Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Enough is Enough - Taking the fight back to the Internet scammers

by sauoq (Abbot)
on Oct 28, 2003 at 02:35 UTC ( [id://302611]=note: print w/replies, xml ) Need Help??


in reply to Enough is Enough - Taking the fight back to the Internet scammers

I'm not exactly opposed to vigilantism in a case like this but I don't expect it would be very effective. I'm reminded of the little dutch boy plugging a hole in the dike with his finger. It's really far too easy to move to another server, IP, and or domain name.

The only real way to combat this kind of thing is with education.

The random data should be identical to valid data making it impossible to automatically parse out:

I think that's being optimistic. With IPs and datestamps, it would probably be pretty easy to separate the list into "probably real" and "probably not real" piles.

Sure I have reported it to Barclays but the server is in russia so they will not really be able to stop it. They probably don't care as their disclamer makes it THE CLIENTS problem.

I would guess they would care a great deal. The monies in the bank are probably insured against fraud up to some amount. Besides, banks make money by holding onto yours. They don't want to lose their customers' money to someone that will go put it in another bank, right? And, really, they don't want to lose your future business either. I would think that banks take a great deal of interest in this sort of thing.

I suppose I could ask one of my more dubious assocites to take the server down but that would probably hurt inoccent users as well.

I wouldn't worry about the other users. It is likely that there are no legitimate users of the machine or that the hosting provider is at least aware of the illegitmate users. But again, it's simply too easy for the perpetrators to move on, so I don't really see the point (except maybe to feel like you got a little revenge.)

-sauoq
"My two cents aren't worth a dime.";
  • Comment on Re: Enough is Enough - Taking the fight back to the Internet scammers

Replies are listed 'Best First'.
Re: Re: Enough is Enough - Taking the fight back to the Internet scammers
by tachyon (Chancellor) on Oct 28, 2003 at 03:02 UTC

    With IPs and datestamps, it would probably be pretty easy to separate the list into "probably real" and "probably not real" piles.

    Besides the bugs in the code this could be harder than expected. You would need certain elements in the raw data file as well as the 4 significant data fields you might presume the script is writing. A parallel log analysis might show you when you were being bombed and from where but you need to accurately correllate that with the data. A low order continuous DOS would make this problematic anyway as all data would become suspect. The general idea of adding a haystack to hide the needles seems like not a bad approach.

    Of course there are plenty of fixes for it but it does require that those fixes get implemented. Given that it appears that this site is a clone of a scam on the National bank it is possible that while the perps are creative they are at a script kiddy level. The form they present looks nowhere near as high quality as some I have seen which are a perfect match for the target site.

    As you don't need the return data you would really want to spoof the sending IP address. Better simulated names (ie taken from a real name list) and Secret words taken from say the Unix dictionary would also add more realism.

    Education is a nice thought but if you take virus spread as an example some people are difficult to educate.

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

[reply]
      A parallel log analysis might show you when you were being bombed and from where but you need to accurately correllate that with the data.

      The assumption being that they don't log both together... and maybe they don't. I would, though, if I were pulling a scam like this. (And, if they aren't this time, they probably will next time.)

      As you don't need the return data you would really want to spoof the sending IP address.

      That would certainly help.

      Education is a nice thought but if you take virus spread as an example some people are difficult to educate.

      I agree entirely. Of course, losing one's savings might be a lesson that's hard to forget. Regardless of whether or not education is an effective solution, it is the only real one. Like I said though, I'm not opposed to vigilantism in a case like this; I'm just trying to make a realistic assessment of how effective it would be in the long run. My conclusion remains: "not very."

      -sauoq
"My two cents aren't worth a dime.";
[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://302611]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2024-04-25 19:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found