Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Vigilante Hackers use Old West Tactics for Justice

CowboyNeal posted more than 9 years ago | from the lord-loves-a-hangin' dept.

Security 532

dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.

Sorry! There are no comments related to the filter you selected.

Old west? (0)

ajaf (672235) | more than 9 years ago | (#12651336)

Or Robin hood?

Re:Old west? (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12651383)

It's CoyboyNeal. With a nickname like that, of course he'd reference the old west.

Re:Old west? (0)

Anonymous Coward | more than 9 years ago | (#12651391)

Yeah, self justice is realy k3wl.

Let me be the first to say... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12651337)

YEEEEEEEHAWWWWWWWW!!!

justice (5, Interesting)

Artana Niveus Corvum (460604) | more than 9 years ago | (#12651338)

I truly often wish that sort of justice were legal... When the law can't back itself up and the people can...

Jury nullification (5, Interesting)

XanC (644172) | more than 9 years ago | (#12651367)

If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.

Re:Jury nullification (4, Insightful)

dubdays (410710) | more than 9 years ago | (#12651404)

Unfortunately, it seems to take FOREVER for the law to make a difference in these cases, if anything is ever done at all. The simple fact is that it's difficult, at best, to try to track and arrest an international criminal. I'm generally not one for vigilantes, but when it takes 5 months to catch the bastard legally, I'm all for taking the sucker out of business by other means.

Re:Jury nullification (5, Interesting)

crymeph0 (682581) | more than 9 years ago | (#12651601)

Agreed. From the end of TFA:

We would rather see the industry itself find solutions.

And while your industry is sitting around doing nothing about these fake sites set up in countries where the local police care more about rounding up dissidents than stopping fraud, people are losing their life savings. I'll take my chances with the vigilantes. Even if they make mistakes, at least they're doing something

Re:Jury nullification (5, Informative)

ScentCone (795499) | more than 9 years ago | (#12651604)

If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.

Not really. For example, if a person doesn't have appropriate charges brought up against them (or there are no such statutes), then there will never be an option for a jury to exercise. The jury might elect not to convict on something, but they can't cause a conviction (on other counts) where there should be one. This is particularly true where the nature of an act (like some innovative new form of online fraud, for example) hasn't been really contemplated by the justice system before.

I agree (5, Insightful)

Dancin_Santa (265275) | more than 9 years ago | (#12651386)

We just don't see enough people hanging from trees for marrying outside their race.

Oh, your concept of right and wrong is different from mine?

Re:I agree (4, Funny)

kclittle (625128) | more than 9 years ago | (#12651506)

I have mod points, but I can't find the "Insightful Flamebait Troll" value in the list...

I agree-slashdot justice. (0)

Anonymous Coward | more than 9 years ago | (#12651538)

Just mod him up, and let the political correctness be damned.

Re:I agree (1)

chill (34294) | more than 9 years ago | (#12651568)

There is a big legal difference between a crime of violence and a crime against property.

There is also a big practical difference between a crime against another criminal (who is unlikely to report or prosecute) and a crime against a non-crimial.

I agree (0, Flamebait)

Dancin_Santa (265275) | more than 9 years ago | (#12651581)

We don't see enough of the community burning crosses on the lawns of people who are unwanted in our neighborhoods.

Oh, your definition of criminal is different from mine?

Re:I agree (0)

Anonymous Coward | more than 9 years ago | (#12651614)

Forget it. 14 year old Linux-zealots just don't get your point.

Re:justice (1, Insightful)

EngMedic (604629) | more than 9 years ago | (#12651393)

The problem is, it's not justice, it's retribution.

It's both (n/t) (1)

XanC (644172) | more than 9 years ago | (#12651403)

n/t

Re:justice (0)

Anonymous Coward | more than 9 years ago | (#12651419)

Either way, I hope these guys get around to punishing MoG, Enderle, Dvorak, and McBride.

Re:justice (3, Insightful)

lawpoop (604919) | more than 9 years ago | (#12651398)

This is not justice. Who says that this site or that site is a fraudulent bank? How would you like it if a 'vigilante' defaced your site claiming you were a fraud?

If you don't have a trial with evidence, all you are doing is creating cycles of revenge, with no resolution. With a justice system, wrongs can be righted, and then we are done with the matter.

There is no justice system that is totally perfect, but resorting to vigilantism when justice isn't perfect would make the situation much much worse.

Re:justice (0)

Anonymous Coward | more than 9 years ago | (#12651459)

Slippery slope argument? In this case it's pretty clear that GOOD came out of this, did not make any situation much much worse.

Re:justice (0)

Anonymous Coward | more than 9 years ago | (#12651561)

i raped your mom last night. And i blew my load, so something good came out of it, and since she's a dirty whore, it didn't make the situation much worse.

Re:justice (4, Insightful)

Adrilla (830520) | more than 9 years ago | (#12651487)

and meanwhile, while all of this time is passing waiting for arrests and trials, they fraudulent websites are robbing people who don't know any better. I don't fully endorse the defacing the sites but it's something and it works quicker than waiting for the justice system to catch up. It's not a resolution, but it is a deterent, not to mention if the justice righted the wrongs and we were already "done with the matter" the vigilantes wouldn't have fake sites to deface.

Re:justice (0)

Anonymous Coward | more than 9 years ago | (#12651402)

Define legal .. a group of people who held a ballot and decided they should enforce certain rules?

Government is run by humans. And so are the vigilantes .. bunch of people tryting to enforce rules .. in conflict with government maybe .. but what exactly is government?

The answer .. I don't know. But I can tell you that I just smoked the high end sh*t.

Re:justice (2, Interesting)

liquidpele (663430) | more than 9 years ago | (#12651430)

I've often thought of writing a script to flood bogus data into scam sites, so that at least they couldn't get any real data out of it after the script had started.... Anyone think that would work, or am I overlooking something?

Re:justice (1)

The Snowman (116231) | more than 9 years ago | (#12651508)

I've often thought of writing a script to flood bogus data into scam sites, so that at least they couldn't get any real data out of it after the script had started.... Anyone think that would work, or am I overlooking something?

Smart scammers will keep track of IP addresses via a script running on the server, and block you after a while. Of course, as we all know from some of the spam and scams out there, the bad guys are not always all that bright.

I remember reading an article on Slashdot about this specifically about a year or so ago, but a search doesn't bring it up. Essentially, someone wrote a script to do just this. However, from a technological point of view, his script was the same thing as any other "bad" script out there that feeds crap to web servers. This made it easy for the scammers to filter out his input. Maybe having a distributed network of computers doing this help keep the signal to noise ratio low, maybe it would just mean more IPs to ban. Anyway, I think it is worth looking into.

Re:justice (1)

hawado (762018) | more than 9 years ago | (#12651541)

yeh, all you have to do is take possesion of all those windows zombies out there and viola, you have your base for a distributed attack...
Although I agree with both sides of the argument here, legal recourse should be pursued before ilegal course is taken.

Re:justice (0)

Anonymous Coward | more than 9 years ago | (#12651600)

> all you have to do is take possesion of all those
> windows zombies out there and viola, you have your
> base for a distributed attack...

Sweet. Using the zombie mechanisms to attack the folks who put them there.

I like it....

Re:justice (1)

hawado (762018) | more than 9 years ago | (#12651578)

yeh, all you have to do is take possesion of all those windows zombies out there and viola, you have your base for a distributed attack...
The great thing about this is that most of these zombies have rotating IP addresses as they belong to home users. Even with a broadband connection it is likely that you have a changing IP. Now if the scam sites want to block all traffic from lets say, rogers or bell by wild carding the second two parts of an IP, they are killing most of the traffic set on messing up their site, but they are also killing off most of their intended target. This may not seem like much dealing with one provider, but when you consider the zombies are spread out around the world and across all providers, they would effectively have to block all providers to save their systems from an attack.
Although I agree with both sides of the argument here, legal recourse should be pursued before ilegal course is taken.

Re:justice (1)

strider44 (650833) | more than 9 years ago | (#12651602)

*sigh*

If they know how to hack a site they know how to go through an anonymous proxy.

Re:justice (1)

anagama (611277) | more than 9 years ago | (#12651611)


I remember reading an article on Slashdot about this specifically about a year or so ago, but a search doesn't bring it up. Essentially, someone wrote a script to do just this.


My memory is failing me be it sounds akin to ..... *thinking: brain wishing I'd had breakfast and a good night's sleep with a nun* ... here it is: Make Love, Not Spam [makelovenotspam.com] .

Click the little "click here" if you click the link I made above -- interesting factoids. I remember being all happy about this and saddened that it got shut down. I also remember being berated for that opinion -- one I still hold. I want this back! More good than harm you know?

Re:justice (2, Insightful)

peculiarmethod (301094) | more than 9 years ago | (#12651477)

Unfortunately, this specific *type* of working around the legal route to justice will only stengthen the tactics/creativity used by "bad guys"(c). It's introducing the darwin effect, and will only kill off the stupid for s short time.. until they learn they much up the anty. In time that will only make it harder to detect the scams. While its cool in the short run, it's only helping the bad guys evolve.

kinda cool though.

Re:justice (1)

NanoGator (522640) | more than 9 years ago | (#12651523)

"I truly often wish that sort of justice were legal... When the law can't back itself up and the people can..."

I might agree with you if I thought people generally had a good sense of proportion.

Re:justice (0)

Anonymous Coward | more than 9 years ago | (#12651537)

"I truly often wish that sort of justice were legal..."

Actually, defacing a phrigging phishing website doesn't go anywhere nearly phar enough. Phlaying
the owner/operator of such a website with a cat-o-nine-tails made of 1/2 oz. lead weights and #4
Eagle triple phishhooks would seem much more appropriate.

Re:justice (4, Funny)

ear1grey (697747) | more than 9 years ago | (#12651565)

This was originally an ill-considered and underinformed comment disagreeing strongly with the attitude and social misalignement of the parent comment, however vigilantes have hacked it and altered it's purpose to throw the original comment's cunning and socially wry insight into sharp relief.

ahhh... (5, Funny)

Anonymous Coward | more than 9 years ago | (#12651340)

that's why my citibank fansite was defaced!

Beam. Me. Up. (0)

Anonymous Coward | more than 9 years ago | (#12651407)

I'll raise your Citibank card with my King George XIII Washington Mutual.

Frist Psot! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12651343)

W00t!

gov. crackdown (3, Insightful)

Awol411 (799294) | more than 9 years ago | (#12651345)

i love how gov. agencies will probably crack down on the hackers defacing the phishing sites, but do little to nothing about the phishing sites/people themselves its all about the quick solution, not trying to go towards the deeper problem

Re:gov. crackdown (1)

mobiux (118006) | more than 9 years ago | (#12651381)

Although I kinda doubt any of these sites owners are going to run to the cops about it.

Re:gov. crackdown (2, Interesting)

masterpenguin (878744) | more than 9 years ago | (#12651479)

did the hackers that defaced the KKK and other Raciest websites several years ago ever get caught? Sometimes I think that the govt turns a blind eye to things that relieve the pressures of trying to regulate the internet. Self regulation can work in small doses.

Re:gov. crackdown (0)

Anonymous Coward | more than 9 years ago | (#12651590)

the KKK site is atleast legal...i find what they have to say sick, but they do have the right to say it.

scamming people's bank account codes is illegal, obtaining that information is illegal. so i have no problem with hackers doing shit to them.

hackers are out there, they are now targeting some criminals instead of companies (and eventually costing said company a lof of money)

Re:gov. crackdown (2, Insightful)

Jesus IS the Devil (317662) | more than 9 years ago | (#12651492)

Do you actually have proof to back up this statement? I doubt it.

fp (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12651348)

frist psot

Good for them. (1)

Tobias.Davis (844594) | more than 9 years ago | (#12651355)

I'm glad somebody's doing something about this phishing / spimming epidemic, we really have no need for them .

Western Justice, eh ... (2, Funny)

TripMaster_Monky (885678) | more than 9 years ago | (#12651358)

"The Geeks, the Pasty and the Unbathed"

Western office of Justice, guffah. (0)

NRAdude (166969) | more than 9 years ago | (#12651440)

The procfs, the /dev/random, and the SIGHUP.

PS: An office is not justice; an office is a momentary duty performed on your behalf as a mercenary (for hire/bought/payed).

Re:Western Justice, eh ... (1)

jacen_sunstrider (797955) | more than 9 years ago | (#12651454)

I didn't think you could seperate those.

It's not a dupe... (1)

NitsujTPU (19263) | more than 9 years ago | (#12651366)

...but we had the same story, by a different news source a day or 2 ago.

Okay... (0, Flamebait)

brilinux (255400) | more than 9 years ago | (#12651371)

But are they Irish?

If only they could hack the email servers as well (4, Funny)

ravenspear (756059) | more than 9 years ago | (#12651372)

Dear Sir,

My name is Dr. Samouismai from the royal family of Nigeria and I would like to offer you a proposal that you may find compelling.

I have recently come into an inheritance of goatse pics and I feel that I can not hold all of it safely. I would propose that if you agree I will hold 26 million of these pics in trust for you to deposit at whatever place you wish to keep them.

I would like to meet to arrange this as soon as possible. If this deal succeeds, I would also like to discuss the possibility of you acquiring my collection of 4.3 million woopie cushions.

Sincerely,
I forgot my real name but I usually go by Jack Ass

Re:If only they could hack the email servers as we (0)

Anonymous Coward | more than 9 years ago | (#12651437)

My name is Dr. Samouismai from the royal family of Nigeria and I would like to offer you a proposal that you may find compelling. ...

Sincerely,
I forgot my real name but I usually go by Jack Ass


Grandma, grandma! My what short memory you have...

Hmmmm (1)

Jesus IS the Devil (317662) | more than 9 years ago | (#12651374)

Most scam artists are smart enough to set up sites from free hosting companies, or use stolen credit cards to purchase paid hosting from legitimate hosting companies.

Hacking into these legitimate companies doesn't do anything to hurt the scammers.

Depends (2, Insightful)

Thu25245 (801369) | more than 9 years ago | (#12651517)

Hacking into these legitimate companies doesn't do anything to hurt the scammers.

If the vigilantes take down the scam site, then they may prevent some people from falling victim to it. It may not hurt the scammer, but it might protect the innocent.

And, frankly, these "legitimate companies" should do more to prevent the use of their services for fraudulent purposes. Say, writing a script to search though the hosted material for the phrase "bank account" and flag any occurrences for human review.

I can't say I approve of this behavior...but it might have a positive effect, as well.

Re:Hmmmm (5, Insightful)

ergo98 (9391) | more than 9 years ago | (#12651521)

Hacking into these legitimate companies doesn't do anything to hurt the scammers.

?

You think that it doesn't hurt phishers when their "closer" is rendered inoperational? Maybe I'm wrong, but I'm going to bet that some phisher that used their botnet to send out millions of emails (losing a number of their bots in the process) is going to be pretty pissed when some whitehat knocks their server offline before all of the morons enter their username and password.

Re:Hmmmm (1)

ScrewMaster (602015) | more than 9 years ago | (#12651569)

Sure it does ... if someone that was taken in by a phishing email goes to the scammer's site and sees "THIS SITE IS RUN BY CROOKS" all over it, he might think twice about typing in his bank account numbers and clicking SEND. This isn't so much about accountability or bringing these guys to justice, it seems more about just making it harder for them to operate. And that's fine so far as it goes, but cracking a scammer's site is still going to be a violation of some cyberterror law or other.

Re:Hmmmm (1)

vdub12 (874654) | more than 9 years ago | (#12651599)

It stops people from falling victim to there crimes. It theory it could be saving the American general public hundreds of thousands of dollars.

Just yesterday (0)

Anonymous Coward | more than 9 years ago | (#12651376)

I am proud of doing it, and also informing people when a spammer has hacked into their site and posted a phishing site. I think it's the right thing to do, and am glad to see that there are others out there trying to do something.

The industry itself... (4, Insightful)

neo (4625) | more than 9 years ago | (#12651378)

Larson added, "We would rather see the industry itself find solutions."

So would we.

Re:The industry itself... (0)

Anonymous Coward | more than 9 years ago | (#12651598)

Larson added, "We would rather see the industry itself find solutions."

...Yeah, that's a good, well thought, PLAN!I wish doctors and layers would do the same thing.

...ya know, so we could all not have to worry about this type of mishap, and just die in prison.

Hackers not always bad (2)

masterpenguin (878744) | more than 9 years ago | (#12651380)

There has been a long history of hackers doing good on the internet. I think this is just another step in that story. Hackers have been misrepresented in the media for many years, and I for one am glad to see that for once they're getting some good press.

Re:Hackers not always bad (0)

Anonymous Coward | more than 9 years ago | (#12651471)

There has been a long history of people doing good in the world. I think this is just another step in that story. People have been misrepresented in the media for many years, and I for one am glad to see that for once they're getting some good press.

well... (0, Redundant)

bassgoonist (876907) | more than 9 years ago | (#12651396)

fighting fire with fire sometimes works...

Re:well... (1)

The Snowman (116231) | more than 9 years ago | (#12651528)

fighting fire with fire sometimes works...

That or it just makes a bigger fire.

Re:well... (1)

tehwebguy (860335) | more than 9 years ago | (#12651572)

he said sometimes

Let the vigilantes ride! (1)

Bad Boy Marty (15944) | more than 9 years ago | (#12651413)

I just wish they were carrying AK-47s -- and using them -- against the scammers/phishers/etc.

Natural progression (1)

Hrodvitnir (101283) | more than 9 years ago | (#12651420)

The people will police themselves when the law cannot. It's just sad to think that the one true hack that can't be completely controlled is the human one. Social engineering will be around as long as people fail to get a clue.

Re:Natural progression (1)

belarm314 (663118) | more than 9 years ago | (#12651467)

From a t-shirt at defcon:

"Social Engineering: because there is no patch for human stupidity"

Re:Natural progression (1)

pHatidic (163975) | more than 9 years ago | (#12651516)

Death.

Re:Natural progression (1)

belarm314 (663118) | more than 9 years ago | (#12651553)

i'd consider that closer to a low-level format than a patch, but good point ;-)

ddos (0)

Anonymous Coward | more than 9 years ago | (#12651424)

No I didn't read TFA

but if they resort to ddos attacks, the quality of service will be reduced for other users of that hosting company, best to get in contact with the hosting providers first, then if nothing is done, release the flying monkeys o/

Report yourself to the authorites? (1)

songofthephoenix (858004) | more than 9 years ago | (#12651429)

Even though its not legal what the 'white hat hackers' are doing - Who is going to put in a report against them? If the phishers report them, they end up reporting themselves to the authorities in the same instance. By the way, most comic book heroes are known as vigilantes - small price to pay, dont you think?

Re:Report yourself to the authorites? (1)

Thu25245 (801369) | more than 9 years ago | (#12651535)

Who is going to put in a report against them?

The scammers' ISP?

"This guy hacked one of our customers' sites! Lock him up!"

Re:Report yourself to the authorites? (5, Funny)

Adrilla (830520) | more than 9 years ago | (#12651554)

By the way, most comic book heroes are known as vigilantes

Well most comic book heroes have great powers, or amazing tools and weapons and um...oh yeah...They Don't Exist!

Retribution (4, Insightful)

athakur999 (44340) | more than 9 years ago | (#12651434)

I have a little PHP script that I use whenever I get a phishing email. The script generates fake credit card numbers, expiration dates, etc. and repeatedly hits the phishing site's form dumping in random info.

Any halfway intelligent phisher would record the IP address of each submission and just dump all of mine when he saw there were bogus, but it makes me feel good that I at least wasted some of his time ;)

Re:Retribution (2, Funny)

Anonymous Coward | more than 9 years ago | (#12651450)

Just think if Visa did this. Only instead of "fake", they use honeytokens: Cards which, once used, are immediately flagged. Black Helicopters swoop in and arrest the baddie. You know, like in that documentary "Enemy of the State".

Re:Retribution (3, Interesting)

lukewarmfusion (726141) | more than 9 years ago | (#12651496)

I wouldn't be surprised if law enforcement actually used this technique.

Seriously, how hard is it to find a phishing site's servers and the owners? I forward links, emails w/headers, whois info (one guy had his real name, address, etc. in the whois for the domain!), etc. to the authorities any time I get the emails. If you can find the hosting company, server, etc. and track down the account owner, that might work.
But if that information is false, giving them a valid account with a "honeytoken" like you describe would be a great way of continuing your search. It's more likely that the scammer has taken precautions on their hosting account than they will when they try to use the invalid account information.

Re:Retribution (3, Interesting)

jarich (733129) | more than 9 years ago | (#12651488)

I have a little PHP script that I use whenever I get a phishing email

Come on... post the script!

Why don't these losers... (1)

WizardRahl (840191) | more than 9 years ago | (#12651435)

... move out of their parents' basements are get a real fucking job??

Where are the authorities? (2, Insightful)

Sathias (884801) | more than 9 years ago | (#12651460)

So where is the FBI and the DHS when you need them? I would have thought that outright fraud would be considered more of a crime than downloading a crappy quality avi of a movie. Obviously the money of rich people like George Lucas is more of a priority than that of normal citizens. We are quickly becoming a society where the most heinous act you can commit is to put a dent into company profits.

Re:Where are the authorities? (0)

Anonymous Coward | more than 9 years ago | (#12651481)

I suspect the vast majority of these websites are hosted overseas.

They missed something. (-1, Troll)

jZnat (793348) | more than 9 years ago | (#12651463)

They missed a spot:
http://www.microsoft.com/ [microsoft.com]

Re:They missed something. (1)

NanoGator (522640) | more than 9 years ago | (#12651563)

"They missed a spot: http://www.microsoft.com/ [microsoft.com] "

Giggle giggle *SNORT* tee hee.

Thanks for the laugh! My anti-M$ bias needed a little stroking today.

Re:They missed something. (1)

ScrewMaster (602015) | more than 9 years ago | (#12651619)

Whoever modded you "troll" must have no sense of humor. That's one of the funniest things I've seen lately.

Be wary of... (2, Informative)

xquark (649804) | more than 9 years ago | (#12651464)

The links these so-called vigilantes place on those de-faced sites saying:

"link to the bank's real web site" ;)

he he he he he he :D

Regards

Arash Partow

________________________________________________ __
Be one who knows what they don't know,
Instead of being one who knows not what they don't know,
Thinking they know everything about all things.
http://www.partow.net/ [partow.net]

Old West theme (1)

UlfGabe (846629) | more than 9 years ago | (#12651483)

In keeping with old west customs, when hijacking a web page use the following phrases:

"YEEEE HAWWWWW, RIDE 'em cowboy"

"I know what your thinking, did I use 5 scripts or did I use 6, well today is your lucky day, punk."

"SSHHHAANNNNNNNNNNNEEEEEEEEE!!!!!!!!!!!!"

im out of ideas, feel free to continue

Re:Old West theme (1)

CelticWhisper (601755) | more than 9 years ago | (#12651620)

SHAAAAANNNNEEE!!!!!!!!!!!!

Yes? What do you want?






(La, la la, random parenthetical nonsense, lameness filter circumvention is fun)

i did something similar once (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12651490)

Not to toot my own horn, but I did something similar to this a few years ago. I couldn't find a girl that would suck me off(1), so i took my penis into my own hand.

1: this was before kathleen fent had that sex change operation.

Only from Cowboy Neal (1)

axonal (732578) | more than 9 years ago | (#12651502)

We'd only expect an article about the Old West and technology from Cowboy Neal.

Hacker Man! (5, Funny)

clayasaurus (758835) | more than 9 years ago | (#12651503)

Hacker-man, Hacker-man
Does whatever a hacker can
pwns fake websites, any size
Catches phishers, just like flies
Look out! There goes the Hacker-man!

Is he strong? Listen, Bud!
He's got caffinated blood.
Can he type from a chair?
Take a look over there.
Hey there, there sits the Hacker-man!

In the chill of night,
At the scene of the crime
Like a streak of light
He arrives just in time

Hacker-man, Hacker-man
Friendly neighborhood Hacker-man
Wealth and fame, he's ignored
Action is his reward

To him, life is a great big bang-up
Wherever there's a scam-up
You'll find the Hacker-man!

Re:Hacker Man! (1)

TRIEventHorizon (744457) | more than 9 years ago | (#12651584)

RoFLCoPTeRZ!!!!@oneoneTHRee!

Reminds me of... (2, Insightful)

hoka (880785) | more than 9 years ago | (#12651515)

a userfriendly comic where Pitr is upset at being spammed. He discovers that the mail servers are Linux and are inseucre. The next clip is of a guy behind a computer frowning at "su: user does not exist." Theres a followup comic where all of the spammers Internet Traffic are routed to Mars. "But Mars doesn't have any... oh." All this really means is that eventually phishers and scammers will get smarter and run TrustedBSD, OpenBSD, SELinux, or some other hardened variant using mainly static pages and highly developed systems. It's really a never ending battle.

a better tactic? (1)

bnitsua (72438) | more than 9 years ago | (#12651540)

it doesn't seem like defacing the site would send much of a message--aren't they generally hosted on compromised boxes, by someone who has hundreds of other compromised boxes?
wouldn't it be a better idea to find the people behind them (it's not too hard...) and go from there?

Just another tale of... (1)

indig0 (812630) | more than 9 years ago | (#12651543)


The white hats, the black hats, and the 1337...?

Why didn't they create EFFECTIVE anti-phish system (2)

iamcf13 (736250) | more than 9 years ago | (#12651544)

Instead of defacing websites?

If they are smart and talented enough to break into a webserver, they could use those skills to set up some sort of clearinghouse for phish sites to avoid that could be done as some sort of proxy + RBL for phish sites. Better yet, program a web proxy program that does something simple:

Compare the href tags in downloaded webpages with the displayed links. If the 'root' domains don't match, imbed a warning in the HTML page before it is sent to the browser for the user to see. The proxy could be programed to look out for spoofery involving internet giants like eBay PayPal and the like. Of course this could be construed as a copyright violation for modifying someone else's webpage (unless you happen to be Google with their Google Cache).

I'm not happy about this. (0, Flamebait)

Halvy (748070) | more than 9 years ago | (#12651562)


After all, the quicker someone, anyone puts an end to the illegal (world) bank system, the better off all the poor and working stiffs will be.

The people who are *supposedly* defrauding innocent people, are actually only taking from the rich.

Those rich bastards are not loosing anything anyway (mostly) because the pig-banks will reimburse them.

Think about how much banks contribute to society; some fat bastard sits there in a fancy building, waiting for someone who doesn't need money, to come in and deposit their riches that they stole off the working class stiffs. Then mr. piggy-banker gives the rich man more money so they start another (legal) scam called a *corporation*.

I say use vigilantiism to burn the banks down (or better yet turn them into homeless shelters or clincs for the disabled) and arrest everyone involved with the banking industry for the last 50 years or so (to start out with) and give the 'scammers' a position of authority which they are earning. :)



-- Don't hate me cuz I'm ugly

Pointless it seems... (1)

Oldest European (886715) | more than 9 years ago | (#12651567)

online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them

Besides the fact that self justice generally is a bad idea, how pointless is it if there are thousands and thousands of those sites?

And it seems pretty obvious to me that it will be easier to set up new sites than taking down existing ones.

If you really want to do something against those scammers you need to follow the money trail.

Nah, that's not so cool (0)

Anonymous Coward | more than 9 years ago | (#12651580)

Now, when they drive up to the operators' houses and kick down their doors and then shoot them in the knee-caps as they're attempting to run away, that'll be cool.

this sounds good (1)

slashdotnickname (882178) | more than 9 years ago | (#12651583)

but it's not going to make much of a difference. some reasons being... most scammers put up sites knowing that they'll be temporary and/or of little harm to their financial/legal status if taken down or investigated. hack all you want, it costs them nothing to put one up again. also, pretty much every human action is incentive driven... scammers are driven by the promises of easy money with very little start up costs, while those "hacking for justice" have the harder job of breaking into a site (at least harder than it would take to put one up) with only personal satisfaction as a payoff. the result being, there will always be more scammers than people fighting them... until the same incentive, like being paid to, exists.

what was this article about... (1)

nevdullc (732342) | more than 9 years ago | (#12651597)

ok,
..so some not so good guys doing some bad stuff
(ie. hacking into webspaces (to host phishing sites (highly illegal))
get their hacked stuff hacked into, by these good guy white hat hackers
(super-Gandalfian data-magus overlords), who take over and expose
(0wn3d 45535) the bad guys to show them who really has the net going on..
so how does law and copyrights fit into all of this ,
... it's the wild f&*($'n west.
get on yer horse and ride (use linux),

/nev/dull/c

Vigilante activism (5, Interesting)

Anonymous Coward | more than 9 years ago | (#12651608)

Speaking of vigilante activism

#!/usr/bin/perl
# This is a perl script I wrote to piss off the phishers. What this
# script does is generate fake credit card numbers that look like real
# credit card numbers. This way, I can add bogus information to
# phishing sites that looks legitimate
# License: Public domain
sub verify {
my($cardnum) = @_;
my($a,$b,@cc);
for($a = 0;$a < 16; $a++) {
$cc[$a] = substr($cardnum,$a,1); }
for($a = 0; $a < 16; $a+= 2) {
$b = $cc[$a] * 2;
if($b > 9) {
$b -= 9;
}
$cc[$a] = $b;
}
$b = 0;
for($a = 0 ; $a < 16; $a++) {
$b += 0 + $cc[$a];
}
return $b % 10 == 0;
}
for(;;) {
$d = "54"; # Some phishing sites only accept cards where the
# first numbers look like they come from a bank
# This looks like a generic US MasterCard number
# (MasterCard is actually 5[1-5], but I'm too
# lazy to make the second digit a random number
# from 1 to 5)
for($c = 2 ; $c < 16; $c++) {
$d = $d . int(rand(10));
}
#print $d . "\n";
if(verify($d) == 1) {
print $d . "\n";
sleep(1);
}
}

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?