Angered by the growing number of Internet scams, online "vigilantes" have started to take justice into their own hands by hacking into suspected fraud sites and defacing them.
 | Bravo! Where can I donate? |
These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say "Warning - This was a Scam Site," or "This Bank Was Fraudulent and Is Now Removed." The efforts by the self-proclaimed "hero hackers" come amid a surge in online schemes known as "phishing" in which victims are lured to fake websites to get passwords or other personal data.
| I get daily messages from "Paypal" wanting me to "verify my account." I get similar messages from eBay, where I don't have an account, and from numerous banks where I don't have accounts. I usually get three to four messages from the mail admins at qrmapps.com and rantburg.com — which would be me — telling me my email is being shut down if I don't "run the attached." And Rantburg's FTP port gets hammered daily by "pgpuser"'s. I am all for doing terrible things to their sites, to include siccing Zarqawi on them... |
The British security firm Netcraft was among the first to pick up the hacking activity, discovering hacked sites that were set up to steal passwords from customers of the US Web payment site Paypal and NatWest Bank in Britain. "While phishing is undoubtedly an illegal activity, the legality of defacing phishing sites is also quite questionable, but in cases observed by Netcraft so far it is reasonable to assume that only the fraudsters themselves have been disadvantaged," the security firm said.
| Is it against the law to stop a crime in progress? |
Some of the hackers are boastful. "We only deface fake banks. Nothing else. Our targets are illegals and hosts that don't take down illegal sites," said a message posted on the website SecurityFocus by the purported "white-hat" British hacker group called The Lad Wrecking Crew.
Another anonymous group supposedly involved in the hacking described the efforts a public service. "They skulk around the internet like cockroaches stealing, cheating, lying and thieving. They will steal from anyone, they have no morals, they use stolen credit cards, they make false claims for asylum and benefits, they want anything they can get for free," the message said. "Law enforcement cannot be bothered with them -- but we can!"
| To me, that's a productive and useful hobby that builds skills that will take the Lads far in this world... |
But while the defacements have undoubtedly halted a number of fraud schemes, security experts are dubious about the methods.
"Oh, I'm not sure..."
"Then how the hell'd you get to be an expert?" |
"Are the ends good? Undoubtedly. Are the means justified? I don't know," said Cory Altheide of the SANS Internet Storm Center, a consortium of academic and industry security experts.
| That must be the "academic" influence talking. Either that, or he never gets any email... |
"All I really know is the stories of vigilantism ending well are few and far between."
|