[HN Gopher] USPS text scammers duped his wife, so he hacked thei...
___________________________________________________________________
USPS text scammers duped his wife, so he hacked their operation
Author : wglb
Score : 372 points
Date : 2024-08-08 23:00 UTC (1 days ago)
(HTM) web link (blog.smithsecurity.biz)
(TXT) w3m dump (blog.smithsecurity.biz)
| localghost3000 wrote:
| https://archive.ph/jm2h1
| dredmorbius wrote:
| Above was to the originally-submitted _Wired_ article link.
| Mods have since changed the URL.
| ianhawes wrote:
| Congress desperately needs to carve out an exemption in the CFAA
| for situations like this.
| bluGill wrote:
| I don't want an exception - there is too much potential for
| someone innocent to be framed and attacked. I want the FBI and
| CIA to be given more funding to track this down. Sometimes the
| CIA will need to attack scammers like this because there is no
| diplomatic option, but not random people outside of them. (The
| FBI being limited to the US should take everything to court)
| asynchronous wrote:
| I think this would be a great opportunity to contract private
| firms and companies to do exactly this. It's not law
| enforcement work, so it fits perfectly.
| chocolatkey wrote:
| Here are the original posts themselves, probably more interesting
| to people here:
|
| https://blog.smithsecurity.biz/hacking-the-scammers
|
| https://blog.smithsecurity.biz/systematic-destruction-hackin...
| bn-l wrote:
| Appreciated thanks
| ramathornn wrote:
| Loved that, thanks for sharing! Very cool to see the step by
| step process.
| Ozzie_osman wrote:
| Hilarious. Exposing an LFI to view things like /etc/passwd and
| server logs, and a SQL injection in a PHP stack... I prob wrote
| code like this, when I was a 15 year-old self-described
| "webmaster" in 2002.
| Ozzie_osman wrote:
| Actually, I'm not that far off.
|
| > The creator is a current computer science student in China
| who is using the skills he's learning to make a pretty penny
| on the side.
| KwisatzHaderack wrote:
| > You can never trust a scammer ever and even these scammers
| are getting scammed it seems
|
| There's no honor amongst thieves.
| dang wrote:
| Ok, we've changed the link at the top from
| https://www.wired.com/story/usps-scam-text-smishing-triad/ to
| the first one of those two original posts. Thanks!
|
| Readers may want to read all of them of course.
| dredmorbius wrote:
| And for those wishing for an archive/paywall link to _Wired_
| : <https://archive.ph/jm2h1>.
| spelunker wrote:
| Very informative! I tried doing something similar to these
| sites months ago after getting multiple text messages from
| them, but didn't really get anywhere. Very cool to see a
| professional walk through what they did!
| Scoundreller wrote:
| > Michael Martel, a national public information officer at USPIS,
| says the information provided by Smith is being used as part of
| an ongoing USPIS investigation and that the agency cannot comment
| on specific details.
|
| Oh, they 100% can. There's a US Constitution thing allowing them
| to comment on things. They just chose not to comment because they
| don't want to.
| gamblor956 wrote:
| It's not a constitutional issue. They're not commenting about
| an _active_ investigation because they 're still investigating
| and public comments can interfere with the investigation.
| delfinom wrote:
| Not sure why they are bothering. The US can't touch some
| scammers operating out of China.
| bluGill wrote:
| If it is China the US probably can touch them - China is
| afraid of a trade war and so once presented evidence of who
| is at fault China will stop it. (so long as evidence doesn't
| exist China might know and perhaps even encourage it, but
| once evidence exists they will stop this). It is probably but
| not a sure thing.
|
| If they are in Russia or North Korea there is nothing the US
| can do (other than CIA or military operations) and so the
| scammers will get away with it.
| ianhawes wrote:
| China will not extradite Chinese Nationals (the US has the
| same policy). China will not prosecute their own citizens
| for crimes committed outside their borders (unlike the US).
| aragonite wrote:
| > China will not prosecute their own citizens for crimes
| committed outside their borders
|
| Not true (not as a matter of principle). There was a high
| profile case in which murder suspects who fled from Japan
| back to China were caught & executed.[1]
|
| [1] https://zh.wikipedia.org/wiki/%E7%A6%8F%E5%86%88%E7%8
| 1%AD%E9...
| janalsncm wrote:
| > The Smishing Triad network sends up to 100,000 scam texts per
| day globally
|
| This should not be possible. I guess the iMessage scams used
| e2ee, but the SMS scams should have been caught. It would be
| great if there was law enforcement that competently handled
| cybercrime, or at least triaged it.
|
| More broadly, and at the risk of creating another TLA, the US
| needs a Blue Team version of the NSA. In other words, identify
| critical infrastructure, figure out how it can be hacked, and
| require that companies fix the issues. Use national security if
| need be. Banks have to undergo stress tests to prove they are
| solvent, there is no reason that critical infrastructure should
| be able to leave their doors unlocked.
| mcmcmc wrote:
| Congrats, you've proposed the already existing Cybersecurity &
| Infrastructure Security Agency
| shiroiushi wrote:
| Did he? He said:
|
| >It would be great if there was law enforcement that
| _competently_ handled cybercrime, or at least triaged it.
| [emphasis mine]
|
| I'm not sure CISA fits that definition.
| 8organicbits wrote:
| CISA isn't even a law enforcement agency [1]. The parent
| was presumably talking about the second paragraph.
|
| [1] https://www.cisa.gov/news-events/news/looking-back-
| chart-our...
| barryrandall wrote:
| If CISA is producing a deterrent effect, only LIGO can
| measure it.
| fullspectrumdev wrote:
| Spam filtering for SMS is still not particularly broadly
| implemented by network operators apparently.
|
| I remember during Covid there was a few startups in that space
| trying to work with MVNO's to get a foothold in the market, but
| don't think any of that went anywhere.
| newsclues wrote:
| Network operators make money from scam industry there are not
| incentivized to deal with the problem beyond offering
| additional paid services
| LinuxBender wrote:
| I can vouch for this. There were a myriad of cases I
| brought to my boss, the director of operations for a major
| wireless carrier that was absorbed into another one that
| still exists. "They are paying their bills, right?" was all
| I could get. I had text messages scrolling on my desk in a
| different workspace all day. Agencies would have me grep
| for homicide threats between gangs but that's about it. I
| was not only required to support spammers and scammers, but
| also required to make sure everyone's messages got through
| quickly, including those that were overloading my gateways
| from SS7 links controlled by obvious scammers. I was not
| allowed to get the hicap folks to decom nefarious SS7
| links. This was a long time ago and I doubt the situation
| improved.
| bluGill wrote:
| Congress is hearing complaints and so getting interested
| in this. Thus providing incentive. Of course the
| incentive to carriers is to stop the scams congress will
| be interested in, while allowing the rest.
| ryandrake wrote:
| > I can vouch for this. There were a myriad of cases I
| brought to my boss, the director of operations for a
| major wireless carrier that was absorbed into another one
| that still exists. "They are paying their bills, right?"
| was all I could get.
|
| I would have loved to ask him if he'd do business with
| Stormfront or ISIS as long as they were "paying their
| bills." It's not just the top of the food chain, these
| middle managers are all morally bankrupt, too.
| consteval wrote:
| > Agencies would have me grep for homicide threats
| between gangs
|
| As an aside, it's terrifying that our texts can just be
| read and mass processed like this.
|
| I'm sure, in the general sense, this information isn't
| used for evil. But certainly I think it can be, like
| those Ring Doorbell employees who used their access to
| stalk their victims.
|
| The case for secure messaging services only grows
| stronger, even for the innocent.
| yabones wrote:
| Works the same way as old-school junk mail. Your postal
| service gets paid well by junk mailers to put trash in
| your mailbox, so they're disincentivized to fix the
| systemic issue. I can't find a good quality source on
| this, but it's been said that about 45-50% of USPS &
| Canada Post's revenue comes from junk mail. They could
| fix it, but it would probably lead to a collapse of the
| entire post system due to revenue shortfalls. A true
| tragedy of the commons.
| kgdiem wrote:
| I was pissy one day after my mailbox was so full the mail
| carrier say it in front of the mailbox and I came up with
| a solution I haven't tried -- return to sender!
|
| This would decrease their profit per-item by 1/2.
|
| Key piece tho, are you able to return pre-sorted mail to
| sender?
| creeble wrote:
| I get 5-10 SMS messages a day filtered by Verizon's anti-spam
| (still get notices for each though).
|
| These days they are mostly political pleas, which are,
| ironically, in some semi-protected gray area. Haven't noticed
| any USPS-related ones lately, but a few have gotten through
| in the last few months.
| 2OEH8eoCRo0 wrote:
| > It would be great if there was law enforcement that
| competently handled cybercrime, or at least triaged it.
|
| They do. There's just a lot of it.
| WillAdams wrote:
| Maybe something like:
|
| https://www.npr.org/2024/05/31/1197959218/fbi-phone-company-...
| Joker_vD wrote:
| Can you be prosecuted for hacking cybercriminals back? Because I
| am pretty certain that you, if you had something stolen from you,
| are not actually allowed to break and enter the thief's house,
| take your stuff back and leave, and you're definitely not allowed
| to make a copy of keys for their locks while you're at it.
| langsoul-com wrote:
| It's pretty grey, there's the computer abuse act or w/e. But
| it's quite selectively enforced.
|
| I don't the US gov is gonna go after him for hacking a scam
| group AND he provided details to the authorities. Now, if he
| hacked them and used the stolen credit card details? Who knows.
| Joker_vD wrote:
| > hacking a scam group AND he provided details to the
| authorities
|
| So cyber-vigilantism is technically illegal but the
| authorities will tacitly pretend it is not, when it suits
| them fine, probably.
| _heimdall wrote:
| Are you proposing that every law on the books should be
| enforced every time anyone breaks it?
| digging wrote:
| I say no, but I'd also prefer laws that are more written
| for more specific application. If a human can make the
| call that "it's not right to apply this law here; doing
| so would lead to more lawlessness," so can a penal code.
| And giving much discretion to the humans enforcing law
| leads, more often, to undesirable outcomes (eg. "by
| random chance wink wink, this law only seems to get
| enforced against Black people").
| kelnos wrote:
| If not, then why do those laws exist? Either we're ok
| with those sorts of actions, and we should repeal the
| laws, or we're not, and we should enforce them, equally
| and universally. Anything less leads to biased
| enforcement.
| dontlikeyoueith wrote:
| Yes.
|
| If you have a problem with that, maybe it shouldn't be on
| the books.
| _heimdall wrote:
| Sure, I'd be all for removing a huge chunk of laws that
| exist today. In the meantime I don't think anyone
| actually wants every law to be enforced every time it is
| broken. Our legal system would grind to a halt.
| alkonaut wrote:
| That sounds exactly like how I would want law enforcement
| to work.
| Joker_vD wrote:
| Well, it's a matter of personal taste. I'd prefer actual
| "equality before the law" myself.
| vuln wrote:
| Like China or Russia? C'mon man. We're better than that.
| At least that's what we advertise.
| Joker_vD wrote:
| It's almost as if the proliferation of stories like "the
| district prosecutor found no grounds to open a hit-and-
| run and DUI case against the young man who just so
| happens to be the son of the local MP/mogul" makes people
| disappointed in their government, law-enforcement
| agencies, and the political system in general.
| dontlikeyoueith wrote:
| Like a fascist state?
| smegger001 wrote:
| some times its even endorsed like when the government just
| let Microsoft take control of the No-IP's domains a few years
| back because. despite the fact Microsoft didn't have any
| standing and just decided they were internet sheriff. I was a
| customer of No-ip at the time had Microsoft just black-holed
| the routing of everyone myself included because some users
| were using their dynamic dns service for malicious purposes
| qball wrote:
| Who are they going to call, the cops?
|
| (This is also why criminals tend to seek illegal firearms;
| self-defense from other criminals is a more salient issue than
| it is for the average citizen for this reason.)
| 0xEF wrote:
| I hate that it kicks off with "DISCLAIMER: This is not my work. I
| would never and don't condone illegal hacking of scammers"
|
| You know what? I do. We all should. These scammers are awful
| people and deserve to be attacked. I am tired of toothless
| authorities like CISA and the alphabet agencies in the US doing
| next to nothing about it unless some YouTube scam baiter does the
| work for them. Scammers destroy people, not just financially, but
| emotionally as well, even driving some victims to suicide. As far
| as I am concerned, any wannabe hacker out there should be using
| these scammers for target practice.
| peepee1982 wrote:
| Disclaimers exist for legal reasons, not for moral ones or a
| personal opinion.
|
| I think we all agree that hacking scammers is a net positive
| for society.
| prepend wrote:
| I don't think disclaimers really work. I think it's just
| urban legend that they do.
|
| I find it hard to believe if some scammer is hacked and the
| evidence shows the hacker learned everything from solely this
| video then this disclaimer won't mean anything legally.
|
| I think disclaimers are just a bit of noise that people put
| in out of an abundance of caution.
| lolinder wrote:
| Out of curiosity, are you a lawyer or is this comment
| missing the IANAL disclaimer that is customary when opining
| about legal matters?
|
| At least _some_ disclaimers aren 't just noise--they add
| context that would otherwise be missing to help the reader
| navigate the subtext. The "this is not my work" portion of
| that disclaimer is highly relevant and useful information
| for interpreting the blog. The afformentioned IANAL
| disclaimer helps readers to understand whether your opinion
| has any stronger basis in law than their own.
|
| I also strongly suspect that some disclaimers would have
| legal value in the event of someone misusing information
| being dispensed, but IANAL.
| prepend wrote:
| I am not a lawyer, but didn't include the disclaimer
| because I don't think it's relevant to my comment.
|
| Even were I a lawyer, it should carry the same weight.
| Some random, kind internet stranger sharing ideas.
|
| I think it distracts from the conversation as I wasn't
| giving legal advice but just thinking about how useful
| and relevant disclaimers are.
|
| The comment is more about too much bullshit language used
| in our lives, so I think minimizing (or at least
| intending and attempting to) bullshit in my own comments
| is something I can control.
| thinkmassive wrote:
| When a lawyer posts on a forum topic related to the law
| they usually tell you they're a lawyer, but not your
| lawyer and it's not legal advice.
|
| Safe to assume everyone else is not a lawyer.
| lolinder wrote:
| Probably safe, yes, though it's still polite to leave the
| marker for other people to follow later.
|
| And, to the topic at hand: if lawyers consistently do
| that, that again speaks to the legal value of at least
| some disclaimers.
| randomdata wrote:
| Appeal to authority is considered a courtesy nowadays?
| Fascinating.
|
| Like the previous commenter points out, actual lawyers
| are quite clear that their statements in this kind of
| non-professional capacity hold no more weight than any
| other random Joe. There is no situation of authority.
| IANAL/IAAL may have once been a funny meme - albeit one
| quite tired at this point - but doesn't add anything, and
| may be a detractor if one falls prey to the logically
| fallacy it potentially introduces.
| PawgerZ wrote:
| Defering to an Expert =/= Appealing to Authority
| randomdata wrote:
| Concluding that a statement holds greater significance
| because it was stated by an expert === appeal to
| authority. The person is irrelevant. Just as lawyers
| regularly point out, their work done outside of a
| professional context is no different than work done by
| anyone else. Their expertise is only significant in that
| when work is done in a professional context they promise
| to go over and above to put in the proper care to ensure
| that the work stands up to scrutiny. But even then the
| work must stand alone! They cannot just throw down
| whatever gobbledygook and call it something notable just
| because they are acting as a lawyer. The person is
| irrelevant.
|
| As before, it used to be a funny meme - albeit one that
| has become tired - but there is no significance to it.
| Who the person is tells absolutely nothing about the rest
| of the comment.
| lolinder wrote:
| > Just as lawyers regularly point out, their work done
| outside of a professional context is no different than
| work done by anyone else.
|
| This is not at all what "I'm not your lawyer" means--
| that's a disclaimer to say that they're not taking legal
| liability for their advice to you because you're not
| paying them. They're still far more qualified than I am
| to talk about law in the abstract and dismissing that as
| "appeal to authority" is a false appeal to
| egalitarianism.
| randomdata wrote:
| _> They 're still far more qualified than I am to talk
| about law in the abstract_
|
| While they have the capacity to be more qualified to talk
| about the law, that does not imply that they will choose
| to exercise those qualifications. Lawyers can be trolls
| just like everyone else.
|
| The work must stand on its own. If it is of high quality,
| then it is of high quality. It does not matter _who_
| wrote it. If an infinite number of monkeys wrote it, it
| is still of equal value.
|
| The person is irrelevant.
| ryandrake wrote:
| They usually don't stick "DISCLAIMER" in all caps in
| front of that note, as if the word itself was some kind
| of magical incantation.
| codecutter wrote:
| This reminded me the commercial "I am not a lawyer, but I
| did stay at Holiday Inn last night".
| gosub100 wrote:
| merely being a lawyer _still_ isn 't enough. They would
| have to be licensed in the state in which the potential
| action took place, and fully informed about the
| circumstances.
| bluGill wrote:
| Disclaimers can be shown in court if it comes that far. If
| you seem to be an expert on something but make a mistake
| you can get into trouble for practicing [law/medicine/...]
| without a license. By putting in a disclaimer you make it
| clear that while you seem to know something you are not
| claiming to be an expert which can protect you. If you
| actually are an expert it is even more important because
| someone might take your generic advice as specific even
| though there is some complex detail about their situation
| that makes it not apply.
|
| Most of the time this won't matter. People and courts
| generally know advice isn't to be trusted, if this goes to
| court it will probably be laughed out before they even see
| your disclaimer. However since there is trusted advice on
| the internet and courts/the law hasn't figured out where
| there is always risk and a disclaimer helps protect you
| against the court deciding you were playing an expert.
|
| Of course I'm not a lawyer, I'm only guessing as to what
| will happen. I'm reasonably sure no lawyer will comment on
| this for reasons above.
| ipaddr wrote:
| Until we find out later that the scammers masked themselves
| using someone elses identity and they hacked an innocent
| person.
|
| We have all received email from a legitimate place where a
| scammer uses your email to spam and then legitimate company
| thinks your email sent it.
| dredmorbius wrote:
| "Joe job": <https://en.wikipedia.org/wiki/Joe_job>
| randomdata wrote:
| _> Disclaimers exist for legal reasons, not for moral ones or
| a personal opinion._
|
| In other words, a scam towards the reader?
| nerdawson wrote:
| How so? They inform the reader not to misinterpret the
| information as advice specific to their situation.
| 0xdeadbeefbabe wrote:
| Bad readers will misinterpret anyway and good readers
| won't. It's more about establishing author importance
| than serving the reader.
| chii wrote:
| vigilantism can spiral out of control. While it makes sense in
| this scenario, it's because the scammer is obviously breaking
| some law and is criminal. What happens if it wasn't so obvious?
| newsclues wrote:
| I'm fine with a war on scammers getting out of control to the
| point where bombs are being dropped on scammers call centres.
|
| They are the modern Hostis humani generis
| cqqxo4zV46cp wrote:
| Really, really sounds like you don't have many real
| problems in your life and don't know who to blame for
| societal issues.
|
| People here will lament about the exploited H1Bs causing
| literal genocides at Meta until the cows come home, but
| literally other any person working a job they don't
| necessarily like and in a living situation that's
| undoubtedly worse deserve to be literally bombed because
| they sent you a text message.
|
| Jesus Christ.
| dumpsterdiver wrote:
| Do you... know what the word literally means?
| cutemonster wrote:
| Seems you didn't know that lots of people in scam call
| centers aren't there voluntarily. Trafficking and threats
|
| > _... lured to countries through fake job adverts but are
| instead forced to work in scam call centers, pushing
| cryptocurrency investments, as well as work-from-home,
| lottery, romance, and online gambling scams. All this,
| while being subject to "abject abuse."_
|
| > _A report from Interpol from earlier this year said
| victims are also subjected to extortion via debt bondage,
| beatings, sexual exploitation_ ...
|
| https://www.theregister.com/2023/12/08/human_trafficking_fo
| r...
|
| and:
|
| https://www.reuters.com/world/asia-pacific/hundreds-
| thousand...
| ben_w wrote:
| Mm.
|
| For what it's worth, I can get them to hang up
| immediately if I recommend they join a trade union.
| mnw21cam wrote:
| People who are the victims in a controlling relationship
| will usually say things that the controller wants them to
| say, even when the controller is not there. Ask me how I
| know.
| ben_w wrote:
| I can well believe it, and my sympathies to you.
|
| Hopefully the suggestion gave them an idea to reflect on
| later -- I don't know of anything better that can be done
| when on the receiving end of a phone call.
| mnw21cam wrote:
| I think you're probably right. I came to the opinion a
| while ago that one of the very best things you can do to
| help someone who is a victim of a controlling
| relationship is to tell them things that are indisputably
| true in such a way that they can ignore you if they
| aren't ready to hear it or are unable to respond, but so
| that their mind will have something to chew on and slowly
| form the roots of a rediscovery of truth.
| lo_zamoyski wrote:
| This is what I did with a scammer. He kept rationalizing
| his theft, claiming he's just taking "a little" from many
| people who are well off and wouldn't miss it. Of course,
| not only is that bullshit, but it wouldn't justify the
| theft even if it were true. I appealed to his conscience,
| sternly, and didn't give him an inch. I ended the
| conversation by wishing that he will come to renounce his
| evil ways.
|
| The very fact that he didn't hangup, that he felt he had
| to explain away his guilt to me (a few times) shows that
| he himself wasn't convinced of his rationalization and
| that he himself believed he was doing something wrong. I
| can only hope that the guilt gnawed its way into his
| conscious and that the worm that never dies led him to
| rethink his life and to pick up some honest work.
|
| May the guilty lose sleep, and may their ill-gotten goods
| taste of ash, and thus be led to remorse and reform and
| the righteous path. This is love of neighbor.
| cutemonster wrote:
| Hmm what's your point? I'd think they're under time
| pressure, and if they see they can't fool you, they'll
| immediately proceed with the next target instead.
| (Regardless of if they're working for themselves or being
| trafficked & forced)
| ben_w wrote:
| If they're a good person in a bad place, a union can help
| -- and I suspect that if the calls are monitored, the
| villains who coerce them will want to avoid future calls
| to a number that regularly undermines their authority
| over those they traffic.
|
| On the other hand, the examples people commonly share of
| where someone contacts a knowing scammer to appeal to
| their humanity, is that the scammers laugh at their
| victims -- so if the people on the phone are the
| villains, then I think them hanging up immediately may
| cause more emotional pain than the stream of expletives
| they're used to.
|
| Regardless, it saves me time.
|
| This approach may not be so useful now that GenAI, both
| LLMs and synthetic voices, are getting good.
| johnisgood wrote:
| > This approach may not be so useful now that GenAI, both
| LLMs and synthetic voices, are getting good.
|
| They are getting REALLY good, it is the old "it is
| photoshopped" except with sound. The problem though is
| not being able to differentiate, especially not the
| people scammers usually target (the elderly).
|
| You cannot believe your own eyes AND ears now, sadly. It
| might sound dramatic, but it takes "trust no one and
| nothing" to a whole new level.
| ben_w wrote:
| Mm, indeed.
|
| I expect that, at some point in my lifetime, bio-printing
| and tissue culture will probably reach the point we can't
| even have trust in real life, not even with fingerprints
| and a DNA test.
|
| Will this happen before or after we become post-scarcity?
| I don't know.
| bluGill wrote:
| A union cannot help them. They generally are in places
| where there isn't a better option. Go on strike, we will
| just find someone else to replace you. Unions work when
| you are hard to replace. (hard is a trade off between
| many things, not just the cost of training someone new;
| but also things like the legal climate or future strikes)
| ben_w wrote:
| Unions also give you a team that is rooting for you (even
| the mere psychological aspect can be surprisingly
| valuable), and potentially access to a legal fund.
| lupire wrote:
| You are really arguing that slaves in a region with no
| functioning legal system should join a union?
| ben_w wrote:
| That's a description of the Russian revolution, I think?
| Wasn't that serfdom at the time?
|
| Also literal slaves working together, even if you'd not
| call it a union:
| https://en.wikipedia.org/wiki/Haitian_Revolution
| ben_w wrote:
| chii wrote: "What happens if it wasn't so obvious?"
|
| Is Musk a scammer? Bitcoin? The commission Apple charges on
| the App Store? The Fortnight monetisation system?
| Facebook's claim to be able to accurately target adverts?
| Vaccines and masks? OpenAI?
|
| People _on this website_ have said so about each of those
| examples.
|
| _That_ is why it 's bad to go down that path.
| throwaway7ahgb wrote:
| To answer your question, No they aren't.
|
| Until the REAL scammers are brought down, people will
| take actions into their own hands.
| ben_w wrote:
| https://en.wikipedia.org/wiki/Rhetorical_question
|
| If the question's answer was obvious and resolving false
| then _none would have been described thusly_ , if it was
| obvious and resolving true then _you_ wouldn 't be
| denying it.
|
| Merely asserting that they are not, in your opinion
| (though hey, look at those legal cases they have between
| them...) does nothing to remove the fact that they have
| been called this.
|
| It also does nothing to help with the lack of legitimacy
| of vigilantes. Nor, in this case, jurisdiction: part of
| the problem here is _international cooperation_ , because
| right now the USA (where the victim is) and China (where
| the gang is) are a bit chilly towards each other.
|
| > people will take actions into their own hands.
|
| Amateurs sending a bomb their way? That's one way to
| describe how WW1 started.
| bigallen wrote:
| I think the point they're trying to make is that
| determining who is a criminal and what kind of punishment
| they deserve is a very difficult task that depends
| largely on perspective.
| danaris wrote:
| The existence of a gray area in between "obviously fine"
| and "obviously wrong" doesn't mean that there is nothing
| in those outer categories.
|
| It is, at least hypothetically, possible to define
| "scammer" clearly enough that the more egregious and
| clear-cut types are taken care of more expeditiously.
|
| Not sure if there's a way to actually _enforce_ that
| better, but "it is possible to disagree over whether
| _some things_ are scams " is not the same as "there's no
| way to agree on whether _anything_ is a scam ".
| ben_w wrote:
| In principle, when the legal system handles the cases, I
| agree: don't let the perfect be the enemy of the good.
|
| In this specific case, when it comes to vigilantes in
| particular? Then no. I think that a society which allows
| it will end up somewhere between lynching and anarchy.
|
| Better law enforcement, which does not even have to mean
| "more laws"? Good. Batman wannabes? Bad.
| _heimdall wrote:
| You have never seen war first hand if you would be fine
| with starting a war over online scammers.
| newsclues wrote:
| Maybe I have and the calls aggravated my ptsd?
| themaninthedark wrote:
| If society doesn't want vigilantes than it must take an
| active role in pursuing and punishing criminals.
| prmoustache wrote:
| You are saying it as if there was only one society with one
| juridiction.
| _heimdall wrote:
| At least here in the US, I can say one of the last things
| we need is more people in jail or prison.
| justin_oaks wrote:
| The parent commenter said "pursue and punish", not "put
| in jail".
|
| There are other forms of punishment besides jail time.
| But really I'm more concerned that the scam organization
| is shut down, even if the main scammer isn't put behind
| bars. If nothing else, it'll slow down and reduce the
| scams.
| _heimdall wrote:
| Fair enough. Maybe I'm splitting hairs here, but at least
| in the US you will almost certainly spend a bit of time
| in a jail when being charged, booked, and arraigned.
|
| Given that we're talking about legal, rather than extra
| judicial, pursuit and punishment I would expect jail to
| be a part of that process.
| capnsalty wrote:
| We just need _different_ people in jail. Release all the
| people who got caught with dime bags and lock up the
| people who steal money from seniors. Those are the actual
| monsters.
| prepend wrote:
| Society does take an active role through police, fbi, etc
| etc
|
| Vigilantes are criminals too so society takes an active
| role in pursuing and punishing them as well.
| willcipriano wrote:
| That only works if you aren't in a:
|
| Anarcho-tyranny
|
| A stage of governmental dysfunction in which the state is
| anarchically hopeless at coping with large matters but
| ruthlessly tyrannical in the enforcement of small ones
|
| https://m.wikidata.org/wiki/Q64594123
|
| Then you get your door kicked in for not paying taxes on
| $50 venmo transaction, or saying the wrong thing online
| but when there is a school shooter (or presidential
| assassin) the cops wait for them to finish while they
| play with their phones.
| jazzyjackson wrote:
| thanks for that example, it really paints a picture of
| the impotence of the state, tho watching the video it's
| easy to blame the failure on the hundreds of individuals
| that didn't take action, but they are meant to be the
| vangaurd; we handed the monopoly on violence to these
| people and for what?
| UncleMeat wrote:
| While it is true that the justice system is often used to
| disproportionately hurt the poor, nobody is getting their
| door kicked in for not paying taxes on a venmo
| transaction.
| shermantanktop wrote:
| Civil forfeiture is roughly similar.
| UncleMeat wrote:
| Civil asset forfeiture is indeed horrible and often used
| to basically just steal from the poor. It is also totally
| different than having your door kicked down for failing
| to pay taxes or being arrested for saying the wrong thing
| online.
| shermantanktop wrote:
| Sure, but it does match the GP's point about tyrannical
| enforcement against small violations. The examples GP
| provided weren't apt, you pointed that out, I'm providing
| another one.
|
| Red light ticket revenue funding small town budgets is
| another. Brake-light rationales for traffic stops...I
| could go on.
|
| The key is what you pointed out, that these are never
| used against the elite class.
| themaninthedark wrote:
| We deem vigilantes criminals because we have no way to
| hold them accountable if they infringe on someone's
| rights.
|
| Society is supposed to take an active role, but sometimes
| they have other priorities.
|
| Big companies getting hacked or scammed make headlines
| and generate FBI action. People like me, not so much.
| _heimdall wrote:
| Unless I'm mistaken, we vigilantes are deemed criminals
| because it is, ironically, against the law to enforce the
| law on someone else without being granted that authority
| by the state.
|
| Its still not quite accurate to deem vigilantes as
| criminals though. Unless they've been charged and
| convicted they aren't technically a criminal.
| kelnos wrote:
| > _it is, ironically, against the law to enforce the law
| on someone else without being granted that authority by
| the state._
|
| Not sure why that's "ironic". Seems reasonable. Only
| people trained and accountable should be doing things
| that would violate people's civil rights and take away
| their freedom or possessions.
|
| Obviously the reality of our legal systems fall far short
| of ideal, but IMO vigilantism is not the answer to that.
|
| > _Its still not quite accurate to deem vigilantes as
| criminals though. Unless they 've been charged and
| convicted they aren't technically a criminal._
|
| You sound like the kind of kid who would put their hand
| an inch from their sibling's face and constantly utter
| "not touching! still not touching!" and think that you
| were "technically" not breaking the rules, so your
| behavior was ok.
| _heimdall wrote:
| > Not sure why that's "ironic". Seems reasonable. Only
| people trained and accountable should be doing things
| that would violate people's civil rights and take away
| their freedom or possessions.
|
| Maybe ironic wasn't a great fit there, I stand by the
| rest of the comment though. I blame Alanis Morissette for
| my inability to recognize irony accurately.
|
| > You sound like the kind of kid who would put their hand
| an inch from their sibling's face and constantly utter
| "not touching! still not touching!" and think that you
| were "technically" not breaking the rules, so your
| behavior was ok.
|
| There's a legal definition of "criminal". Is it being an
| annoying little brother to think definitions are
| important?
| tedunangst wrote:
| The people receiving vigilante justice aren't technically
| criminals, either, by that logic. You're inflicting
| punishment on innocent (not proven guilty) people.
| mcphage wrote:
| It's difficult when the authorities over you have no
| jurisdiction over the criminals harming you.
| lupusreal wrote:
| Precisely correct. People have a natural right to receive
| justice, so _IF_ the government abdicates its assumed
| responsibility to provide justice people have every moral
| and ethical right to enact justice themselves.
| spacebacon wrote:
| People with every moral and ethical right to enact
| justice are the types that can acquire clearance and join
| various authorities in the pursuit.
|
| Vigilante's don't abide by the laws so aren't well
| positioned to dispense justice in a non hypocritical way.
|
| Maybe carve out a low level clearance that gives grey hat
| types a little room for counter red team activity.
| lupusreal wrote:
| People have a duty to defer the enactment of justice to
| the government only if there exists a government which
| fulfills their end of the deal. If no such government
| exists, then people are ethically and morally free to do
| it themselves.
| spacebacon wrote:
| Who says no such government exist?
| jimbokun wrote:
| Because the real world is a Batman comic book.
| lupusreal wrote:
| I never read any comic book, sorry..
|
| In absence of a government willing or able to enforce
| laws, vigilantism creates a public pressure to fix the
| government. Either way though, people are entitled to
| justice. If the government doesn't provide it, then the
| government is responsible for the harmful consequence of
| the resulting vigilantism.
| kelnos wrote:
| That's just your opinion. In reality that's not actually
| how it works, and what you describe is a worse world for
| everyone.
| lupusreal wrote:
| What reality of ethics and morality do you appeal to,
| that isn't just another opinion?
| kelnos wrote:
| > _People have a natural right to receive justice_
|
| There's no such thing as a "natural right". Rights are
| granted, not innate. In the US we might think freedom of
| speech is a "natural right", but go to a country that
| doesn't have that, and you'll see how "natural" it really
| is. (And hell, even in the US, free speech rights are
| curtailed all the time.)
|
| > _IF the government abdicates its assumed responsibility
| to provide justice people have every moral and ethical
| right to enact justice themselves._
|
| I don't agree with that. Look at how (for example) the
| 1800s in the US west looked when it came to so-called
| "justice", when the government wouldn't or couldn't
| prevent or track all that much crime. That's not a world
| I want to experience.
| lupusreal wrote:
| Other countries violating rights doesn't mean those
| rights don't exist. I speak of natural rights and not
| legal rights for this reason.
|
| And not that I have not denied the negative consequences
| of vigilantism for society as a whole. Those consequences
| are the reason governments are _supposed to_ seek justice
| in a more orderly and accountable manner. It is when
| governments renege on that responsibility that they bare
| the blame for the consequences, as people seek justice on
| their own (because they know justice is their right and
| will seek it themselves if nobody else will for them.
| This innate understanding of being entitled to justice is
| the proof that a natural right to justice does exist.)
| vouaobrasil wrote:
| Then society would quickly condemn the vigilantes.
| Vigilantism works precisely in those cases where the
| criminals being persecuted is obvious. It seems to me that
| there is an optimal amount of vigilantism and it's greater
| than zero in those rare cases where there is a person skilled
| enough to carry out the retribution.
| nonrandomstring wrote:
| If we're going to invoke "vigilantism" (as opposed to notions
| of reasonable and proportionate self-defence) let's
| acknowledge how U.S. American culture at least in the 80s and
| 90s is drenched in a deep love of vigilante justice... The
| A-Team, Knight Rider, The Equaliser, even Batman! Who doesn't
| dream of a secret base inside a mountain, filled with
| surveillance gear, an anti-crime computer and a personal
| Apache attack helicopter waiting on the pad to rain fire down
| on miscreants?
|
| Let's say that's more than just individual morality but a
| concrete cultural relation to wealth, power, justice and
| social contract of the state.
| lo_zamoyski wrote:
| The trouble with vigilatism is that it involves a
| usurpation of state authority that one does not possess.
| State authority can be deputized under certain conditions,
| of course, and self-defense is an example (I can shoot
| someone trying to commit murder, for example; or consider
| citizen's arrest), but it isn't arbitrary and isn't
| vigilatism.
|
| Of course, when the state demonstrates a dereliction of
| duty and becomes feckless in its ability to punish
| criminals in proportion to their crimes, this creates
| outrage and a strong temptation to engage in vigilatism.
| The state then shares responsibility for the resulting
| vigilatism.
| edm0nd wrote:
| I mean scammers are the perfect targets to hack because they
| cant go to the police lol
|
| I have no issues with hackers hacking scammers and fucking
| their shit up.
| loopdoend wrote:
| Ah yes the classic SWIM defence.
| gadders wrote:
| For people that ransomware hospitals, I want Navy Seals (or
| equivalent) falling out of the sky and renditioning back to the
| appropriate country to stand trial.
| Waterluvian wrote:
| There's a demonstrated inhumanity in attacking hospitals and
| children that really should earn special attention.
| rezaprima wrote:
| regardless who, whom, and how, right ?
| Waterluvian wrote:
| Yeah. I'm not picking sides nor am I advocating for an
| inhuman response. Just that it deserves the full
| attention of the media and state departments every time.
| theGnuMe wrote:
| So what about crowdstrike?
| gadders wrote:
| Grey area. I reckon Navy Seals fall out of the sky and
| give the CEO an atomic wedgie.
| noworriesnate wrote:
| This violates the constitution because it is unusual (the
| constitution bans cruel and unusual punishments). So,
| we'll have to normalize this punishment.
| gadders wrote:
| Maybe do the board of directors as well?
| x3n0ph3n3 wrote:
| It can be unusual as long as it is not cruel. It bans
| "cruel and unusual" not "cruel or unusual." That's why a
| judge can order, as punishment for shoplifting, that the
| perpetrator stands in front of the store with a sign
| saying "I shoplifted here."
| foobarian wrote:
| By that token, it could be a cruel punishment as long as
| it's not unusual. Hmm...
| hunter2_ wrote:
| Some may see usual punishment such as customary fines and
| jail time as cruel, but the usual-ness making the
| arguable cruelness moot is convenient as it eliminates
| the need to argue it.
| digging wrote:
| Have you heard of American prisons?
| gs17 wrote:
| Here's the test the Supreme Court established in 1972:
|
| > The "essential predicate" is "that a punishment must
| not by its severity be degrading to human dignity",
| especially torture.
|
| > "A severe punishment that is obviously inflicted in
| wholly arbitrary fashion." (Furman v. Georgia temporarily
| suspended capital punishment for this reason.)
|
| > "A severe punishment that is clearly and totally
| rejected throughout society."
|
| > "A severe punishment that is patently unnecessary."
| jimbokun wrote:
| As consequential as the crowd strike outage was, there is
| still a moral difference between an epic fuck up and
| deliberately hijacking people's data for money.
| Especially when it affects people's health.
|
| Crowd strike immediately pushed a fix for the problem
| once they realized what happened. No, that didn't prevent
| the global economic costs and general chaos that was
| caused. But they clearly weren't deliberately trying to
| cause all that damage.
| 999900000999 wrote:
| They accidentally outsourced QA to save a buck.
|
| If you cut corners while still being wildly profitable
| it's negligent at best.
| drpep69 wrote:
| It doesn't matter, the effect was still the same. Intent
| is important, but it's not everything. And at this point,
| I'm really tired of professionals with responsibility
| playing dumb. "Oops, sowwy!" doesn't work for engineers
| when a bridge collapses. Why do programmers and
| executives alike get away with it?
| jimbokun wrote:
| Sure.
|
| They're still not as bad as ransomware hackers.
| PawgerZ wrote:
| Crowdstrikes actions are akin to manslaughter while
| ransomwaring hospitals is more akin to murder.
| gosub100 wrote:
| corporate death penalty
| cyanydeez wrote:
| Or russia
| the__alchemist wrote:
| In the US, hospitals are highly profitable businesses
| driven by enriching their owners. Until that changes, they
| don't deserve special status.
| Waterluvian wrote:
| In the other 96% of the world then.
| sheepscreek wrote:
| Why is the author afraid of getting sued by scammers? I think
| there should be some legal protections for people like them.
| Better yet - a licensing program to allow them to do this
| without legal repercussions as long as it's done within the
| guardrails of the framework.
| BiteCode_dev wrote:
| Because, believe it or not, the system is better at
| inflicting pain at someone honest than someone crooked.
| coldpie wrote:
| > Why is the author afraid of getting sued by scammers?
|
| Being civilly sued by scammers isn't the fear, it's being
| prosecuted by the state for committing CFAA (or similar)
| crimes.
| delfinom wrote:
| As far as I can tell, these scammers were in China.
|
| Nothing illegal until they sign an extradition treaty with the
| US.
|
| Which they won't, lmao.
| lesuorac wrote:
| Isn't it?
|
| Like if I fly from China to US and offer you a bridge in
| exchange for $20 and take the $20 and don't give you a
| bridge, it's a scam.
|
| What's the difference between that and doing it online? The
| offer is still posed on US soil; if anything it should expose
| you to the legality of both countries.
| bluGill wrote:
| The difference is if I'm still in the US the US police will
| arrest me. If I'm in China the US police has to ask China
| to arrest me - if China refuses to arrest me than no crime
| was committed as far as I'm concerned since my government
| let me get away with it.
|
| Technically the US can start a war with China, which could
| reach the point of the US military capturing me and
| bringing me to the US thus ensuring I don't get away wit
| it. Realistically that isn't happening though. There are
| also trade-war options which sometimes happen in high
| profile cases, but often they are seen as losing more than
| gained.
|
| Note that most countries will arrest me and send me to the
| US if presented evidence. If you used France as your
| example country and so I'm exposed the the legality of both
| countries. Russia and North Korea are most well noted as
| protecting their own people against crimes like this
| committed elsewhere, so if you can get protection from
| those countries for this crime it isn't a crime because
| nothing will happen (war of course is an option but it
| seems unlikely). China is a grey area - they sometimes
| protect their own, but often they will not, in general for
| this scam I'd expect they would arrest you for this scam,
| but not all of them.
| lesuorac wrote:
| Sure, the US might not be able to arrest you if you're
| not within it's territory. But that's still the same as
| selling you a bridge for $20 and just hoping on a flight
| to China.
|
| It doesn't make it legal though; it just means you aren't
| arrested. The DoJ may still issue indictments [1].
|
| [1]: https://www.google.com/search?q=doj+warrents+for+rus
| sian+hac...
| lupire wrote:
| "Possession is nine tenths of the law."
| aragonite wrote:
| > Note that most countries will arrest me and send me to
| the US if presented evidence.
|
| I believe that's actually very rare. I mean instances in
| which country A extraditing to country B one of its _own_
| citizens (who isn 't also a dual citizen of B). In the
| most common scenario, country A extradites a citizen of B
| back to B, or (less common) a citizen of some 3rd country
| C to B.
|
| I couldn't find a single instance in which a US citizen
| was extradited from American soil to a foreign country,
| for example, even though this is permitted by the
| extradition treaties. (I welcome any pointers to actual
| instances)
|
| Foreign countries sometimes extradite their own citizens
| to the US, but I believe that to be very rare. Even the
| case of Gary McKinnon [1] was ultimately blocked, for
| example.
|
| [1] https://en.wikipedia.org/wiki/Gary_McKinnon
| PepperdineG wrote:
| The laws aren't universally the same in all countries.
| Copyright/product counterfeiting can vary from country to
| country for instance, so you can do something legally in
| one country but the importation of such a product into
| another country would be illegal. China makes all kinds of
| knock-off DVDs and products, while US resellers can get
| themselves in a bunch of trouble for importing and selling
| such products. Large scale US resellers get arrested for
| selling these Chinese knock-offs, but it doesn't mean that
| the Chinese manufacturers engaged in a legal activity in
| their own country are at risk of being arrested and
| deported to the US even though they're the bigger fish.
|
| With your bridge example different countries and
| jurisdictions could have different requirements for the
| purchase of real estate or that you even were buying real
| estate rather than like an NFT, toy model, etc. A scam in
| the US might not be considered a scam in a foreign
| jurisdiction and even within the US it might not be
| considered a scam, like if someone offers you a quit claim
| deed for whatever interests they have in a bridge for $20
| that could be considered legal depending on what
| representations were made. In fact a person buying a quit
| claim deed for way below market value could find themselves
| in hot water being investigated for like elder abuse with
| them being seen as the one trying to pull a scam on a
| potentially vulnerable property owner.
| seanhunter wrote:
| An extradition treaty doesn't define what is and isn't legal,
| it defines under what circumstances a country who is party to
| the treaty will surrender someone who is currently sheltering
| in their territory to face prosecution in another country.[1]
|
| So for example some GRU agents came to the UK and attempted
| to murder a couple of Russian expats using a nerve agent
| called Novichok[2]. As well as the original targets, three
| further people were poisoned and had to be hospitalised, one
| of whom died.
|
| Unsurprisingly perhaps Russia won't extradite their millitary
| intelligence officers back to the UK to face justice. This
| doesn't change the fact that murder and attempted murder are
| definitely illegal in the UK.
|
| [1] https://www.cfr.org/backgrounder/what-extradition
|
| [2] https://en.wikipedia.org/wiki/Poisoning_of_Sergei_and_Yul
| ia_...
| bluGill wrote:
| I don't because some scammers will find ways to frame their
| enemies. If you attack the person/organizations doing the scam
| fine - but don't attack an innocent organization. Most of
| vigilantes are not careful to tell the difference.
| codetrotter wrote:
| Exactly! People are not trained in gathering and interpreting
| evidence. And when they are "investigating" something that is
| personally affecting them there is probably even greater
| chance of them jumping to conclusions and acting rashly.
| Emotions will cloud judgement. And judgement was lacking in
| the first place because they are not trained in how to
| investigate matters and they are not familiar with tactics
| that criminals use to make it appear like they are someone
| else.
|
| Several years ago when I still had a Facebook account there
| was a guy that DMed me yelling at me and accusing me of
| trying to "hack him". His evidence? The reverse DNS record
| for a server was pointing to a domain I owned. I replied and
| told him the reverse record was out of date. I had previously
| rented a VPS with that IP address and I had had the reverse
| record point to my domain. I had since cancelled the rental
| of that VPS and now the hosting company had assigned the IP
| to someone else. Apparently the hosting company had not
| bothered to remove the reverse DNS record from their systems
| so it was still pointing to my domain. The guy that was
| yelling at me was of course too stupid to understand this
| when I explained it to him so I gave up on trying to educate
| him and blocked him from being able to send me any more DMs.
|
| Now imagine if this guy had started a full-on retaliation
| campaign based on his misguided "evidence". Luckily for me I
| never heard or seen from him again.
|
| But yeah, that kind of thing is exactly why "vigilante
| justice" is such an incredibly dangerous and stupid idea.
| gosub100 wrote:
| back around 2007, the scam: "send you a check for a
| mistakenly huge amount and ask you to refund the difference"
| was in full swing. In their email they said they'd overnight
| a check, and I thought "good, overnight shipping is very
| expensive, at least if I scam them I'm costing them $20 in
| fees", but no. Brought the envelope to a friend at UPS, he
| gave it to their fraud department, and behold the letter was
| sent using a stolen corporate shipping account. Maybe I
| helped by getting that account shut down, but I also ended up
| costing them money.
| jsbisviewtiful wrote:
| > These scammers are awful people and deserve to be attacked.
|
| Some of them are being held prisoner and are being forced to
| run these scams under threat of torture. There was a Search
| Engine episode about this in the last year.
| ChrisMarshallNY wrote:
| John Oliver did a great segment on it.
|
| I won't link to it, because he seems to piss some of the
| folks, hereabouts, off.
| gosub100 wrote:
| since he only pokes fun at one side, it's hard to tell what
| the truth is.
| ChrisMarshallNY wrote:
| This was 100% apolitical. A lot of his stuff is, and his
| team really does their homework.
|
| The stuff he says before the main story, tends to be
| quite political, but the main story, itself, is often
| apolitical.
| Take8435 wrote:
| This is anecdotal and not at all representative. He
| points out issues on both sides. It's not his fault "one
| side" tends to warrant that kind of scrutiny so often
| lately.
| CyberDildonics wrote:
| What is the 'other side' to people being scammed that you
| think he should have covered?
| tedunangst wrote:
| There's always the possibility that they weren't scammed.
| CyberDildonics wrote:
| They being all the people john oliver reported on?
| fragmede wrote:
| Not sure why the chilling effect for linking to it, you
| have 26k karma, but here it is:
|
| John Oliver: Pig butchering scam.
|
| https://youtu.be/pLPpl2ISKTg
| ChrisMarshallNY wrote:
| It's not a karma thing. It's a basic desire to play well
| in the community.
|
| I'm quite aware that not everyone is on the same page,
| and this just helps to indicate a basic respect for
| others that may not like him.
|
| As you can see, that didn't actually work, as just the
| mention of his name, got a ding.
| legitster wrote:
| The problem with John Oliver is that his stuff can be
| really good, or it can be incredibly one-sided and
| inaccurate, and the viewer can never tell because his over
| the top style just kind of relentlessly overwhelms you and
| is engineered to elicit strong emotions. It's good
| entertainment but as an informational source his show is
| very fraught.
| fsckboy wrote:
| "19th century cotton growers were awful people"
|
| "but the people growing the cotton were enslaved"
|
| "the enslavers, generally known as cotton growers, were awful
| people"
| lupire wrote:
| Do you think the slaves would be happy if you set fire to
| the awful enslaver's cotton field while they were working?
|
| Some might, but it's their choice to make, no yours.
| Wistar wrote:
| Related: on NPR yesterday, "How criminal syndicates traffic,
| torture and enslave people to send scam text messages"
|
| "https://www.npr.org/2024/08/08/nx-s1-5058798/how-criminal-
| sy...
|
| Audio and transcript.
| EricE wrote:
| They have to or they may get in trouble due to our stupid laws.
| From the article: "Initially, Smith says, he was wary about
| going public with his research, as this kind of "hacking back"
| falls into a "gray area": It may be breaking the Computer Fraud
| and Abuse Act, a sweeping US computer-crimes law, but he's
| doing it against foreign-based criminals."
| blacklion wrote:
| Same could be said for self-defense, though it is effectively
| banned in most "civilized" countries.
| lupire wrote:
| I don't no which countries you're referring to, but the US is
| not one of them.
| vkou wrote:
| Self-defense isn't banned anywhere, the kind of 'self-
| defense' murder that some people in the US occasionally get
| away with is, though.
|
| (For example, if your idea of self-defense starts with 'I'll
| be following someone around in my truck...', most other
| countries would let you hang.)
| 5040 wrote:
| _An outlaw, in its original and legal meaning, is a person
| declared as outside the protection of the law. In pre-modern
| societies, all legal protection was withdrawn from the
| criminal, so anyone was legally empowered to persecute or kill
| them._
| dang wrote:
| We detached this subthread from
| https://news.ycombinator.com/item?id=41198724.
| hot_gril wrote:
| It "doesn't condone it" but shows the exact recipe for doing
| it, and even distributes a dump of their PHP files. Just a CYA
| statement.
| kelnos wrote:
| The solution here is to fix the law enforcement apparatus, not
| condone vigilantism. Yes, I know that's a hard thing to fix.
|
| But think about "IRL crime". Would we condone someone pulling
| out their gun and going after someone who they believed had
| stolen from them? I hope not.
|
| The problems are the usual ones with vigilantism: ensuring a
| proportionate response to the alleged crime is impossible
| (vigilantism usually has a large emotional component, so good
| luck restraining someone there), and ensuring the vigilante is
| actually going after the right person, and hasn't screwed up
| their investigation, causing them to target someone innocent.
|
| Certainly holding law enforcement accountable is difficult and
| sometimes impossible. But at least there's a process to fix
| that, and people are constantly working on this problem.
| There's no process to fix cases where randos botch an amateur
| investigation and mess up the life of someone innocent.
| happymellon wrote:
| What's quite interesting about this is the iMessage integration,
| as this is a good example that _directly_ contradicts Apple
| supporters claims on this very site.
| johnisgood wrote:
| What are their claims? But yeah, there is a lot of fanboyism
| going around, be it Apple or Rust.
| kubectl_h wrote:
| Can you enumerate the claims you are claiming are directly
| contradicted?
| wizardforhire wrote:
| Heres my off the cuff take on law enforcement not going after
| scammers to the fullest extant that I think we can all agree they
| should...
|
| The US has roughly 340 million people now.
|
| The US gdp is roughly 28 trillion dollars.
|
| Which means that on average the dollar value per citizen is
| roughly 82 thousand dollars...
|
| Divided by days in year, hours and minutes its roughly 15 cents
| per minute.
|
| So if we assume 100% of the population is getting at least one
| scam a day of some sort and that the disruption to thought to get
| back on track as result of the anger induced is about 30
| minutes...
|
| That puts the loss to the US at little over 1.5 trillion dollars
| in lost productivity.
|
| The US currently spends roughly 840 billion on defense...
|
| So almost twice the yearly national defense budget is potentially
| lost to scams.
|
| Seems crazy, as I said off the cuff. I would love to see some way
| more accurate numbers.
|
| But arguing in dollar amounts I think will go a long way to
| putting the problem in perspective. And who knows, maybe we'll
| get to some drone strikes on scammers in our lifetime.
| mylastattempt wrote:
| It's illogical to calculate the thing you are looking for, but
| lets run with it just for the sake of it.
|
| Let's go with your "one scam a day". The person then has to see
| it, choose to read it and then act on it (delete/ignore/get
| scammed). Not even considering the practical effects of
| receiving 4 before lunch, and none getting past spam filters
| the rest of the week.
|
| Then you come up with 30 minutes for each individual scam? If
| it evens goes trough the above mentioned phases, nobody is non-
| profitable for a full 30 minutes, for every scam attempt, every
| single day of the year.
|
| Using your 15 cents per minute, we could stick with just a
| minute of lost value. That translates into 340 000 000 * $0.15
| * 365 days = 18 billion.
|
| Still a totaly useless number because it's impossible to
| measure, but at least much further from 'ridiculous' than 10%
| of the GDP you came up with.
| Fokamul wrote:
| Noticed the salt used for encrypting password, in the writeup?
|
| "wangduoyu666!.+-"
|
| Whoops, this looks like username -> wangduoyu666 (same for
| "wangduoyu8", "wdy666666". Seems like they're incrementing
| numbers in username too, but probably false positives, maybe
| popular username)
|
| Google it. Probably skid's github, linkedin, etc. (not verified)
|
| And looks like OP missed this. Also name on telegram is fake of
| course, Wang Duo Yu is singer in China, so skid is using singer's
| name as username and also as a full name in Telegram.
|
| Ps.: From their backup telegram, also "wangduoyu12"
|
| Ps2: From OP write up -> https://t.me/wangduoyu0 -> there is
| youtube channel https://www.youtube.com/@duoyuwang4820 which
| links in description to this telegram channel wangduoyu0
|
| And it's full of videos of someone making tutorials to bypass
| china firewall? etc. Multiple 30min-1hour videos, there must be
| treasure trove of info. Videos is leaking these gmail accounts:
| https://i.imgur.com/LUiKbF6.png
| yorwba wrote:
| How do you know these are all the same person, instead of
| different people with the same name, or independently using the
| name of a singer they like?
| Fokamul wrote:
| Yes it is possible. But github wangduoyu666 is full of
| wannabe hacker repos. I will edit the post.
| Fokamul wrote:
| Ps3: Leak from ytb videos, list of Wifi networks
| https://youtu.be/FnKbBmdQuIk?si=NPzl7tExHOhc3Gad&t=2929
|
| https://i.imgur.com/zJsbJZ5.png
|
| Heh, in the newest video he basically shows how to setup the
| BT5 panel and fake website from the writeup :)
|
| https://www.youtube.com/watch?v=2fdmVsqeQ1Q
|
| All info I've gathered from videos:
|
| Knjfatemaa@gmail.com (Cloudflare account)
|
| Username in Mac: wenziguo
|
| Telegram @DockerWang
|
| gentleman.yu2013@gmail.com
|
| yuzhiwen2017@gmail.com
|
| wangtian1888@gmail.com
|
| tangzhongwei1993@gmail.com
|
| beegoservice2012@gmail.com
| css wrote:
| "666" is a slang term:
| https://en.wikipedia.org/wiki/Chinese_Internet_slang
| Fokamul wrote:
| Cool, is there any good OSINT info/tools for Chinese "world"?
| Am4TIfIsER0ppos wrote:
| 666 is also a common number over here. Perhaps he's into
| heavy metal.
| forinti wrote:
| When I have the time, I like to script an attack on phishing
| sites by posting false data. The idea is to fill their databases
| with trash, and make it more difficult for the criminals to weed
| out real data entered by victims.
| thedanbob wrote:
| I almost did this the other day when I got a fake Docusign
| phishing email. Unfortunately, I found that the webpage it led
| to was sending collected credentials to an apparently innocent
| but hacked third-party wordpress site, which I assume forwarded
| the info elsewhere. I didn't want to waste the third party's
| bandwidth so I used their contact form to explain the
| situation. Didn't expect a response, but I just checked and
| they fixed it!
| prmoustache wrote:
| we need a new phone/text messaging infrastructure that prevent
| number spoofing AND force operators to filter out scams attempts.
| bell-cot wrote:
| True. But neither "our" government, nor the corporations
| maximizing their profits in the current dystopia, give more
| than a lip-service sh*t about doing that.
| coldpie wrote:
| At least for people in the US, the solution is simple: make
| internationally-sourced communications opt-in. By default any
| calls or texts originating from a non-US carrier will be
| dropped. Then, any spam coming in must be from a US entity, and
| can be investigated & prosecuted. People who do need to receive
| internationally-sourced communications can turn it on with
| their carrier. While they'll still be at risk of receiving
| spam, the value of sending that spam in the first place will go
| way down because the vast majority of it will just get dropped.
| It's an easy solution, and it solves call/text spam for
| everybody.
| bluGill wrote:
| I'm reasonably sure that countries like France will sign a
| treaty to not allow spoofed numbers in this way. They don't
| want to be a source of scams anyway and so will do their part
| to prevent them. The details of this matter of course, but
| France should be an easy automatically opt-in. (I picked
| France because I can spell it, there are several dozen others
| that I'm confident can be in the automatic opt-in list as
| nothing from them is a scam)
| hobs wrote:
| I have never once got a spam call from an international
| number, just local numbers. So your plan doesn't work when
| some local proxy is happy to take the traffic.
| vel0city wrote:
| A lot of the time spam calls might look like they're a
| local number, but they're just manipulating caller ID.
| Often the actual call can originate anywhere on the planet
| and look like a local number to you.
|
| Up until very recently, caller ID was stupid easy to spoof
| if the originating phone company didn't care.
| beryilma wrote:
| Until recently I would get spam text messages from my own
| cell phone number. Telecommunication companies are
| complicit in all of this for allowing phone number
| spoofing. As long as they make money I guess it's OK for
| them.
| athenot wrote:
| We have a lot of progress under the form of STIR/SHAKEN. Now it
| doesn't prevent all types of spoofing but it makes the calls
| traceable back to the originating carrier.
|
| What happens is scammers get numbers with small carriers who
| interconnect with major ones. Eventually the reputable carriers
| notice spam from these smaller carriers and start dropping
| their calls (or banning them altogether). So the smaller
| carriers decide whether they want to see their legitimate
| traffic dropped or just ban the offending users (which is
| eventually what ends up happening). Scammers end up hopping to
| a different carrier so it's a cat-and-mouse game, but it's a
| lot more expensive to play now than it was with simple number
| spoofing.
|
| In parallel, numbers are starting to get reputations attached
| to them, similar to IP addresses. Some filtering takes
| advantage of that.
|
| Of course, spearfishing can continue unimpeded with someone
| buying a prepaid cell phone and using that to call a specific
| target. :(
|
| https://transnexus.com/whitepapers/understanding-stir-shaken...
| kelnos wrote:
| STIR/SHAKEN is only for calls, though, not SMS/MMS. Messaging
| is a giant hole, there...
| hypeatei wrote:
| Yeah, I'm not sure why but a lot of comments here tend to go
| down the "governments must stop this with law enforcement"
| route when there is probably much better ways to do this
| technically without forming international task forces.
| UncleEntity wrote:
| Sure, but the Telcos seem perfectly fine with taking the
| monies from the scammers until they are _forced_ to do
| something.
|
| I mean, it's validly been 25 years since I received my first
| scam text and I still sporadically get them once in a while.
| gosub100 wrote:
| and a third option: telco carriers are liable for allowing
| this to go on.
| gs17 wrote:
| > AND force operators to filter out scams attempts.
|
| How do you expect that to be implemented without requiring them
| to read everyone's texts (requiring either no encryption or a
| backdoor) and judge their worthiness?
| prmoustache wrote:
| If you have a mecanism that allow users to report scammers
| you could automatically ban callers/senders that are reported
| by a sufficiently large number of persons very quickly.
| kelnos wrote:
| Aren't they already doing this, for SMS/MMS, at least?
| batch12 wrote:
| One wife is enough I guess
| speed_spread wrote:
| That's the title of the next James Bond movie
| merek wrote:
| I recently came across NanoBaiter on YouTube. He baits scammers
| and hacks their systems, often disrupting their entire operation.
|
| He identifies the culprits in detail, scares the hell out of
| them, reports them to police, and tries to inform / refund the
| victims. In at least one video, he accesses the scammer's Stripe
| account and refunds the victims (often elderly) for their
| payments on bogus IT security products. I recall another video
| where gains access to the CCTV in the scammer's office building,
| and captures a police raid on the scammers.
|
| https://www.youtube.com/@NanoBaiter
| ChrisMarshallNY wrote:
| I've learned to leave hackers and scammers alone; no matter how
| much they piss me off.
|
| Most of them are quite capable of delivering a nasty
| counterattack. Some, IRL.
|
| Had a friend hack a spammer that hijacked his server, and they
| blasted his server into LEO.
| spydum wrote:
| definitely this..you are messing with a group of folks, and
| potentially stopping their flow of money. unless you have great
| opsec, you may just cause problems for yourself you dont want.
| personally never heard of it escalating beyond online attacks,
| but it's not worth the drama imho
| Fokamul wrote:
| Yes, since the guy who made the writeup, has exactly 0%
| opsec. -> ridiculous. But I would be more scared of 3letters.
| ChrisMarshallNY wrote:
| _> never heard of it escalating beyond online attacks_
|
| Krebs gets SWATted.
| insane_dreamer wrote:
| And the bigger the operation, the more $ is at stake for them
| and the more resources they have to allocate to stopping you
| and/or revenge.
| VikingCoder wrote:
| Remember *69? You'd get the phone number of the person who just
| called you? (Theoretically - it didn't always work.)
|
| How in the hell do we not have a trivial "report a scam" option
| on phone calls and text messages? Which reports it to the FTC or
| FBI or something?
| shkkmo wrote:
| The easier reporting becomes, the more the average quality of
| reports decreases.
|
| So making reporting easier is good only if you already have
| atleast sufficient resources to process and follow up on the
| current report volume. My understanding is that we don't
| currently have enough resources dedicated to handling the
| reports we do get of people who got scammed. If that is the
| case, then making it easier to report potential scams doesn't
| help until we increase the resources for tracking down and
| stopping scammers.
| paul7986 wrote:
| Amazing over 400K people entered their credit card information..
| mind boggling to me yet like all to most of us here we just about
| ignore every phone call and text message not from someone already
| in our contacts.
|
| I always thought there should be a driver license and test to use
| the Internet to cut down on people being ignorant. As well or a
| class you must pass in high school that teaches ignore all phone
| calls, text, emails and etc from people you have not met offline.
| If you do meet them online make them snap or facetime you fairly
| quickly to verify veracity.
| UncleEntity wrote:
| My Great-Aunt got scammed out of something like $30k back in
| the late 80s and all she had was a landline...
| jeffwask wrote:
| I wonder if these are the ones I constantly get saying I have a
| package at USPS and they need info but the texts all originate
| from an international number, so they are obviously fake to me.
| idunnoman1222 wrote:
| How come vigilanteeism is accepted for computer related crimes
| but not other ones?
| cvoss wrote:
| > The creator is a current computer science student in China who
| is using the skills he's learning to make a pretty penny on the
| side.
|
| There's a strong argument right here for teaching technology
| ethics as part of a typical CS curriculum. I'm not saying that
| would have stopped this student from making his own unethical
| choices, but it does highlight the fact that we equip people with
| these really powerful technical skills, but we don't even try to
| equip them with the ethics to be responsible about it. We just
| sort of hope they were raised right, I guess.
|
| Anyone here have experience with a curriculum that includes the
| ethics aspect?
| signalToNose wrote:
| Not ethics per se but all students at university in Norway take
| basic philosophy
|
| https://en.wikipedia.org/wiki/Examen_philosophicum
| bix6 wrote:
| The Markkula Center at SCU is fantastic.
|
| https://www.scu.edu/ethics/about-the-center/center-news/inte...
| mlavrent wrote:
| The Brown CS curriculum has in the past few years started
| including "socially responsible computing" material across
| intro and non-intro level courses.
|
| See https://responsible.cs.brown.edu/
| eadler wrote:
| All ABET accredited programs are required to include ethics and
| have been required to do so for over 15 years.
|
| We explicitly learned about voht IEEE and ACM code of ethics
| for example (though this was not the only thing we discussed) .
| We were even tested on the difference. I'm always confused when
| people don't even get the baseline ethics training.
| ewoodrich wrote:
| Yeah we all had to take it at Portland State because CS was
| ABET. Was kinda surprised to learn it wasn't a standard CS
| requirement everywhere.
|
| There was also an ethics module in one of the massive pre-
| weed out 100 level courses.
| 0xdeadbeefbabe wrote:
| This person has lots of fellow students who aren't doing this.
| Maybe his CS classes aren't challenging enough.
| ryandrake wrote:
| Let's not blame CS classes for the unethical actions of one
| pupil. My CS classes weren't exactly challenging either, but
| I never wrote or sold a scamming toolkit.
| PhasmaFelis wrote:
| Gotta be careful, though. If you teach them _too_ much ethics
| then they won 't want to work for most corporations.
| Fokamul wrote:
| Clearly you don't understand Chinese mindset, do you think he
| has no ethics? He has a lot of ethics, because he wouldn't dare
| to hack Chinese citizens, we know why :) but everyone else
| (except Russians, of course) are open-season for them.
| insane_dreamer wrote:
| > He has a lot of ethics, because he wouldn't dare to hack
| Chinese citizens
|
| That has to do with fear, not ethics; the consequences of
| getting caught doing this to Chinese (vs foreigners) are
| significantly high (you do not f*k around with a system that
| has no due process)
| y-c-o-m-b wrote:
| In high school (over 2 decades ago), I figured out how to crack
| the school security software (and obtain its master password,
| thank you Windows swap file!) and after doing so, I installed a
| keylogger on the school library computers. I got access to
| dozens of email accounts, instant messaging accounts, etc. I'm
| self-taught all the way. In fact I dropped out of high school
| junior year with a 1.76 GPA. I knew what was right and wrong,
| but not yet mature enough to fully grasp the harm it does. I
| don't think any sort of ethics teachings would've changed
| anything.
| pavel_lishin wrote:
| Similar story here, though at a smaller scale, and with a
| better educational experience. I remember distinctly talking
| to my mom about the ethics of hacking, and my viewpoint at
| the time was - in the parlance of kids today - cringe.
| BlueGh0st wrote:
| My lesson came while ARP poisoning, when I saw that a teacher
| was using their social security number as their password.
|
| Suddenly I realized even dumping passwords was an invasion of
| privacy, even if I didn't use them. And that passwords should
| never contain sensitive information!
| hot_gril wrote:
| I used to get frequent iMessages that look just like this, except
| with links to a different domain name. Last one was July 21,
| linking to https://us-usps-mg.top/us
|
| Seems it's no longer active. If I send "Y", the message is not
| delivered. The domain points to 404 on a "King Ice" website
| selling jewelry shaped like guns or penises, I'm not joking.
| smm11 wrote:
| I broke into VT-100 terminals (the real ones, not the modern
| terminal app derivative) at my university library over 40 years
| ago.
|
| Can't tell you how, it's been a minute.
___________________________________________________________________
(page generated 2024-08-09 23:00 UTC)