Phishing Hack
May 26, 2005 12:06 PM Subscribe
Despite efforts to stop phishing and pharming, they have continued to become more pervasive. While some tools, organizations and lawmakers are helping combat the problem, they have done little to curb these activities. Cellphones, Yahoo IM and AIM were all recently hit by new types of attacks. The AIM attack was more sophisticated than previous versions and combined phishing with a worm that installed software that allows the attacker to potentially take over the comprimised machine. To complicate problems further, a vast majority of these scams take place in locations that make it difficult if not impossible to prosecute the operators.
Because of this, I was delighted to read about hackers that are defacing phishing sites. While this is not legal either, it was some what satisfying to find out these asshats were getting a taste of there own medicine. Do any of you think a penny should be wasted persuing these hackers? If not, what are the legal implications in allowing hackers to attack some sites and not others?
Because of this, I was delighted to read about hackers that are defacing phishing sites. While this is not legal either, it was some what satisfying to find out these asshats were getting a taste of there own medicine. Do any of you think a penny should be wasted persuing these hackers? If not, what are the legal implications in allowing hackers to attack some sites and not others?
Is that a joke? If they break the law, even if for the noblest of intentions, they should be investigated and prosecuted where appropriate. Otherwise, where else do you want the law turning a blind eye? Should the police turn a blind eye while a vigilante mob beats to death (insert your choice of really bad villain here)? Or maybe we can go back to the old "wolfshead" days, and will be allowed to trash with impunity any website the government declares to be outlaw?
Besides which, it's pretty much a moot point. What phisher is going to complain to the authorities about his web site being defaced? He'd need balls of titanium and the size of grapefruits...
posted by kaemaril at 12:21 PM on May 26, 2005
Besides which, it's pretty much a moot point. What phisher is going to complain to the authorities about his web site being defaced? He'd need balls of titanium and the size of grapefruits...
posted by kaemaril at 12:21 PM on May 26, 2005
I have absolutley no qualms about people defacing scam-oriented sites to indicate to potential victims the nature of the fraud. Good on 'em, I say, and godspeed.
My only regret is that no one's taken a shotty to the scammers' grills.
posted by xmutex at 12:24 PM on May 26, 2005
My only regret is that no one's taken a shotty to the scammers' grills.
posted by xmutex at 12:24 PM on May 26, 2005
Maybe I'm just cynic, but who says these "vigilante hackers" aren't just competing scammers?
posted by reynaert at 12:31 PM on May 26, 2005
posted by reynaert at 12:31 PM on May 26, 2005
Can the feds go after the hackers with out a complaint from the owner of the site? I don't think anyone is calling the FBI telling them that someone hacked their very successful phishing site.
posted by sexymofo at 12:39 PM on May 26, 2005
posted by sexymofo at 12:39 PM on May 26, 2005
Yes, the feds can. Cyber crime is still defined as a crime, and can be prosecuted, even if a victim (and I use the term loosely in this case) is unwilling to come forward.
posted by mystyk at 12:49 PM on May 26, 2005
posted by mystyk at 12:49 PM on May 26, 2005
Should the police turn a blind eye while a vigilante mob beats to death (insert your choice of really bad villain here)?
Normally beating someone to death is illegal, however many states have laws that allow people to kill an aggressor if it is in self defense or if it is in defense of a third party. Since these phising sites are an active threat, I guess I would categorize them into the "kill" group.
posted by Mr_Zero at 12:54 PM on May 26, 2005
Normally beating someone to death is illegal, however many states have laws that allow people to kill an aggressor if it is in self defense or if it is in defense of a third party. Since these phising sites are an active threat, I guess I would categorize them into the "kill" group.
posted by Mr_Zero at 12:54 PM on May 26, 2005
What about these guys?
Minutemen have guns with the intent of deadly force. Hackers have Unix with the intent of tagging.
posted by MiltonRandKalman at 1:05 PM on May 26, 2005
Minutemen have guns with the intent of deadly force. Hackers have Unix with the intent of tagging.
posted by MiltonRandKalman at 1:05 PM on May 26, 2005
Go, hackers, go.
They aren't committing a crime. They are preventing one. It's like punching a guy from behind as he's holding up someone with a gun -- you're not going to get convicted of assault.
posted by hipnerd at 1:22 PM on May 26, 2005
They aren't committing a crime. They are preventing one. It's like punching a guy from behind as he's holding up someone with a gun -- you're not going to get convicted of assault.
posted by hipnerd at 1:22 PM on May 26, 2005
It's entirely possible that the so-called "vigilante hackers" are just black-hats honing their skills.
I can't imagine that someone running a phishing operation would actually go and complain to the authorities that his site has been cracked and/or defaced. Still, the only thing separating a white-hat from a life in prison is one zealous prosecutor who's one conviction short of his monthly quota. Prosecutors are, after all, lawyers first and foremost, no?
posted by clevershark at 1:25 PM on May 26, 2005
I can't imagine that someone running a phishing operation would actually go and complain to the authorities that his site has been cracked and/or defaced. Still, the only thing separating a white-hat from a life in prison is one zealous prosecutor who's one conviction short of his monthly quota. Prosecutors are, after all, lawyers first and foremost, no?
posted by clevershark at 1:25 PM on May 26, 2005
An recent article on phishing that I found interesting.
posted by NewBornHippy at 1:28 PM on May 26, 2005
posted by NewBornHippy at 1:28 PM on May 26, 2005
I can't see how warning someone that they're about to be robbed is bad. Number One recently pointed to a fake paypal log-in. These guys just take it a step further. More power to 'em.
Also: what hipnerd said.
posted by Ljubljana at 1:35 PM on May 26, 2005
Also: what hipnerd said.
posted by Ljubljana at 1:35 PM on May 26, 2005
Perhaps I am contributing to the phishing problems in some odd way, but if I am bored enough I take the time to input as much fake b.s. information as I can.
Might just be an irritated eyeblink when somebody is reading over the farmed data, but it is the least I can do.
posted by buzzman at 1:47 PM on May 26, 2005
Might just be an irritated eyeblink when somebody is reading over the farmed data, but it is the least I can do.
posted by buzzman at 1:47 PM on May 26, 2005
Even better was this funny phone call on BoingBoing the other day where someone taunts a boiler room scammer trying to sell him shitty stocks. I'm all for this kind of non-violent vigilante justice (as long as it doesn't happen to me, of course.)
posted by fungible at 1:49 PM on May 26, 2005
posted by fungible at 1:49 PM on May 26, 2005
I understand why people don't like mob rule, but I don't understand why people have this attitude that viewing the law as something pristine that may not need change from outside forces.
I don't understand why vigilante justice is always seen in an either or light. If people did this in other areas everybody would cry slippery slope in seconds. We can like the defacing of these sites and not like lynchings right?
posted by SomeOneElse at 2:18 PM on May 26, 2005
I don't understand why vigilante justice is always seen in an either or light. If people did this in other areas everybody would cry slippery slope in seconds. We can like the defacing of these sites and not like lynchings right?
posted by SomeOneElse at 2:18 PM on May 26, 2005
Low-tech phishing: ATM skimming. Supposedly it's on the rise.
posted by mrgrimm at 5:33 PM on May 26, 2005
posted by mrgrimm at 5:33 PM on May 26, 2005
« Older Conservative Indiana secretly hotbed of judicial... | F-Bommin' Newer »
This thread has been archived and is closed to new comments
If the police were more effective at stopping them then there wouldn't be any need for vigilante hackers. But more power to them for doing what the police cannot do.
So no, I don't see any need to chase them down until all of the phishing sites are closed and then the vigilante hackers will cease to need to be.
posted by fenriq at 12:16 PM on May 26, 2005