Slashdot Mirror
The Long Arm of Microsoft
eldavojohn writes "Software giant Microsoft is helping the law track down and find phishers and political borders are no boundary for them. From the article, 'One court case in Turkey has already led to a 2.5-year prison sentence for a so-called "phisher" in Turkey, and another four cases against teenagers have been settled out of court, Microsoft said on Wednesday, eight months after it announced the launch of a Global Phishing Enforcement Initiative in March.' This initiative started back in March and has resulted in 129 lawsuits in Europe & the Middle East. Perhaps their legions of lawyers will come to some use for the rest of us but teenagers settling out of court? That reeks of RIAA/MPAA tactics to me."
I'm really personally torn on this. I mean, on one hand, I hate spam and I hate all kinds of computer related scams. I feel that a lot of good ideas (like e-mail) risk death at the hands of these attacks. That said, I welcome all efforts to take care of this.
... that Microsoft offers out of court settlements from these individuals & personally profits from them. I would assume that amount is trivial to Microsoft & I would want Microsoft to punish these people to the extent of the law where they live. It would also be nice to see Microsoft turn around and donate any money earned towards anti-phishing and anti-spam initiatives.
However, I would be a lot happier if the law took care of this. You know, if Microsoft would give every police district across the world free software, tools and maybe even hardware to catch these guys, that would be the safest route--leave it to the law to take care of these matters. But what I fear is that local police just don't have the time and resources to track these guys down. And, on top of that, law enforcement here in the states might find an illegal or rogue server in another country and have no way within their jurisdiction to follow the case across the boarders. That and in some locations, cops are crooked or they don't see the problem of phishing to have any tangible victims.
So while there's a lot of good reasons for Microsoft to do this, I still feel a tiny bit afraid that an already very powerful company is becoming a lot more powerful by gaining international recognition as a crime buster.
So, if you'll entertain me and let my tin-foil hat imagination run wild for a second, say that BitTorrent becomes illegal to use under some country X's laws. Now, I live in country Y (across the world) and I use BitTorrent to retrieve Linux DVD distro images. Microsoft somehow monitors this through my operating system and brings a trial against me in country X. I don't even live there but now I have to go there and defend a lawsuit in that country? That would be a horrible outcome.
Another fear of mine has already occurred
In the end, I really don't think this is the answer to the problem of spam & phishing. I submitted this story in hopes that there'd be some good debate about where the responsibilities of stopping phishing attacks should lie.
My work here is dung.
I'm GLAD Microsoft is going after phishers. What these people are doing is fraud. This is nothing at all like the MPAA/RIAA using extortionary tactics to go after low level copyright infringement.
What kind of boarders are they getting across? Surf-boarders? Skate-boarders? What have they done to deserve being squashed by Micros~1?
Oolite: Elite-like game. For Mac, Linux and Windows
political boarders - hate those, damn imperialists and trotskyites are the worst, they never pay their rent on time.
The o is not even close to the a on the keyboard, have to wonder...
When Microsoft has made itself "indispensible" to the world's (mostly underfunded) police the way it's made itself "indispensible" to the world's businesses, Microsoft will have more power to get the world's police "see things it's way". That means prioritizing, say, software piracy over, say, security holes. The cops in the street won't have much to say about the priorities, but their bosses at the top of their national law enforcement will "rebalance" their priorities to accommodate Microsoft's roles in their budgets and operations.
It's like bottom-up lobbying. Where our rights meet the people who protect them. Brought to you by Microsoft.
--
make install -not war
Most of the cases were Microsoft simply providing evidence to local authorities, who themselves prosecute the scumbags. In the small number of cases where Microsoft is directly taking action (on behalf of little-guy victims everywhere), I'm actually surprised it isn't Citibank and other colossals pummeling these dirtbags into the ground.
Comparing this to the RIAA cases? Give me a break. That's like comparing a rapist with someone taking a second glance at someone they find attractive.
teenagers settling out of court? That reeks of RIAA/MPAA tactics to me.
No, it only shows that teenagers do all sorts of things online, including copyright infringement and phishing. Or are you saying that teenagers shouldn't be tried under the laws of the country?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
While criminal complaints are aimed at what Microsoft believes to be real criminals, the civil lawsuits are aimed mainly at young people without criminal intent. For them, settlements of 1,000 to 2,000 euros ($1,290-$2,570) are deemed to be enough of a deterrent, Microsoft said.
Those are much smaller settlements than the RIAA is asking for, and I dare say that they either don't cover, or barely cover the legal fees that Microsoft incurs from these actions.
This doesn't look at all like the kind of profit-making enterprise the RIAA is engaging in. Rather, it looks like MS is trying to deter criminals and criminals-in-training from ripping people off.
Of course, they are doing it for their own business reasons. It makes them look bad when people get scammed because of security vulnerabilities in IE. But I don't see how you can draw an evil motivation out of it.
The statement that people are reacting to is "... the civil lawsuits are aimed mainly at young people without criminal intent." But you have to ask yourself, who's the author, what their bias, andy how did they decide that these young people DON'T have criminal intent. I didn't read anything to substantiate the author's statement.
Finally, WGA put to good use. Remember, WGA will not collect any personal information....
Perhaps you meant political borders. :-)
No, that would be the president...
Show this to your friends and family that don't know what a real hacker is
However, I would be a lot happier if the law took care of this. You know, if Microsoft would give every police district across the world free software, tools and maybe even hardware to catch these guys, that would be the safest route--leave it to the law to take care of these matters.
The issue at hand is identity theft, the police won't prosecute for crimes like this any more than if someone searched through your garbage looking for personal information. The victim has to bring the case himself.
I have absolutely zero problem with Microsoft filing suit against those phishers.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I forwarded a couple of "You have won the Microsoft Lottery" 419 scams to their abuse address but they don't appear to be interested.
I get a reply that I should contact the local police. As if I would be interested to waste my time.
It is *their* name that gets abused, and I help them by forwarding scam mails they can use as evidence, but that is all the effort I am going to make.
Those poor phishers, having to send emails to defraud people of their hard-earned money, then having their livelihood ripped from beneath them by a software behemoth.
DAMN YOU MICROSOFT, I LOOK FORWARD TO "HELLO DEAR SIR" AND "UK LOTTERY INVESTIGATION" EMAILS, THEY MAKE ME FEEL IMPORTANT!!
Not to me. Filesharing doesn't impact me personally, nor likely the poor starving recording artists who aren't going to get their money whether or not the RIAA and the record companies actually collect it.
Pishing crimes are far worse on my personal scale of the sewer that the Internet has become, and anything that makes those criminals suffer is a Good Thing.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
That means prioritizing, say, software piracy over, say, security holes.
So, elect local and state officials that will put enough budget behind your law enforcement agencies to make such support irrelevent. I doubt that will have much impact on where most of the phishing originates, though, which is overseas. By the way, if you think for a moment that companies like Motorola or General Motors or Ford or Taser don't have just as much of sell-to, but also be-generous-and-supportive-to relationship with city, county, and state cops, you're really missing the larger picture.
But while GM may sell a lot of Impalas to county PDs, there aren't a lot of people running around saying to themselves, "I don't know - I may not buy a car, especially a Chevy, because I hear that you can get your credit rating wrecked and your bank account emptied if you use one a lot." Microsoft (just like Apple, BTW, though Apple's letting MS do the work, here) has a vested interest in hunting down the people that use popular computer/network-based communications methods to try to rip people off. A clever phishing scheme might just as easily impact that mythological Ubunto-using Grandma or all those Mac-using soccer moms as it would someone checking their G-Mail account from a Windows box. MS, just like all of us, has an interest in shutting these clowns down. But they have the resources to present a solid case to (in the cited example) Turkish police. Not something that your local county PD could possibly put together without a huge boost in funding.
So, vote for people who back more funding. Or, take up any offer by anyone that helps to put the hammer on these jerks. Or, ideally, both. At the state level, it's either higher taxes, or reduced spending in other areas, or outside help. Or some less uncomfortable combination of the three. There's no free lunch, and there's no free international prosecution of Turkish scam artists after your mom's checking account.
Don't disappoint your bird dog. Go to the range.
IF there is something worse than a monopoly then it's a vigilante corporation.
c le/2006/01/28/AR2006012801268_pf.html
... Exxon Mobil, for example, is building hospitals in the developing world. Cargill Corp. is building schools in areas where potential employees lacked basic skills...
So if you think it's bad Microsoft is now policing the net, well did you know that
the _SCUM_ behind your friendly TARGET store may well someday hold a cold barrel
to the back of your neck?
>>> Retailer Target branches out into police work
http://www.washingtonpost.com/wp-dyn/content/arti
"Target is pushing forward a different model of corporate giving,"
In the past few years, the retailer has taken a lead role in teaching government agencies how to fight crime by applying state-of-the-art technology used in its 1,400 stores. Target's effort has touched local, state, federal and international agencies.
Besides running its forensics lab in Minneapolis, Target has helped coordinate national undercover investigations and worked with customs agencies on ways to make sure imported cargo is coming from reputable sources or hasn't been tampered with. It has contributed money for prosecutor positions to combat repeat criminals, provided local police with remote-controlled video surveillance systems, and linked police and business radio systems to beef up neighborhood foot patrols in parts of several major cities. It has given management training to FBI and police leaders, and linked city, county and state databases to keep track of repeat offenders.
.... I have to admit that when it comes to crime, they done a few good things for the universe. The best thing I can think of is besides the topics covered in this article CETS which is a Microsoft designed product to fight child pron/exploitation.
http://www.rcmp-grc.gc.ca/news/2005/n_0510_e.htm
Before we go bashing M$, maybe we should at least give an "attaboy" as they occasionally do good.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
Hi,
Here is the nightmare situation of current phishing all with some https: hosts (rare), decimal IPs, Geocities hosted Yahoo phishing pages which sends mail to Gmail (yes!) etc.
http://www.phishtank.com/
Watch and get amazed everyday, for help, submit or verify the open data.
The situation is already out of hand IMHO.
Scene opens. Zonk is sitting in the super secret Slashdot tower of geekdom, pissed that CmdrTaco made him work the Black Friday shift while CowboyNeal is shopping for new boots and matching chaps.
....
Zonk: okay okay, time to post some slashdot stories. What to do what to do...
Zonk hits a button and instantly hundreds of submissions appear on his 52 inch computer screen
Zonk: Computer, scan for submissions relating to Microsoft or Bill gates. Group by content.
The computer buzzes and whirs for two seconds and the display changes
Computer: Algorythmic analysis shows 13 distinct possible stories. List is as follows:
1) Melinda Gates has alien baby
2) Windows Vista kills small puppies
3) Steve Ballmer makes anti-semetic remarks at PC Expo
4) Bill Gates declares "All your iPod are belong to Zune!" in internal memo.
Zonk: *abruptly cuts of the computer* Run believability algorythm 259. Display only titles a typical slashdot reader might believe as real.
Computer: Two titles remain. List is as follows.
1) Microsoft launches new Anti-linux propoganda
2) Microsoft assists in anti-phishing efforts
Zonk: Hmmmmm, run inflamatory index algorythm 86 on both titles.
Computer: Complete. Report is as follows:
Title group: Microsoft launches new Anti-linux propoganda
Inflamatory index: 23
Stories show high incidence of anti-microsoft sentiment and pro-linux stories. There is a high degree of correlation in past stories, leading to ideas that it's been rehashed too often. This may lead to a high level of "I've seen this damn story before" posts by readers. However, due to the extreme number of this type of post, index is relatively low as topic is had reached the "JonKatz" threshold of repitition, and most readers will probably ignore it.
Would you like me to run an accuracy scan index on the articles to see if this article group may be true?
Zonk: nono I don't care about that, continue with report.
Computer: Continuing with report:
Title group: Microsoft assists in anti-phishing efforts
Inflamatory index: 67
Stories show low incidence of Anti-microsoft sentiment and no pro linux sentiment. Articles appear to case MS in a good light. All factors lead to low inflamatory index except for one. One or more articles express anti-RIAA/MPAA sentiment for no particular reason. Existance of extreme, unwarranted attempt to link article to RIAA/MPAA leads to incredibly high index.
Zonk: hot damn! Scan all submissions and run inflamatory index on each submission. List submission with highest chance of "WTF this is nothing like the RIAA/MPAA."
Computer: Article returned: "The Long Arm of Microsoft."
Zonk: Sweet! Computer post at 11:53 AM with no additions or changes. Open up T1 lines 4 and 7 to accomodate the extra connections and prepare the fire supression systems. That will phish a good number of comments and help us get our hits up for the day.
And that, ladies and gentleman, is how and why slashdot posts articles with stupidity like that RIAA comment
"All great wisdom is contained in .signature files"
Surely the way to deal with phishers is to give them their own TLD. Obviously .con
You'd have to be asleep for the past 10 years to not know that crime is absolutely out of control online, in the forms of phishing, spam, kiddie porn, etc. No law enforcement agency on the planet is able to do anything to stop it: All we get is one high profile case every 6 months or so on the major media in some kind of pathetic attempt to show that the law enforcement agencies are on top of it. I think that in this case, law enforcement needs all the help they can get.
Sure, everybody is still entitled to all of their rights (trial by a jury, etc.), but we desperately need more people and companies helping law enforcement in this area, because law enforcement is doing *nothing* right now to stop all of this shit from happening.
I've seen Midnight Express. I wouldn't wish Turkish prison on anybody... =\
At first, I was reading your explination, and I thought, "Hey, this sounds plausible. This probably is close to correct". Then, I remembered that Slashdot is still running MySQL, and goes down more than a Republican hooker in Washington, DC. So, I think that your premise is plausable, but only if there were some real technical expertise over at the Slashdot offices.
Is that with phishing there is a victim, with copyright infringement there really isn't. Phishing is akin to robbery or assault in terms of crimes. It causes direct harm to a person through the commission of the crime. Copyright infringement is a crime along the lines of speeding or smoking marijuana, while there's perhaps some potential harm, there's no direct harm. With copyright infringement nothing is lost but a potential sale. Sure, if someone copies an album they might not buy it, but then they might not have bought it in the first place. There's no actual loss. However with phishing there is, the person who's identity is stolen is actually hurt, their money is actually taken, their credit is actually damaged, etc.
Very, very different class of crimes, even though the media industry would like to try to make infringement out to be worse then theft.
The problem is, when you are forced settle out of court, you AREN'T tried by the law.
Yes, but how can we be sure a "slap on the wrist" will REALLY get them to stop? Then again, it would be negative press if they ground some teenager into the figurative dirt....
I don't get why posts are limited to 120 characters. Seems unreasonable to me. I mean, just because I like having a real
...is when I blocked a range of IP addresses in Shanghai, my phishing attacks dropped dramatically. Unless MSFT can set up an enforcement shop in China, which would be a pay-per-view event all on its own, then the worst of the lot is going to keep operating.
Whatever else MSFT can do to help phishing and spam...more power to them. Seems like a largely token effort. A PR project more than any real attempt at policing the internet.
If I was going to fight Redmond on anything it would be their crapass EULA's which make me glad I have only a minimal amount of their product on my network.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Hard to believe some people think this is a bad idea. What are you smoking?
a 2000EUR slap on the wrist... "they had fun fun fun, until daddy took the broadband away"