Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Blogger Hit With DDoS Death Threats

Posted by timothy on from the bad-childhoods-continue dept.

mask.of.sanity writes "An Australian blogger who blew the lid on emerging domain-name fraud campaigns has received death threats from the scammers. His blog and domain parking company are still being hit with a large distributed denial of service attack that has the death threats embedded as HTML links within its logs. Australia's government CERT team and the U.S. Secret Service (blog servers were hosted on U.S. soil) are pursuing the botnet's command and control servers. Ten days later, the victim is still being attacked and is fighting a cat-and-mouse game as IP address ranges change."

83 of 125 comments (clear)

  1. Re:Stop giving hackers a bad name! by Psychotria · · Score: 5, Insightful

    Those were never "hackers"

  2. Internet toughguy syndrome by assemblerex · · Score: 1, Insightful

    No, the people doing this are not going to hop on a plane,rent a car and find your house.

    Unless you live in russia, then you better cut that shit out and hide.

    1. Re:Internet toughguy syndrome by SteveTheNewbie · · Score: 4, Informative

      Sadly, thats incorrect, there are cases where people have been tortured and kidnapped for messing with these criminals

      http://www.wired.com/threatlevel/2008/08/hacker-reported/ is one such case, another i dont have the link for right now involved a reporters daughter being kidnapped, put on drugs and sent to work in a brothel for 5 years. The hacker con ruxcon in Australia had a talk on it last year, no country is safe when dealing with real criminals. They will find and kill you for disrupting their business.

    2. Re:Internet toughguy syndrome by E+IS+mC(Square) · · Score: 1

      True if it's some random guy. But it's quite unsettling if you are threatened by multiple people in an organized way. Even if no real threat exists, it can be damaging psychologically.

    3. Re:Internet toughguy syndrome by mabhatter654 · · Score: 1

      Except that if you DO live in a country that cares they now have uttering death threats which is a non-cyber crime to get you with. Scams are hard to prosecute... Death threats are easy.. They can tack on the scamming at sentencing as "unrepentant offender".

    4. Re:Internet toughguy syndrome by mabhatter654 · · Score: 1

      Not really, many live in countries with weak extradition, or no laws against cyber crimes in the first place. Even when they commit a crime like kidnapping, all the inetnt and evidence is based on stuff that can't be investigated internationally... So they have years head start on people looking for your kid.

    5. Re:Internet toughguy syndrome by PPH · · Score: 1

      But it's quite unsettling if you are threatened by multiple people in an organized way.

      More likely its one scrawny botnet operator who looks like multiple people.

      --
      Have gnu, will travel.
    6. Re:Internet toughguy syndrome by PPH · · Score: 2

      But the reverse is also true they can also be found hunted down and eradicated fumigated and deleted from the record of humanity

      Really? From the article:

      In April, Miami Beach police busted a ring of Bulgarian nationals ....

      The Secret Service took over the Miami Beach case, and the four defendants were each released on a $100,000 cash and signature bond. Three, including alleged ringleader Nikolai Hristov Arabov, jumped bail and went on the lam last month.

      That goes beyond stupidity and incompetence and possibly straight to collusion. And this isn't corruption in the ex-Soviet bloc. This is the Secret Service and our own court system.

      --
      Have gnu, will travel.
    7. Re:Internet toughguy syndrome by daem0n1x · · Score: 1

      He owns a domain parking company, so he's part of the problem. Domain parking qualifies as "domain-name fraud", it just happens to be legal in many places.

      If you're gonna swim with the sharks, you gotta learn to bite.

    8. Re:Internet toughguy syndrome by AliasMarlowe · · Score: 1

      But the reverse is also true they can also be found hunted down and eradicated fumigated and deleted from the record of humanity

      Really? From the article:

      In April, Miami Beach police busted a ring of Bulgarian nationals ....

      The Secret Service took over the Miami Beach case, and the four defendants were each released on a $100,000 cash and signature bond. Three, including alleged ringleader Nikolai Hristov Arabov, jumped bail and went on the lam last month.

      That goes beyond stupidity and incompetence and possibly straight to collusion. And this isn't corruption in the ex-Soviet bloc. This is the Secret Service and our own court system.

      And Bulgaria is even a member of the EU, which is essentially impotent against Bulgaria's state-sanctioned corruption and state-protected criminals. Forget getting the local police to track down the absconded defendants and forget about getting them extradited outside the EU[*] even if they are found.

      As a member of the EU, Bulgaria is required to honor the European Arrest Warrant. I don't know whether that could be helpful for an extradition outside the EU.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  3. I am confused by bloodhawk · · Score: 3, Informative

    Huh? So now domain name parkers are considered innocent victims rather than the scumbucket profiteers that polute the web and search engines with advertisings and misleading links?

    1. Re:I am confused by fuzzyfuzzyfungus · · Score: 1

      "So, naturalists observe, a flea
      Has smaller fleas that on him prey;
      And these have smaller still to bite 'em,
      And so proceed ad infinitum."
      Frankly, in this case, the "scammers" sound like they(by flooding domain park advertisers with false clicks) are making domain park advertising incrementally less attractive, so I find it hard to be too sad to see them. Anybody who collaborates with those scum deserves what they get. However, the botnet herders tend to be the ones cracking machines for their herds, so they are also a blight.

      Maybe they could fight to the death?

    2. Re:I am confused by Anonymous Coward · · Score: 1

      "Thus every slashdot poster, in his kind,
      Is bit by him that comes behind. "

    3. Re:I am confused by North+Korea · · Score: 4, Insightful

      There's nothing wrong with domain name parking. If you have no current use for a domain you've paid, you park it. Also, you could use the domain for other purposes than just for web - like email, game servers etc. There's internet out of the web too, you know.

    4. Re:I am confused by qxcv · · Score: 1

      I think OP was talking about people who buy domains with the closest Hamming distance to the name of a Fortune 500 company and *intend* to park them (or use them for brand damaging material) until the company in question coughs up with a few grand to buy the domain off the parkers.

      --
      "The most dangerous enemy of a better solution is an existing codebase that is just good enough." -- Eric S. Raymond
    5. Re:I am confused by julesh · · Score: 1

      Maybe, but I don't think that's what the person who's the subject of the story does, so if that's what he thought was meant, he misunderstood. The subject of the article appears to offer domain registration services to third parties, along with a system for managing adverts placed on the domains prior to web sites going live.

    6. Re:I am confused by AftanGustur · · Score: 2

      There's nothing wrong with domain name parking.

      "Domain parking", usually means tapping into search results of the big search engines and feeding people advertisements in place of the actual content they were looking for. This may be legal, but that doesn't make it "right".

      In addition, people like Michael Gilmour get away with paying only a few cents for each domain and then buy them in the thousands when people forget to renew or let them expire, hoping to sell them back with a hefty profit.

      Michael Gilmour is not giving people any more service than someone who buys up all the tickets for a concert and then sells them back to those that want to listen to their favorite musician.

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
    7. Re:I am confused by bloodhawk · · Score: 1, Informative

      Maybe, but I don't think that's what the person who's the subject of the story does, so if that's what he thought was meant, he misunderstood. The subject of the article appears to offer domain registration services to third parties, along with a system for managing adverts placed on the domains prior to web sites going live.

      Actually that is EXACTLY what the subject of the story "Michael Gilmour" does. What he does may be legal but I would rank him slightly above sewer scum. He buys up domains and parks advertising on them to milk money from unsuspecting search results and mistyped domain names.

    8. Re:I am confused by bloodhawk · · Score: 2

      There's nothing wrong with domain name parking. If you have no current use for a domain you've paid, you park it. Also, you could use the domain for other purposes than just for web - like email, game servers etc. There's internet out of the web too, you know.

      He is not that sort of domain parker. He is someone that buys up domain names for generic terms and mistyped domain names and parks the domain with advertising to get ad traffic from searches and mispellings.

    9. Re:I am confused by North+Korea · · Score: 1

      In addition, people like Michael Gilmour get away with paying only a few cents for each domain and then buy them in the thousands when people forget to renew or let them expire, hoping to sell them back with a hefty profit.

      And how does he do that?

    10. Re:I am confused by AftanGustur · · Score: 1

      In addition, people like Michael Gilmour get away with paying only a few cents for each domain and then buy them in the thousands when people forget to renew or let them expire, hoping to sell them back with a hefty profit.

      And how does he do that?

      He has a company that is listed as a "domain reseller" or a registrar, so he only has to pay the yearly fee to the top-level domain management, which is, for example, about USD 20 cents for .com domains.

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
    11. Re:I am confused by North+Korea · · Score: 1

      There's quite large annual fees on top of that, though. And he won't get those prices unless he is actually registered registrar directly at ICANN. If he's just reselling, then it's close to the actual prices (at least $6-7 per domain).

    12. Re:I am confused by AftanGustur · · Score: 1

      Wow, thanks for showing that you don't have a clue what you're talking about. Last I checked Verisign charged $7.34 per domain then there's the $0.18 ICANN fee. So that's $7.52 before the registrar even takes their own cut, and they too need to cover operating costs.

      The costs are many orders of magnitude higher than the 20 cents that you claim.

      Verisign is a registrar, Michael Gilmour's company is also a registrar, they both only pay 18 cents to ICANN per domain, get it ?

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
    13. Re:I am confused by North+Korea · · Score: 1

      No, Verisign is the operator of both .com and .net TLD's. All registrars pay to Verisign and ICANN for .com and .net domains.

    14. Re:I am confused by AftanGustur · · Score: 1

      Domains are like real estate. You can buy them cheaply and sell them for inflated price later on.

      What's wrong with that?

      Like when you buy up all the concert tickets for a show?

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
    15. Re:I am confused by AftanGustur · · Score: 1

      There's quite large annual fees on top of that, though. And he won't get those prices unless he is actually registered registrar directly at ICANN. If he's just reselling, then it's close to the actual prices (at least $6-7 per domain).

      From Here

      Michael is the CEO of Simcast Media, an online platform built for a company's clients and their customers. Customers find more information about the companies they're interested in. Simcast is an accredited registrar of ICANN. .

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
    16. Re:I am confused by mabhatter654 · · Score: 1

      Well at least he's not collecting all their mis-addressed email...

    17. Re:I am confused by zippthorne · · Score: 1

      If you can make a profit by buying all the concert tickets and reselling them, then the original promoters failed by not setting the price correctly.

      --
      Can you be Even More Awesome?!
    18. Re:I am confused by Anonymous Coward · · Score: 2, Informative

      Wrong. Not everyone seeks to gouge the shit out of everyone else. How sad that the epitaph on the tombstone of our society will be "Well, at least they made a profit". Pathetic.

    19. Re:I am confused by Anonymous Coward · · Score: 1

      Why not? People can buy as many tickets to the show as they like. I've purchased dozens of tickets to events, there's nothing wrong with purchasing things (that's the point of selling them). The transaction concerns only the parties involved, and no one else.

      There is nothing wrong with being a parasite, after all they existed before humans did.
      Yeah, I'm getting off your lawn right now.

    20. Re:I am confused by theskipper · · Score: 1

      That's incorrect and overly inflammatory. Parklogic serves as a middleman between advertiser feeds and domain owners who wish to display a parked page. He may also own domain names but his company serves as a parking platform beyond any of those personal domains.

      They maintain the server infrastructure, negotiate contracts with advertiser feeds from Google, Yahoo, etc. Same with Whypark, Sedo and many others. As a matter of fact, Google offers the exact same service if you're willing to use their DNS.

      Also, there is a difference between parking "cellphones.com" and "verzion.com". One is a perfectly legitimate generic and the other is typosquatting (profiting off a trademarked term). The latter can be claimed via the UDRP process, Verizon is not at the mercy of a squatter in any way. Trademark holders can also file federal lawsuits.

      You may disagree that the owner of "cellphones.com" should profit from the domain. That's equivalent to thinking that a property owner should not be able to profit through renting to others in a free market (btw, domains are considered property). But at least recognize that there is a clear distinction between "sewer scum" and legitimate domain owners that choose to use a domain as they see fit.

    21. Re:I am confused by theskipper · · Score: 1

      There is a huge difference between a "registrar" and "registry". If a registrar charges $9 for a domain registration, they pay around $7.50 to the registry (Verisign) and ICANN. The $1.50 is the registrar's profit, no more. The $7.50 is used by the registry to maintain infrastructure for DNS, etc. So there is no way for a registrar to register a domain for 20 cents.

      What you may be thinking of is "tasting". In that case the domain could be "returned" for a small fee after parking for a week or so. But that was reigned in and essentially eliminated last year.

    22. Re:I am confused by WNight · · Score: 1

      btw, domains are considered property

      And World of Warcraft magic swords aren't.. Hilarious. Both are lines of nothing in a database.

      You may disagree that the owner of "cellphones.com" should profit from the domain

      Of course I do. They're a useless leech on the system. If not for a court turning that into "property" it'd just be data in a DB and the community would point it where the community wanted.

      The reason we think (in general) that property owners should be able to rent property is that it usually wouldn't be there (a house), or developed (a piece of property with access and sewer/power), etc. Simply giving the public domain to someone, like ownership of the word 'cellphones' so that they can start billing when people use it is as reasonable as letting people set up toll booths on roads they didn't build or maintain.

      In the beginning domain names were sold not to make money but to pay for their administration and to keep freeloaders from taking them all. Now their administration is trivial and the low prices mean "free"loaders are back. We need to add a new rule like, if you want more than five domains you have to send a picture of yourself (no employees, etc) with a shoe on your head. It's not about cost, it's about deterring run-away hoarding and bringing problems to light so they can be fixed to the benefit of everyone.

      But at least recognize that there is a clear distinction between "sewer scum" and legitimate domain owners that choose to use a domain as they see fit.

      You mean, take the group of people who intentionally hurt society for their own luxury, and recognize an important different because some choose to do it via gaming the system and some just break the rules? No. I don't think so.

      Domain names are just lines in a database and the laws justifying those DB lines as property and not others are ridiculous. People who make a business gaming this are thieves, if only the crafty type we call lawyers.

    23. Re:I am confused by gpuk · · Score: 1

      As North Korea says, you are mistaken.

    24. Re:I am confused by gpuk · · Score: 1

      In the UK at least I believe there are anti-ticket taut regulations to try and stop exactly that.

    25. Re:I am confused by daem0n1x · · Score: 1

      Wow, I'm soooo sure a vast majority of the poor innocent domain parkers fall into these extremely specific cases you just described. Oh, the poor innocent domain parkers, being persecuted by shameless Internet crooks. I'm soooo sad.

    26. Re:I am confused by theskipper · · Score: 1

      Sounds like you're unhappy about the situation. Out here in the real world it's called capitalism.

      And I'd bet the you'd feel much differently if you owned a multi-million dollar domain like beautiful.com. But you can't because P&G registered it back in 1995 and has been using a worthless redirect on it ever since then. Since they're hurting society by hogging the domain, maybe if you ask nicely they'll transfer it to you at no charge?

      Btw there's actually a phrase for what you're feeling: "domain envy". It's no different than those that lament not buying MSFT back in the early '90s.

    27. Re:I am confused by bloodhawk · · Score: 1

      in many countries buying up tickets to resell them is actually illegal now. There is a lot wrong with it morally as well, it is pure profiteering that does nothing more than fleece people of additional money, they are not providing a service, they are taking advantage of holes in the system by effecting preventing legitimate buyers buying from source and artificially inflating prices..

    28. Re:I am confused by theskipper · · Score: 1

      1) Parked domains rarely show up in indexes. Google filters them heavily. The only way to get to one is through direct navigation. Like if someone wants to buy car parts, they type in "carparts.com". Then they click a link and get the result they were looking for. There's no "harm" or "screwing" involved unless the click was fraudulent. The domain owner has no control over that unless they're stupid enough to click it themselves. Then they get caught, have their parking account banned and the payment gets clawed back.

      2) The state of physical property is completely different than domains. Someone parking "carz.com" has absolutely no effect on the owner of "cars.com".

      Bottom line is that parking is a minor issue that you guys are blowing way out of proportion. The real issue was how the scammers were buying parking accounts and defrauding the advertiser. Direct your rage where it belongs, the advertiser getting screwed directly by the scammer, not the guy who parks his domain.

    29. Re:I am confused by Dan541 · · Score: 1

      No, Verisign is the .com registry operator.
      All registrars must pay $7.34 to verisign for every domain they register and an $0.18 fee to ICANN.

      You clearly don't know what you're talking about. Do your homework then come back and tell me he only pays "20 cents" per domain.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    30. Re:I am confused by Dan541 · · Score: 1

      In Australia most event organisers will limit you to 10 or less tickets per transaction. The way to stop people getting around the restriction is to have a Terms & Conditions of sale. People who violate the terms can have a civil suit brought against them.

      However going back to domains. There are no longer any restrictions on TLD registrations. Is it moral to register domains for investment? I would say, yes as it's just like buying real estate for investment. People don't seem to question the morality of land investment, even though land is finite but domain names are potentially infinite. (at least more so than land)

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    31. Re:I am confused by zippthorne · · Score: 1

      Well by all means, tell us how you would define the fairest price for concert tickets.

      My definition is "the price at which all the seats are sold and no one who wants a seat couldn't get one."

      --
      Can you be Even More Awesome?!
    32. Re:I am confused by innerweb · · Score: 1

      But that does not necessarily maximize profit for the selling venue, and for business, maximizing profit is an important consideration. In fact, it has been proven that selling all seats is a pretty strong indicator that the tickets were under priced. So, the question then becomes fair for who?

      --
      Freud might say that Intelligent Design is religion's ID.
    33. Re:I am confused by Kalriath · · Score: 1

      Same with Whypark, Sedo and many others.

      As it happens, I do think all of those companies are pond scum offering a dubious service which exists solely to rip people off. Despite my objections, my employer just paid £800 to some scumbag via Sedo for a domain - specifically the company name! - that costed $30 to register.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    34. Re:I am confused by Kalriath · · Score: 1

      I get the feeling "theskipper" works for Sedo or one of their ilk.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    35. Re:I am confused by theskipper · · Score: 1

      The seller offered it for sale, your employer wanted it and obviously thought the price was fair enough. So they bought it. The profit margin is of no significance, only that the buyer and seller got what they wanted.

      No different than any other transaction of goods or services in a capitalistic scenario.

    36. Re:I am confused by WNight · · Score: 2

      Btw there's actually a phrase for what you're feeling: "domain envy". It's no different than those that lament not buying MSFT back in the early '90s.

      I (may) lament my lack of money but not my unwillingness to mug a senior citizen for it. I don't envy the killers.

      You're using domain envy a little too loosely here. Under your usage a rape counselor would have domain envy towards rapists.

      And I'd bet the you'd feel much differently if you owned a multi-million dollar domain like beautiful.com.

      Ahhh, the "You can't prove you wouldn't do it so it's unjust to punish anyone for it" argument. Weak.

      But no, I wouldn't want them, or me, to be punished. I'd want it taken away and allocated in a way that best matches what the public wants to find when they type "beautiful com(pany)".

      But you can't because P&G registered [...] Sounds like you're unhappy about the situation.

      Yes, I am. There are systems that could serve people and here we are using one pretty much designed not to help.

      Out here in the real world it's called capitalism.

      Wow. That's so abysmally stupid that you must have an MBA.

      That is precisely the opposite of capitalism. The government took some computer config stuff and wrote laws about it, handing control of the process to the biggest lobbyist and in general fucking the whole system up, just so someone could 'own' it. That's cronyism and rent-seeking. Pay attention, it's the main cause of the decay of your society.

      The whole thing is shockingly Soviet. Take some functioning industry, decide bureaucrats know best, and drive it into the ground through a total lack of domain knowledge.

    37. Re:I am confused by Kalriath · · Score: 1

      No, they didn't think the price was fair enough. What they thought was that the pond scum had them over a barrel.

      So, which "domainer" do you work for?

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    38. Re:I am confused by theskipper · · Score: 1

      Then that's simply buyer's remorse, same as overpaying for any product or service and regretting it later. Which is tough luck to them, they should have negotiated better or just picked one of the other 100 TLDs. Having said that, $1200 isn't unreasonable and is below par with average domain sales these days listed at dnjournal.com.

      What you're really implying is that it was extortion which would be criminal. It's not, they could have simply registered the domain before the seller did.

      So whether you personally like the free market system or not has no bearing on the reality of how macroeconomics works. Supply/demand, scarcity of resources and all that.

  4. Interesting. by gcnaddict · · Score: 1

    Why is the United States Secret Service involved? From what I remember, the USSS is involved in matters of dignitary protection and anti-counterfeiting operations. Are the scammers involved in either of these?

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
    1. Re:Interesting. by ikkonoishi · · Score: 3, Informative

      http://www.secretservice.gov/investigations.shtml

      Since 1984, the Secret Service's investigative responsibilities have expanded to include crimes that involve financial institution fraud, computer and telecommunications fraud, false identification documents, access device fraud, advance fee fraud, electronic funds transfers and money laundering as it relates to the agency's core violations.

    2. Re:Interesting. by mevets · · Score: 1

      I believe they are considered competition. The scammers need to be sent to Libya for some special interrogation.

    3. Re:Interesting. by evanism · · Score: 1

      and whacking people

      --
      Just bought a new quantum computer, but I'm uncertain how it works.
    4. Re:Interesting. by deniable · · Score: 1

      They're been looking at cyber-crime and roleplaying supplements for a long time now.

  5. death threats by phantomfive · · Score: 1

    I thought death threats were just what happens to anyone who becomes remotely famous.

    --
    "First they came for the slanderers and i said nothing."
  6. But is the evil Cheese after me? by gearloos · · Score: 1

    It's the Cheese. The evil cheese...

    --
    "Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
  7. Re:Laziness by mevets · · Score: 2

    Your right; the really lazy would just hire someone local to do their 'wet work'. Good thing they haven't thought of that.

  8. Re:Stop giving hackers a bad name! by WorBlux · · Score: 3

    Hacker make things work, generally with either with a low budget, a high degree of creativity, simple elegance, or superfluous complexity. More for the satisfaction of being able to be it. Sometimes involving good-natured pranks, naivety or a need to take dissect things just to see how they work. However a death threat is the sort of malovelence far removed from a hacker's nature. Also hackers tend to be very strongly motivated by internal rewards (satisfaction at a job well done) rather than the external (money) as these scammers are.

  9. Re:Umm... unplug it? by WorBlux · · Score: 3, Insightful

    That's the most fucking asinine or exceedingly obtuse comment on this page yet. The threat doesn't go away when you turn the computer off. The damage of a death threat isn't in the symbols used to convey the message, but the intent it converts.

  10. Re:Stop giving hackers a bad name! by Anonymous Coward · · Score: 1

    Hack The Planet!!1

  11. politics, sideways, offtopic, -1 retarded by mevets · · Score: 1, Insightful

    Too bad the general media don't get this idea. They are way to busy gazing at the medium is the message to understand that the medium is transitory.

    The TP (Tea Party, or something for wiping you ass with) get this; they don't say anything that is explicitly racist - as an example -, but almost everything they say is inherently racist. Like a magician slipping a card, you can't pin him to what he did, but the end result is the same. It is way more McLuhan than McLuhan itself [ sorry, stolen from a stoned friend who gushed 'it is more chocolaty than chocolate itself' ]

    More on opic, front-ways, to you sir, I say "*WHOOSH*".

  12. Re:Stop giving hackers a bad name! by Anonymous Coward · · Score: 1

    Unfortunately "hackers" is, and has been for at least the last 15 years, a term associated with "crackers". It's a shame when playful cleverness is being labelled organised crime whilst real crime in which people are being hurt and laws broken remains largely ignored by law enforcement. I wish politicians and police would come to their senses and realise that "cybercrime" and IRL crime are one and the same, and the only way you can fix it is by finding the perpetrators and slapping them with fines and jail sentences. Denial of service and XSS on their own aren't really (legal) problems. The problems start occurring when these methods are used to deliver death threats and steal data for personal gain.

  13. Jeez RTFA by Anonymous Coward · · Score: 1

    RTFA this wasn't simply some upset asshole in the Ukraine sending death threats, this was a pump and dump scam being uncovered, where they send a buttload of fake traffic to view the ads, and then run off.

  14. Aren't IPs good enough to identify someone? by AK+Marc · · Score: 3, Funny

    If they can sue based on IP, why can't they get the names and addresses of everyone involved?

    There's only one thing that will end this. Find every IP launching the attack and prosecute them for hacking, even if all they did was own an insecure system. You have to push the responsibility back on the people allowing the attacks. It's illegal to leave your car running attended because it's an attractive nuisance.

    --
    Learn to love Alaska
    1. Re:Aren't IPs good enough to identify someone? by julesh · · Score: 4, Interesting

      If they can sue based on IP, why can't they get the names and addresses of everyone involved?

      FTFA:

      Scammers would change their origin of attack to evade blocking and Gilmour would respond in kind.

      In the last hour, the attacks have moved to Indonesia where some 28,000 unique IP addresses are attacking his sites every few minutes.

      So you're suggesting he sues 28,000 indonesians? And then when the botnet operator switches to a different IP range, another few thousand people of some other nationality. And then another, and another. And you think that's going to work because...?

      It's illegal to leave your car running attended because it's an attractive nuisance.

      Maybe where you live it is. I can assure you it isn't where I am. Which is the problem: laws work differently in different countries. Sometimes even in different regions of the same country. The Internet is international. Even if some jurisdictions have laws that you can use against attacks like this, not all do. And that just means the attackers will end up working from those that don't.

    2. Re:Aren't IPs good enough to identify someone? by Xugumad · · Score: 1

      > Find every IP launching the attack and prosecute them for hacking, even if all they did was own an insecure system.

      Even if they get hit by a 0-day attack?

    3. Re:Aren't IPs good enough to identify someone? by gl4ss · · Score: 1

      that approach is simply not practical.
      never met the polish irc gangs?

      and no, they aren't good enough.

      the guy should just use cloudflare I suppose. but there's the streisand effect now for his blog post.

      --
      world was created 5 seconds before this post as it is.
    4. Re:Aren't IPs good enough to identify someone? by AK+Marc · · Score: 1

      So you're suggesting he sues 28,000 indonesians? And then when the botnet operator switches to a different IP range, another few thousand people of some other nationality. And then another, and another. And you think that's going to work because...?

      I'm suggesting that the ISP in Indonesia disconnect those 28,000 IPs for criminal activity, check them for viruses and turn them back on after they are clean, billing those 28,000 criminals for cleaning up their illegal activities.

      It'll work because when people realize their criminal negligence of having an insecure system attached to a network will result in something other than a slower computer, they'll take the bare minimum of security steps, making the world a better place. Why do you hate the world and support the criminals?

      . I can assure you it isn't where I am.

      I don't believe you. It's explicitly illegal to leave a running car unattended in TX. However, people have been successfully prosecuted (or sued) for it elsewhere, even where it is not illegal. Tell me where you are, and I can try to assist you in determining legalities.

      --
      Learn to love Alaska
    5. Re:Aren't IPs good enough to identify someone? by AK+Marc · · Score: 1

      As another respondent mentioned, if they are using "old" versions when the current ones are secure, it's still negligence. If they are on the current version and it's compromised, then prosecute the maker of the software.

      --
      Learn to love Alaska
  15. Re:Stop giving hackers a bad name! by Samantha+Wright · · Score: 2

    Fortunately, the hardware hacking community has worked toward making the name its own again, ensuring that the concept of a hacker as a knowledgeable, creative person who works with complex computer technology at least somewhat lurks in the minds of the educated public.

    --
    Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
  16. Backfire? by Anonymous Coward · · Score: 1

    These IP addresses that are now logged to have attacked this site's blog, might also have been used for clicking these ads. If these addresses are given to the advertising companies I see at least to possible steps to take:
    1) Block the IP addresses from generating ad-revenue. This should save them *some* money.
    2) Find out which ads has been vigorously "clicked" from these IP addresses and find out which company that gets paid for it. That would probably be a good starting point for an investigation.

  17. Why doesn't he just unplug for a few weeks? by gatkinso · · Score: 1

    Would be a great time for a vacation.

    --
    I am very small, utmostly microscopic.
  18. I have very little sympathy for "Domainers" by tomhudson · · Score: 1
    The guy has half a million domains that he's squatting on. Why is he described as "a blogger"?

    Park Logic was Gilmourâ(TM)s domain parking company that hosted half a million domain names.

    He wrote some blog posts about other domain scammers, and they're retaliating. Awwww .... nothing to see here, folks ....

  19. How are they monetizing this? Google? by Animats · · Score: 1

    Absent from the article is a key question - how does either the "domainer" or the scammer make money? Pumping fake traffic through fake domains is usually monetized through Google AdSense.

    1. Re:How are they monetizing this? Google? by theskipper · · Score: 1

      Let's say you own "redcars.com" and have it parked with Google, Parklogic or other parking service. The PPC ads shown on the site are from Google or Yahoo ad feeds that were negotiated by the parking company. You get a portion of the revenue generated when a legitimate click occurs, the parking company gets some and the feed provider keeps the rest. If using Adsense for Domains then Google keeps the latter two cuts.

      The scammers will offer you $1000 for your account at the parking company. You agree, take the money and give the scammer your login info.

      They then push fake traffic to the domain, run up the clicks and collect the proceeds from the parking company. The parking company then gets stuck with unhappy customers (advertisers) from the ad feed which affects their revenue. Ideally the scammer is long gone and has collected more money in parking revenue than it cost to buy the account.

      The owner of Parklogic (Michael Gilmour) wrote a series of articles exposing this. The scammers retaliated.

      "Domainers" have nothing to do *directly* with the scam. But some do take the $1-3k payoff without realizing what exactly is going on.

  20. real estate doesn't quietly expire and be resold by r00t · · Score: 1

    To be the same, imagine that your house ownership expires. You might get notice that this is about to happen, but the notice looks like junk mail and might not even arrive. Fake notices are sent all the time by scammers wanting to fool you into paying the wrong person. If you are on vacation or otherwise miss the legit notice, you might not pay in time. Your house is then quietly reposessed by the local authorities. Some jerk at the courthouse buys the house instantly. (he always does this) You find yourself homeless. The jerk offers to sell you back your house for a ridiculous markup. His whole reason for buying the house was the hope that you would be desperate enough to pay him well. He has no other use for your house. He has no realistic hope that anybody else would want your custom house, and you need it because it's where everybody thinks you live.

  21. Re:You Shouldn't Be Confused by sourcerror · · Score: 1

    Well, in other countries people don't eat that much cornflakes, so the US has significiant competitive advantage in shitting in cornflakes .

  22. Clearing up a few things... by Da_Big_G · · Score: 1

    I know Michael personally, have read his blog for a couple years, and am familiar with his meta-parking service.

    He's definitely one of the parking industry's most stand up guys. He's not a domain scammer, nor anything close to that. Advertisers love his service because he cuts off anyone with bad traffic. Now he's exposing the seedy underbelly of the parking industry... which of course seems to have pissed off some people.

    The scammers make money by pounding advertisers' PPC links on parked pages and getting paid, then moving on to different accounts before Google or Yahoo can charge back against the first set of accounts. The middleman (parking co or Michael's co) gets burned in the process.

    1. Re:Clearing up a few things... by BillX · · Score: 1

      Have to say, I don't think this guy will get much sympathy on /., even if he is exposing a whole different level of scum among scummers. There is, by definition, no such thing as legitimate traffic to a parked domain. Nobody wants to go there.

      --
      Caveat Emptor is not a business model.
  23. and many countries corrupt police forces by decora · · Score: 1

    are payed off by the mafia rings that run these shows.

    think about Mexican drug cartels. they are known to have infiltrated the media, as well as the federal police force, and even the offices of the government. reporters have been killed.

    lets not even talk about Pakistan, Russia, etc.

    1. Re:and many countries corrupt police forces by innerweb · · Score: 1

      Many countries have special units designed to deal with these *issues*. Osama was dealt with by one from the US. If the problems draw the attention of certain parties from certain countries. The problem will be made to go away.

      On the flip side of the issue, it is also possible for the community at large to end most of the current methods for doing what is done, but the will is not there to do the upgrades, modifications and administration to end it (systemically). So, as long as the general users and administrators allow the situation to remain the way it is, so will the crime continue.

      think about Mexican drug cartels.

      And they still only exist because a large enough part of the population pays them for what they sell (not protection, but drugs and such). So, it is still the caused by the population in general. The American failure in the war on drugs is one more great example of this. As is the success of online spammers and other such obnoxious criminals.

      --
      Freud might say that Intelligent Design is religion's ID.
  24. Re:real estate doesn't quietly expire and be resol by Dan541 · · Score: 2

    By allowing a domain to expire you relinquish your owner ship of it. Just about every domain I have ever let expire has been registered the instant it dropped. There is nothing wrong with this because I let the domains expire. If someone else wants to register them; they have every right to do so. Domains need to expire, otherwise we would have an exponential growth of dead/abandoned domains that could never be recovered and no revenue stream to maintain their infrastructure. Currently between 60,000 and 70,000 .com domains expire every day and become available for registration. I own plenty of domains that I would never have gotten if they didn't expire.

    The same thing happens to houses. If you own a property and you leave it unattended you certainly can lose it just like a domain. Try it, buy a property and never ever check the mail pertaining to the property or do anything with it. Eventually you're guaranteed to lose that property; through failure to pay tax if nothing else.

    --
    An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
  25. Re:Stop giving hackers a bad name! by Meski · · Score: 1

    Fortunately, the hardware hacking community has worked toward making the name its own again, ensuring that the concept of a hacker as a knowledgeable, creative person who works with complex computer technology at least somewhat lurks in the minds of the educated public.

    Now to find us some educated public!