×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Phishers Face Jail Time Under New U.S. Bill

CowboyNeal posted more than 9 years ago | from the doing-the-time dept.

United States 262

An anonymous reader writes "Democrat Patrick Leahy has introduced a new federal anti-phishing bill that would impose jail terms up to five years and fines up to $250,000 for criminals creating fake web site designed to con consumers in to giving them their personal information. 'Some phishers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded - that leaves plenty of time to cover their tracks. Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

262 comments

The crime is creating a website? (0, Interesting)

Anonymous Coward | more than 9 years ago | (#11843217)

Anyone else find that a bit scary? People with parody sites should be probably be worried a little.

Re:The crime is creating a website? (5, Insightful)

LiquidCoooled (634315) | more than 9 years ago | (#11843231)

Parody sites do not usually require you to give up account numbers of other information.

Any that do should be rightfully concerned.

Re:The crime is creating a website? (3, Insightful)

erick99 (743982) | more than 9 years ago | (#11843281)

The crime is tricking someone into giving up sensitive information such as bank account info so that their money can be stolen (as one example). Building the web site is a tool to accomplish the theft. I don't believe, however, that the legislation will outlaw websites in general.

Re:The crime is creating a website? (2, Insightful)

WidescreenFreak (830043) | more than 9 years ago | (#11843298)

There is a major difference between a parody web site and a web site that was created with the intention of fooling people into giving away information that can lead to criminal usage. I've never seen a parody web site ask for a social security number, bank number, etc.

Additionally, all parody sites I've seen either are blatantly obvious parodies or state somewhere on the site that they're parodies. Phishing sites won't do that because they're trying to convince you that they're genuine.

Apples and oranges.

Please... (0, Redundant)

Scratch-O-Matic (245992) | more than 9 years ago | (#11843319)

That kind of response to law enforcement pisses me off. No, the crime is not "creating a website," any more than lying to people on the phone to get bank details and then emptying their bank account is the crime of "talking to people on the phone."

Re:The crime is creating a website? (4, Insightful)

josh3736 (745265) | more than 9 years ago | (#11843324)

Christ, take off your tinfoil! This is an entirely reasonable and proper use of legislative power.

This bill stops Bad Guys® from stealing the inexperienced users' life savings before they actually steal anyone's money. It does not outlaw building any website, just those designed with the intent and purpose to steal your bank password.

Re:The crime is creating a website? (2, Interesting)

BlueUnderwear (73957) | more than 9 years ago | (#11843437)

Christ, take off your tinfoil! This is an entirely reasonable and proper use of legislative power.

This bill stops Bad Guys® from stealing the inexperienced users' life savings before they actually steal anyone's money.

Theft and fraud are already illegal. Who says that this law will do anything against phishers? The reason why phishing thrives is not because it is legal, but because it's hard to investigate and/or police just can't be bothered.

It does not outlaw building any website, just those designed with the intent and purpose to steal your bank password.

How do you prove intent? And what is the exact wording of the bill? If the intent is truly to steal and defraud, we've already got laws. We don't need any laws either forbidding to "carry weapons with intents of threatening peasants to give up their wallets". Mugging is already forbidden, and anything such a hypothecal law might achieve is inconvenience the butcher who brings a new knife to his shop...

A Luxembourgish Linux user got threats from a bank [knaff.lu] because he featured a look-alike login page on his Website. Purpose of that login page: strip an obnoxious browser check. But that's not how the bank tried to spin it.

Re:The crime is creating a website? (3, Insightful)

squiggleslash (241428) | more than 9 years ago | (#11843665)

I think the page you link to has so little in common with Phishing that it's about as likely to be prosecuted under a hypothetical badly-worded anti-phishing law as it is under a hypothetical badly-worded anti-cellphone-while-driving law. It doesn't represent itself as the bank in question, no reasonable person would see it as the bank in question, and the only way anyone would class it as "phishing" would be if the author is actually keeping the login information and abusing it (in which case he should be prosecuted!)

I think, to be quite honest, it takes the cake to criticise a law you haven't read and have no reason to believe is overbroad for being overbroad or badly worded. Yeah, it might be. Likewise the law on murder might be so overbroad that you can be prosecuted under it for eating beef. But that's not the case, and there's no reason, at this stage, to believe the anti-phishing law is overbroad either. Criticise it when it's actually got something in it to criticise.

Re:The crime is creating a website? (1, Funny)

Anonymous Coward | more than 9 years ago | (#11843458)

What you mean I didn't have to validate my citibank account ????
Who is citibank anyway ?

Re:The crime is creating a website? (2, Insightful)

BlueUnderwear (73957) | more than 9 years ago | (#11843388)

Anyone else find that a bit scary? People with parody sites should be probably be worried a little.

And also people who try to ensure interoperability of bank sites with "non-standard" browsers [knaff.lu].

Don't laugh... it did actually happen!

WAKE UP SLASHDOT TROLLS!!! (0, Troll)

The_Fire_Horse (552422) | more than 9 years ago | (#11843223)

Are you feeling all warm and woolly reading interesting discussions on slashdot while sipping a cup of warm cocoa? Think again fucker - the party is over...

Hi , I'm The_Fire_Horse [slashdot.org] and you might remember me from such posts as
"FUCK YOU ASSHOLE!", and
"I SAID - F U C K Y O U A S S H O L E !!"

Today - there is no article, I just wanted to pop in and wake up all the sleeping trolls in preparation for the great April 1st special - stay tuned for more details.

First CARDS! (1)

News For Turds (580751) | more than 9 years ago | (#11843224)

Cardinals are gonna kick some ass this year. You'll see.

P.S. I hate ALL OF YOU! GO TO HELL!

Love Always,
News For Turds

I'm glad about this (5, Interesting)

Deekin_Scalesinger (755062) | more than 9 years ago | (#11843227)

Assuming it works and is enforceable, of course. I think phishing is a pretty low way to live your life - preying on the gullible. Been done for thousands of years, true, but taking advantage of people is no way to live your life IMO.

Re:I'm glad about this (5, Funny)

kaellinn18 (707759) | more than 9 years ago | (#11843262)

taking advantage of people is no way to live your life IMO

Then I recommend you not pursue a career in the federal government.

Re:I'm glad about this (0)

Anonymous Coward | more than 9 years ago | (#11843656)

Then I recommend you not pursue a career in the federal government.

The politicians are the ones that take advantage of people, the rank and file of the federal government just do their jobs.

Re:I'm glad about this (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11843366)

You clearly don't get Capitalism.

linux stock ipo scams (-1)

Anonymous Coward | more than 9 years ago | (#11843423)

... preying on the vulnerable.

Re:I'm glad about this (0)

ratnerstar (609443) | more than 9 years ago | (#11843468)

Somebody says that taking advantage of people is no way to live your life and he gets modded to +4 Interesting? There's no +1 Self-Evident mod, I guess.

Totally agree (1, Funny)

Timo_UK (762705) | more than 9 years ago | (#11843237)

The Phish stocks in all oceans around the world have reached dangerously low levels

The moral is... (0)

quarkscat (697644) | more than 9 years ago | (#11843506)

Give a man a phish, and he'll not starve that
day. But teach a man to phish, and he'll never
starve again (in prison).

CDA?? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11843238)

What does this story have to do with the Communications Decency Act? That's the icon associated with this topic.

Great..... (5, Insightful)

Capt James McCarthy (860294) | more than 9 years ago | (#11843247)

Congress is all over it. Now the problem is sure to be solved. :-/ I'm afraid that this lip service will once again make the general public think this will solve the problem. Nope. It may slow down folks within the US borders, but we all know the true result of bills like this. It just won't work.

Legislative Hall of Fame (3, Funny)

aconn (709312) | more than 9 years ago | (#11843248)

This one will join CANSPAM in the Legislative Hall of Fame under the necessary but useless category.

NO! (5, Funny)

StevenHenderson (806391) | more than 9 years ago | (#11843252)

Uh oh! Does this mean they are going to jail Prince Ombutu Nagala of Nigeria? He was going to split $28M with me!!!!!!!!1

Re:NO! (1)

iamthemoog (410374) | more than 9 years ago | (#11843295)

Since Prince Ombutu lives in Nigeria, wouldn't you have to extradite him to the US to nail him with this law?

Re:NO! (1, Funny)

Penguin (4919) | more than 9 years ago | (#11843379)

Since when has it been a showstopper for the US to enforce US law in other countries? :)

A better solution. (1, Funny)

Anonymous Coward | more than 9 years ago | (#11843256)

Allow us to create online mobs.

some of us white hats and come grey hats are pissed at these scumbags, give us the ability to go after them with our skillz.

let me take down that server, swipe their domain name, dig in and find who they are and utterly destroy their credit, or better yet have fun listing them as convicted child pornographers and other things.

Let me use my 'Uber Skillz' and my phat beyotchin' and fly laptop to bring them to my own flava of justice.

WORD!

Good! (2, Insightful)

Kimos (859729) | more than 9 years ago | (#11843258)

I'm glad to see that phishing is being taken seriously! Just because it happens on the internet, doesn't mean it's not as serious as any other type of scam.

side effect: anti-parody? (-1)

Anonymous Coward | more than 9 years ago | (#11843264)

I wonder if this will be yet another weapon against parody sites by corporate lawyers with too much time on their hands.

Evidence (2, Interesting)

retards (320893) | more than 9 years ago | (#11843268)

Not a bad thing, but I think actual fraud or clear intent should have to be proven. Opportunity and unproven intent should not be weigh beyond a reasonable doubt.

Re:Evidence (3, Insightful)

Anonymous Coward | more than 9 years ago | (#11843415)

That shouldn't be difficult.

Creating a website that looks like that of an existing bank or commercial concern using graphics and layouts harvested from said bank or commercial concern's website and asking for account numbers and PINs, SSNs and other personal information should be ample proof of intent. Using browser address bar and security certificate spoofs/hacks should cement the proof of intent.

An individual or group who collects usernames and passwords like that doesn't do so for curiosity's sake.

First (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11843270)

Prison butt-rape joke post...

Please explain why (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11843274)

"Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."

Please explain why. New laws suck. 99% of the time the old existing laws are completely capable of handling the problem... just enforce the laws we have.

Re:Please explain why (0)

Anonymous Coward | more than 9 years ago | (#11843326)

Maybe this falls under that 1%?

And reading the summary might give you a clue why a new law is required...

Re:Please explain why (3, Insightful)

ednopantz (467288) | more than 9 years ago | (#11843344)

Somebody should develop a tool to bombard their websites with junk data. They want acct #s and passwords? Give em 10,000 fake ones for every real one. Let them try and figure out which is which. It could even be a distributed app: FoilPhishers@Home.

But yeah, send 'em to Federal PMITA prison at first opportunity too.

Re:Please explain why (0)

Anonymous Coward | more than 9 years ago | (#11843384)

But yeah, send 'em to Federal PMITA prison at first opportunity too.

Maybe, just maybe...sexually torturing them is going too far.

Re:Please explain why (2, Insightful)

ThogScully (589935) | more than 9 years ago | (#11843373)

I'll second that point of view... it seems to me that even if the old laws somehow don't just make scamming in general illegal, then perhaps those laws should be adjusted so that they do.

That way, we can have one law that says scamming people is illegal rather than one law that says scamming people over the phone is illegal and another for scamming people on the internet, and another for scamming people in person, etc...

It's all the same crime - there's no reason to distinguish at the legal level, only in the methods of prosecution and gathering proof.
-N

Re:Please explain why (4, Insightful)

RobotRunAmok (595286) | more than 9 years ago | (#11843411)

Leahy is a lawmaker. Lawmakers make laws. There is no glamor for him in enforcing existing (i.e., someone else's) laws.

How many congresspeople do you know who run for re-election on a platform of, "Hey, y'know, we've pretty much got a law for every possible crime imaginable, I just spent my term minimizing bureacracy so Justice, the cops and the courts could do their thing" ?

It's all about the re-election. "Hey, lookit me! The hip Anti-Phish Candidate! A year ago it wasn't even a word, but last week I wrote a law against it!! Who's your Re-Electable Daddy?!"

It's the same headline-generating mentality that prompts these bozos to make cellphone-specific anti-driving-while-distracted laws.

Re:Please explain why (1)

stinerman (812158) | more than 9 years ago | (#11843436)

How many congresspeople do you know who run for re-election on a platform of, "Hey, y'know, we've pretty much got a law for every possible crime imaginable, I just spent my term minimizing bureacracy so Justice, the cops and the courts could do their thing" ?

Its rather unfortunate they don't run on that platform. I would probably vote for that candidate. Hell, I can't do any worse. I live in a conservative area, and, not being a conservative, every last person I voted for in the 2004 election lost (save those who ran unopposed).

Re:Please explain why (4, Insightful)

dasunt (249686) | more than 9 years ago | (#11843526)

Please explain why. New laws suck. 99% of the time the old existing laws are completely capable of handling the problem... just enforce the laws we have.

Here's my theory what happens:

Imagine a congressman or congresswoman wants to appear to be doing something. Or perhaps they are just naive. Either way, they come up with a new law which more or less covers an existing law. We'll use a hypothetical "Violence against Women Act 2005", which makes kidnapping a woman across state lines a federal offense.

Now, its already illegal to kidnap someone across state lines, as we all should know. However, considering that there is a 2006 election just around the corner, the average member of congress will not vote against this act -- just imagine the attack ads if he did!

Look at the AARP -- they are being attacked by USA Next for supporting gay marriage. What really happened is that Ohio was passing a constitutional amendment to ban gay marriage. The bill was broad enough to apply to unmarried cohabiting heterosexual seniors. The AARP, acting in the best interests of its members opposed the bill, and now we see ads about how AARP is for gay marriage.

So, let me ask you one question: Why are you against punishing criminals? Your opponent will be asking you this question in 2006.

As always, there is a Simpson's quote [simpsoncrazy.com] for this. Episode 2F11, where Bart discovers a comet that happens to be directly headed towards Springfield:

KENT BROCKMAN

With our utter annihilation imminent, our federal government has snapped into action. We go live now via satellite to the floor of the United States congress.

SPEAKER
Then it is unanimous, we are going to approve the bill to evacuate the town of Springfield in the great state of--

CONGRESSMAN
Wait a second, I want to tack on a rider to that bill - $30 million of taxpayer money to support the perverted arts.

SPEAKER
All in favor of the amended Springfield-slash-pervert bill?

FLOOR
Boo!

SPEAKER
Bill defeated.

Re:Please explain why (3, Informative)

MindStalker (22827) | more than 9 years ago | (#11843606)

Current law requires there to be victims. So if you are unsuccesful or they simply can't find your victims, they could not arrest you under current law. Of course there are laws like trademark infringment but that would require the cooperation of the people you are copying.

Re:Please explain why (2, Insightful)

GigsVT (208848) | more than 9 years ago | (#11843703)

The new law doesn't change the old law anyway.

"Whoever knowingly, with the intent to carry on any activity which would be a Federal or State crime of fraud or identity theft--"

For this law to even apply, the prosecution has to show intent to commit fraud as it is already defined. This is the same as just charging someone with attempted fraud, as far as I can tell.

Attention Voters! (5, Funny)

Scratch-O-Matic (245992) | more than 9 years ago | (#11843278)

Senator Leahy is engaged in a legislative battle against online scammers, and he needs your support. If you would like to help, click on this link [senate.gov]. To ensure that you are a registered voter, you will be asked to verify your name, address, and social security number. You may then make a donation online, right from your checking account!

better solution. (5, Interesting)

Lumpy (12016) | more than 9 years ago | (#11843284)

I already start up an app to poison their databases every time I get one ofthose paypal,ebay or lately, the yahoo greeting card phishing scams.

point a particular java app at the url and let her fly filling in all the form fields over and over and over again with what looks like real but is generated from files crap.

if the asshats have to sift through 300 bad records to find something useable, at least I slowed them down a bit.

If more people in the know did this to them instead of the worthless action of reporting them it would make a bigger impact. the last one I reported to ebay was still up days later. My second alert to ebay was responded with "we cant deal with them all, go away" but in nicer words.

Re:better solution. (1)

carcajou (862125) | more than 9 years ago | (#11843355)

I agree...the more we "police" the internet ourselves, the less the government will need to regulate it. Your program is a great idea, as are the ones that you can imbed in a web page to send millions of bad email addresses through bots that are skimming the addresses out of pages. To many users complain about internet regulation and censorship while at the same time relying on the government to deal with con-artists and etc. It has to be one way or the other: self-policed freedom, or government control...it is our choice!

Re:better solution. (4, Insightful)

Speare (84249) | more than 9 years ago | (#11843418)

I agree...the more we "police" the internet ourselves, the less the government will need to regulate it.

An' if we take 'em out o'the holdin' cell afore their trial, an' string 'em up inna tree, then the liberal activist judges cain't set 'em free! Who's wit' me? Grab yer hoods an' meet me by the libary at half past midnight. We're gonna do some justice.

Re:better solution. (1)

carcajou (862125) | more than 9 years ago | (#11843507)

Well...not quite my intent...more of like this...everyone says these people have not committed a crime when they put up the site...that the crime is committed when they rip someone off. I have never advocated taking government out of the crime and punishment phase, but I do advocate using misdirection in any situation where it will save innocents... IMHO, misdirection before a crime is a protective measure, not vigilantism.

Re:better solution. (1)

aug24 (38229) | more than 9 years ago | (#11843376)

I bet all they do is log them to a file and then they use a computer-aided approach just like yours to attempt to transfer a random amount of money from each account.

That's what I'd do anyway. Still, your approach is much better than nothing.

When playing a game, always put yourself in the mind of the opponent and work out what they would least like you to do. So, fellow slashdotters, what would really annoy these people?

Justin.

Re:better solution. (0)

Anonymous Coward | more than 9 years ago | (#11843387)

paypal would notice a few hundred failed attempts at logging in from an IP address.

or at least they had damn well better notice.

Re:better solution. (0)

Anonymous Coward | more than 9 years ago | (#11843556)

and possibly wouldn't also the phishers notice they got 500 submits from the same ip address, and thus just delete those records?

or, if the app doesn't time out between tries, won't the phishers notice that, oh i just got 1000 submits within the last second, woohoo i am going to be rich!

Re:better solution. (1)

advocate_one (662832) | more than 9 years ago | (#11843389)

give us a link to it then... fancy just mentioning this app and then leaving us all dangling... ;)

Re:better solution. (0)

Anonymous Coward | more than 9 years ago | (#11843420)

http://freshmeat.net/search/?q=web+form+flood&sect ion=projects&Go.x=0&Go.y=0

is probably what he is talking about. although I only did a 3 second search on sourceforge. I guess if someone took more than 3 seconds they would find more.

maybe on that secret website called google.

Re:better solution. (0)

skogs (628589) | more than 9 years ago | (#11843394)

Please. Repost a reply and allow your slashdot bretheren to assist you in your spam the phisher crusade!

Re:better solution. (-1)

Anonymous Coward | more than 9 years ago | (#11843419)

Share the app?

Re:better solution. (1)

MindStalker (22827) | more than 9 years ago | (#11843630)

Reporting to ebay does little good, obvious because they can't deal with that many site and they don't have control of the sites. Personally I've found that I can generally track down the ISP with a litte bit of work, reporting to them gets the site taken down in matter of hours. Of course this is a lot tougher when the site in question is foreign I've found.

Re:better solution. (1)

mESSDan (302670) | more than 9 years ago | (#11843643)

Why wouldn't they just check the IP address the requests came from and chunk your 300 requests in one go?

Penalties (0)

Anonymous Coward | more than 9 years ago | (#11843289)

Aren't these penalties similar to the CAN-SPAM Act?

Umm.... isn't phishing far more malicious than spamming?

Doesn't seem right to me...

I don't care (2, Funny)

Anonymous Coward | more than 9 years ago | (#11843290)

just so long as they leave my free ipod scam alone...

Use it to prosecute spyware companies? (2, Interesting)

G4from128k (686170) | more than 9 years ago | (#11843301)

I've not read the bill (only this article [internetnews.com]), but I wonder if this could be used to prosecute other internet low-life that try to gather personal data for purposes not sanctioned by the submitter of the information. And taking over someone's computer without their knowledge would certainly seem to be a type of fraud under this bill.

A cause for celebration (5, Funny)

Laurentiu (830504) | more than 9 years ago | (#11843311)

As a new federal law called "The Anti-Phishing Act of 2005" is being pushed by the U.S. legislative, hackers everywhere celebrate their victory over the English language.

"W3 pl4n 2 in7r0duc3 z00n 0d4r l337 w0rdz in d4 c0n73mp0r4n v0c4bul4rj", said the appointed speaker for the "H4x0rz" community, who prefers to remain anonymous ."0ur n3x7 74rg47z 4r3 "h4x0r", "l337" 4nd "pwn3d". 0ur l0bbj gr0up iz z7r0ng, 4nd w3 b3li3v3 d4j will 4lz0 b3 in7r0duc3d bj d4 3nd 0ph d4 j34r."

Phishing Bill Issues (5, Informative)

Gallenod (84385) | more than 9 years ago | (#11843312)

This is a first shot across the bow. The bill will probably undgergo substantial debate and amendment as it moves through Congress, but I expect this has a chance to become law.

I've met Sen. Leahy. He's an old-school Vermont Democrat who's held pretty much every state-level elected office except governor and lieutenant governor. I've had a couple of e-mail exchanges with him on CAN-SPAM. When that law first passed, he was cautiously backing it as a reasonable first step. He's realized lately, however, that it's been largely ineffective. The anti-phishing bill is his first real leading charge at cyber-scamming and it reflects some of his earlier frustration with Congress's inability to deal effectively with Internet issues.

(Or much else, in many people's opinion.)

Leahy ruffled some feathers in the online community by supporting RIAA-sponsored legislation on copyrights. It's possible this is a canny political attempt to balance the books a bit. Then again, he's a decent guy with 80% support in a state that's 33% Republican. Even in the minority, he's got a lot of clout. On this issue he'll probably get bi-partisan support, so it's likely this bill will, in some form, eventualy become law.

Besides, anyone high on Dick Cheney's hate list can't be all bad.

Uhh..what country will this be enforced in again? (2, Informative)

the-ghoul (630892) | more than 9 years ago | (#11843316)

Are most if not nearly all perps of this this non US based? Last time I looked, the scammers were mostly from Nigeria right?

Re:Uhh..what country will this be enforced in agai (1)

coder.keitaro (861991) | more than 9 years ago | (#11843470)

The Nigerian scam is based in Nigeria. [Strangely enough]

But a lot of the fake websites for bank logins are only hosted outside the US.
The domain names and holders are located in the US. Just like most spammers are based in the US but use servers hosted in other countries.

I do not think that it matters if a person commiting a crime in the US is based in another country.
IANAL, but what if I hired a hit man to kill someone in the US while living in Germany?
Could I get away with it?
I think that you just have to have enough proof of a crime being commited in the US and then issue an international warrant for arrest and extradition.

The nature of the internet being borderless, at least for now, makes it interesting how the law will be applied in such cases.

But I am far more concerned that laws like this could be abused to restrict free speach online.

I hope EFF and others are picking over this to make sure that it is not be the case.

This may actually help (5, Insightful)

wingspan (113604) | more than 9 years ago | (#11843318)

Phishing exists because the phisher has a favorable risk/reward relationship. This legislation will help change that relationship by allowing law enforcement to get involved earlier. Today, LE has to wait for a fraud to occur and someone to complain. If my understanding is correct, under this legislation LE can get involved much earlier, when phishing or pharming is first detected. Earlier involvement means less time for the phish site to be operating (reducing return), and less time to destroy evidence (increasing risk).

Of course, whether they will become involved or not is subject to debate.

Mod Parent Up (0, Offtopic)

Gallenod (84385) | more than 9 years ago | (#11843356)

Exactly. I'd give this an insightful mod, but I've already posted in this topic. Somebody pat wingspan on the back for me, please. :)

Re:This may actually help (0)

sepluv (641107) | more than 9 years ago | (#11843544)

To commit a crime you only have to intend to or attempt to do it. Why can't they prosecute them for attempted fraud without waiting until someone gets scammed? Surely, there is enough evidence with most of phishing attempts that they are actually scams?

Hot air (3, Insightful)

glyn.phillips (826462) | more than 9 years ago | (#11843322)

Apparently Patrick Leahy is ignoring just how easy it is to move phishing opperations off shore. This looks more like a means to keep Leahy in the news rather than an effective crime-fighting law. In the horse and buggy days people learned not to walk right behind a horse unless willing to get kicked. When automobiles came out everyone learned to look both ways before crossing the street. As any new technology appears, a new set of safety rules comes with it, and each individual needs to learn the new rules. Many institutions are busy educating their users and now law is needed to force them to do this as it is already in their best interest.

Re:Hot air (3, Insightful)

Steve B (42864) | more than 9 years ago | (#11843397)

Apparently Patrick Leahy is ignoring just how easy it is to move phishing opperations off shore.

The host computer can be moved offshore, but the phisher himself can still be nabbed as long as he stays in the US (or a country with an extradition treaty). As a few people pointed out on spammer thread [slashdot.org] the other day, not many of the crooks are willing to actually go live in Elbonia so they can hide from the law.

And all Phishing sites are US-based too. Whew! (3, Insightful)

mattspammail (828219) | more than 9 years ago | (#11843337)

How many of you have actually traced down an IP address to find its origin? I know I'm not the only one. The first thing you find out is that the IP address is registered in Latin America or some other part of the world where we have no jurisdiction. The second thing you find out is that there is no way to do anything about their perceived illegal activities. I say perceived, because it may be un-legislated activity where they come from.

I say all of this because I don't think there's a single thing we can do to prevent those outside our country from doing this over and over and over again.

Practically useless, if you ask me.

Re:And all Phishing sites are US-based too. Whew! (0)

Ironsides (739422) | more than 9 years ago | (#11843520)

The second thing you find out is that there is no way to do anything about their perceived illegal activities.

Tell that to the guys who deface and DDoS the RIAA web servers. All we need to do is set up our own equivalent to take them down a pwn them.

This is bullshit. (0)

Anonymous Coward | more than 9 years ago | (#11843339)

Phishers should have a protected right to steal information from people.

If you're dumb enough to give it up, you're dumb enough to learn a harsh lesson.

That's what I say.

Yawn... (0)

Anonymous Coward | more than 9 years ago | (#11843357)

Considering the unqualified success the CAN-SPAM Act has been, successfully vanquishing 100% of all unsolicited commercial email since its passage, I cannot wait for Congress to completely eliminate phishing as well.

Phishing and Pharming? (1)

ArsenneLupin (766289) | more than 9 years ago | (#11843360)

"Neither phishing nor pharming always fit neatly into traditional wire fraud and identity theft statutes,"

Now I understand why they wanted to railroad the controversial Computer Implemented Inventions directive during the Council of Agriculture and Fisheries! [theregister.co.uk].

Hey, if somebody patents phishing as a business method, we'll be able to SLAPP all phishers for patent infringment!

Isn't there already a law that can be applied? (2, Interesting)

CastrTroy (595695) | more than 9 years ago | (#11843369)

Isn't there already a law that can be applied? Doesn't this basically amount to fraud or something? I think the biggest problem with Phishing is that it's a little hard to track down who is doing it. If you know who's doing it, you can easily arrest them. The problem is, is that mostly these phishers try to remain anonymous, and probably don't have their operations set up in the US.

Re:Isn't there already a law that can be applied? (1)

Ironsides (739422) | more than 9 years ago | (#11843539)

Current fraud laws [probably] require someone arleady defrauded to come forward and press charges. This would allow for the cops to go after them just for the fraud scheme itself without any victims having come forward yet.

Re:Isn't there already a law that can be applied? (1)

ebvwfbw (864834) | more than 9 years ago | (#11843547)

The answer is almost always yes. Wire, fraud and other laws are applied today to net these criminals as seen on slashdot! The Represenative thinks that the laws aren't applicable in some cases. That is, it isn't a clearcut fit.

What else he says is that he wants to stop the erosion of public trust in the net. So this is yet another "feel good" bill. Feel good bills often lead to unintended consequences. For example, could this be applied to a politicians site? Someone could sign up saying they thought he was for JEDI (Just Enter Desired Issue). Turns out he is against JEDI. Right now he would be a waffler, he may be a criminal under the new law. Politicians often make sure they are left out of the law's grasp. bla bla bla except for political sites.

Re:Isn't there already a law that can be applied? (1)

leonardluen (211265) | more than 9 years ago | (#11843674)

Doesn't this basically amount to fraud or something?
i had thought the same thing...IANAL but if my understanding is correct it is indeed fraud, but the problem is that fraud cannot be prosecuted until someone complains, and so the actual fraud might not occur until after the phisher closes down their website and covers their tracks. what this law is trying to do is allow law enforcement to go after them before they get any complaints about fraud or identity theft and hopefully before all the evidence is destroyed.

so it isn't that doing this wasn't a crime already, it is just that this law tries to make it easier to stop it.

Let my people phish! (1, Funny)

Anonymous Coward | more than 9 years ago | (#11843391)

I say, leave the phishers alone. Maybe if the stupid people who give up their personal information, account IDs and passwords at the slightest provocation get fleeced often enough, they'll stop using the internet entirely-- thus increasing the collective IQ of the remaining internet users by a few points.

AOL dropping Usenet and finally bringing September of 1993 to an end was just the first step in returning the internet to the clueful.

Let's get the naive idiots off the net and back in front of the Three Card Monte tables where they belong, thus freeing up more bandwidth for us to discuss who was the better captain, Picard or Kirk.

More nannying by the state. (2, Insightful)

pandrijeczko (588093) | more than 9 years ago | (#11843404)

Scammers use phishing because there are stupid people to leech money from. No stupid people, no profit from phishing, no reason to phish in the first place.

The sooner people accept responsibility for their own lives and their own personal information, the sooner people realise that with every Bill or Law that gets passed, the more they hand over the controls of their lives to the nanny state.

If the stupid people can't be bothered to protect their private information, if they can't simply delete emails they don't 100% trust the source of, if they can't invest in a paper shredder, if they believe all those glossy adverts about the security of their chosen operating system, then more fool them.

But please don't let us smart people also lose our personal liberties as a result of their stupidity.

No phishing scam has ever got me and they never will.

Re:More nannying by the state. (-1)

Anonymous Coward | more than 9 years ago | (#11843438)

I don't really see being technically inept or unfamiliar with computer usage and email security as having anything to do with being stupid or smart.

But I guess nerds like to believe being familiar with current technology somehow makes them superior to all those plebes who don't use computers much in their day to day lives.

Re:More nannying by the state. (1)

pandrijeczko (588093) | more than 9 years ago | (#11843486)

I don't really see being technically inept or unfamiliar with computer usage and email security as having anything to do with being stupid or smart.

Sorry, but if you cannot take the cynical viewpoint of "reading between the lines" any information sent to you by anyone trying to make money from you, that makes you stupid in my book - whether that's a company trying to sell you their latest secure operating system or a phisher trying to scam you.

But I guess nerds like to believe being familiar with current technology somehow makes them superior to all those plebes who don't use computers much in their day to day lives.

No, it makes nerds like me superior to the plebs in just about all things computers - in the same way I'm a pleb when it comes to wood-working compared to a carpentry "nerd" friend of mine.

Why not just get this problem at the source? (0)

Anonymous Coward | more than 9 years ago | (#11843425)

Mandate standardized intelligence testing, and prohibit anyone who scores below a certain level from using the net.

Make sure there are some questions on there about how to properly maintain a Windows box so it doesn't get pwn3d, too.

Who's clicking on these things? (2, Interesting)

theskipper (461997) | more than 9 years ago | (#11843447)

I don't get some of these phishing guys. Just got this in my inbox. Sure, there are some phishes that look believable but are the phishers really as stupid as the people that click on them? Would anyone who'd create a brain-dead phish like this one actually be afraid of jail time and/or a fine?

--
Subject: E-gold secutity patchHBhdGNo

Dear E-gold user, we receive many complaints concerning unsunctioned taking the money
off the balance of our users recently, thus we earnestly ask you to install the
following service-pack onto your Personal Computer.

- This innovation blocks all known Trojans which let take the money off your account
without your consent. We earnestly ask you to install this service-pack in order
to keep your money safe and sound.

- In case of the lost of your money, E-gold *DOES NOT* bear any responsibility if the
service-pack had not been installed on your computer before.

- The installation archivated file of the service-pack is attached to this letter.

Re:Who's clicking on these things? (1)

jim_redwagon (845837) | more than 9 years ago | (#11843654)

- The installation archivated file of the service-pack is attached to this letter

archivated? I LOVE THAT WORD! SEE? Good things can come from phishing.

I'm going to throw that one into my next app design doc, can't wait to see the PHBs using it.

Why can I murder someone for less jail time? (4, Insightful)

IpsissimusMarr (672940) | more than 9 years ago | (#11843457)

Is it just me or is doing something illegal in the cyber-world more dangerous than the real world? How is it possible that I get more jail time for cracking into and defacing a web page than I'd get for shooting someone?

For our 'cyber-laws' we should be taking precidence from our existing laws. Instead of levying new fines for phishing, add this definition onto our current fraud and identity theft laws. Instead of creating crazy fines for spammers (although I want to see them pay just like everyone else) and model the punishments similarly to the do-no-call lists?

Law-makers don't see the internet as an extension of the physical world, and in term of law it should be seen in this light. Extend Current laws, don't make them up in a flight of fancy.

Theives (2, Insightful)

northcat (827059) | more than 9 years ago | (#11843477)

Small theives have laws against them. Big theives have laws that regulate them. Really big theives have laws for them.

Fines backwards, again (1)

192939495969798999 (58312) | more than 9 years ago | (#11843623)

Nuclear disaster fine: $60,000
Phishing fine: $250,000

It's cheaper to poison people with radiation and then take their credit card #'s then it is to trick them into giving you their credit card #'s.

New *Introduced* Bill (0, Troll)

Kainaw (676073) | more than 9 years ago | (#11843688)

I'm having a crappy day, so I'm being very cynical. Things like this are getting on my nerves. This bill in introduced. How many bills are introduced each day - about 50? How many get passed on average - about 0? How many phishers are going "Oh my God! There's a bill introduced to Congress that could punish me if it were ever passed but it won't be so it won't ever have any effect on me, therefore I should stop phishing!"

Call me when Congress actually passes a law that isn't immediately overturned by the Supreme Court.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...