Vigilante Hackers use Old West Tactics for Justice 532
dismorphic writes "Angered by the growing number of Internet scams, online 'vigilantes' have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say 'Warning - This was a Scam Site,' or 'This Bank Was Fraudulent and Is Now Removed.'" So maybe it's not a posse of horsemen, but it's still kinda cool that someone is taking care of those who would defraud the public.
justice (Score:5, Interesting)
Jury nullification (Score:5, Interesting)
Comment removed (Score:3, Interesting)
Re:gov. crackdown (Score:2, Interesting)
Re:Retribution (Score:4, Interesting)
Come on... post the script!
Re:Retribution (Score:4, Interesting)
Seriously, how hard is it to find a phishing site's servers and the owners? I forward links, emails w/headers, whois info (one guy had his real name, address, etc. in the whois for the domain!), etc. to the authorities any time I get the emails. If you can find the hosting company, server, etc. and track down the account owner, that might work.
But if that information is false, giving them a valid account with a "honeytoken" like you describe would be a great way of continuing your search. It's more likely that the scammer has taken precautions on their hosting account than they will when they try to use the invalid account information.
Re:Jury nullification (Score:5, Interesting)
Agreed. From the end of TFA:
And while your industry is sitting around doing nothing about these fake sites set up in countries where the local police care more about rounding up dissidents than stopping fraud, people are losing their life savings. I'll take my chances with the vigilantes. Even if they make mistakes, at least they're doing something
Vigilante activism (Score:5, Interesting)
#!/usr/bin/perl
# This is a perl script I wrote to piss off the phishers. What this
# script does is generate fake credit card numbers that look like real
# credit card numbers. This way, I can add bogus information to
# phishing sites that looks legitimate
# License: Public domain
sub verify {
my($cardnum) = @_;
my($a,$b,@cc);
for($a = 0;$a < 16; $a++) {
$cc[$a] = substr($cardnum,$a,1); }
for($a = 0; $a < 16; $a+= 2) {
$b = $cc[$a] * 2;
if($b > 9) {
$b -= 9;
}
$cc[$a] = $b;
}
$b = 0;
for($a = 0 ; $a < 16; $a++) {
$b += 0 + $cc[$a];
}
return $b % 10 == 0;
}
for(;;) {
$d = "54"; # Some phishing sites only accept cards where the
# first numbers look like they come from a bank
# This looks like a generic US MasterCard number
# (MasterCard is actually 5[1-5], but I'm too
# lazy to make the second digit a random number
# from 1 to 5)
for($c = 2 ; $c < 16; $c++) {
$d = $d . int(rand(10));
}
#print $d . "\n";
if(verify($d) == 1) {
print $d . "\n";
sleep(1);
}
}
Re:justice (Score:5, Interesting)
I do this all the time. It is easy with the Firefox Web Developer extension. I just turn the post into a get, remove the field limits, and fill the fields with hundreds of characters. I usually take some text from Project Gutenberg. Then I stuff the big GET into a wget command in a looping bash script and let it run for a few hours. These sites are usually just php mailers, and so I get the satisfaction of filling a scammers mail box.
Probably useless, but it makes me feel better.
(arg, slashdot says I'm a script!, that is it, I done coding for the day and I'm going for a beer)
Re:Jury nullification (Score:3, Interesting)
Self policing society (Score:5, Interesting)
On another level, Slashdot is the pulpit where the topic of freedom gets a lively and ongoing discussion. Freedom to use and create software, freedom to exchange ideas, data, tools, freedom of expression, etc., etc.
The 'net is not quite the free-for-all that some believe. And this self-regulation, self-policing, self-examination that is already the norm, is proof of the responsibility and maturity of so many here who make the net what it is; a cool place now, and a thing of hope for the future. So the idea of people going out and disrupting bad behavior on the 'net is a virtual tradition. To me this is a very good sign.
Let's continue working to keep the gummint's clumsy hands off the 'net. I know they made the net, but it has grown in size and importance because of public involvement.
Re:Jury nullification (Score:3, Interesting)
Even for a single-hosted box, the person running the box may not be aware of what it's doing.
Those caveats having been stated, however, I think that it's a nice thing to see being done. I've sent emails to the sites being spoofed suggesting that they ask for this sort of change, but I've never seen it actually done. They seem to either do nothing, or shut down the website -- no inbetween.
It was fake; here's the real one (Score:3, Interesting)
do {
my ($cc, $sum) = '54' . (join '', (map { $_ = int rand 10 } (1..13))) . '0';
foreach $digit (split
foreach $digit (split
$cc =~ s/.$//;
print $cc, 9 - ($sum % 10), "\n"
} while (sleep 1);
Re:Jury nullification (Score:5, Interesting)
Re:justice (Score:3, Interesting)
If I see someone getting pickpocketed and I can aid them in getting their money back,... What am I going to do? Stand idly by and not say anything?
Re:Retribution (Score:3, Interesting)
What if you generate and submit a valid, existing, card number by accident?
Re:Retribution (Score:3, Interesting)
COME ON, DO IT! (Score:1, Interesting)
Just repeating the URL for clarity's sake.
EVERYBODY, open that URL in a new window/tab and let it run. You can have it in the background or minimise it. In fact, make it your start page if you don't already have any useful start page.
Let's use the Slashdot effect for something good - overloading nigerian scammers' fake websites.
Re:Jury nullification (Score:1, Interesting)