Slashdot Mirror
Hacker Group Demands "Idiot Tax" From Payday Lender
snydeq writes "Hacker group Rex Mundi has made good on its promise to publish thousands of loan-applicant records it swiped from AmeriCash Advance after the payday lender refused to fork over between $15,000 and $20,000 as an extortion fee — or, in Rex Mundi's terms, an 'idiot tax.' The group announced on June 15 that it was able to steal AmeriCash's customer data because the company had left a confidential page unsecured on one of its servers. 'This page allows its affiliates to see how many loan applicants they recruited and how much money they made,' according to the group's post on dpaste.com. 'Not only was this page unsecured, it was actually referenced in their robots.txt file.'"
Just because I left my door open, doesn't mean it's okay to steal.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
First time protecting their customers was part of these people's business model.
xkcd is not in the sudoers file. This incident will be reported.
Even if the publishing of the data itself has no legal implications, I suspect the extortion would be enough to get these guys into a sh*tload of trouble,.
You're kidding, right? This is clear-cut extortion. You don't have to threaten to commit a criminal act to be guilty of extortion: all you need to do is threaten to do something unpleasant and demand something in exchange for not doing it. "Give me $5 or I'll punch you" is extortion, but so is "Give me $5 or I'll tell everyone you have a crush on Suzie", even though saying so is not a crime, and even though Suzie may already know.
http://en.wikipedia.org/wiki/Extortion
So basically, they're coming to the defense of customers being ripped off by this lender, and are they're going to show 'em who's boss by widening the customers' exposure to identity theft? Wow, there's some moral high ground there. The customers must be so grateful.
"Howdy neighbor. I happened to hear you beating your wife last night. You can give me $1000 and I'll go away quietly. Otherwise, I'll give her another beating myself."
Fucking door analogies, how do they work?
It's not okay to steal? No shit, Sherlock.
Actually, depending on jurisdiction there are these small, but important, differences.
Where I live, for example, it is only extortion if you threaten someone with illegal consequences. So beating them up if they don't pay is extortion, but telling his wife about his mistress if he doesn't is not.
Assorted stuff I do sometimes: Lemuria.org
and then someone came and looked under the shelf anyway, found embarrassing photos that would be incredibly embarrassing to you and thousands of your friends. made copies of the photos and tried to illegally extort money from you.
i spent five minutes thinking and all i got was this crappy sig
Among other elements, extortion requires a threat to the person or property of the victim, or someone associated with the victim. There is none here.
Bullshit, if I say "pay me $20,000" or I'll do X" that is extortion (demanding money with menaces in the UK i.e. what gangsters do)..
To have a right to do a thing is not at all the same as to be right in doing it
no, the reason to hate them is that they're giving loans to people who shouldn't be given loans in the first place. otherwise they could be getting it from the bank for 15% apr.
usually it's just plain old usury.
(I guess in usa you can bankrupt yourself and really walk away from the loan though? or is it like europe where you can't pretty much walk away from it short of stopping to paying taxes and having legal income totally).
world was created 5 seconds before this post as it is.
Sorry, but gl4ss was right when he said:
no, the reason to hate them is that they're giving loans to people who shouldn't be given loans in the first place. otherwise they could be getting it from the bank for 15% apr.
You give a few specific examples of times when people need to take payday loans, but the simple reality is that if you have a credit card or an overdraft with the bank, you don't need a payday loan. That's what credit and overdraft are for.
And I'm not entirely sure where you get the idea that a $300 loan with a $90 finance charge is "much, much cheaper than bank overdrafts". I have an overdraft on my chequing account, and the APR for going into it is prime + 2%. Prime lending rate with my bank right now is 2.25%, meaning that the *annual* interest rate for going into overdraft is 4.25% for me. There is a "convenience fee" stipulated in the contract of $25, but that gets waived if I haven't used the overdraft in more than 30 days. The point of an overdraft is *not* to give you an extra $1000 to spend as you will, it's to let you write cheques for emergency things like fixing your car without worrying about whether you'll have the money until next Friday.
And the funny part is, despite the expense, the only people who hate payday loans are the people who have never had one. The lenders are scared of being legislated into the dog house, so they're careful and play nice.
29.97% interest rate on loans is *not* playing nice. That's how much the payday loans people charge in this neck of the woods, and the only reason they charge so little is because usury laws prohibit charging 30%. My Visa rate is 12.9%. It could be lower if I was willing to pay an annual fee, but I don't carry a balance, so I don't really care what the rate is. It is cheaper, by far, for almost all of us to put that car repair on credit than it is to get a payday loan. The only people who *need* to get a payday loan are the people whose credit is bad enough that they can't get a credit card, and you need to have pretty bad credit to be in that situation. (if your credit is absolutely *terrible* you can still get a card at 29% annual interest, which is the same that the payday lenders charge, but the credit card won't charge you the $90 processing fee on a $300 loan, they'll just start charging interest 30 days after the purchase date).
If a customer is having trouble, all they have to do is say so. Generally they'll stop assessing interest, and then they'll create an installment plan that works best (e.g. one that makes the customer happy so they won't walk away).
If you think credit cards and bank loans don't work like that, then you've never dealt with a credit card or a bank. If you have a good relationship with your bank manager, then this kind of thing is easy to arrange with them. Even if you don't have that kind of relationship, most of them have a clause that will let you skip a payment, and most credit card companies will lower your interest rate without argument if you call them and ask them to do it. (the "official" interest rate on my Visa is 19.99% to start... I called them and asked them to lower it).
So yeah. I do hate payday lenders. And no, I've never needed to use one. But I still have a legitimate reason for hating them: their client base is, by and large, people who are at the lower income tiers and can *least* afford to pay the exorbitant rates they have. Beyond that, their client base is, largely, people who were never taught how finance actually works, and they are being taken advantage of. Nobody has bothered to explain to these people that they are buying the most expensive credit on the market, and it sets up a vicious cycle. I know too many people who get into a payday loan and end up getting one every paycheque because they have bills that they can't pay because they're paying last week's loan.
So yes. I have an ethical problem with payday lenders... they are the dregs of society, and they are feeding on the poor. And they are set up in such a way that keeps the poor down. They need to go.
Right, but I think the point is that it's a stupid law. (And therefore nobody respects it or obeys it, and therefore nobody expects anyone else to obey it, and therefore that law is useless to (and probably even contrary to) the cause of justice.) In a thread titled "strange sense of morals" that's not irrelevant.
Are you authorized to read the data at http://amazon.com/? How do you know? Who authorized you? When? What evidence do you have that you were authorized to request that page? What evidence do you have that you were authorized to receive the reply after you request that page?
I know those are all stupid questions, but only because you have not been authorized to read Amazon's page, or if you have, it was done secretly inside Amazon and was never communicated to you. That is why it is a stupid law.
It reminds me of how nobody has ever actually been prosecuted for playing a CSS-protected DVD on a DVDCCA-approved DVD player. Every time you descramble the CSS on a DVD, that's "circumvention" and illegal per DMCA, unless you have authorization by the movie's copyright holder, to do that. But of course, nobody has ever gotten authorization to do that. (Disagree? Prove it, or at least show some modest indirect evidence. This is harder than you think. Hint: purchasing the DVD does not imply permission to descramble the CSS, or else 2600 would have won their DeCSS case.) Every time anyone played a commercial DVD or BluRay, they were breaking the law, and the player manufacturer and the retail store who sold the player, broke the law too. That is, unless there's some sort of secret and uncommunicated authorization.
So how do you know if you're authorized? You don't. You never know, until you moment you die without ever having been called to court.
Same for public web servers. Everyone just assumes that information left in public, and without any notices it shouldnt' be accessed, nor with any even half-hearted ineffective attempts to limit access, is .. well .. publically accessible. But then fuckwits come along with a law saying you need authorization -- something that no one ever has, or at least can never show or demonstrate they have. The only authorization is hidden within the mind of whoever owns the server. It is never revealed, and it's lack is also never revealed, until the moment you get a letter from a lawyer or are confronted by a cop.
They can retroactively say you didn't have authorization, and there's nothing anyone can do about it. Any arguments they make which happen to get applied to clearly valuable or sensitive information (situations where common sense tells you the owner wouldn't want the information to be public -- situations the law was ostensibly intended to cover) apply just as logically to Amazon's home page. It's just that if Amazon prosecuted you for shopping at their store, the judge wouth laugh them out of court despite the technical wording of the law, simply because it's so absurd. Common sense would prevail if Amazon sued you for being a customer -- in defiance of what Congress wrote.
But in between these two extreme examples, is a shitload of gray area. (Nearly everything you did on the web today was technically illegal.) The written law doesn't distinguish between any two points along this spectrum, just as DMCA doesn't distinguish between pirates and people merely playing their DRMed movies on Sony players. It must necessarily comes down to a judge needing to pull an arbitrary decision out of their ass, every single time.
Not that I have any sympathy for the bad guys in this case. The extortion is illegal in itself, and shows some clearly malicious intent. If
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.