them.

    And I need to know your ISP's name so I can double-check any contracts I might have with them.

    What's the point of posting this when we have no idea who it is, or even if you made it up or not?

    1. Re:NAME NAMES! by wik · · Score: 1, Insightful

      Ironically, you posted this request as an anonymous coward.

      Name yourself so I can avoid you!

      --
      / \
      \ / ASCII ribbon campaign for peace
      x
      / \
    2. Re:NAME NAMES! by timmyf2371 · · Score: 1
      Yes Slashdot is "the press", however it's an Ask Slashdot and not really an article that's been posted as "news" so the information is incidental to it's main task.

      I'll concede that knowing the bank involved and other details about this incident would be nice to have, but as an Ask Slashdot the information isn't "needed".

      --

      Backup not found: (A)bort (R)etry (P)anic
  14. Re:Report to someone who can do something about it by passthecrackpipe · · Score: 1

    This is so correct - a bank is not interested in seeing the law served, it is interested in seeing their business served. Those two are rarely the same. Probably some lame misguided attempt to just make the whole thing "go away"

    --
    People who think they know everything are a great annoyance to those of us who do.
  15. Reimbursed? by Anonymous Coward · · Score: 0

    You're the one that apparently left the server with a known vulnerability and didn't patch it until it was attacked. Why would should anybody reimburse you for that?

  16. Re:Report to someone who can do something about it by secolactico · · Score: 1

    Great idea. That way you'll only be inconvenienced by a libel/slander lawsuit if the bank is so inclined. Even if it has no grounds, you'll still have to spend time/money until it's thrown out of the court.

    --
    No sig
  17. Are you sure of cause and effect? by Monte · · Score: 2, Insightful

    Are you sure that -

    1) It was the bank that had you disconnected (it might have been a phishing victim doing the complaining to someone else,

    2) It was because you notified them that they had you disconnected (they might have already gotten phishing complains and had the disconnect in the works while you were still gathering the evidence)

    I'd like to hear the bank's side of the story.

    I know, in /.-think that makes me weird, because we all know it's Yet Another Example of Evil Businesses Keeping the Man Down.

  18. Let me FUCKING guess by Profane+MuthaFucka · · Score: 1

    Was it Fleet Bank? I hate them so much.

    Their collection department used to call me up looking for their delinquent customer. The phone line was new to me, but apparently the number used to be owned by a real deadbeat.

    When I explained the situation about the phone line, they told me that they were putting all my excuses into my record. Heh. Finally, I told them that they were fucking idiots, and hung up.

    Next day they called back and asked why 1) I haven't paid them their money, and 2) why I was so rude to them on the phone yesterday.

    I responded by telling them that I pay for the phone line and I'll fucking swear on it if I want to, and BY THE WAY, can you transfer me to the people who can cancel my credit card issued to fleet bank.

    By the end of it, you had better fucking believe that Fleet Bank knew that I wasn't the person they were looking for, and my actual record there does indeed note that I like to swear at stupid people.

    The best thing is that they've called me back several times trying to interest me in various financial services. Each time, I ask to speak to a manager, and they get the full story of what fucking idiots they are, and how I'd rather eat my own poop rather than do business with them.

    I also have told at least 30 people in person about what asses Fleet Bank are, and many more through Internet postings like this one.

    It's a true story, and truth is an affirmative defense against both libel and slander, so fuck 'em.

    --
    Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
    1. Re:Let me FUCKING guess by sweetooth · · Score: 1

      Well, the funny thing is Fleet barely exists as a bank any more, they are in the process of being absorbed by Bank of America.

      http://www.fleet.com/bankofamerica/

    2. Re:Let me FUCKING guess by Profane+MuthaFucka · · Score: 1

      The sweetest thing in the world is to outlive all your enemies.

      --
      Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
    3. Re:Let me FUCKING guess by WebCrapper · · Score: 1

      Sadly, I completely understand...

      I was flagged in Verizons customer database. Flag stated that I was rude, cursed a lot and actually knew what I was talking about... Aparently the new supervisor I chewed up and spit out after a week long DSL outage didn't like me.

      Oddly enough, I found this out when I worked for them as a contractor a year after I closed my account - they keep their customer records for far too long.

      I'd rather eat my own poop rather than do business with them. - thanks for the laugh...

    4. Re:Let me FUCKING guess by Anonymous Coward · · Score: 0

      What kind of bank is also in the enema business?
      http://www.drugstore.com/qxp15093_333181_sespider/ fleet/enema_ready_to_use_saline_laxative.htm

  19. Be glad your NOT an Amerikan!! by Anonymous Coward · · Score: 0

    Because then you'd be haressed and possibly brought up on charges that you conspired in haveing your own equipment hacked because of your *lack* of secure software!!

    What happened to you should be proof enough that this is not outa the question with amerikan *authorities* and their simplton thinking.

    I'm sure your not laffing tho, as these type of things are becoming the norm in this hell whole of a country.

    :(

  20. Bank's view: you are the problem by thechuckbenz · · Score: 1
    It's easy to understand the bank's actions if you pretend you are a bank President.

    You've shown that your system can be used to hurt his bank, so he will try to prevent that from happening ever again. The FBI will arrive shortly to impose a Mitnick order (that you must never use a computer ever again).

    (What kind of world did you think you lived in, anyways?)

  21. you'll still have to spend time/money ... by da5idnetlimit.com · · Score: 1

    And you just happen to have access to a few hundred online bank accounts...

    --
    It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
  22. Re:Report to someone who can do something about it by fuzzybunny · · Score: 1

    That way you'll only be inconvenienced by a libel/slander lawsuit if the bank is so inclined

    From TFA (or TF Post, or whatever):
    "(the bank is a US bank, I am not a US citizen)"

    Last thing I checked, US civil judgments still weren't enforceable abroad. Slander away, Mr. Sulu...

    --
    Cole's Law: Thinly sliced cabbage