Slashdot Mirror
Hackers vs. Phishers
An anonymous reader writes "Some hackers out there don't like to do all the hard work of running a successful phishing campaign. Instead, they developed a simple online service to 'steal' account details from the hard-working phishers. Named AutoWhaler, the service allows anyone to scan a phishing server for log files that contain juicy information such as usernames and passwords."
That's the hacker culture allright. Use inventivity rather than "hard work" to get your result with the least possible effort :)
In other news, some Slashdot users don't like to do all the hard work of writing inspiring posts to build karma. Instead, they developed a simple online service to 'steal' karma from the hardworking posters. The service allows anyone to scan Slashdot articles for underrated comments and automatically post replies urging moderators to "mod parent up".
FBI: Why do you rob banks?
Willie Sutton: Because that's where the money is.
Liberal? Conservative? Compare perspectives at Left-Right
Criminals stealing from criminals? Doesn't surprise me. It happens all the time in the physical world.
(Before the deluge of malice-laden replies regarding "how I make all hackers out to be villians," yes, I know the difference between white hat and black hat.)
(((dB)))
People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?
This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.
Hard-working phishers? What? Did we cross over into the Twilight Zone, here?
Screw the rules, I have green hair!
Suddenly sounds like they are all bankers to me.
Great fleas have little fleas upon their backs to bite 'em,
And little fleas have lesser fleas, and so ad infinitum.
And the great fleas themselves, in turn, have greater fleas to go on;
While these again have greater still, and greater still, and so on.
There is always a bigger fish.
-- Qui-Gon Jinn
Only to idiots, are orders laws.
-- Henning von Tresckow
In a web 3.0 show-down who would win?
1) Hackers.
2) Pirates.
3) Phishers.
4) Ninjas.
5) The Man.
5) Cowboy Neal.
Missing option being a tag-team of Chuck Norris and Angelina Jolie.
Regards, Phil
I've always wanted to say this.
Pretty good is actually pretty bad.
These young hackers causing all this hutinanity and without any real work.
Back in my days youngans, Hacking or cracking as it was sometimes called, while still illegal was something to be respected, you had to know what you were doing to break into a system and the harder the break-in the more respect you got... Now todays you kids got all comerical and you can break into computers without having the break into them. You just ask someone for the passwords and they give them to you... Dag-nabbit that is not hacking that sounds like politicians to me.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
"mod parent up" This comment was generated by HackBot 01928
In other news, some Slashdot users don't like to do all the hard work of writing inspiring posts to build karma. Instead, they developed a simple online service to 'steal' karma from the hardworking posters. The service allows anyone to scan Slashdot articles for underrated comments and automatically post replies urging moderators to "mod parent up"
"Some hackers out there don't like to do all the hard work of running..." Nuff said.
People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?
This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.
I think the subtext here is that hackers aren't necessarily bad guys and so it's more like repo men stealing from car thieves, still not completely shocking but somewhat more interesting.
...all it does is to try access a number of pre-defined files from the root directory of the probed host: passwords.txt, logs.txt, l0gz.txt, accounts.txt etc. -- talk about sophisticated hacker tool! massive all phreaker big-up! what a joke...
the tool also "epically fails" if you supply a host that is not encapsuled in http:// ... /
Is it just me or is there more and more biology-like complexity evolving?
thegodmovie.com - watch it
Inventivity? Looks like you've got some of that yourself. ;-)
mod self off_topic
"Great fleas have little fleas upon their backs to bite 'em,
And little fleas have lesser fleas, and so ad infinitum.
And the great fleas themselves, in turn, have greater fleas to go on,
While these again have greater still, and greater still, and so on."
Hackers vs. Phishers.
Two go in. One comes out.
I am not a lawyer (and I use Acronyms sparingly), but stealing accounts from other phishers may be a DMCA violation!!!
"If a boss demands loyalty, give him integrity. But if he demands integrity, give him loyalty." (John Boyd, 1927-1997)
from the jargon file:
hacker: n.
[originally, someone who makes furniture with an axe]
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.
The term ‘hacker’ also tends to connote membership in the global community defined by the net (see the network. For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic (see hacker ethic).
It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled bogus). See also geek, wannabee.
This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.
Note that the perjorative use has been deprecated.
The Phish, from Vermont...are the poo poo.
I'll try anything once. Twice if it tastes good
... that had the same password as their account names on various servers over the years:
Thank you for the laughs.
And no, I don't have your phished data. I didn't want it. I'm the guy who recursively deleted all of it. As much as I could find.
I love seeing that little tilde in the target address I'm supposed to click in your spam.
The only time I was really interested in phishing was when I was a young teenager - more years ago than I sometimes care to remember. I used to love going to the end of Eastbourne pier but despite a lot of effort and determination, all I ever seemed to 'catch' were crabs and the occasional tiddler. These days I don't bother - older and the fact I'm not near the coast probably contribute to that. Oh well, c'est la vie.
For the 50 thousandth time hackers dont harm they find ways into a computer thats what they like to do is find a vulnerability nothing more. Please for the love of god use the term hacker right. i call people who harm crackers because thats the name they deserve by doing harm you should be called that. Hackers are good people they just have a hobby is all and thats finding vulnerabilities ways in, thats the true enjoyment of it in the first place. Microsoft listen to the real hackers out there when they tell you of a vulnerability dont label them as a threat and have them arrested. Microsoft thats another reason your so vulnerable when a true hacker trys to help you and tell you of your vulnerability you dont listen but maybe you do its bad you have to make yourself completly anonnymous to tell you you have a vulnerbility. Sometimes the True Hacker gets fed up with microsoft and makes it easy so everyone can do it by programming something so these so called crackers will use it and do good all in all you eventually fix your vulnerabilities i guess a cracker is good for something. Please comment and btw im not a hacker but i do know alot of them true ones atleast that dont do harm and i know a couple that have got fed up and programmed something so a cracker can take it up microsofts ass, the hacker didnt want to harm but only got fed up is all. Btw i can program self taught back in the old days, i didnt need a damn university to teach me i learnt the hard way, to any one who wants to learn to program they have books for that tutorials the sources are endless these days go out and grab a few and read them youll learn eventually and ill say this theres no deadline, start out with something mad easy if it takes you along time well guess what your just learning thats normal, donr let someone tell you i could do that in 5 minutes discourage you,thats what people do is discourage you its stupidity, if the truely indeed started programming thereselfs and said that took me 2 minutes guess what, ill lay a thousand on it they stold someones source code and said they programmed it alot of self proclaimed programmers do that the numbers would shock you. Microsoft im not calling you one of those people in anyway. Just a hint i was alive when windows first came out and the same for apples operating system and when it did why did both do the same stuff but only looked diffrent, if anyone didnt notice back then were stupid but hay theres alot of stupid people out there, Bill Gates i only respect you as a buisnessman your one hell of a one, it took alot of talent for what you did, im not listing the things but to ever good buisnessman is a crook but you have to be a crook to be a good buisnessman it wouldnt work out if you werent. Now Steve Jobs i respect that guy for more than that, Bill Gates sadly you may be worth more, But Steve Jobs is better than you he proved it back then and hes even proving it now and at the rate it keeps going apple will be worth more than microsoft, its sad steve jobs doesnt own a chunk of apple it should, Bill Gates you screwed up and dont even know it you broke the trust of the best friend you could of ever had and you would of even been more successfull than you are now, well thats a lie since at that time microsoft and apples operating system was basically the same thing so how would bill gates profit with his operating system, this is sarcasm someone elses operating system to begin with. I wish one day steve jobs would really speak out say what needs to be said and finish it it would only hurt you if microsoft owned apple i know they used to own most of it but i dont know now i think things have changed, i dont know if microsoft even owns any of apple they dont need to thats for sure and if they dont Steve Jobs speak up and tell it like it is it needs to be heard from you, You know what im talking about and make people lose respect for bill gates oh i forgot he retired but atleast make people think less of him people think to high of him and shouldnt if they only knew the actual truth Let it be known, bec
The correct definition of "hacking" a device or application is,
making the device or application function in a way which was not intended by the original author.
The definition brought forward by the media only focuses on hacking remote devices for malicious purposes.
As the little old lady tought Betrand Russel, it's turtles all the way down !!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Adults chat in the online world,
decide to meet for coffee.
To great effect she did a-twirl,
sparks fly that scare Khadafi.
Until one day she chatted coy,
paid nary a thought to time.
Turns out it was a 12 year old,
they charged her with a crime.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
This would've been considered as an act of war, and the next thing you know people in the streets are cutting each others in half with tommy guns.
ELOI, ELOI, LAMA SABACHTHANI!?
If you can get the phishers to concentrate on the hackers, while the hackers are concentrating on the phishers, maybe they will leave the rest of us alone.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
oh its gonna be a flame war i see i dont do those, Just shows how smart you are " i got my answer" mission accomplished and you cant get enough of it. You should see if theres any money in that seriously. but you would fail at beeing a good heckler i doubt you have the intelligence to be a good one. i didnt want to flame i hate flaming and getting labled as troll for saying a real hacker doesnt harm well the hackers i know and they are real and they dont harm. maybe i got it wrong or maybe that definition you fetched is wrong and labled all hackers the same way. It seems to have really done that. "The hackers i know dont harm" they do it for a challenge to find the vulnerability etc the access point they will even tell the operating systems about it,before it gets out. I should of said all hackers arent the same. Ok as this definition has stated. Kevin Mitnick was labled a hacker but for what kinda hacking he done was illegal and he is labled the best. The best dont get caught isnt that the whole objective anyway not to get caught while your doing something in that way, well he got caught. they should of labled him "the best caught hacker" not the best hacker. A hacker would have to know how to program to be any good at it not rely on other peoples kiddie tools or well maybe to cause harm maybe a better hacker made the tool, but a hacker dont give away his trade secrets if he is doing it for harm. ok since i read the definition i totally change my mind but will not lable my friends that for they do not do harm. boy they can surely penetrate a os and they have told me theres a hell of alot of ways in windows. i like these hacking competitions. one beeing the one with ubuntu windows and osx. if you followed what were the one they didnt get into. ill answer ubuntu. osx failed because of safari and windows failed well because its windows. the hackers enjoyed that or they would of not done it right. did they cause harm. NOOOO, Theres even hackers who get paid to do what they do not because they "harm" they find ways in and its totally legal well just depends were you live i guess in the United States it is anyway. The United States have hackers they use some of the caught ones to work for them, why so they dont to prision the rest of there lifes. You got a choice Prision for the rest of your life or work for The US Goverment jeez thats a hard decision if i where a hacker that caused that much harm id say US Goverment and actually get paid for it, they get paid good so ive heard. That definition shouldnt be used to lable all hackers as in saying all hackers cause harm. They dont. Theres more than one type of Hacker i knew this before i made the comment i was just seeing what you people would say and all you come up with is that damn definition. Theres hackers thats good with the telephone aka phreakers, remember the blackbox heh those were the days. I should of said i respect the hackers that dont cause know harm and there reasoning of hacking is for the challenge. If your gonna hack please dont do it for a pointless reason there has to be some stadegy. I got so mad when they labled that kid who got in sarah palins email a hacker, i know how he done it because he lives really close to me, ive followed the story all the kid done is use a yahoo password cracker and got labled a hacker, how pathetic is that. This new world has depressed me. Alot of people believes all hackers cause harm thats not true. some find vulnerabilities and tell operating systems etc about them those are what i call "Real Hackers" there doing good with there craft. did you know you can get a certification to be a hacker its called ethical hacking hmm i knew this but for some reason it helps you to better secure a network. I think its worthless but a degree gets the job not the talent. this would also get you the job in network security say your in the interview and they ask how can you secure my network without a degree, the answer is this by breaking into it and telling you how i did so. if say so company thinks you have to have that certification to p
That's the real hacker -> http://catb.org/~esr/faqs/hacker-howto.html
I would be tempted to use this for honourable reasons (ie wait for phishers to email me, then get the details off their site and let someone know that these account details had been stolen) but I'm not sure how. I strongly suspect actually posting them on a website would likely get you in trouble with the authorities, and I'm not sure how effective emailing either the bank(s) or websites in question, or the people whose details were stolen, would be.
I've seen that, too. Recently, Stanford University came up on our short list of major sites being exploited by phishers. I was surprised, because Stanford is usually good about stopping that. It was a weird subdomain under "stanford.edu", and at first I thought someone had compromised Stanford's DNS to get their site under the "stanford.edu" domain. But no, it was just some minor machine that had had a break-in.
The directory with the phishing page was readable as a web page and contained the log of captured passwords, so I sent those to Stanford security and Bank of America security. Haven't heard back from either. After the end of the weekend, the site was taken down, and that took Stanford off the blacklist.
We've been reasonably successful at cleaning up that list. We're trying to popularize the idea that one verified phishing URL blacklists the whole domain until the problem is fixed. (The idea behind SiteTruth is to take a hard-line approach and measure the collateral damage so it can be minimized.) The oldest sites on that list are ones which won't respond to complaints by e-mail or phone. In some cases we've sent faxes.
The worst offenders are Piczo and FortuneCity. Piczo is some kind of social network/hosting service for teenage girls, and it's full of phishing pages, mostly for Habbo logins. PhishTank counts 15, and there are probably more. The phony pages are often not in English, and the Piczo abuse department may not recognize a French Habbo phishing page. This may be the next trend in phishing - put your page on a site run by someone unlikely to understand the page. I've seen a phishing page in Greek on an Indian site.
It's getting harder to run a phishing site. Since the end of "domain tasting", the business of high-volume bogus domain registration has tapered off. We haven't seen an "open redirector" on a major site in a while; eBay, Yahoo, and Microsoft Live all used to have at least one. The "url shorteners" are getting very aggressive about killing links to phishing sites. This might be winnable.
Now, if the hackers were *really* smart, they'd download the data files, and replace them with randomly-generated but plausible data, thus ensuring that the phishers would not get the stolen card details stomped on by Visa, MC, et al. too soon for the hackers to use them.
Back in our day, we had to move the electrons around with tweezers.
Since the tool is not run locally you can only assume that all the submitted url's are going into someone's database.
That someone is going to collect a lot of hacked accounts very quickly.
Hackers vs Phishers vs Hosted Hacked account collection Service?
Yesterday the Auto Whaler was something I would thumb up for. Now when I finally got my chance to abuse it, it somewhat became old news too quick.
During my sleep I finally received some phising mails to test with the Auto Whaler.
First one gave no hits Second one gave green lines all over. Trying to open one of the text files I was just redirected to a sub page on the site where all the red lights starts flashing. Tons of malware trying to be installed.
So do not let the phishers fool you, they too know about Whales.