Vigilante Hackers Use Old West Tactics for Cyberspace Justice
Vigilante hackers use Old West tactics for cyberspace justice
Angered by the growing number of Internet scams, online "vigilantes" have started to take justice into their own hands by hacking into suspected fraud sites and defacing them.
These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say "Warning - This was a Scam Site," or "This Bank Was Fraudulent and Is Now Removed."
The efforts by the self-proclaimed "hero hackers" come amid a surge in online schemes known as "phishing" in which victims are lured to fake websites to get passwords or other personal data.
The British security firm Netcraft was among the first to pick up the hacking activity, discovering hacked sites that were set up to steal passwords from customers of the US Web payment site Paypal and NatWest Bank in Britain.
"While phishing is undoubtedly an illegal activity, the legality of defacing phishing sites is also quite questionable, but in cases observed by Netcraft so far it is reasonable to assume that only the fraudsters themselves have been disadvantaged," the security firm said.
Some of the hackers are boastful.
"We only deface fake banks. Nothing else. Our targets are illegals and hosts that don't take down illegal sites," said a message posted on the website SecurityFocus by the purported "white-hat" British hacker group called The Lad Wrecking Crew.
Another anonymous group supposedly involved in the hacking described the efforts a public service.
"They skulk around the internet like cockroaches stealing, cheating, lying and thieving. They will steal from anyone, they have no morals, they use stolen credit cards, they make false claims for asylum and benefits, they want anything they can get for free," the message said.
"Law enforcement cannot be bothered with them -- but we can!"
But while the defacements have undoubtedly halted a number of fraud schemes, security experts are dubious about the methods.
"Are the ends good? Undoubtedly. Are the means justified? I don't know," said Cory Altheide of the SANS Internet Storm Center, a consortium of academic and industry security experts.
"All I really know is the stories of vigilantism ending well are few and far between."
In a phishing attack, scammers send mass e-mails posing as banks, credit card companies, or other firms asking recipients to "confirm" or "update" personal and financial information in a link to a look-alike website. Many of the e-mails claim to be anti-fraud departments at the institutions.
Analysts say these frauds may result in thefts of up to one million dollars a day worldwide and can lead to identity theft and more losses.
Experts say that shutting down the scam websites is often difficult because they may be hosted in countries where legal action is unlikely.
Peter Cassidy, secretary general of Anti-Phishing Working Group, an industry alliance, acknowledged there was a "gap" in law enforcement action against the schemes, but that hacking was not the solution.
"This is similar to what we've experienced before in the Old West," Cassidy said.
But hackers defacing websites "could leave the brand holder open to further retaliation," including efforts to hack into the real website of the bank or company.
Susan Larson, vice president of global threat analysis and research at the security firm Surf Control, said other methods are preferable in halting the scams.
"I can see where these hackers or vigilantes are technically astute and their frustration is high," Larson said. "But as professionals in this industry, we wouldn't recommend they do it (hacking)."
Larson added, "They could get it wrong just as vigilantes in the Wild West got it wrong. We would rather see the industry itself find solutions."
Submitted by Scotty