Slashdot Mirror
The Long Arm of Microsoft
eldavojohn writes "Software giant Microsoft is helping the law track down and find phishers and political borders are no boundary for them. From the article, 'One court case in Turkey has already led to a 2.5-year prison sentence for a so-called "phisher" in Turkey, and another four cases against teenagers have been settled out of court, Microsoft said on Wednesday, eight months after it announced the launch of a Global Phishing Enforcement Initiative in March.' This initiative started back in March and has resulted in 129 lawsuits in Europe & the Middle East. Perhaps their legions of lawyers will come to some use for the rest of us but teenagers settling out of court? That reeks of RIAA/MPAA tactics to me."
I'm really personally torn on this. I mean, on one hand, I hate spam and I hate all kinds of computer related scams. I feel that a lot of good ideas (like e-mail) risk death at the hands of these attacks. That said, I welcome all efforts to take care of this.
... that Microsoft offers out of court settlements from these individuals & personally profits from them. I would assume that amount is trivial to Microsoft & I would want Microsoft to punish these people to the extent of the law where they live. It would also be nice to see Microsoft turn around and donate any money earned towards anti-phishing and anti-spam initiatives.
However, I would be a lot happier if the law took care of this. You know, if Microsoft would give every police district across the world free software, tools and maybe even hardware to catch these guys, that would be the safest route--leave it to the law to take care of these matters. But what I fear is that local police just don't have the time and resources to track these guys down. And, on top of that, law enforcement here in the states might find an illegal or rogue server in another country and have no way within their jurisdiction to follow the case across the boarders. That and in some locations, cops are crooked or they don't see the problem of phishing to have any tangible victims.
So while there's a lot of good reasons for Microsoft to do this, I still feel a tiny bit afraid that an already very powerful company is becoming a lot more powerful by gaining international recognition as a crime buster.
So, if you'll entertain me and let my tin-foil hat imagination run wild for a second, say that BitTorrent becomes illegal to use under some country X's laws. Now, I live in country Y (across the world) and I use BitTorrent to retrieve Linux DVD distro images. Microsoft somehow monitors this through my operating system and brings a trial against me in country X. I don't even live there but now I have to go there and defend a lawsuit in that country? That would be a horrible outcome.
Another fear of mine has already occurred
In the end, I really don't think this is the answer to the problem of spam & phishing. I submitted this story in hopes that there'd be some good debate about where the responsibilities of stopping phishing attacks should lie.
My work here is dung.
I'm GLAD Microsoft is going after phishers. What these people are doing is fraud. This is nothing at all like the MPAA/RIAA using extortionary tactics to go after low level copyright infringement.
What kind of boarders are they getting across? Surf-boarders? Skate-boarders? What have they done to deserve being squashed by Micros~1?
Oolite: Elite-like game. For Mac, Linux and Windows
political boarders - hate those, damn imperialists and trotskyites are the worst, they never pay their rent on time.
The o is not even close to the a on the keyboard, have to wonder...
When Microsoft has made itself "indispensible" to the world's (mostly underfunded) police the way it's made itself "indispensible" to the world's businesses, Microsoft will have more power to get the world's police "see things it's way". That means prioritizing, say, software piracy over, say, security holes. The cops in the street won't have much to say about the priorities, but their bosses at the top of their national law enforcement will "rebalance" their priorities to accommodate Microsoft's roles in their budgets and operations.
It's like bottom-up lobbying. Where our rights meet the people who protect them. Brought to you by Microsoft.
--
make install -not war
let the phishers do the phishing. helps natural selection
Most of the cases were Microsoft simply providing evidence to local authorities, who themselves prosecute the scumbags. In the small number of cases where Microsoft is directly taking action (on behalf of little-guy victims everywhere), I'm actually surprised it isn't Citibank and other colossals pummeling these dirtbags into the ground.
Comparing this to the RIAA cases? Give me a break. That's like comparing a rapist with someone taking a second glance at someone they find attractive.
teenagers settling out of court? That reeks of RIAA/MPAA tactics to me.
No, it only shows that teenagers do all sorts of things online, including copyright infringement and phishing. Or are you saying that teenagers shouldn't be tried under the laws of the country?
What's a "political boarder?" Is it, like, someone who stays at the White House and gets fed and a place to sleep?
"You can drive out Nature with a pitchfork, but It always comes roaring back again." - Tom Waits
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
While criminal complaints are aimed at what Microsoft believes to be real criminals, the civil lawsuits are aimed mainly at young people without criminal intent. For them, settlements of 1,000 to 2,000 euros ($1,290-$2,570) are deemed to be enough of a deterrent, Microsoft said.
Those are much smaller settlements than the RIAA is asking for, and I dare say that they either don't cover, or barely cover the legal fees that Microsoft incurs from these actions.
This doesn't look at all like the kind of profit-making enterprise the RIAA is engaging in. Rather, it looks like MS is trying to deter criminals and criminals-in-training from ripping people off.
Of course, they are doing it for their own business reasons. It makes them look bad when people get scammed because of security vulnerabilities in IE. But I don't see how you can draw an evil motivation out of it.
"Perhaps their legions of lawyers will come to some use for the rest of us but teenagers settling out of court? That reeks of RIAA/MPAA tactics to me." ...who cares. Steal credit card information, go to federal pound-me-in-the-ass prison and learn to like it.
The statement that people are reacting to is "... the civil lawsuits are aimed mainly at young people without criminal intent." But you have to ask yourself, who's the author, what their bias, andy how did they decide that these young people DON'T have criminal intent. I didn't read anything to substantiate the author's statement.
Will we be seeing the black hand reaching out of Mor^wRedmond more regularly?
Finally, WGA put to good use. Remember, WGA will not collect any personal information....
Perhaps you meant political borders. :-)
"I'm glad you personally watched all of these 129 cases go down and that you found all of them to be genuine phishers. How many teenagers are capable of setting up phishing scams?"
How many people are capable of sending spam? How many are capable of operating a P2P client? Age has litte to do with ability. And in this day and age of open source any "teenager" can run a powerful OS that can be used for good or ill. Let alone all the free scripts that automate the hard parts.
"It's the 'settling out of court' that sounds suspicious to me. Why wouldn't Microsoft drive them into the ground like you suggest? Why not bankrupt them and jail them? "
Because revenge isn't the purpose of the law. Getting people to stop doing what is illegal is. If a slap on the wrist will accomplish that, then so be it?
However, I would be a lot happier if the law took care of this. You know, if Microsoft would give every police district across the world free software, tools and maybe even hardware to catch these guys, that would be the safest route--leave it to the law to take care of these matters.
The issue at hand is identity theft, the police won't prosecute for crimes like this any more than if someone searched through your garbage looking for personal information. The victim has to bring the case himself.
I have absolutely zero problem with Microsoft filing suit against those phishers.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I forwarded a couple of "You have won the Microsoft Lottery" 419 scams to their abuse address but they don't appear to be interested.
I get a reply that I should contact the local police. As if I would be interested to waste my time.
It is *their* name that gets abused, and I help them by forwarding scam mails they can use as evidence, but that is all the effort I am going to make.
Those poor phishers, having to send emails to defraud people of their hard-earned money, then having their livelihood ripped from beneath them by a software behemoth.
DAMN YOU MICROSOFT, I LOOK FORWARD TO "HELLO DEAR SIR" AND "UK LOTTERY INVESTIGATION" EMAILS, THEY MAKE ME FEEL IMPORTANT!!
"My name is Gates. I carry a badge. I was working the day watch out of Phishing when the call came in - two kids in Uzbekistan were phishing people in Denver on the old Nigerian money scam. My job: bust 'em."
Da-de Dum DUM!
Jack Webb IS Bill Gates in
Drag the NET!
Coming soon on MSNBC!
Lee Darrow, C.H.
Come on, just because it's MS they gotta go and lump it in with RIAA as the evil-doers of the world. Nevermind that phishing is far more grievous than downloading a song of the internet. Get over it.
Not to me. Filesharing doesn't impact me personally, nor likely the poor starving recording artists who aren't going to get their money whether or not the RIAA and the record companies actually collect it.
Pishing crimes are far worse on my personal scale of the sewer that the Internet has become, and anything that makes those criminals suffer is a Good Thing.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
That means prioritizing, say, software piracy over, say, security holes.
So, elect local and state officials that will put enough budget behind your law enforcement agencies to make such support irrelevent. I doubt that will have much impact on where most of the phishing originates, though, which is overseas. By the way, if you think for a moment that companies like Motorola or General Motors or Ford or Taser don't have just as much of sell-to, but also be-generous-and-supportive-to relationship with city, county, and state cops, you're really missing the larger picture.
But while GM may sell a lot of Impalas to county PDs, there aren't a lot of people running around saying to themselves, "I don't know - I may not buy a car, especially a Chevy, because I hear that you can get your credit rating wrecked and your bank account emptied if you use one a lot." Microsoft (just like Apple, BTW, though Apple's letting MS do the work, here) has a vested interest in hunting down the people that use popular computer/network-based communications methods to try to rip people off. A clever phishing scheme might just as easily impact that mythological Ubunto-using Grandma or all those Mac-using soccer moms as it would someone checking their G-Mail account from a Windows box. MS, just like all of us, has an interest in shutting these clowns down. But they have the resources to present a solid case to (in the cited example) Turkish police. Not something that your local county PD could possibly put together without a huge boost in funding.
So, vote for people who back more funding. Or, take up any offer by anyone that helps to put the hammer on these jerks. Or, ideally, both. At the state level, it's either higher taxes, or reduced spending in other areas, or outside help. Or some less uncomfortable combination of the three. There's no free lunch, and there's no free international prosecution of Turkish scam artists after your mom's checking account.
Don't disappoint your bird dog. Go to the range.
I think Microsoft could help law enforcement by helping the individual officers and agents who perform the raids and arrests. You know the SWAT team guy who busts the door open? Ballmer could train Microsoft agents to do the same thing by throwing a chair at the door...
IF there is something worse than a monopoly then it's a vigilante corporation.
c le/2006/01/28/AR2006012801268_pf.html
... Exxon Mobil, for example, is building hospitals in the developing world. Cargill Corp. is building schools in areas where potential employees lacked basic skills...
So if you think it's bad Microsoft is now policing the net, well did you know that
the _SCUM_ behind your friendly TARGET store may well someday hold a cold barrel
to the back of your neck?
>>> Retailer Target branches out into police work
http://www.washingtonpost.com/wp-dyn/content/arti
"Target is pushing forward a different model of corporate giving,"
In the past few years, the retailer has taken a lead role in teaching government agencies how to fight crime by applying state-of-the-art technology used in its 1,400 stores. Target's effort has touched local, state, federal and international agencies.
Besides running its forensics lab in Minneapolis, Target has helped coordinate national undercover investigations and worked with customs agencies on ways to make sure imported cargo is coming from reputable sources or hasn't been tampered with. It has contributed money for prosecutor positions to combat repeat criminals, provided local police with remote-controlled video surveillance systems, and linked police and business radio systems to beef up neighborhood foot patrols in parts of several major cities. It has given management training to FBI and police leaders, and linked city, county and state databases to keep track of repeat offenders.
.... I have to admit that when it comes to crime, they done a few good things for the universe. The best thing I can think of is besides the topics covered in this article CETS which is a Microsoft designed product to fight child pron/exploitation.
http://www.rcmp-grc.gc.ca/news/2005/n_0510_e.htm
Before we go bashing M$, maybe we should at least give an "attaboy" as they occasionally do good.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
Matthew Broderick, is that you?
Hi,
Here is the nightmare situation of current phishing all with some https: hosts (rare), decimal IPs, Geocities hosted Yahoo phishing pages which sends mail to Gmail (yes!) etc.
http://www.phishtank.com/
Watch and get amazed everyday, for help, submit or verify the open data.
The situation is already out of hand IMHO.
Scene opens. Zonk is sitting in the super secret Slashdot tower of geekdom, pissed that CmdrTaco made him work the Black Friday shift while CowboyNeal is shopping for new boots and matching chaps.
....
Zonk: okay okay, time to post some slashdot stories. What to do what to do...
Zonk hits a button and instantly hundreds of submissions appear on his 52 inch computer screen
Zonk: Computer, scan for submissions relating to Microsoft or Bill gates. Group by content.
The computer buzzes and whirs for two seconds and the display changes
Computer: Algorythmic analysis shows 13 distinct possible stories. List is as follows:
1) Melinda Gates has alien baby
2) Windows Vista kills small puppies
3) Steve Ballmer makes anti-semetic remarks at PC Expo
4) Bill Gates declares "All your iPod are belong to Zune!" in internal memo.
Zonk: *abruptly cuts of the computer* Run believability algorythm 259. Display only titles a typical slashdot reader might believe as real.
Computer: Two titles remain. List is as follows.
1) Microsoft launches new Anti-linux propoganda
2) Microsoft assists in anti-phishing efforts
Zonk: Hmmmmm, run inflamatory index algorythm 86 on both titles.
Computer: Complete. Report is as follows:
Title group: Microsoft launches new Anti-linux propoganda
Inflamatory index: 23
Stories show high incidence of anti-microsoft sentiment and pro-linux stories. There is a high degree of correlation in past stories, leading to ideas that it's been rehashed too often. This may lead to a high level of "I've seen this damn story before" posts by readers. However, due to the extreme number of this type of post, index is relatively low as topic is had reached the "JonKatz" threshold of repitition, and most readers will probably ignore it.
Would you like me to run an accuracy scan index on the articles to see if this article group may be true?
Zonk: nono I don't care about that, continue with report.
Computer: Continuing with report:
Title group: Microsoft assists in anti-phishing efforts
Inflamatory index: 67
Stories show low incidence of Anti-microsoft sentiment and no pro linux sentiment. Articles appear to case MS in a good light. All factors lead to low inflamatory index except for one. One or more articles express anti-RIAA/MPAA sentiment for no particular reason. Existance of extreme, unwarranted attempt to link article to RIAA/MPAA leads to incredibly high index.
Zonk: hot damn! Scan all submissions and run inflamatory index on each submission. List submission with highest chance of "WTF this is nothing like the RIAA/MPAA."
Computer: Article returned: "The Long Arm of Microsoft."
Zonk: Sweet! Computer post at 11:53 AM with no additions or changes. Open up T1 lines 4 and 7 to accomodate the extra connections and prepare the fire supression systems. That will phish a good number of comments and help us get our hits up for the day.
And that, ladies and gentleman, is how and why slashdot posts articles with stupidity like that RIAA comment
"All great wisdom is contained in .signature files"
Surely the way to deal with phishers is to give them their own TLD. Obviously .con
If Microsoft started investigating and tracking down pedophiles online, you guys would be up in arms and defending the pedophiles. Fuck YOU ALL. Nothing Microsoft does can ever be good, eh? Everything is full of suspicion. Good, live that way you tin foil fucks.
These guys are phishers. Microsoft is not prosecuting them, they are providing evidence. Why all of a sudden do you think they would be bad for doing this? Next you will be defending NAMBLA's policies because Microsoft goes against pedophiles.
Bill "I won because I have more money than you and a wife that is better looking than any pussy you fucking nerds will get" Gates
You'd have to be asleep for the past 10 years to not know that crime is absolutely out of control online, in the forms of phishing, spam, kiddie porn, etc. No law enforcement agency on the planet is able to do anything to stop it: All we get is one high profile case every 6 months or so on the major media in some kind of pathetic attempt to show that the law enforcement agencies are on top of it. I think that in this case, law enforcement needs all the help they can get.
Sure, everybody is still entitled to all of their rights (trial by a jury, etc.), but we desperately need more people and companies helping law enforcement in this area, because law enforcement is doing *nothing* right now to stop all of this shit from happening.
"but teenagers settling out of court? That reeks of RIAA/MPAA tactics to me."
...and you're gripping that some teenagers are
Oh dear. So of course teenagers aren't capable of committing crimes are they? No, of course not.
If you are phishing there is no good reason to do so. Phishing is for one purpose only,
deception, identity theft and all the other things that go with it.
A millions miles away from RIAA/MPAA type actions.
A teenager can be old enough to hold credit cards, have bank accounts to put the money in
that they defraud. Or they could be working with older people that do have such accounts.
Come on, put your thinking cap on. This isn't hard at all. Identity theft and stuff like that
ruin peoples lives and thats an understatement.
settling our of court? Jeez.
I've seen Midnight Express. I wouldn't wish Turkish prison on anybody... =\
At first, I was reading your explination, and I thought, "Hey, this sounds plausible. This probably is close to correct". Then, I remembered that Slashdot is still running MySQL, and goes down more than a Republican hooker in Washington, DC. So, I think that your premise is plausable, but only if there were some real technical expertise over at the Slashdot offices.
Is that with phishing there is a victim, with copyright infringement there really isn't. Phishing is akin to robbery or assault in terms of crimes. It causes direct harm to a person through the commission of the crime. Copyright infringement is a crime along the lines of speeding or smoking marijuana, while there's perhaps some potential harm, there's no direct harm. With copyright infringement nothing is lost but a potential sale. Sure, if someone copies an album they might not buy it, but then they might not have bought it in the first place. There's no actual loss. However with phishing there is, the person who's identity is stolen is actually hurt, their money is actually taken, their credit is actually damaged, etc.
Very, very different class of crimes, even though the media industry would like to try to make infringement out to be worse then theft.
I, for one, welcome our long-armed, chair-throwing, UI licensing overlords.
The problem is, when you are forced settle out of court, you AREN'T tried by the law.
...is when I blocked a range of IP addresses in Shanghai, my phishing attacks dropped dramatically. Unless MSFT can set up an enforcement shop in China, which would be a pay-per-view event all on its own, then the worst of the lot is going to keep operating.
Whatever else MSFT can do to help phishing and spam...more power to them. Seems like a largely token effort. A PR project more than any real attempt at policing the internet.
If I was going to fight Redmond on anything it would be their crapass EULA's which make me glad I have only a minimal amount of their product on my network.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
"... but teenagers settling out of court? That reeks of RIAA/MPAA tactics to me."
Why? What would you do if you found a teenage phisher? Just say "oh, it's a bad thing to try to con people out of their life savings but... it's a kid... Let's just tell him "no, no, no" and let it go at that... I hope he hasn't ruined too many lives..."
Give me a break! Not only does this NOT "reek" or RIAA/MPAA there isn't even a scent. Being a teenager isn't a get out of jail/juvi free card! Their still are consequences for actions.
The race isn't always to the swift... but that's the way to bet!
"(2) people really, really loathe Microsoft, and don't want to see them win... "
the only people who loathe* microsoft are here.
*we don't feel half-way, we either like you or we hate you.
"Copyright infringement is a crime along the lines of speeding or smoking marijuana, while there's perhaps some potential harm, there's no direct harm."
Like loss of trust, or some deciding not to pursue a particular career because of piracy. One of the things I've always found true about humans is that they're poor at discerning the consequences of their actions, be they short-term or long. Saying there's no harm is like asking a smoker if cigarettes are bad for them.
"Very, very different class of crimes, even though the media industry would like to try to make infringement out to be worse then theft."
I keep tell you all this and consistently you all ignore it. Piracy happens to more than just those entities you hate. It happens to the small guy as well as the big, and the main difference is that the small guy is hurt more than any media company who can afford to pursue legal action against the culperates.
"They are not guilty until a court says so."
I'll remember you said that when slashdot starts posting the phone numbers and addresses of accused spammers.
"Also, Jail is a bad place to put a teenager, and it is counter productive for society."
It just shows the sheltered life you lead. I know of many teenagers that have done very adult crimes. You don't need to be a big man to pull the trigger on a gun.
"And please do not rebut with "so if they killed someone..." argument. We are talking about a non violent crime here. Keep it in proportion."
And young people who torture their pets become...? And those who start small fires become...? Like I said, sheltered existance.
"Finally, most 'evidence' of this nature points to an ip address, not a person. Something that must be dealt with carefully."
Obviously the computer is paying the internet bill.
Yeah, the Internet makes theft easy, so it shouldn't be punishable. And kids shouldn't be held accountable for their actions. Also, let's keep throwing billions of dollars at non-performing schools until the little hooligans inside are "motivated" to actually pay attention or learn something.
What a society we've made for ourselves.
Hard to believe some people think this is a bad idea. What are you smoking?
How many phishers and spammers has St. Linus Torvalds shut down?
I'm guessing... zero.
So in other words they're being good corporate citizens, and fitting into society. Guess you want them to get out of the business so you can rush right in with your checkbook and take over? BTW they're not being vigilantes because they're working within the law, which is more than be said for some members of this forum who violate the law and justifiy it any chance they get on a regular basis.