Slashdot Mirror
Teens Arrested in MySpace Extortion Scam
An anonymous reader writes "Two New York teens have been arrested after trying to extort $150,000 from the makers of MySpace, the popular online community site." From the article: " MySpace discovered the intrusion earlier this year and blocked it. The Los Angeles-based company also reported the incident to authorities. During the course of the investigation, threats were made that unless $150,000 was paid, new exploit code would be released, according to the statement. By this time, the sting operation had been set up, so instead of meeting with MySpace late last week, the pair from New York met with undercover officers from the U.S. Secret Service and the Los Angeles District Attorney's Bureau of Investigation. "
Go directly to jail. Do not pass Go. Do not collect $150,000.
So, two kids hacked MySpace, and threatened further damage unless they were given $150,000, but cry "foul" when lured into a job offer/interview for the purpose of arresting them.
I'm not sure, but I'm willing to bet extortion dollars thay MySpace would not bother luring people into their space if no extortion were there in the first place.
It's pretty amazing how criminals (alleged) cry about violated rights when apprehended. Yeah, there are constitutional procedures to guide law enforcement and judicial, thank goodness for that.
I don't see, assuming these are the kids who did hack MySpace, any impropriety nor violation of their "space".
--Rob
Towards the Singularity.
Well, I definitely have to say that I am not surprised about this one.
American kids thinking that they can get away with anything, interested solely in themselves, and getting something for nothing.
In the end, services like MySpace is one of the signs of the decline of society as a whole.
Look at it, people no longer care about privacy as they are publishing every single aspect of their daily lives for everyone to read about, including things like "My boyfriend dumped me today! I wanna die!"
Thirty four characters live here.
Haha. Sorry, they had it comming, even people laughing at them. Stupid script kiddies.
One more time for the road: Ha ha.
Scott Swezey
Hello.
My name is Bajin Urhala. You probably don't know me but I want to tell you that unless you give me $50 USD I will release a worm that will bring down your network. Please send me your credit card. I live in sweden arabia and the ex-predident of the bank died and I must transfer some money to your account.
Thank you and may god bless you.
first post
If I were them I wouldn't be worried about the press publishing my name in connection with extortion, I'd be more embarassed about people finding out I was involved with MySpace.
...Screw the arrest, the scam, the kiddies... Where's the exploit code?!
(I'd really laugh if the exploit "leaked" now, costing MySpace much more than $150,000 in downtime, lost data and lost crediblity.)
Anagram("United States of America") == "Dine out, taste a Mac, fries"
someone should hack it to fix the stupid errors that you routinely get while using it and especially the problem when you're subscribed to someone's blog, then you leave myspace. myspace will not let you unsubscribe to that person's blog. you're supposed to unsubscribe before you delete your account. myspace customer service is worthless because when i've emailed them about it, they told me to login to my account and unsubscribe myself...
I DONT HAVE A FUCKING ACCOUNT ANYMORE YOU FUCKING IDIOTS
so every once in awhile, i'll forward an email about a new myspace blog post and change the subject to HELP A MAN IN HIS MID 30S IS TRYING TO GET ME TO RUN AWAY WITH HIM.
still no reply..
myspace is a worthless piece of garbage.
Don't mess with Tom!!!! Luckily he is my friendslist, so he is my friend right?
Sad thing is I can think of about 3 ways right now to bring myspace down at least from a users standpoint. The openess of css usage they allow, plus there is a great little expliot making the rounds after you clicked on an outsidelink it takes some actions on your account to propagate itself. You could make a nice cascading corrupted CSS plague, forcing all user pages to crash any browser.
---In a time of Chimpanzees I was a Monkey.
to hack mySpace but not to devise a better way to transfer the pay-off?
Come on now, a job interview? Don't they know the way a transaction like this goes down is on the docks at night (when its foggy of course). The guy drops the money off in a breifcase, then you zoom by on a motorcycle with a hot chick on the back who picks it up as you fly by at 80mph in black leather jumpsuits.... ...oh I see where the plan fell through, being old enough to reach the shifter on the motorcycle, and knowing a hot chick.
Now instead of enjoying the college years they'll be enjoying federal pound me in the ass prison.
if they simply released the code, and brought myspace to its knees resulting in a increased need for mydeathspace.com
They are so 1337, I wish I could be like that one day.... And why are the Secret Service helping My Space my tin foil hat is tingling with conspiracy theories....
I was wondering if Slashdot would ever cover this.
These kids were associated with a site that charged for code that you can add to your MySpace profile which would allow you to see who had viewed your profile, when, and where they got to you from (another friend, search, etc). By my calculations they were making upwards of $20,000/month from their service ($5.00/mo with around 4000 users).
They, and other tracker sites, have been constantly battling with MySpace over the use of the "hacks". Most of the stuff they've used has simply taken advantage of bad programming. The first generation of trackers used a flash file in the profile to read users cookie data. Then MySpace forced all embedded flash objects to disallow the use of actionscript. They moved on to inserting javascript in CSS commands, using image files to capture browser info, etc. MySpace responded by blocking the use of certain domains within profiles. They then bought a bunch of different domains and assigned them randomly to users.
Then there was some random legal trouble that they never really talked about but had apparently moved past. The next planned release was supposed to be "unstoppable". They had promised the release for about a week and a half and it was eventually pushed back to May 19. Then they got arrested. The site, myspaceplus.com, switched over to a basic notice about "info coming soon" and that was it. There was a pretty active forum on there but I think people were starting to sense that there was trouble and/or the two owners (who went by Jack and Jake on the site) were skipping town.
Anyway, it's a really interesting phenomenon, especially considering that other services have built in the ability to see who's viewing you as long as you allow others to do the same when you view their profile (Friendster). Most of the tracker sites now are on a similar model where the tracker will only work with other users ot the service.
So, not really "hacking" per se. It seems that MySpace was most worried about people's IP addresses getting stolen. The sites started hashing them so you couldn't see the actual address. Seems like a weird thing to be worried about on the privacy front if you ask me.
The abouve comment is a joke...laugh...
The abouve comment is a joke...laugh...
:)
Are you French or something (in regards to abouve)? Stick with your Royale with Cheese
However if you google for other news stories there seems to be more going on.
First of they are not teens. 18 and 19 makes them adult in america doesn't it?
Second is that they apparently ran a website http://myspaceplus.com/ (wich is still up but empty of content, and horribly laid out on opera/linux). Before this it apparently was a site for some software to hack myspace.
This "first" hack was discovered and plugged. They then apparently tried to extort myspace into paying 150.000 (or get paid to be consultants) and were then trapped by law enforcement officials at a meeting.
A lot of the explenation by the lawyer of the young idiots sound like typical lawyer crap "anything to get my clients off".
The real question is, what was myspaceplus.com about? Is this just a story of two idiots who were to greedy and now can learn a bit about the real world. Or did myspace step over the line in trying to get rid of a couple of hackers by appealing to their greed.
Either way the young aduls are stupid but you can wonder if they really need to spend several years in a federal jail because of it, oh who am I kidding. Fry the suckers.
It just is fucking hilarious. If their attorny is claiming the truth (HA) then you got to admire their lack of common sense. Ooh, yeah we publish a tool to hack myspace. Oh look they are sending us a job offer to advise them for 150.000 dollars. Lets travel across the country to get rich!
By the way doesn't the fact that they travelled across the state border (LA and New York are different parts of america right? You yanks ain't got a monopoly on bad education you know) make it a federal crime?
Oh well, since they are geeks they will at least soon loose their virginity. Squeel piggy, squeel!
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
At least for computer science. The previous article complains that we do not have sufficient science skills. When such skills are demonstrated in the computer science arena, we slap em down and squelch their entreprenuerial spirit. Where is this country heading?
When I was young, I had to rub sticks together to compute.
Ah, young love. Brings a tear to your eye doesn't it.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Hacking up some javescript isn't exactly "computer science".
Half the MySpace pages I've looked at are so chock full of shit that they cause Safari to freeze so I can't scroll down the page, and then crash, preventing me from reading much of anything.
I look at this as one of its best features, because if I spent more than a minute looking at those horribly-designed pages covered with lame images, I might have to gouge my eyes out in disgust.
Coincidence? ;-)
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
"First of they are not teens. 18 and 19 makes them adult in america doesn't it?"
Sorry, could you say that again with numbers in writing? I'll give you a hint: EighTEEN and NineTEEN.
You are correct that they are adults (legally able to sign a contract). They are also teenagers.
Welcome to MyJailSpace.com!
Are you kidding me? There is a reason that Fox bought myspace - strictly for it's "data" as you put it. Myspace is a site where one of the most profitable(not to mention fickle) demographic in the world voluntarily offer up their likes/dislikes etc to a company in great detail that is easily searched, cross referenced, and advertised to. It is possibly the biggest advertising goldmine I've ever imagined.
It's always baffled me how so many people could miss what is so big and profitable about Myspace. Even if the site itself never made money (which I doubt, as they advertise heavily and widely) - the data they collect is worth millions upon millions of dollars.
Hmmm Betty. The cat did a whopsee on my shake down operation.
Ya, I'd be worried about the press publishing my name too because then people could log onto myspace and learn even more about Shaun and Saverio
Hmmmm Betty. The cat did a whopsee on the boys' website's google cache:
s py.myspaceplus.com/+&hl=en&gl=uk&ct=clnk&cd=1
http://66.249.93.104/search?q=cache:XrpeKGWy2egJ:
I speak from experience in that I was the one to bring this scam to the attention of myspace in the first place. And I cracked the first several codes they released. ( Having friends that work at myspace helps) They ran a site that released "trackers". These were bits of flash mostly that when loaded onto a users page cause anyone viewing that page to be victimized by a series of css or bad design exploits. These mostly took advantage of css through flash actionscript that was encrypted to obscure the actionscript (swfencrypt). As for their latest "unblockable" code: it was really lame. A flash file on the users page redirects you to a 3rd party site that looks like myspace (think pishing tactics) that then asks you to enter your email address that is associated with your myspace account to view the users page. So now they have your ip and your myspace account and how often you visted the users account. Frankly you'd have to be a moron to fall for this though. For an example check www.blendnet.com/verify.php (though I wouldnt recommend entering a valid email address since these guys still control this server. And should this give anyone an idea, don't bother, it's already been blocked) P.S. If there are any myspaceplus users reading this, you people are some of the dumbest forum posters on earth, we watched you all this entire time and you gleefully gave us everything we needed to find and crack these stupid little codes.
And so it begins. Myspace will be the next online target such as the gambling sites were a couple years ago.
[%] Cingular Ringtones
This had to fail, if everyone who found code issues in Myspace's programming wanted $150,000 they'd be bankrupt by Monday.
That is a chilling tape! We're listening to five officers beat him and then put a gun to his head while detailing their cover story to explain his death unless he agreed to sign a waiver of his rights. They swore under oath that they never as much as threatened him until the tape was produced. At least all five officers involved have been setenced to prison for 4+ years each. Knoxnews has a good page about the incident.
What's the connection between this story and my rights online?
They did something with my product that I didn't intend! CRIMINALS! FRY THEM! And worse.. they MADE MONEY! Throw the book at them!
Seriously.. the extortion thing was pretty dumb of them, but this sense of ownership of everything a company touches is insane and needs to end. People will build on top of your work. Its the way free market economies work. Get over it.
set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
Letter to Tom I should have written 5 months ago:
/. and myspace.com, if you ever have to go through this silliness, and if you need help with your cyberharrassers, that is where you should go, dial 8, but the police can only contact myspace.com through their phone menu. Then cancel your account with myspace.com. Forget about it for awhile. Then come back when you just don't care about whoever the fuck is bothering you. Just flag it and forget like everyone else does.
Tom, you are never around for help, I think you are myth in general. When I tried to contact you before to help me with my spammer/cyberharrasser problem, you were no where to be found. That's OK, you are busy and you look like a nice person. So I went to the police. They helped me file a report. Anyway, no problem.
Tom, could you ask the cyberharrassers to leave me and other women the f!ck alone on myspace.com? I don't see why the cyberharrassers are bothering, I wouldn't give them the time of day whoever it is. They have every right to be on there just like anyone else without harrassment, I don't bother them, so don't bother me, seems pretty simple to me. I am sure you have enough lawsuits to handle anyway Tom. I just ignore them.I had to make the police dial 8 for the law dept of myspace.com. to get my account cancel because it was under my other email address that was already deactivated.
Heads up to all the nice people on
Thanks for caring and paying attention and proving what f!ckwads you really are cyberharrassers, I already knew you were terrible people, it is not like I care, but I thought I would write you Tom to say hello. Like I said, you seem nice, but you need a cyberharrassment department pronto at your offices in Santa Monica. And I like Santa Monica, it was an awesome place to visit and I liked the cool little coffee shop that opens and closes whenever they feel like it on Santa Monica Blvd.
P.S. I still think cyberharrassment sucks though.
Vicki
Sounds at least a little unethical to me. Shouldn't they have been arrested in their own state and extradited if need be?
Jeremy
Melbourne, Australia
Jabber Australia
Glad to have them out of the genepool.
I am Bennett Haselton! I am Bennett Haselton!
An attorney's job (as confirmed by the American Bar Association's Attorney's Oath) is to do his or her best job possible for every client to win the case. It's their job! You need to blame the person who hires the attorney for malice or idiocy typically.
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
[pinkie in mouth] One hundred and fifty ... THOUSAND ... DOLLARS!!!
ie, do some fucking research.
These kids ran a tracker service that allowed you to see which users had clicked through your profile. It wasn't an original idea; the first implementation was through another service called spyspace, which a member of the Philadelphia-based, music-oriented forum at board.crewcial.org (the current form of the predecessor communites of pr.n and pf.c) had coded up and provided free of charge to his peers. One or more of them abused the service and sold accounts on eBay, at which point the MySpacePlus programmers caught wind of the concept and decided to code their own.
The original Spyspace service took everything from cookies, and allowed you to view the profile, access time, IP address, and - if they were using Internet Explorer, the contents of their clipboard (!!!). Out of privacy concerns Spyspace's coder removed the clipboard function fairly quickly. MySpace was aware of the service's existence and patched most of the holes that allowed it to work, although the Spyspace code was simply altered to read data in different ways and stayed up. Eventually, too many accounts had been sold to people outside of the community and the coder did not wish to be associated with the project any longer, and terminated the service.
This was about the same time as MySpacePlus, the service created by the arrested pair, was taking off. They did not seem to possess the same coding talents as Spyspace's creator and were not able to create the same workarounds, so the quality of their service degraded as Myspace's security improved. There were always concerns about the security of their service, as well - the coder of Spyspace apparently examined their service and noted that they collected personal data of their users, such as Myspace logins and passwords, that Spyspace did not.
At any rate, either the pair discovered a new vulnerability that was not marketable in the same way the tracker services were, or they were simply bluffing. I think an important note is this: if they had instead said, "we have discovered a vulnerability in your product and will sell you the details for $150k," they would still be prosecutable under American law. In fact, it is entirely possible that this is exactly what they said. Is this a just law at all? Consider that Fox would have had a concrete choice - attempt to figure out the flaw themselves and risk a loss of credibility, or buy the data. The loss of credibility is in any rate not a result of the teenagers' actions, but of Fox's own flawed code! The way that TFA is written is clearly in judgement against the pair already, but without specific details the degree of actual extortion here is suspect.
The many comments here and elsewhere on the internet suggesting these pair should be raped in prison are reprehensible. What's wrong with you people?
And YOU shall be known by your atrocious spelling!
How many escape pods are there? "NONE,SIR!" You counted them? "TWICE, SIR!"
The media love to throw "teen" into the story title when it jazzes up the story and ups the emotion quotient. Just like some count 19 year olds as 'children' in statistics when it produces the desired results.
"teen" and "MySpace.com" are 'hot button' words these days.
I am surprised to see so many uninformed comments on this topic. How can so many of you be prepared to condemn these guys on the basis of a single AP article, the basis of which was a statement from the District Attorney's office? And how can you take everything their office says as gospel truth, while dismissing a defense attorney's statement as simply a desperate attempt to get his client off? Rememer, the prosecutors are attorneys too (that's why they them District "Attorneys"), and they have agendas of their own. Keep in mind who has the burden of proof here. You might all do well to discuss the issues surrounding the case (e.g. the technical and legal issues) without jumping to conclusions about the facts of a pending criminal case or the guilt or innocence of those involved. This is a new case, and there is a lot that has not yet had time to come to light. Give it time.