Stanford Researcher Finds Little To Love In Would-Be Hacker Marketplace

← Back to Stories (view on slashdot.org)

Stanford Researcher Finds Little To Love In Would-Be Hacker Marketplace

Posted by timothy on Thursday May 21, 2015 @05:46AM from the it-is-what-it-is dept.

An anonymous reader writes: What if there were an Uber for hackers? Well, there is. It's called Hacker's List, and it made the front page of the New York Times this year. Anyone can post or bid on an 'ethical' hacking project. According to new Stanford research, however, the site is a wreck. 'Most requests are unsophisticated and unlawful, very few deals are actually struck, and most completed projects appear to be criminal.' And it gets worse. 'Many users on Hacker's List are trivially identifiable,' with an email address or Facebook account. The research dataset includes thousands of individuals soliciting federal crimes.

49 of 75 comments (clear)

Min score:

Reason:

Sort:

In other news by CaptSlaq · 2015-05-21 05:53 · Score: 1, Redundant

Grass is green, sky is blue, water is wet. More at 11.
1. Re:In other news by thedonger · 2015-05-21 06:00 · Score: 1
  
  Grass is green, sky is blue, water is wet. More at 11.
  I CAN'T WAIT UNTIL 11! TELL ME OTHER OBVIOUS THINGS NOW!
  
  --
  Help fight poverty: Punch a poor person.
2. Re:In other news by Penguinisto · 2015-05-21 06:00 · Score: 1
  
  Yeah... thinking the same thing. Without some sort of participation or backing from established researchers and vendors, this was pretty much a non-starter.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
3. Re:In other news by thedonger · 2015-05-21 06:02 · Score: 1
  
  Grass is green, sky is blue, water is wet. More at 11.
  Now that I think about it, none of those are true in the literal sense. And you probably mean "More at 23" unless you want the wrath of the non-Americans.
  
  --
  Help fight poverty: Punch a poor person.
4. Re:In other news by Anonymous Coward · 2015-05-21 06:07 · Score: 1
  
  Nobody gives a crap what the whiny bitch Euro's think of how we keep time.
  Least of all that annoying Greek guy.
5. Re:In other news by timholman · 2015-05-21 06:14 · Score: 3, Informative
  
  Grass is green, sky is blue, water is wet. More at 11.
  I CAN'T WAIT UNTIL 11! TELL ME OTHER OBVIOUS THINGS NOW!
  Your dog loves you. But that cute girl down the street? She just wants to be friends.
6. Re:In other news by mjm1231 · 2015-05-21 06:26 · Score: 1
  
  Grass is green, sky is blue, water is wet. More at 11.
  Now that I think about it, none of those are true in the literal sense.
  That sentence is only true if words literally don't ever mean anything. Which may be literally true, but is useless. I'm going to go on pretending that they do.
  
  --
  Ideology: A tool used primarily to avoid the bother of thinking.
7. Re:In other news by funwithBSD · 2015-05-21 06:39 · Score: 1
  
  What about her dog? How does it she feel about me?
  
  --
  Never answer an anonymous letter. - Yogi Berra
8. Re:In other news by nyet · 2015-05-21 06:52 · Score: 1
  
  "It is a fair summary of constitutional history that the landmarks of our liberties have often been forged in cases involving not very nice people." - Supreme Court Justice Felix Frankfurter
9. Re:In other news by ShanghaiBill · 2015-05-21 06:54 · Score: 1
  
  Grass is green, sky is blue, water is wet. More at 11.
  Not in California. Although the sky here is blue and cloudless, the grass is brown and there is no water.
10. Re:In other news by Anonymous Coward · 2015-05-21 07:06 · Score: 3, Funny
  
  Her dog is in to you. But that cute girl down the street? She won't let you have sex with her dog.
11. Re:In other news by ceoyoyo · 2015-05-21 07:38 · Score: 1
  
  It's true in that those universal statements aren't universally true. Grass isn't green in the winter here, it's brown. The sky is blue outside my window currently, but yesterday it was gray. There's an awful lot of water around here that isn't wet during the winter.
12. Re:In other news by tehcyder · 2015-05-21 21:41 · Score: 1
  
  Her dog is in to you. But that cute girl down the street? She won't let you have sex with her dog.
  Yet another example of FEMINISTS interfering with my freedom of expression. My grandfather fought in the war to protect our freedom, and now we let SJWs take it away, piece BY piece in the name of POLITICAL CORRECTNESS!.
  Literally Hitler. THANKS Obama.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
13. Re:In other news by tehcyder · 2015-05-21 21:43 · Score: 1
  
  It's true in that those universal statements aren't universally true. Grass isn't green in the winter here, it's brown. The sky is blue outside my window currently, but yesterday it was gray. There's an awful lot of water around here that isn't wet during the winter.
  And don't forget it's all a hologram inside a computer anyway, so let's all just kill ourselves and escape the Matrix.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
14. Re:In other news by thedonger · 2015-05-22 02:15 · Score: 1
  
  Grass isn't green -- it just absorbs red and blue light. And the sky refracts white light, letting through blue. And even so, "red," "green," and "blue," and "wet" are human created constructs. In an absolute sense, there's no difference between water and air and dirt; they're all made up of the same stuff. Holy shit, that means we can turn lead into gold! I'll be back -- gotta alchemize my fortune.
  
  --
  Help fight poverty: Punch a poor person.
15. Re:In other news by ceoyoyo · 2015-05-26 16:48 · Score: 1
  
  We have a "human construct" called "green" that most of the human construct "us" pretty much agree upon. The human construct "grass" sometimes meets this criteria, and sometimes doesn't. If you truly believe that, in an absolute sense, there's no difference between water, air and dirt, I can suggest some experiments you might wish to conduct that are likely to convince you of the folly of that statement. You're right, they are made up of the same stuff, but arrangement of that stuff is rather important.
  PS - you do realize we can actually turn lead into gold, right?
LOL by ellehooq · 2015-05-21 05:55 · Score: 1

You would think a website offering hacking services would protect the identity of it's users. What a scam.
Uber for X by Anonymous Coward · 2015-05-21 05:56 · Score: 1

Ugh. "Uber for X" sort of made sense for startups selling services where people drive out and perform small tasks for you. This is not that.
1. Re:Uber for X by shadowrat · 2015-05-21 08:42 · Score: 1
  
  Ugh. "Uber for X" sort of made sense for startups selling services where people drive out and perform small tasks for you. This is not that.
  well you're going to love my startup. Oober lets you crowdsource a person to call for your Uber for you. Oober's like Uber for Uber!
2. Re:Uber for X by Barny · 2015-05-21 12:48 · Score: 1
  
  Are you providing an API? If so, I could make a startup that caters specifically to people on the go! It will Uber Oober, to contact Uber, so you don't have to!
  Called Youber, it is a person-centric service for modern professionals who just don't have time to Uber for Uber.
  
  --
  ...
  /me sighs
Hmmm ... by gstoddart · 2015-05-21 05:59 · Score: 4, Interesting

Shady stuff on the intertubes? I'm shocked I tell 'ya.
There's really only one question: is the owner aware that his site is being used for illegal stuff, or has be willfully made sure he isn't aware.
Because TFA sure as hell makes it sound like it's pretty blatantly being used for illegal stuff ... and then it's just a matter to which the owner is consciously facilitating this.
So, which is it ... clueless that your site is being used to break the law? Or intentionally not noticing that your site is being used to break the law?

Hacker's List "is intended for legal and ethical use." And, according to the owner, "[n]o one is going to complete an illegal project through my website."
How about "i need hack account facebook of my girlfriend," completed for $90 in January? Or "need access to a g mail account," finished for $350 in February? Or "I need [a database hacked] because I need it for doxing," done for $350 last month?
That does not sound like a site which is in any way policing itself to be a legal operation.
Not even a little.

--
Lost at C:>. Found at C.
1. Re:Hmmm ... by pr0fessor · 2015-05-21 06:25 · Score: 2
  
  I'm trying to think of some kind of legal hacking that I would want a pseudo anonymous third party to do for me. When it comes to legal hacking I can't think of much that a private individual would need and an enterprises would do so internally or hire a reputable security company before they would use a pseudo anonymous individual.
2. Re:Hmmm ... by gstoddart · 2015-05-21 06:48 · Score: 1
  
  Well, and then extend the metaphor to real world things and it gets even harder to understand.
  Need access to your neighbor's house? Someone else's car? A safe?
  Yes, you would totally go find a pseudo-anonymous entity to help you get into those things, because that's how those things are normally done. No, wait, it completely isn't.
  But suddenly hacking into Facebook, or GMail, or a database (so you can use it for doxxing) .. and someone can claim to have a legal business facilitating these transactions? I think not.
  Sounds quite sketchy to me, especially when the site owner is adamant that people won't be using his site for anything illegal. I'm with you, I can't think of any situation in which this makes sense.
  What next, the pseudo-anonymous physical intimidation service? Mooks List?
  Unauthorized computer access is a criminal act. Period.
  
  --
  Lost at C:>. Found at C.
3. Re:Hmmm ... by gstoddart · 2015-05-21 07:08 · Score: 1
  
  Driving over the speed limit is a criminal act. Period. Crossing the street off the walkpath is a criminal act.
  OK, but honestly, nobody is giving you a damned website to act as a marketplace for someone to speed or jaywalk for you.
  Which means the site pretty much has one function: to facilitate people doing illegal things on your behalf in exchange for money. As soon as you start facilitating connections between people to break the law, it becomes something else.
  If the owner didn't police this, then I'm going to say "ethical ambiguity" is a crock of shit.
  How many of these transactions are provably legal? Because reading the examples in TFA, they're pretty much blatantly illegal.
  
  --
  Lost at C:>. Found at C.
4. Re:Hmmm ... by pr0fessor · 2015-05-21 08:16 · Score: 1
  
  You could probably consider some security auditing and penetration testing to be legal hacking given it takes place on your private network and is looking for existing exploits to patch. I doubt there is enough call for that on a private level and corporations aren't going to farm that out on a site like this and from TFA it isn't what is being bid on.
5. Re:Hmmm ... by tehcyder · 2015-05-21 21:51 · Score: 1
  
  There's really only one question: is the owner aware that his site is being used for illegal stuff, or has be willfully made sure he isn't aware.
  As a guess, he thinks he's being clever, like a lot of people who end up in prison for psychopathically profiting from breaking the law.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
6. Re:Hmmm ... by tehcyder · 2015-05-21 21:55 · Score: 1
  
  Driving over the speed limit is a criminal act. Period. Crossing the street off the walkpath is a criminal act. Period. There are ethical ambiguities all up in this piece.
  Where is the fucking ethical ambiguity in being caught for speeding? If you are genuinely rushing your pregnant wife to hospital, deal with the consequences - big deal you have to pay a fine.
  And jaywalking is, as far as I know, a uniquely American piece of absurdity, but just because there are some ridiculous crimes on the statute books does not mean that all crimes on the statue books are ridiculous.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
Who does this? A. Millennials! by jtara · 2015-05-21 06:09 · Score: 2

Who openly posts solicitations to commit a Federal crime, while positively identifying themselves through social media?
The same people that Liberty Mutual doesn't want going around driving three-quarters of a car, that's who!
What will those clueless Millennials do next?
1. Re:Who does this? A. Millennials! by Anonymous Coward · 2015-05-21 06:20 · Score: 4, Funny
  
  Probably decide which home you should end up in.
2. Re:Who does this? A. Millennials! by TheCarp · 2015-05-21 06:45 · Score: 1
  
  Well for starters, the people on Hacker's List apparently. If you really wanted to know who they are, you can, in fact, easily go ask them.
  
  --
  "I opened my eyes, and everything went dark again"
3. Re:Who does this? A. Millennials! by jtara · 2015-05-21 07:07 · Score: 1
  
  Oh, lord! Guess they'll be snap-chatting my feeding tube to their friends, too!
FBI Honeypot? by Anonymous Coward · 2015-05-21 06:09 · Score: 1

What makes anyone think this might not be an FBI honeypot, or at least monitored in detail by the FBI and NSA.
1. Re:FBI Honeypot? by GameboyRMH · 2015-05-21 06:18 · Score: 1
  
  If anyone thinks the FBI and NSA aren't monitoring in detail, they're a total moron. The FBI is known to monitor things much less criminal and obvious than this, and the NSA is watching by default even if they didn't mean to in the first place.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
"federal" crimes? by xxxJonBoyxxx · 2015-05-21 06:10 · Score: 1

Is a (US) "federal" crime any worse than other crimes? For example, murder is generally a state crime.
Suggestion: use "felony" instead...
1. Re:"federal" crimes? by gstoddart · 2015-05-21 06:18 · Score: 1
  
  Well, the fairly obvious answer is that if it's a federal crime, then federal resources will be the ones going after you and won't need to care about state jurisdiction.
  For a felony you would not necessarily get the feds turning their resources to you.
  So, in terms of which agencies will be coming after you, and with what resources ... pointing out that you'd be violating federal law says you get a whole different class of people coming after you.
  Federal crimes may not be worse, but the magnitude of who is investigating it and how much resources they have is an entirely different animal.
  I'd say it's very relevant. Because it's the big boys who will be investigating and prosecuting, not local/state agencies.
  
  --
  Lost at C:>. Found at C.
2. Re:"federal" crimes? by Infiniti2000 · 2015-05-21 06:18 · Score: 1
  
  In the U.S. a federal crime is worse because you end up going to a federal pound-you-in-the-ass prison.
3. Re:"federal" crimes? by jtara · 2015-05-21 06:19 · Score: 1
  
  Internets cross state lines, and so there is Federal jurisdiction. Only the state in which the crime is committed (which can be ambiguous here) would have an interest, and state law in this case would typically be less specific.
  You're implying that the author meant to make the crime seem more serious by their use of "Federal". I don't make that assumption. They just accurately stated the likely jurisdiction and who would likely investigate and prosecute.
4. Re:"federal" crimes? by funwithBSD · 2015-05-21 06:41 · Score: 1
  
  Ask Dzhokhar Tsarnaev,
  he would not be facing death row if it was a state crime.
  
  --
  Never answer an anonymous letter. - Yogi Berra
5. Re:"federal" crimes? by ceoyoyo · 2015-05-21 07:42 · Score: 1
  
  If you drop the (US), then quite often. In Canada the maximum punishment for a provincial crime is two years less a day. Anything more serious than that is federal.
It gets worse... by countSudoku() · 2015-05-21 06:12 · Score: 1

Wait 'till he sees craigslist! Yikes!

--
This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
Prices are way too low by Anonymous Coward · 2015-05-21 06:18 · Score: 1

Any serious hacker wouldn't even get out of bed for these prices.
"Hacker"... by antiperimetaparalogo · 2015-05-21 06:19 · Score: 2

'Most requests are [...] unlawful [...]' And it gets worse. 'Many users on Hacker's List are trivially identifiable,' [...] The research dataset includes thousands of individuals soliciting federal crimes.
"worse"? You mean "better"!

--
Antisthenes: "Wisdom begins by examining the words/names." - excuse my English, i am (slightly...) better with my Greek!
the real underground by Anonymous Coward · 2015-05-21 06:50 · Score: 3, Insightful

is laughing at this
not hackers. by evilrip · 2015-05-21 11:32 · Score: 1

Can we stop calling common criminals for hackers? Some of us are starting to get really offended, to the point we wonder how anyone of you ever made it out of grade school. Maybe the word you were looking for was "cracker"? rtfm.

--
"To err is human, to forgive, beyond the scope of the Operating System"
1. Re:not hackers. by Patent+Lover · 2015-05-21 14:41 · Score: 1
  
  Sorry grandpa, but the term crackers has had nothing to do with computers for at least 30 years. Like it or not but "hackers" has taken its place. Now, what ever happened to script kiddies?
2. Re: not hackers. by tehcyder · 2015-05-21 22:01 · Score: 1
  
  Just puhhleease stop the "maker" movement
  FTFY.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
3. Re:not hackers. by evilrip · 2015-05-27 22:02 · Score: 1
  
  "Script kiddies" really only fit a subset of malicious "hackers", if you must. These "skiddies", as we call them, typically abuse tools written by hackers or amateurs for one purpose or another. These people are mostly without programming talent. The fact is that most experienced hackers know what power they wield, understand how much work goes into the r&d stage(playing around, etc.). While i personally never agreed with calling them crackers(a great disservice to many great software crackers out there, something that is an art onto itself), that is in fact what was decided years before the media and all manner of ignorant people decided to use the term exclusively for criminal depictions. The fact is you mostly mean to say "criminals", not hackers. Hackers are how the internet got here in first place; how it broke out of the labs and broke ground in the population at large. That OS, Linux/android, that most likely drives one or more cell phones in your home was once the laughing stock of the commercial world, written off as amateur crap from amateur hackers. Today it dominates the market with only one real competitor in the cell market, and different one in the server market. In case you have an iPhone maybe you should check out the origins of it's Darwin core and FreeBSD origins. By hackers for hackers has become by hackers for everyone and the world owe many brilliant minds an enormous gratitude for sharing all their wonderful code and ideas for FREE. Today corporations and persons both profit enormously from this. In simplified terms "hacker" just means you're playful and curious about things, some of those things might be a worry to some, often ignorant minds, and a delight to others. Tho ignorance is bliss, it can also be incredibly dangerous, yours should not be everyone else' problem. This whole thing started with model train set enthusiasts, so go figure :)
  
  --
  "To err is human, to forgive, beyond the scope of the Operating System"
4. Re:not hackers. by evilrip · 2015-05-27 22:03 · Score: 1
  
  Sorry grandpa, but the term crackers has had nothing to do with computers for at least 30 years. Like it or not but "hackers" has taken its place. Now, what ever happened to script kiddies?
  30 years ago I was still many years away from having cognitive memory, and as I don't even have a kid, I don't see how I can be grandpa. you look kind of ignorant tho. :)
  
  --
  "To err is human, to forgive, beyond the scope of the Operating System"
this sounds like by l0n3s0m3phr34k · 2015-05-21 20:35 · Score: 1

an FBI honeypot trap. Yes, come to the site, ask for people to do illegal things...send them some $, have the FBI show up at your door.