Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Group Demands "Idiot Tax" From Payday Lender

samzenpus posted more than 2 years ago | from the cost-of-business dept.

Security 263

snydeq writes "Hacker group Rex Mundi has made good on its promise to publish thousands of loan-applicant records it swiped from AmeriCash Advance after the payday lender refused to fork over between $15,000 and $20,000 as an extortion fee — or, in Rex Mundi's terms, an 'idiot tax.' The group announced on June 15 that it was able to steal AmeriCash's customer data because the company had left a confidential page unsecured on one of its servers. 'This page allows its affiliates to see how many loan applicants they recruited and how much money they made,' according to the group's post on dpaste.com. 'Not only was this page unsecured, it was actually referenced in their robots.txt file.'"

Sorry! There are no comments related to the filter you selected.

Strange sense of morals (4, Insightful)

mwvdlee (775178) | more than 2 years ago | (#40395235)

Just because I left my door open, doesn't mean it's okay to steal.

Re:Strange sense of morals (2, Insightful)

mirix (1649853) | more than 2 years ago | (#40395257)

'Not only was this page unsecured, it was actually referenced in their robots.txt file.'

Sounds more like they took the door off the hinges, and put up a big sign saying "NO DOOR! COME ON IN!".

Re:Strange sense of morals (5, Interesting)

mwvdlee (775178) | more than 2 years ago | (#40395349)

If it was explicitely mentions in their robots.txt file, I assume it was done so to be excluded from robots.

More like having an unlocked door with a sign saying "Do not enter".

Yes, it was pretty damn stupid and very easy to avoid. That still doesn't make it okay for anybody to copy the data. If you see such security failures on a website, the right response is to inform the website owners. As I said; it's a strange sense of morals.

If those hackers get caught and fined, I assume the hackers will consider that an "idiot tax" as well. Afterall, they were idiotic enough to get caught.

Re:Strange sense of morals (5, Insightful)

tehcyder (746570) | more than 2 years ago | (#40395637)

If those hackers get caught and fined

These geniuses will get more than a fucking fine if they're caught. Blackmail and extortionare serious criminal offences, so fthey'll be spending some quality time in prison.

Re:Strange sense of morals (0)

trout007 (975317) | more than 2 years ago | (#40396371)

In reality Blackmail is much less serious than Extortion. Extortion involves asking for money with the threat of force to harm your person or property. Blackmail is asking for money to prevent the release of information even if true.

Extortion should be illegal since it is threatening force.

Blackmail should not be illegal since it doesn't involve force. If it is legal to release information it should be just as legal to ask someone to pay you not to release it.

Re:Strange sense of morals (3, Insightful)

Mordermi (2432580) | more than 2 years ago | (#40396651)

Really? If someone illegally obtains information, they should be allowed to ask for money to keep quiet?

Re:Strange sense of morals (3, Informative)

wjousts (1529427) | more than 2 years ago | (#40396673)

You have a very limited definition of force. So if releasing information will destroy your reputation or your business, you don't consider that force? Physical force isn't the only form of force.

Re:Strange sense of morals (4, Funny)

Robert Zenz (1680268) | more than 2 years ago | (#40395985)

...the right response is to inform the website owners.

Well, they did.

Re:Strange sense of morals (3, Interesting)

stephanruby (542433) | more than 2 years ago | (#40395605)

Sounds more like they took the door off the hinges, and put up a big sign saying "NO DOOR! COME ON IN!".

Since the robots.txt was actually asking search engines not to index that page.

The sign was more like "You see that door there. Yes, that one. Do not go there. Do not open it. There is nothing to see there. "

Hopefully, that was just a robot's trap with dummy data in it.

Re:Strange sense of morals (0)

Anonymous Coward | more than 2 years ago | (#40396613)

More like walking through the woods and coming across a fresh mound of dirt. On top is a sign "please do not dig here: buried treasure".

Re:Strange sense of morals (5, Insightful)

Bert64 (520050) | more than 2 years ago | (#40395299)

It's not stealing, since they didn't delete the original file...

By putting a file on a public webserver, they were PUBLISHING that data. Wether they did so intentionally or not is irrelevant, they did publish it.

Anyone who accessed it did nothing wrong, they were simply using the website for the function it was intended, to access data made available to the public on it. They did not have to exploit any vulnerable services, nor did they bypass any form of access control.

The fault lies purely with the company for publishing such information.

The only thing the "hacking" group have done wrong is the attempted blackmail, they got the actual information fair and square.

Re:Strange sense of morals (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40395375)

Not stealing, no. Extortion, blackmail, whatever you want to call it, yes, and still very illegal and rightfully so.

Thank you, Captain Obvious. (0)

Anonymous Coward | more than 2 years ago | (#40395477)

Just when everything seemed lost, you sprung to action and saved the day. Hurray.

Re:Strange sense of morals (4, Insightful)

Nyder (754090) | more than 2 years ago | (#40395607)

Not stealing, no. Extortion, blackmail, whatever you want to call it, yes, and still very illegal and rightfully so.

Sort of like the current pay up or i take you to court that is all the rage these days?

Re:Strange sense of morals (5, Insightful)

EdIII (1114411) | more than 2 years ago | (#40395485)

Even if they did delete the original file it would not be stealing, but destruction of property.

Thank you for pointing out the flaw in the open door analogy that always gets trotted out. Although intent does play a factor, the important word in the law is "unauthorized" or whether or not actions "exceeded authorization".

Web servers are not open doors, and they are not like TRON.

They simply serve documents. Sometimes they will ask for security credentials before serving the document, or check internal policies (htaccess/session based authorization and ACL), but always end up serving a document even if it is a simple response in a header like a 404.

The only thing these hackers did was ask for a file (robots.txt) and notice that it mentioned another file and then asked for it directly.

"Exceeded authorization" would be an interesting argument because computers always do what you tell them to do, not what you meant for them to do. So while this company may not have intended to give authorization, they did in fact, give authorization to download the file. At the very least, they did not deny the hackers the ability to download the file, and were at no time confused about the identity of the hackers (representing public users).

If there is any appropriate analogy here it is that the company had a moron executive walking around with a briefcase full of business data, some random person asked if it was the business data and if they could have it, and the moron executive said why not, here it is. After the fact, random person contact company, informs them of said stupidity, and attempts to assess "idiot tax".

Idiot tax is highly appropriate here.

I would not prosecute these so-called hackers for computer crimes, but simple extortion.

Re:Strange sense of morals (0)

Anonymous Coward | more than 2 years ago | (#40396581)

I would not prosecute these so-called hackers for computer crimes, but simple extortion.

So if the so-called hackers simply published the records without demanding an idiot tax, they shouldn't be prosecuted? What if one of your family members was an applicant?

Re:Strange sense of morals (1)

Anonymous Coward | more than 2 years ago | (#40396625)

they should get real mad at and sue the company that put their personal information up on the web for all to see and even provided a 'link' to it.

Re:Strange sense of morals (1)

Improv (2467) | more than 2 years ago | (#40395505)

It was obviously not intended to be published to the world. Once you're doing hostile penetration analysis, you've well beyond "fair and square".

Re:Strange sense of morals (5, Interesting)

Anonymous Coward | more than 2 years ago | (#40395537)

Accessing a page referenced in robots.txt is not "hostile penetration analysis." It's basically just picking up a dollar bill left on the ground. Just because half the population doesn't know how to look at the ground (metaphorically) doesn't mean that it's stealing.

Re:Strange sense of morals (-1)

Anonymous Coward | more than 2 years ago | (#40396029)

Mod parent up! 0, Interesting? Oi.

Re:Strange sense of morals (2)

tgd (2822) | more than 2 years ago | (#40396575)

Accessing a page referenced in robots.txt is not "hostile penetration analysis." It's basically just picking up a dollar bill left on the ground. Just because half the population doesn't know how to look at the ground (metaphorically) doesn't mean that it's stealing.

If I put a dollar on the ground on my driveway, its stealing for you to pick it up.

Re:Strange sense of morals (3, Insightful)

tehcyder (746570) | more than 2 years ago | (#40395673)

That is like saying that if I drop my credit card in the street I have "published" its details for everyone to see due to my own carelessness.

I really hope people like you get their bank accounts cleared out by criminal twats like these idiots, then you'll see whether "just copying" information is so fucking harmless. Want to share your bank login and password information with me?

Re:Strange sense of morals (-1)

Anonymous Coward | more than 2 years ago | (#40395869)

yes you are right tehcyder i agree with you...
Advertising Agencies In Pakistan [tnsdigital.net]

Re:Strange sense of morals (5, Insightful)

10101001 10101001 (732688) | more than 2 years ago | (#40395989)

That is like saying that if I drop my credit card in the street I have "published" its details for everyone to see due to my own carelessness.

More accurately, it's like accidentally posting a photocopy of your credit card on a bulletin board, presumably with a variety of other documents.

I really hope people like you get their bank accounts cleared out by criminal twats like these idiots, then you'll see whether "just copying" information is so fucking harmless.

Interestingly enough, if you were to do the above and be so careless, I'm not entirely sure if the bank would be obligated to refund your money. Certainly, most banks/credit card companies have policies speak about only 24 hours to report "stolen" credit card information to maintain minimal liability on the card holder's part. Having said that, the criminal is still, well, criminal.

Want to share your bank login and password information with me?

Considering the GP didn't speak about "just copying" information being harmless, I'd gather the answer is no. After all, the point isn't that blackmail or clearing out someone else's bank account isn't illegal and unethical/immoral. It's that one can't charge the person with "hacking" just because you're careless anymore than you could charge people with theft because they took a photo of your photocopied credit card. I mean, a lot of people may have accessed the information and done little or nothing with it; but certainly, there's a lot of legal things you could do, like mock the person who was so careless with their personal/company details.

Re:Strange sense of morals (4, Insightful)

Ginger Unicorn (952287) | more than 2 years ago | (#40396109)

That is like saying that if I drop my credit card in the street I have "published" its details for everyone to see due to my own carelessness.

Yes, that's precisely what you've done.

"just copying" information is so fucking harmless

Correct. It's what's done with the information afterwards that inflicts the harm.

Re:Strange sense of morals (3, Insightful)

argStyopa (232550) | more than 2 years ago | (#40396487)

OK, pedantry +1.

I know people on slashdot LOVE to 'game' legalities in this sort of situation (let's do one about copying music without paying for it next!), but to suggest that people who accessed it did 'nothing wrong' you have a pretty fucked-up moral code.

I'll absolutely agree that the company putting it up unsecured was at fault for doing something staggeringly dumb.

But having to 'exploit' something, or 'bypass' things isn't the line by which I measure whether something is 'wrong' or not. Ethically, perhaps, but certainly not morally. Sometimes, things simply ARE wrong, and no amount of sophomoric hair-splitting really changes that.

It's unfortunate that today's society seems more concerned with what they can 'get away with' or how closely they can skate to the rules, than simply recognizing the difference between right and wrong.

Re:Strange sense of morals (1)

realityimpaired (1668397) | more than 2 years ago | (#40396647)

It's unfortunate that today's society seems more concerned with what they can 'get away with' or how closely they can skate to the rules, than simply recognizing the difference between right and wrong.

Meanwhile, the 29.97% interest rate that the payday loans people charge (and that only because 30% is considered usury and is illegal) is in no way wrong? Even when you consider that the people who take payday loans are generally the poorest part of the population?

I'm not arguing that trying to extort money from the payday loans people isn't wrong... it is. Very much so. But simply obtaining the information from the website is not wrong... people are using the open door analogy which is fundamentally flawed... it's more like putting a big poster up on a tree, with a smaller poster on the other side of the tree saying "please don't read the other sign". There was no hacking involved, the "hackers" in question simply walked around to the other side of the tree and took a picture of the poster. The payday loan people put this information up, and need to be held to task for their actions.

As for how to hold them to task... extortion is the wrong way to do it. I would look into the privacy laws, and report them to the appropriate authorities.... publishing customer account data like that is illegal in most jurisdictions in the world.

Re:Strange sense of morals (1)

epistemology (697458) | more than 2 years ago | (#40396715)

People who make a living off the misfortune of others, like pay-day lenders, also have a fucked-up moral code. And just because they have money to influence legislators to make their practices legal, doesn't make it right.

Re:Strange sense of morals (1)

Lumpy (12016) | more than 2 years ago | (#40396509)

So it's copyright infringement, They can be fined $29,000,000,000,000,000,000 for lost revenue. That's what the RIAA claims for a Justin Beeber song.

Re:Strange sense of morals (0)

Anonymous Coward | more than 2 years ago | (#40395331)

And you think a group that practices extortion cares about that because...?

Re:Strange sense of morals (4, Interesting)

antifoidulus (807088) | more than 2 years ago | (#40395469)

Not the same, its more like a beautiful woman getting naked in front of a big open window in broad daylight then getting mad at people for looking because she forgot to pull down the blinds. To steal something as in your door analogy you actually have to enter the premise, itself a crime. Looking out your window into a window thats wide open, not a crime.(of course threatening to sell the vide on the internet unless the woman pays up IS a crime, and thats what these people are guilty of)

Re:Strange sense of morals (1)

hawkinspeter (831501) | more than 2 years ago | (#40395543)

Not quite the same as you've got an expectation of privacy if you're in your house. This situation is more like a beautiful woman undressing on a theatre stage and not realising that people were watching.

Re:Strange sense of morals (2)

antifoidulus (807088) | more than 2 years ago | (#40395557)

Your expectation of privacy in your own house basically means that its illegal for someone to go out of their way(zoom lenses, hidden cameras etc.). If you have a giant window thats visible from the street, you cannot expect that nobody will look into it on occasion, its your job to at least take rudimentary steps to prevent people from seeing something than any peeping they do is a crime, but if you are just showing it off then its fair game.

Re:Strange sense of morals (2)

hawkinspeter (831501) | more than 2 years ago | (#40395621)

Yes, but putting information on a public website is actively publishing that information, not just failing to hide it.

Re:Strange sense of morals (4, Funny)

tehcyder (746570) | more than 2 years ago | (#40395727)

Not quite the same as you've got an expectation of privacy if you're in your house. This situation is more like a beautiful woman undressing on a theatre stage and not realising that people were watching.

This situation is most like someone accidentally leaving their Ferrari unlocked with the keys in, and some fourteen year old joyrider borrowing it for a few hours, then attempting to blackmail the owner because he found some pictures of his mistress in the glovebox.

If you're going to do a stupid analogy, at least make it a car one.

Re:Strange sense of morals (1)

LizardKing (5245) | more than 2 years ago | (#40396191)

Not quite the same as you've got an expectation of privacy if you're in your house.

Yes, but the post you replied too stated that the hypothetical woman had stripped in front of an open window. That's carelessness, and in the UK at least you can't complain if you feel your privacy was violated by someone observing you from beyond the boundaries of your own property. In a recent court case mentioned by Private Eye magazine, a man was even found guilty of indecency for cracking one off in his own bathroom, since he had left the window open and his neighbour saw him. (From what I remember, it warranted a mention in Private Eye since he was a public figure taking a hypocritical stance over someone elses behaviour).

Re:Strange sense of morals (2)

DarkOx (621550) | more than 2 years ago | (#40396113)

I think how well you analogy fits might get to intent.

You could also look at it like. These guys showed up at their house, with burglars tools planing to beak in. They try the door first and discover its been left unlocked. Okay its not longer breaking an entering but its still trespassing. What they did with the data afterward is still extortion.

Most crimes have intent as part of their definition. That is how we have to separate innocently running across confidential data mistakenly published and actions like this. Yes its gonna get messy, but in this case I think the follow up extortion attempt makes the original intent pretty clear.

AM I THE ONLY ONE HERE WHO KNOWS HTTP/TCP/IP?? (-1)

Anonymous Coward | more than 2 years ago | (#40395479)

This his how things really work:
1. Somebody sent you a post card, asking "Can I have a list of what you have in your house?". (= HTTP request for e.g. robots.txt)
2. You sent him the list in return, and SPECIFICALLY INCLUDED THE CONTENTS OF YOUR SAFE. (= HTTP response: robots.txt)
3. Then he sent you another post card, requesting the contents of your safe. (= HTTP request for the secret file)
4. AND YOU SENT THEM TO HIM!! (= HTTP response: the secret file)

EPIC FAIL!
You have only yourself to blame.

Re:AM I THE ONLY ONE HERE WHO KNOWS HTTP/TCP/IP?? (2)

psiclops (1011105) | more than 2 years ago | (#40395739)

no it's not, in your analogy the person is consciously sending the contents of the safe to you. at no point in the actual scenario did this happen.

we can agree however, that accessing the information was not a criminal offence.

what they did with the data afterwards quite clearly is though.

Re:Strange sense of morals (0)

Anonymous Coward | more than 2 years ago | (#40395497)

The same goes for AmeriCash.

Can I get a car analogy instead, please? (4, Funny)

Anonymous Coward | more than 2 years ago | (#40395527)

Fucking door analogies, how do they work?

It's not okay to steal? No shit, Sherlock.

Re:Strange sense of morals (1)

Anonymous Coward | more than 2 years ago | (#40395529)

Even more: They threaten to do damage to people who are not even responsible for the security problem (namely the loan applicants). So even assuming it were OK to extort someone over his security flaws, their behaviour would still be immoral.

Re:Strange sense of morals (1)

Tom (822) | more than 2 years ago | (#40395699)

No, but if you left the curtains open, it is not illegal to stand on public property and look into your living room - or bedroom, for that matter. It might not be morally okay, but it is not illegal.

Re:Strange sense of morals (1)

shentino (1139071) | more than 2 years ago | (#40396309)

I'd prefer to say that stealing is wrong on principle, but the precautions or invitations one emits may change whether or not it's really stealing.

Re:Strange sense of morals (0)

Anonymous Coward | more than 2 years ago | (#40396441)

But you didn't leave your door open. You left every neighbor's door open in the neighborhood. I'm not saying we should therefore rob the neighbors, but threatening you doesn't sound too strange.

Re:Strange sense of morals (0)

Charliemopps (1157495) | more than 2 years ago | (#40396467)

Payday lenders are pure evil. Anything bad that happens to them is good for society as a whole.

Re:Strange sense of morals (1)

Lumpy (12016) | more than 2 years ago | (#40396501)

If you are already stealing from others? yeah it's ok.

Re:Strange sense of morals (0)

Anonymous Coward | more than 2 years ago | (#40396505)

But it's quite acceptable, almost encouraged to pirate. Interesting double standard /.'ers have.

Re:Strange sense of morals (1)

asdf7890 (1518587) | more than 2 years ago | (#40396681)

They didn't just leave their door open. The opened the doors of many of their clients without their knowledge.

That doesn't make extortion right at all, of course, but looking at it the other way around: don't let the extortion attempt distract you from expecting the company in question to take more than a little flack for not being able to do their job (that part of the job which involves keeping their client's information secure) properly.

Really ... (2)

mister2au (1707664) | more than 2 years ago | (#40395243)

One would suspect the FBI might soon be levying it own 'idiot tax' on Rex Mundi ...

unless of course said hacker is not US-based but that would raise EVEN MORE questions about the ethics if hackers are getting involved in commercial arrangements in FOREIGN countries

Re:Really ... (2)

Teun (17872) | more than 2 years ago | (#40395413)

Once on the internet, what is foreign?

The article also mentions some Belgian institutions like Dexia Bank and a temping agency.

Re:Really ... (1)

mister2au (1707664) | more than 2 years ago | (#40395643)

Internet or not, AmeriCash is 100% US -based under US regulations with US customers ... Would be a strange target for a non-US based hacker to make a 'moral' statement - although there is no evidence of being non-US based and little evidence of a moral statement being made.

But I'd suspect this is US-based hacking and the FBI will come knocking ...

Re:Really ... (1)

tehcyder (746570) | more than 2 years ago | (#40395741)

Once people resort to extortion the concept of ethics becomes entirely irrelevant. They're criminal scum, pure and simple, the electronic equivalent of people pretending to be meter readers and robbing vulnerable old ladies, and raping them if they feel like it.

My only worry is that "Rex Mundi" is probably an autistic thirteen year old and therefore can't be prosecuted as a mentally competent adult.

Re:Really ... (1)

Frankie70 (803801) | more than 2 years ago | (#40396267)

unless of course said hacker is not US-based but that would raise EVEN MORE questions about the ethics if hackers are getting involved in commercial arrangements in FOREIGN countries

I don't understand. Is it more ethical to do extortion in your own country than in a foreign country?

No laws borken? (2)

mpoulton (689851) | more than 2 years ago | (#40395247)

So they published the database on the Internet for anyone to access. I would be hard pressed to find a legal cause of action against the "hackers" (web surfers?) who browsed and saved the file. Additionally, because the database contains only a tabulation of factual information, it cannot be copyrighted. Thus, Rex Mundi may be legally allowed to publish it at will. Most of the civil causes of action that could be brought in a case of blackmail or extortion may be unsuccessful here since the "victim" PUBLICLY PUBLISHED the data themselves. Interesting case.

Re:No laws borken? (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40395315)

Even if the publishing of the data itself has no legal implications, I suspect the extortion would be enough to get these guys into a sh*tload of trouble,.

Re:No laws borken? (2)

J Isaksson (721660) | more than 2 years ago | (#40395323)

Seems computers is the only area where the "I didn't mean to, and it's so complicated to secure things with this newfangled technology that I shouldn't have to" defense works though.

Re:No laws borken? (0)

Anonymous Coward | more than 2 years ago | (#40395345)

At least they were smart enough to remove the file listing from their robots.txt file. I suspect there are lots of companies that wouldn't do that even after having the flaw pointed out to them.

Re:No laws borken? (1)

Anonymous Coward | more than 2 years ago | (#40395609)

So now it is OK for robots to access the file?

Re:No laws borken? (0)

Anonymous Coward | more than 2 years ago | (#40395341)

Re:No laws borken?

No, but the server surely was [wiktionary.org]

Re:No laws borken? (4, Insightful)

goodmanj (234846) | more than 2 years ago | (#40395387)

You're kidding, right? This is clear-cut extortion. You don't have to threaten to commit a criminal act to be guilty of extortion: all you need to do is threaten to do something unpleasant and demand something in exchange for not doing it. "Give me $5 or I'll punch you" is extortion, but so is "Give me $5 or I'll tell everyone you have a crush on Suzie", even though saying so is not a crime, and even though Suzie may already know.

http://en.wikipedia.org/wiki/Extortion [wikipedia.org]

Re:No laws borken? (1)

mpoulton (689851) | more than 2 years ago | (#40395481)

Among other elements, extortion requires a threat to the person or property of the victim, or someone associated with the victim. There is none here. The information at issue was publicly released by the "victim" on their website, and later withdrawn. This is like CNN retracting a story and threatening extortion charges against anyone who dares to mirror the old version.

Re:No laws borken? (0)

Anonymous Coward | more than 2 years ago | (#40395585)

Among other elements, extortion requires a threat to the person or property of the victim, or someone associated with the victim. There is none here.

What about the loan applicants? I'm sure that there could be damage to some of them if they published that data. There's already harm done to them by the company making the data accessible, but that doesn't change the fact that more harm would be done to them if it were made accessible again and everyone knows about it.

This is not equivalent to CNN retracting a story. Rather this is equivalent to a CNN reporter letting his notebook lying on a restaurant table while on toilet, and someone else copying the content of that notebook.

Re:No laws borken? (3, Insightful)

tehcyder (746570) | more than 2 years ago | (#40395905)

Among other elements, extortion requires a threat to the person or property of the victim, or someone associated with the victim. There is none here.

Bullshit, if I say "pay me $20,000" or I'll do X" that is extortion (demanding money with menaces in the UK i.e. what gangsters do)..

Re:No laws borken? (0)

Anonymous Coward | more than 2 years ago | (#40396039)

This can be side-stepped by saying "It would be a shame if X happened to you. If you'll pay me $20,000 to protect you, I'll do my best to help make sure X doesn't happen to you, but I can't make any promises!"

NOTE: if that's not a sidestep, then all computer anti-virus companies (even the "legitimate" ones) and all physical security companies are guilty of extortion. ;-)

Re:No laws borken? (2)

Nyder (754090) | more than 2 years ago | (#40395641)

You're kidding, right? This is clear-cut extortion. You don't have to threaten to commit a criminal act to be guilty of extortion: all you need to do is threaten to do something unpleasant and demand something in exchange for not doing it. "Give me $5 or I'll punch you" is extortion, but so is "Give me $5 or I'll tell everyone you have a crush on Suzie", even though saying so is not a crime, and even though Suzie may already know.

http://en.wikipedia.org/wiki/Extortion [wikipedia.org]

Pay up or I'll sue you.

Re:No laws borken? (2)

Nyder (754090) | more than 2 years ago | (#40395649)

You're kidding, right? This is clear-cut extortion. You don't have to threaten to commit a criminal act to be guilty of extortion: all you need to do is threaten to do something unpleasant and demand something in exchange for not doing it. "Give me $5 or I'll punch you" is extortion, but so is "Give me $5 or I'll tell everyone you have a crush on Suzie", even though saying so is not a crime, and even though Suzie may already know.

http://en.wikipedia.org/wiki/Extortion [wikipedia.org]

Pay up or I'll sue you.

Pay me royalties for patents i have, that may or may not apply, or I'll sue you.

Re:No laws borken? (4, Interesting)

Tom (822) | more than 2 years ago | (#40395689)

Actually, depending on jurisdiction there are these small, but important, differences.

Where I live, for example, it is only extortion if you threaten someone with illegal consequences. So beating them up if they don't pay is extortion, but telling his wife about his mistress if he doesn't is not.

Yeah okay (1)

SmallFurryCreature (593017) | more than 2 years ago | (#40396119)

But give me 5 dollar or I tell everyone about this post of yours on slashdot, that is a bit less clear. How can you extort someone with information they published themselves?

Also, for a financial institution, it is illegal to have information so readily available. Who is the bigger criminal here?

If I exort your by saying give me a fiver or I will tell everyone where you buried your victims MIGHT see the police question me but it is YOU that will end up in jail.

Go ahead bank, file charges against the hackers, then explain in court how you violated countless banking and privacy laws.

Re:Yeah okay (1)

goodmanj (234846) | more than 2 years ago | (#40396337)

"Who is the bigger criminal here?"

One crime doesn't excuse another. AmeriCash might receive a substantial fine, but Rex Mundi is looking at serious jail time if they get caught. Since they've done this more than once, they can be prosecuted under US racketeering law, which means decades in federal jail, forfeiture of assets, etc.

Re:Yeah okay (1)

goodmanj (234846) | more than 2 years ago | (#40396379)

"But give me 5 dollar or I tell everyone about this post of yours on slashdot, that is a bit less clear. How can you extort someone with information they published themselves?"

There's a difference between accidental exposure of embarassing material and deliberate publication. This is more like if a love letter from my mistress fell out of my briefcase and you picked it up. Yes I should have been more careful, but you're still committing a crime.

"Go ahead bank, file charges against the hackers"

The bank doesn't decide whether this goes to court or not: a federal prosecutor does. He can charge either AmeriCash or Rex Mundi or both, and if AmeriCash doesn't want to cooperate, he can subpoena their records. He can also threaten AmeriCash with prosecution, then offer to drop the charges if they cooperate with the extortion case, because imprisoning extortionist hackers makes him look better on the evening news.

Re:No laws borken? (-1)

Anonymous Coward | more than 2 years ago | (#40395793)

So they published the database on the Internet for anyone to access.

No, they didn't.

Failing to prevent criminals from accessing something is not the same as publishing it, and if it is the law should be changed so that cunts like these can be put in prison for a decade or two. Then they'll see how fucking clever and hackery they are when they're having the 1337 snot beaten out of them on a regular basis

Scum fighting scum. (0)

Anonymous Coward | more than 2 years ago | (#40395255)

Too bad they can't both lose.

Re:Scum fighting scum. (1)

Rosco P. Coltrane (209368) | more than 2 years ago | (#40395463)

The only losers here are AmeriCash Advance customers.

Re:Scum fighting scum. (0)

Anonymous Coward | more than 2 years ago | (#40395539)

The only losers here are AmeriCash Advance customers.

True. Only losers would get a loan from AmeriCash Advance.

Re:Scum fighting scum. (1)

tehcyder (746570) | more than 2 years ago | (#40395911)

The only losers here are AmeriCash Advance customers.

True. Only losers would get a loan from AmeriCash Advance.

So that's OK then, Mr Fucking Billionaire-Twat?

Re:Scum fighting scum. (0)

Anonymous Coward | more than 2 years ago | (#40396175)

As opposed to someone who buys derivatives.

Re:Scum fighting scum. (2, Informative)

Richard Dick Head (803293) | more than 2 years ago | (#40396005)

Too bad they can't both lose.

People don't have a clue as to how difficult that business is!

You have to look at losses as well to judge. Imagine you put your entire savings on the street, and anyone who came to you and said "hey, can I borrow some money?", you simply hand them a stack of bills. How many of those people are going to pay you back?

The loans are expensive because the default rates are phenomenally high (depending on the biz, up to 50% simply walk away from the loan at some point). And they have a specific purpose...they are much, much cheaper than bank overdrafts. The APR's for an NSF fee can run into the Millions of %.

Everyone assumes (people who hate payday lenders, AND people who want to enter the payday business) that they're disgustingly profitable, but that isn't quite the whole story. There are only a few exceptional people on this planet who possess both extremely poor financial planning aptitude, and yet have mad skills at flawlessly servicing their financial obligations.

Although, from what I've seen, these lenders tend to hire the cheapest option for their IT and web dev (clueless foreigners). I'm really surprised these security breaches don't happen more often.

Re:Scum fighting scum. (4, Insightful)

gl4ss (559668) | more than 2 years ago | (#40396317)

no, the reason to hate them is that they're giving loans to people who shouldn't be given loans in the first place. otherwise they could be getting it from the bank for 15% apr.

usually it's just plain old usury.

(I guess in usa you can bankrupt yourself and really walk away from the loan though? or is it like europe where you can't pretty much walk away from it short of stopping to paying taxes and having legal income totally).

Re:Scum fighting scum. (2)

Richard Dick Head (803293) | more than 2 years ago | (#40396531)

So, if your car breaks down, just walk that 15 miles to work? There are plenty of cases where the expense makes sense. You gotta do what you gotta do.

The loans are too small for it to be practical to take legal action...your typical loan is $300 with a $90 finance charge. A lawyer costs much more than that... So yeah, you can walk away and forget about it. And many people do, fraud and default is rampant, and that fact makes the entrapment argument is kind of silly.

And the funny part is, despite the expense, the only people who hate payday loans are the people who have never had one. The lenders are scared of being legislated into the dog house, so they're careful and play nice.

If a customer is having trouble, all they have to do is say so. Generally they'll stop assessing interest, and then they'll create an installment plan that works best (e.g. one that makes the customer happy so they won't walk away).

Although, there are some bad eggs, and typically they do business from overseas or from indian reservations. Those are where your horror stories come from.

Customers? (4, Insightful)

Vintermann (400722) | more than 2 years ago | (#40395267)

[We] are cooperating fully with the authorities to protect our customers and bring these criminals to justice.

First time protecting their customers was part of these people's business model.

Re:Customers? (4, Insightful)

NoobixCube (1133473) | more than 2 years ago | (#40395553)

A farmer might protect his cattle herd, doesn't mean he isn't going to eat them.

Re:Customers? (1)

Hentes (2461350) | more than 2 years ago | (#40395769)

Apparently, their costumers' data doesn't worth $20000 to them (or they don't trust the hackers.).

Hacker group ? (1)

LucyMary (2645509) | more than 2 years ago | (#40395275)

I think they are all fool.

Rex Mundi? (0)

Anonymous Coward | more than 2 years ago | (#40395279)

King of the world? Seriously? Must have an extremely small set of tackle between the legs :-)

Re:Rex Mundi? (1)

Chrisq (894406) | more than 2 years ago | (#40395409)

King of the world? Seriously? Must have an extremely small set of tackle between the legs :-)

He does. And its not his either.

Celine Handbags (-1, Offtopic)

gailsky (2667017) | more than 2 years ago | (#40395297)

Here you will find luxury items are no longer something you ever hesitate going for. The material used for manufacturing Celine Bag [celinehandbagoutlet.com] is of the top quality. You may find the most affordable Celine Handbags [celinehandbagoutlet.com] on our site while high quality can be guaranteed. To meet your expectation, we provide Celine Luggage [celinehandbagoutlet.com] that is perfectly imitated, featuring the slight details of originals. Don't hesitate! Take action immediately, we provide Celine Luggage Bag [celinehandbagoutlet.com] with wholesale and retail big discount, Save your money start here!!!

A challenge from link (1)

Chrisq (894406) | more than 2 years ago | (#40395393)

from a link from TFA: [dpaste.com]

Crypted details about our next Hollywood celebrity victim:

Unp2Z25qY3Z4Znp5b3Z0Z2ptZ3Zwb2l6bW56aHZkZ3Z4eGpwaW9odml0ZGlvem16bm9kaWJ oem5udmJ6bmFtamhidnRodmd6YW1kaXlzcmNqaGN6bXpicGd2bWd0aHp6eW5ham14dm5 wdnFuenNyZGdnbXpnenZuenl2b3Zndm96bQ==

Props to the one who decrypts it first!

Spaces added by me to get past slashdot filter. Any takers?

Re:A challenge from link (0)

Anonymous Coward | more than 2 years ago | (#40395575)

It has already been broken:

http://www.security.nl/artikel/41903/1/Onbeschoft_uitzendbureau_door_hackers_ontmaskerd.html

Re:A challenge from link (0)

Anonymous Coward | more than 2 years ago | (#40396585)

b-u-y-m-o-r-e-o-v-a-l-t-i-n-e
Really?

robots.txt (1)

Arancaytar (966377) | more than 2 years ago | (#40395403)

Not only was this page unsecured, it was actually referenced in their robots.txt file.

I.e., they left the front door open and attached a post-it saying "please don't look under the shelf".

oblig. car analogy (0)

Anonymous Coward | more than 2 years ago | (#40395545)

it was like putting a bmw up on blocks with a sign that said "steal my wheels".

Re:robots.txt (1)

gl4ss (559668) | more than 2 years ago | (#40395555)

Not only was this page unsecured, it was actually referenced in their robots.txt file.

I.e., they left the front door open and attached a post-it saying "please don't look under the shelf".

in a building that had a constant stream of visitors. don't forget that.

Re:robots.txt (1)

Bitsy Boffin (110334) | more than 2 years ago | (#40395569)

More specifically, they said "please don't look under the shelf IF YOU ARE A ROBOT"

Re:robots.txt (4, Insightful)

psiclops (1011105) | more than 2 years ago | (#40395771)

and then someone came and looked under the shelf anyway, found embarrassing photos that would be incredibly embarrassing to you and thousands of your friends. made copies of the photos and tried to illegally extort money from you.

My heroes! (4, Insightful)

goodmanj (234846) | more than 2 years ago | (#40395453)

So basically, they're coming to the defense of customers being ripped off by this lender, and are they're going to show 'em who's boss by widening the customers' exposure to identity theft? Wow, there's some moral high ground there. The customers must be so grateful.

"Howdy neighbor. I happened to hear you beating your wife last night. You can give me $1000 and I'll go away quietly. Otherwise, I'll give her another beating myself."

Re:My heroes! (0)

Anonymous Coward | more than 2 years ago | (#40395751)

So basically, they're coming to the defense of customers being ripped off by this lender, and are they're going to show 'em who's boss by widening the customers' exposure to identity theft? Wow, there's some moral high ground there. The customers must be so grateful.

"Howdy neighbor. I happened to hear you beating your wife last night. You can give me $1000 and I'll go away quietly. Otherwise, I'll give her another beating myself."

Hey, at least these guys admitted they're only in it for the money if you read the article. I think the idea is that they want to get quick, easy money without much moral concern, but just enough moral concern not to do it to UNICEF or something.

You can complain about these guys having no moral high ground, and I agree, but I don't think they're claiming one as much as just trying to justify being a dick.

Re:My heroes! (1)

tehcyder (746570) | more than 2 years ago | (#40395937)

Wow, there's some moral high ground there.

The people you are talking about are sociopathic, socially inadequate egotistical fantasits, if you're being generous, and simple criminals if you're not. Morals don't come into it either way.

Re:My heroes! (2)

Sqr(twg) (2126054) | more than 2 years ago | (#40396615)

To which AmeriCash shouted back, loud enough for everyone to hear:

"A thousand dollars? Are you nuts? Just come over here and see how much I care about my wife!"

No problem with this..... (0)

Lumpy (12016) | more than 2 years ago | (#40396495)

Thief on thief violence is fine with me. Payday advance companies are nothing more than Loan sharking and are therefore thieves taking advantage of the dumb.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?