Hackers vs. Phishers

An anonymous reader writes "Some hackers out there don't like to do all the hard work of running a successful phishing campaign. Instead, they developed a simple online service to 'steal' account details from the hard-working phishers. Named AutoWhaler, the service allows anyone to scan a phishing server for log files that contain juicy information such as usernames and passwords."

Hacker culture

That's the hacker culture allright. Use inventivity rather than "hard work" to get your result with the least possible effort :)

Re:Hacker culture

[commodore64_love]

Yes. If you're going to steal, then steal from a known thief, because he's unlikely to go to the cops and report you.

Same applies to shopping on ebay

Re:Hacker culture

[Impy+the+Impiuos+Imp]

The whole concept reminds me of arguments about scanned pictures, where one guy who scanned a copyrighted image and put it on the Internet gets all pissed off that some other guy uses it on his site. "You're ripping off all the work I did!"

Re:Hacker culture

[Tirith45]

Not all hackers aspire to be phishers, or vice versa or even remotely close. I am a hacker, I don't do it to steal passwords and or valuables, I do it to get into places I shouldn't, expose the holes, confront the company explaining how I did it, and why I did it. Then leave out... minor... details so they have to ask more and then they pick me up on a contract. It's not "wrong" because I'm not making the holes, I am just finding them.

Re:Hacker culture

[vuffi_raa]

The whole concept reminds me of arguments about scanned pictures, where one guy who scanned a copyrighted image and put it on the Internet gets all pissed off that some other guy uses it on his site. "You're ripping off all the work I did!"
no, really- I wrote this.

Parasites are everywhere, for natural reasons

[MathiasRav]

In other news, some Slashdot users don't like to do all the hard work of writing inspiring posts to build karma. Instead, they developed a simple online service to 'steal' karma from the hardworking posters. The service allows anyone to scan Slashdot articles for underrated comments and automatically post replies urging moderators to "mod parent up".

Re:Parasites are everywhere, for natural reasons

[Entropy98]

In other news, some Slashdot users don't like to do all the hard work of writing inspiring posts to build karma. Instead, they developed a simple online service to 'steal' karma from the hardworking posters. The service allows anyone to scan Slashdot articles for underrated comments and automatically post replies urging moderators to "mod parent up".

Actually I've found that "mod parent up" posts are quite likely to get you modded down.

Replying to let someone know how they're wrong, now that's how you get easy karma!

Re:Parasites are everywhere, for natural reasons

No it's not.

Re:Parasites are everywhere, for natural reasons

[smitty777]

That is the most asinine, idiotic comment I have ever read. If your intellect was 1/8th of mine, you would simply burn your keyboard and never show your face on /. again. I shall now go back to reveling in my own smugness - the rest of you may continue the conversation.

*...I hope the mods have a sense of humor this morning*

Re:Parasites are everywhere, for natural reasons

Indeed...

http://www.google.com/hostednews/ap/article/ALeqM5joOOsTVD57lFwm_InpZY_nRbg4KQD9CDRVOO0

http://www.nypost.com/p/news/international/warm_and_fuzzy_facts_RD1aMFGyyvy19b0ZTHaGwO

Re:Parasites are everywhere, for natural reasons

[Cwix]

(Score:1, Flamebait) Guess not, that sucks.. its my experience they NEVER have a sense of humor in the morning *prepares for his down modding*

Re:Parasites are everywhere, for natural reasons

[smitty777]

Geez - they probably didn't even read the whole thing. I think you're right. Next time, I'll send a cup of coffee with my ironically phrased posts.

Re:Parasites are everywhere, for natural reasons

[commodore64_love]

STATUS
SYMBOLS=62
SPEED=30
PROGRAM
1 PRINT "NO IT'S NOT."
2 GOTO 1

http://upload.wikimedia.org/wikipedia/en/b/bd/Basicprogramming.png

Re:Parasites are everywhere, for natural reasons

Sheesh - talk about a self fulfilling prophecy. Humor on /. is always a risky proposition. Best to just look straight ahead, not make any eye contact with anyone, and just say "MS sucks" if anyone approaches you.

Now, that I'm safely tucked into the impervious shield of AC, I can safely navigate this minefield of a thread.

Re:Parasites are everywhere, for natural reasons

[Stregano]

Lol, at least your comments are looked at. I posted 1 dumb comment awhile back that was tagged as flamebait, and it seems that since then, I get no love, which is disappointing. I do not understand the system, especially when people make posts that just say mod parent up and get tagged 5 for funny. Oh well. I am not complaining, just stating that some of us try to actively post and still have bad karma from way too long ago, hehehe

Re:Parasites are everywhere, for natural reasons

[DemonBeaver]

Mod... parent... up!!!

Re:Parasites are everywhere, for natural reasons

[Stregano]

Exactly. Really, I gave up on ever trying to even get a score. I am trying to just post to post and try to provide feedback or a funny comment. Honestly, as long as somebody is reading the random stuff I put up, than I am at least satisfied.

Re:Parasites are everywhere, for natural reasons

I can only offer a couple of suggestions that seemed to have worked for me, if you're really interested in boosting your k-score. 1) Keep in mind that +Funny doesn't get you Karma points, and you are very likely to get mis-read (see thread to parent above for a good example). 2) RTFA - many don't and comment anyway, so you look informed if you do. Finally 3) read the FAQ - some good suggestions on there as well.

Re:Parasites are everywhere, for natural reasons

[Zibben]

I got bored at Exac..OOO Shiny!!!! =) Oddly enough the first post I ever made on here was modded Funny yet I have Bad Karma from it.

Re:Parasites are everywhere, for natural reasons

[MathiasRav]

it seems that since then, I get no love, which is disappointing.

In my experience you have to be out early to have your post modded at all - most mods (afaik) simply don't look beyond the first 50, 100 or 150 posts in a discussion, and some articles easily have 400 comments by the first 6-12 hours.

Posts that could potentially be Score:5, Whatever are simply left at the initial 0, 1 or 2 (depending on karma) since the mod points were all spent before your post could make it to the counter.

I was lucky this time to even get a thread ancestor modded up, but that's all thanks to me posting as soon as the summary came up. And then I got Funny which, as an Anon also pointed out, doesn't award Karma bonus... Oh, the Interesting/Insightful mods are few and far between.

Well, obviously

[Anonymusing]

FBI: Why do you rob banks?
Willie Sutton: Because that's where the money is.

Re:Well, obviously

[commodore64_love]

Reporter: Why are you a bank?
AIG: Because that lets us rob the U.S. Treasury

Re:Well, obviously

[228e2]

very well done sir.

Re:Well, obviously

[elrous0]

Why are you as government?
Because that let's us rob *everyone*.

Re:Well, obviously

[Thinboy00]

Reporter:Why are you a government?
Government:Because that lets us rob *everyone*.

FTFY. WTF is it with apostrophe's these day's?

Not surprised

[zmaragdus]

Criminals stealing from criminals? Doesn't surprise me. It happens all the time in the physical world.

(Before the deluge of malice-laden replies regarding "how I make all hackers out to be villians," yes, I know the difference between white hat and black hat.)

Re:Not surprised

[nahdude812]

A big part of why it's so alluring is that when you steal from a thief, not only is the grunt work already done, the chain of evidence gets disrupted. Leads past that point are likely to be interpreted as an attempt at misdirection (particularly in the case where information theft does not destroy the original information - the original phisher looks like the end of the line). Plus nobody is going to call the police that illegal information was stolen, doing so requires them to first admit their own crime, or at least put themselves at very high jeopardy of discovery.

So if you can crack a phisher, you're far less likely to face real world retribution (though maybe they'll work on cracking you back).

This makes phishers a much juicier, safer target, though presumably they're quite a lot more savvy than the average user, so pulling it off is likely harder.

Re:Not surprised

Criminals stealing from criminals? Doesn't surprise me. It happens all the time in the physical world.

(Before the deluge of malice-laden replies regarding "how I make all hackers out to be villians," yes, I know the difference between white hat and black hat.)

All in the game, yo, all in the game.

Re:Not surprised

Don't worry, this criminal log result for free.... so criminal steal criminals who steal criminals.... Everyone is happy !

Re:Not surprised

[jimbolauski]

You've never seen cops before, they could do whole episodes where all the do is arrest people that call the police after a prostitute/drug dealer takes their money.

Re:Not surprised

[Deanalator]

No, phish kits are pretty simple, and can be bought pretty cheaply. This isn't really about "hacking" anyone, it's more about knowing the most common places that phish kits keep their passwords.txt or whatever. AutoWhaler is like nikto for phishing websites :-)

Seriously though, I doubt it will get much use beyond academic, since I doubt there are many hackers out there that want to share their findings with whoever it is that runs that site.

Re:Not surprised

[Coder4Life]

...Leads past that point are likely to be interpreted as an attempt at misdirection...

Maybe. But did you ever stop and think that maybe the said hacker is actively giving the phisher another avenue of misdirection?

If the phisher becomes aware that he is actively being probed for information, what's stopping him from reversing the hack to get the hacker busted (perhaps anonymously) to create a diversion? Not saying it happenes everyday or that phishers are usually that smart, but it's definately plausible

Re:Not surprised

[Spykk]

What is being stolen from the phishers is stolen account information. The only way to make money with that is to use it to steal from the phisher's innocent victims. There is nothing white hat about this.

Re:Not surprised

[hesaigo999ca]

Yes and no, for physical evidence you are right, however for virtual evidence, you would have to store the IP of the person you stole from and then copy it in (as well as mac address cloning) and use tor to then be able to look like the original thief to use the info you stole, else the track begins a subset of parallel evidence which can all be lead back to you.

You have to know how to store the logd to know how to delete them, then also know how to delete the backups for those logs, then on top of that you might want to add extra fake log stuff for them to sift through and lead them off your tail a little, all this is work f a very seasoned pro, none of which would even need to steal someone else's info as they probably would have already had it on their own.

Those that steal these are too lazy to cover their tracks as they are too lazy to wipe the logs of their trail, and will eventually get caught.

ps- Also, a lot of the feds now are setting up remote backup servers of compromised servers to log all attempts to clone info on known thieves, so the fact that you logged on to the server that contained that info on purpose to draw you out, has now caught a red flag and was being monitored from that very moment, where as the original thieves normally get their fresh info directly from the source which is a compromised computer at someone's home, normally without logging and also usually without anyone noticing right away their info was stolen.

Re:Not surprised

[zmaragdus]

There is nothing white hat about this.

Just a little clarification:

My original point with the "black hat/white hat" thing was to forestall people who would take my "criminals stealing from criminals" to mean "all hackers are criminals" (which is not what it meant). Some hackers are criminals, others not. That's all I was trying to convey.

People of ill repute diong thingfs of ill repute

[asdf7890]

People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?

This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.

Wait a second, here.

[Runefox]

Hard-working phishers? What? Did we cross over into the Twilight Zone, here?

Re:Wait a second, here.

[j1r3]

Nope, more like the Scary Door.

Re:Wait a second, here.

[IBBoard]

Yeah, what's hard about cloning a site (not always that well), hiring a botnet and spamming the whole world (again, not always that convincingly and not always to the relevant people) before sitting and waiting for the account details to roll in?

Next thing you know there'll be an article about how migrants are stealing jobs from these poor, hard-working phishers!

Re:Wait a second, here.

[Entropy98]

Yeah, what's hard about cloning a site (not always that well), hiring a botnet and spamming the whole world

Probably hiring a botnet.

Re:Wait a second, here.

[IBBoard]

I dunno. BBC Click managed to do it seemingly quite easily (thereby giving some of the BBC license fee to criminals), and broadcast it on TV, and subsequently modify people's computers (they changed the desktop to one of their own messages), and still they didn't get charged over it. If you can be that blatant and make it appear that easy then I can't imagine the phishers will have much trouble with it.

Re:Wait a second, here.

[spitzak]

That link goes to the main page, do you have the link to the article?

Re:Wait a second, here.

[IBBoard]

I watched it on TV, so I never read an article. Looks like Google has loads about it, though.

Re:Wait a second, here.

[spitzak]

2nd google link gets it:

http://news.bbc.co.uk/2/hi/programmes/click_online/7932816.stm

Excellent work by the BBC! Damn I am impressed that they did this.

Thieves stealing from thieves.

[captainpanic]

Suddenly sounds like they are all bankers to me.

Re:Thieves stealing from thieves.

[zmaragdus]

Suddenly sounds like they are all bankers to me.

Maybe lawyers, too, twisting the truth back & forth

Re:Thieves stealing from thieves.

[baKanale]

Speaking of which, I'll bet the phishers aren't doing so well in this economy. Sounds like somebody needs a bailout!

Re:Thieves stealing from thieves.

[Yvanhoe]

At least the meta-thief doesn't try to convince the thief he has made a good deal.

Hackers and phishers

[schmidt349]

Great fleas have little fleas upon their backs to bite 'em,
And little fleas have lesser fleas, and so ad infinitum.
And the great fleas themselves, in turn, have greater fleas to go on;
While these again have greater still, and greater still, and so on.

Re:Hackers and phishers

[soccerisgod]

If that's what they tought you in biology, I don't want to know what they tought you in sex-ed...

Re:Hackers and phishers

[Stregano]

I have no clue what you are talking about, but there are pills and ointments you can use if you are dealing with that many fleas

Re:Hackers and phishers

A turtle looks pretty close to a really big flea.

It's fleas all the way up, but it's turtles all the way down.

Re:Hackers and phishers

If they taught you in English that taught was spell "tought"... actually, screw it. The education system is fscked, apparently.

Re:Hackers and phishers

[natehoy]

And on that flea there was a rash a rare rash, a rattlin' rash. The rash on the flea and the flea on the wing and the wing on the bird and the bird in the egg and the egg in the bird and the bird in the nest and the nest on the leaf and the leaf on the twig and the twig on the branch and the branch on the trunk and the trunk on the tree and the tree in the bog and the bog down in the valley-o.

Re:Hackers and phishers

[natehoy]

Until, of course, we get to The Great A'Tuin.

Re:Hackers and phishers

This is similar to one of my favorite fluid dynamics poems:

Big whorls have little whorls,
Which feed on their velocity;
And little whorls have lesser whorls,
And so on to viscosity

-Lewis Fry Richardson, 1922

Re:Hackers and phishers

[ozbird]

I tought so too.

Re:Hackers and phishers

If that's what they tought you in biology, I don't want to know what they tought you in sex-ed...

If that's what you learned in English...

Re:Hackers and phishers

It's vaginas all the way down

Yup...

[Savage-Rabbit]

There is always a bigger fish.
  -- Qui-Gon Jinn

Re:Yup...

There is always a bigger phish.

  -- Qui-Gon Jinn

There, fixed that for you

I can see the poll now...

[philipmather]

In a web 3.0 show-down who would win?

1) Hackers.
2) Pirates.
3) Phishers.
4) Ninjas.
5) The Man.
5) Cowboy Neal.

Missing option being a tag-team of Chuck Norris and Angelina Jolie.

Re:I can see the poll now...

5) The Man.
5) Cowboy Neal.

I knew it! Cowboy Neal and The Man have the same number so they must be the same person.

Cowboy Neal is The Man!

Re:I can see the poll now...

[philipmather]

Perhaps I should have put that as...

1984) The Man.

"I am not a number! I am The Man, the Cowboy Neal Man."

The hunter becomes the hunted

[dingen]

I've always wanted to say this.

Re:The hunter becomes the hunted

[Publikwerks]

If we can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate

Re:The hunter becomes the hunted

If we can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate

Best Futurama quote ever.

Dag-nabbit!

[jellomizer]

These young hackers causing all this hutinanity and without any real work.

Back in my days youngans, Hacking or cracking as it was sometimes called, while still illegal was something to be respected, you had to know what you were doing to break into a system and the harder the break-in the more respect you got... Now todays you kids got all comerical and you can break into computers without having the break into them. You just ask someone for the passwords and they give them to you... Dag-nabbit that is not hacking that sounds like politicians to me.

Re:Dag-nabbit!

[Chrisq]

Well, back in my day we had to do real work. There were no computers to help like you namby pamby phishers have to day. It was get up at 5am, check out the garbage of the local banks, then spend 8 hours hand typing investment certificates and forging cheque books. What is the criminal underworld coming to?

Re:Dag-nabbit!

Most of the cool hacker stories I've heard/read involved a lot of social-engineering. Phising could be considered a form of social-engineering, couldn't it?

Re:Dag-nabbit!

...while still illegal was something to be respected, you had to know what you were doing... sounds like politicians to me.

Doesn't sound to me like anything has changed.

Re:Dag-nabbit!

[Xacid]

Two words "Process Improvement".

Re:Dag-nabbit!

Let's hope they take it all the way to CMMI Level 5. Then we won't have to worry any more - they'll be too busy working on their process documents to steal.

Anon because I work at a CMMI-5 company...

Re:Dag-nabbit!

[spyrochaete]

Hacking is about finding the most efficient route to the juiciest payload without ruffling feathers unduly. Here's a fun article that I think illustrates this concept really well.

Re:Dag-nabbit!

[Xacid]

Ughhh, we have some CMMI guys and they're on a totally different planet so I can totally see what you're saying. The Six Sigma Black Belts are just as good too.

Re:Dag-nabbit!

[natehoy]

When *I* was a kid, we had to walk to the banks. Uphill. Both ways. In the snow.

Re:Dag-nabbit!

[StikyPad]

Did you mean hootenanny ?

Re:Dag-nabbit!

[Sulphur]

I will believe it when I see an Escher print of it.

Re:Dag-nabbit!

[Ozlanthos]

Improving the process of creating inefficiencies.....somehow that seems kind of backwards to me.

-Oz

"mod parent up"

[Chrisq]

"mod parent up" This comment was generated by HackBot 01928

Re:"mod parent up"

[commodore64_love]

"mod parent down" - This comment generated by AntispamWikibot. If you feel this was an error, report your complaint to Abusebot.

Aside -

I always find it amusing when I see wikipedia bots caught in a revert war with one another. Who watches the watchers? Apparently nobody.

Re:"mod parent up"

FAIL

The quote is "Who watches the Watchmen?"

Please fold down the right corner of your geek card

Re:"mod parent up"

Who Watches The Watchers.
Geeky enough for you?

Re:"mod parent up"

Quis custodiet ipsos custodes
You'll get there someday.

Re:"mod parent up"

[AvalancheBurn]

Hey you stole my HackBot! This post created by AutoCorrectBot 0039.

Re:"mod parent up"

[commodore64_love]

Anonymous shit wrote:

FAIL. The quote is "Who watches the Watchmen?" Please fold down the right corner of your geek card

Wrong. The actual phrase is "Quis custodiet ipsos custodes?" which if translated literally means: "Who custodies the custodians?" - Unfortunately custodie is only valid in Old and Middle English, so in modern English we are forced to replace it with alternate words like watches or guards or polices. And then for the sake of alliteration, we replace custodians as well:

Who [watches] the [watchers]?
Who [guards] the [guardians]?
Who [polices] the [police]?

All are valid translations of the original Latin.

Hard work?

[Xacid]

"Some hackers out there don't like to do all the hard work of running..." Nuff said.

Re:People of ill repute diong thingfs of ill reput

[Grygus]

People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?

This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.

I think the subtext here is that hackers aren't necessarily bad guys and so it's more like repo men stealing from car thieves, still not completely shocking but somewhat more interesting.

i tried it out and...

...all it does is to try access a number of pre-defined files from the root directory of the probed host: passwords.txt, logs.txt, l0gz.txt, accounts.txt etc. -- talk about sophisticated hacker tool! massive all phreaker big-up! what a joke...

the tool also "epically fails" if you supply a host that is not encapsuled in http:// ... /

Evolution?

[rrohbeck]

Is it just me or is there more and more biology-like complexity evolving?

Parasites have parasites

"Great fleas have little fleas upon their backs to bite 'em,
And little fleas have lesser fleas, and so ad infinitum.
And the great fleas themselves, in turn, have greater fleas to go on,
While these again have greater still, and greater still, and so on."

Into the Octogon with them

Hackers vs. Phishers.

Two go in. One comes out.

I think this is a grave offence.

[gadget+junkie]

I am not a lawyer (and I use Acronyms sparingly), but stealing accounts from other phishers may be a DMCA violation!!!

misuse of the term 'hacker'

[fishtorte]

from the jargon file:

hacker: n.

        [originally, someone who makes furniture with an axe]

        1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.

        2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.

        3. A person capable of appreciating hack value.

        4. A person who is good at programming quickly.

        5. An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)

        6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

        7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

        8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.

        The term ‘hacker’ also tends to connote membership in the global community defined by the net (see the network. For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic (see hacker ethic).

        It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled bogus). See also geek, wannabee.

        This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.

Note that the perjorative use has been deprecated.

Re:misuse of the term 'hacker'

Sigh... I thought, for once, I might read a story about computer crime on slashdot with out having to see some one pull out this old saw. Language changes... Get over it.

Re:misuse of the term 'hacker'

[fishtorte]

"This old saw?" That predates the Jargon File!

Re:misuse of the term 'hacker'

Exactly... ;)

Re:misuse of the term 'hacker'

[MarkvW]

Hacking started out as a slang term that means one cluster of things. The meaning has since evolved.

Now we've got people citing dictionary meanings of the term.

The drive to classify--and to impose your classification upon others--must be a human biological imperative.

Re:misuse of the term 'hacker'

[bmearns]

Actually, Real Hackers use punctuation.

Re:misuse of the term 'hacker'

[nacturation]

Note that the perjorative use has been deprecated.

Note that the act of deprecating definitions you do not like has been deprecated.

Re:misuse of the term 'hacker'

[Princeofcups]

Note that the perjorative use has been deprecated.

And the jargon file represents, what, less than 5% of the English speaking world? The rest use the word hacker. Sorry, the battle is already lost.

Re:misuse of the term 'hacker'

Thank you for that correction.

I would think that out of all the sites I read, Slashdot would be the one to get the real meaning of hacking right. Obviously this isn't correct.

What the hell is the world coming to if one of the leading tech blogs turns on its (i suppose formerly) biggest fans and readers?

Re:misuse of the term 'hacker'

Note that the perjorative use has been deprecated.
Deprecated by who? A fat pimply webmaster from London?

I wonder how many black hat hackers refer to themselves as black hat hackers? How many are referred to by their peers as black hat hackers?

More likely the only people who refer to them as such are highly affected fanboys.

Ultimately they all hold a mouse in one hand while "making love".

Re:misuse of the term 'hacker'

Note that the perjorative use has been deprecated.

Note, also, that the correct spelling is 'pejorative.'

Re:misuse of the term 'hacker'

[kylebarbour]

Unfortunately, the people who need to know this don't read the Jargon File.

Re:misuse of the term 'hacker'

[Thinboy00]

from the jargon file:

[long definition]

Note that the perjorative use has been deprecated.

I thought dictionaries were supposed to be descriptive, not prescriptive.

Re:misuse of the term 'hacker'

Note that the perjorative use has been deprecated.

LOL. "Deprecated" by whom? ESR and his tiny coterie of basement-virgin sycophants maybe, but the other 99.99% of the English-speaking world still uses the word "perjoratively."

As an aside, do any "real hackers" give a shit how the word is used? It seems like the people making the most noise are wannabes who think they're rocket scientists for mastering some web tutorial on php. Just a thought.

The Phish, from Vermont?

[Slash.Poop]

The Phish, from Vermont...are the poo poo.

To Those Hard Working Phishers....

... that had the same password as their account names on various servers over the years:

Thank you for the laughs.

And no, I don't have your phished data. I didn't want it. I'm the guy who recursively deleted all of it. As much as I could find.

I love seeing that little tilde in the target address I'm supposed to click in your spam.

Weekend phishing

[mancunian_nick]

The only time I was really interested in phishing was when I was a young teenager - more years ago than I sometimes care to remember. I used to love going to the end of Eastbourne pier but despite a lot of effort and determination, all I ever seemed to 'catch' were crabs and the occasional tiddler. These days I don't bother - older and the fact I'm not near the coast probably contribute to that. Oh well, c'est la vie.

Re:I Had to comment this has bothered me

Sometimes I convince myself that this person's wall of text/stream of conciseness will say something insightful or meaningful, and I should read it.

So I read it.
- Learn to proof read
- Learn to focus on a single topic
- Please do not have any more children

I'm sad that someone choose to marry you, and I really doubt that anyone cares about your mommy/daddy issues.

Re:I Had to comment this has bothered me

please take your antipsycotic meds

Re:I Had to comment this has bothered me

[Xserv]

"...I'm sad that someone choose to marry you..."

While I don't wholeheartedly disagree with your summation of the aforementioned post, when posting a flame, at least take your own advice -- namely your first point.

Re:I Had to comment this has bothered me

Since you kept repeating this incorrectly for 50 times, i had to correct you.

The correct definition of "hacking" a device or application is,
making the device or application function in a way that was not intended by the original author.

The definition brought forward by the media only focuses on hacking remote devices for malicious purposes.

Keep It Simple Son

The correct definition of "hacking" a device or application is,
making the device or application function in a way which was not intended by the original author.

The definition brought forward by the media only focuses on hacking remote devices for malicious purposes.

Re:Inventivity?

It is perfectly cromulant to embiggen ones vocabulary.

Re:I Had to comment this has bothered me

[ChienAndalu]

Is this a Markov chain text generator or something?

HERESY!

[Thud457]

As the little old lady tought Betrand Russel, it's turtles all the way down !!!

Re:I Had to comment this has bothered me

I prescribe some Zyprexa twice daily

Sex ed

[nacturation]

Adults chat in the online world,
  decide to meet for coffee.
To great effect she did a-twirl,
  sparks fly that scare Khadafi.
Until one day she chatted coy,
  paid nary a thought to time.
Turns out it was a 12 year old,
  they charged her with a crime.

In the olden days...

[Lead+Butthead]

This would've been considered as an act of war, and the next thing you know people in the streets are cutting each others in half with tommy guns.

Close the loop

[SnarfQuest]

If you can get the phishers to concentrate on the hackers, while the hackers are concentrating on the phishers, maybe they will leave the rest of us alone.

Re:I Had to comment this has bothered me

as I said before take your meds

Hacker

That's the real hacker -> http://catb.org/~esr/faqs/hacker-howto.html

Using it for good?

[MattBD]

I would be tempted to use this for honourable reasons (ie wait for phishers to email me, then get the details off their site and let someone know that these account details had been stolen) but I'm not sure how. I strongly suspect actually posting them on a website would likely get you in trouble with the authorities, and I'm not sure how effective emailing either the bank(s) or websites in question, or the people whose details were stolen, would be.

Low-quality phishing software

[Animats]

I've seen that, too. Recently, Stanford University came up on our short list of major sites being exploited by phishers. I was surprised, because Stanford is usually good about stopping that. It was a weird subdomain under "stanford.edu", and at first I thought someone had compromised Stanford's DNS to get their site under the "stanford.edu" domain. But no, it was just some minor machine that had had a break-in.

The directory with the phishing page was readable as a web page and contained the log of captured passwords, so I sent those to Stanford security and Bank of America security. Haven't heard back from either. After the end of the weekend, the site was taken down, and that took Stanford off the blacklist.

We've been reasonably successful at cleaning up that list. We're trying to popularize the idea that one verified phishing URL blacklists the whole domain until the problem is fixed. (The idea behind SiteTruth is to take a hard-line approach and measure the collateral damage so it can be minimized.) The oldest sites on that list are ones which won't respond to complaints by e-mail or phone. In some cases we've sent faxes.

The worst offenders are Piczo and FortuneCity. Piczo is some kind of social network/hosting service for teenage girls, and it's full of phishing pages, mostly for Habbo logins. PhishTank counts 15, and there are probably more. The phony pages are often not in English, and the Piczo abuse department may not recognize a French Habbo phishing page. This may be the next trend in phishing - put your page on a site run by someone unlikely to understand the page. I've seen a phishing page in Greek on an Indian site.

It's getting harder to run a phishing site. Since the end of "domain tasting", the business of high-volume bogus domain registration has tapered off. We haven't seen an "open redirector" on a major site in a while; eBay, Yahoo, and Microsoft Live all used to have at least one. The "url shorteners" are getting very aggressive about killing links to phishing sites. This might be winnable.

Clever!

Now, if the hackers were *really* smart, they'd download the data files, and replace them with randomly-generated but plausible data, thus ensuring that the phishers would not get the stolen card details stomped on by Visa, MC, et al. too soon for the hackers to use them.

Luxury!

[John+Guilt]

Back in our day, we had to move the electrons around with tweezers.

Autowhaler = crowd sourcing?

[peterthomas2009]

Since the tool is not run locally you can only assume that all the submitted url's are going into someone's database.

That someone is going to collect a lot of hacked accounts very quickly.

Hackers vs Phishers vs Hosted Hacked account collection Service?

Phisers strikes at the hackers and their kiddies

[bjoeg]

Yesterday the Auto Whaler was something I would thumb up for. Now when I finally got my chance to abuse it, it somewhat became old news too quick.

During my sleep I finally received some phising mails to test with the Auto Whaler.

First one gave no hits Second one gave green lines all over. Trying to open one of the text files I was just redirected to a sub page on the site where all the red lights starts flashing. Tons of malware trying to be installed.

So do not let the phishers fool you, they too know about Whales.