bit-tech.net

Artists Against 419

Comments 1 to 25 of 26

Reply
Lazlow 8th November 2005, 13:37 Quote
It all sounds good, but surely their ISPs would be annoyed at the amount of bandwidth they use to take down the websites? Maybe I'm reading it wrong, but in order to take down a site, they use up all its bandwidth by refreshing images rapidly. Surely that would utilise a heck of a lot of your own too?

Either way, at least someone is doing something about these scammers...
Aphex_ 8th November 2005, 13:48 Quote
if u read carefully it states that whilst it refreshes the image from the website, it doesn't refresh it on your end, a clever piece of internet knowledge. i personally think that this is wholly justified, ppl can make citizens arrests so i dont see why this isn't right as well. they give companies and isp's plenty of opportunity to fix their own problems and if they wont and the police won't then the public have a duty to.

three cheers!!
kye 8th November 2005, 14:40 Quote
So has anyone got the lad vampire page up? :D
Lazlow 8th November 2005, 14:41 Quote
Ah that explains that then! Definately 3 cheers, as I know several people who have been caught out, as they're not in the know...
Zidane 8th November 2005, 14:47 Quote
it doesnt hammer your own bandwidth as much as you think. yes, there is some bandwidth used, but its a very small amount.

consider this example. if you have a program that uses 1k of bandwidth per second its running leeching from the site. now, if 1024 people run this same program, all at once, then each person is only using 1k of their own bandwidth, but the website itself is having to send 1meg of traffic (1k * 1024 users == 1meg). this is the basic premise of any distributed denial of service attack (ddos), many users doing very little, all pointed at the same place. as the results of the flashmobs show, the results can be devastating for the target, but un-noticable for the attackers.

ive seen the aa419 site a couple of times in the past, and tbh, i think they are doing more good than harm. whilst i would not condone a ddos, i wouldnt call what they do a ddos. they are not trying to deny service to the website, simply make a big enough spike in the hosts logs so that a human will come to see what all the fuss is about, thus shutting down and illeagal site. i firmly agree with their tactics, its not like they are throwing around their bandwidth at everything that moves, they do make efforts to complain to the relative abuse departments before even considering spiking the traffic.

they are good guys, they dont want to break anything, they just want to make some noise so that someone comes to see whats wrong. grey-hats for sure, but then, arn't we all?
ralph.pickering 8th November 2005, 15:36 Quote
From what I can tell from their web site, they give ISPs ample opportunity to take these sites down, and a lot are taken down that way. Only when ISPs fail to listen to reason do they try hammering the site's bandwidth.

Seems like a good way to try out my new 8Mb broadband if you ask me. :)
loPloP 8th November 2005, 16:14 Quote
Thanks for that great article! ;)
I'm one of the Artists guys, and I really liked it.

Just a small correction: Our Fake Bank Database has reached the 5000 entries some time ago.

To answer a few of your questions and thoughts:
Yes, people who use the Lad Vampire or the Mugu Marauder are of course using some of their bandwith, but that has never upset any of theirISPs as they are paying for the bandwith (many people who participate have a flat rate).

And yes, you are right, only a very small amount of banks are killed with these two tools. The vast majority of banks are terminated with simple kill letters to the hosters. So the ones we DO kill with the Lad Vampire or Mugu Marauder are hosted by companies who either work together with the scammers or much more likely who don't care if there is illegal, criminal and fraudulent content on their servers (though all of them have ToS, which forbid that). And yes, these hosters don't like us very much, but honestly we don't care about that. :)

And to correct Zidane, we do only good and no harm. We are attacking only fraudulent websites. E.g. this one or this one or this one.
While these sites are not very convincing to people with some internet experience, the scammers are very successful with them to trick less experienced people into paying 10,000s of Dollars. The brain of many people just goes on stand-by when they see their very own name in an account on one of these "banks" with the figure $5,000,000 right besides it.
In case you are interested in the background of such a story and speak (read) German, here's a large article about 419 in Germany's #1 news magazine.

And to pick up the last line of the article: We appreciate eveyone who is teaching their friends, family etc about 419, however as long as Law Enforcement Organisations and the police in most countries of the world prefer to ignore this sort of criminality (either because they don't care or they don't have the knowledge) it's the internet community itself who has to take care of the problem. And that's what we do and we appreciate everyone's help. :)
tecate 8th November 2005, 16:58 Quote
I fully support and agree with what the Artists are doing. Mobbing is the best way to catch somebodys attention and rouse action.

BTW, is anybody here familiar with novels "The Magic of Recluce" by L. E. Modesitt Jr.? He presents the exact idea between being on black, white, and grey side, except wizardry in this case.
Zidane 8th November 2005, 17:37 Quote
Quote:
Originally Posted by loPloP

<snippety-snip>
And to correct Zidane, we do only good and no harm.
<snippety-snip>

i would disagree. whilst on the whole, you guys do a great deal of good, as a network administrator i have seen the effects ddos's on servers before and know that whilst you will be very effective in taking out a single site, if there are other sites hosted on the same server or within a routed segment of that hosts network, they will also suffer. aa419 cannot avoid doing a little harm with flashmob bandwidth attacks due to the nature of the hosts (i.e. several sites hosted on virtual servers on the same machines, routing chokepoints, etc).

i should make clear, im not condemming you or suggesting that your doing anything wrong, on the contrary, i wholeheartedly support your tactics when 'flashmobbing' a site. your tools seem very well written to move on from a particular site when it is showing signs of disruption, and you limit your activities to specific dates and times, and specific targets, which you publicise in advance, and you take measures to try to avoid the need to 'flashmob' a site.

as you have stated, your intention is not to ddos the site out of existence, but simply to create a large enough spike in the traffic to ensure a human takes notice. i have to admit that you guys seem to take extraordinary efforts to avoid causing any disruption to anything but scam sites, but some will inevitibly occur.

personally, i can only agree with your tactics. if one of my own servers were affected for a day because it was hosted on the same machine as a scam site, you can be sure as hell i'd be poking the hell out of my host to sort it out. sometimes a little harm does everyone a lot of good, and from what ive read in the article and from your site on previous visits, it would seem you have done everything you can to minimize the harm.
wolff000 8th November 2005, 17:54 Quote
i think this is great. I appluad everyone that supports this by running the tools. great idea i will definately be involved in the next flashmob.
ArtistsAgainst419 8th November 2005, 19:11 Quote
We want to thank you all for the positive responses and Wil for the great article. Not all journalists do research a matter as thoroughly as you do. So a big ;) for you!

We are happy to answer all questions you people may have or to discuss suggestions or improvements, either here or on our forum.

As already said by loPloP we need and appreciate all help we can get either with spreading the word or with killing fake banks. You are all invited to participate in the next Flashmob. If you don't want to miss it you can sign up for our newsletter (no spam, of course, no advertising or teasing stuff, you'll get just a reminder for the Flashmobs).

The Lad Vampire and the Mugu Marauder are updated permanently, so there's no need to wait till the next Flashmob, if you want to use them. :)
TroubledMind 8th November 2005, 19:22 Quote
Sounds like a great idea, I will also try to be part of the next flashmob when I am at home. My college is kind of picky about bandwidth usage and I really don't need any more attention. But if there is one while I am at home I will definately join in.
Kipman725 8th November 2005, 22:51 Quote
your tactics are good. I would disaprove of you if you didn't send the letters out first though :P

(might join you in one of your mobbing actions soon)
Warrior_Rocker 8th November 2005, 23:07 Quote
def a white hat organization, i really appreciate the work you guys do, to keep the internet working for the rest of us

personal shoutout from me
thanx, Warrior_Rocker
Rocket733 9th November 2005, 04:03 Quote
While I would normally not condone or encourage such actions. It seems that in this case care has been taken to refrain from permanently damaging equipment and property. Hopefully as hosting companies begin to take notice the need for flashmobbing will fall and letters will be all that is needed.
Firehed 9th November 2005, 05:40 Quote
I'm all for the idea, but anyone else think it sounds a lot like a DDOS attack?

In any case, I'll abuse my tabbed browsing powers and have some fun.
I_Slider_I 9th November 2005, 15:19 Quote
I think the fact that they do not actually bring the site down lends a lot of support for their tactics. They are walking a thin legal line, mind you, it will be interesting to see if there is legislation in the future to make these flash mobs illegal, which wouldn't surprise me judging from the fact of how out of touch with the times the government has become.

However I guess you could call this an early evolutionary form of cyber police. Hopefully as aa419 begins to grow in reputation they will begin to command more and more respect among ISPs world wide, and a simple letter will be enough to bring the scammers down, although I wouldn't mind seeing the people behind the sites prosicuted, so that they don't just set up a new site.
yodasarmpit 9th November 2005, 18:49 Quote
Just natural selection at play here, get caught out with this kind of scam, you don't really deserve the right to use the net unsupervised.
knoj 10th November 2005, 02:29 Quote
I am running the Mugu Marauder...

I just started now, and it's kinda neat! it even minimizes to the system tray so you aren't bothered by it...
Old Coaster 10th November 2005, 11:54 Quote
Quote:
Originally Posted by Zidane
i would disagree. whilst on the whole, you guys do a great deal of good, as a network administrator i have seen the effects ddos's on servers before and know that whilst you will be very effective in taking out a single site, if there are other sites hosted on the same server or within a routed segment of that hosts network, they will also suffer. aa419 cannot avoid doing a little harm with flashmob bandwidth attacks due to the nature of the hosts (i.e. several sites hosted on virtual servers on the same machines, routing chokepoints, etc).
Hi all! This is my first visit here. My name is Old Coaster and I am an alcoholic ( errh! Wrong Forum ) I too am an artist!

Seriously, the purpose of the flashmob is to make life hard for a hoster who "knowingly" hosts a fraudulent site on his servers. I only put forward names for our tools where I have sent an e-mail to the hoster (usually to several addies) using my 419legal address which has police connections and have confirmation via readnotify that the host has opened the e-mail. If after opening, nothing happens in 7 days, then the hoster ceases to be an innocent dupe and becomes party to the fraud.

Frankly, at that point, I do not care if the hoster's other customers notice a slowing of their internet service - it serves them right for using an irresponsible hoster. Hopefully they do and complain to the hoster who is then forced to investigate why. After a couple of flashmobs, they almost always fall into line. We maintain searchable lists of responsible hosters and anyone who is concerned about the collateral damage that our actions may cause should refer to our list to see if their hoster is on it - responsible hosters do not need to be flashmobbed. I should add that if a hoster is not on our list, it may merely mean that we have never found a fake on their servers - it does not necessarily imply they are irresponsible.

There is one other tool in our armoury which I am itching to use but owing to the effectiveness of our normal procedures in writing to web hosts, I have been unable to deploy. At 419legal, we store all warning e-mails sent by aa419 and we are looking for victims who have been referred to a fake bank or other site more than 7 days after a warning has been opened by a hoster. If that victim has subsequently lost money as a result of the referral then he or she has a very good civil claim against the hoster as an accessory to the fraud and we are advised that in most jurisdictions, regardless of the criminal position, the court is likely to award compensation for the loss.

We are not script kiddies playing cyber games, but serious professional people trying to do what National Governments are lamentably failing to do. Once we see the internet fraudsters being actively pursued by the police, most of us will breathe a sigh of relief and go on to do other things.

OC
Simonsnet 10th November 2005, 13:24 Quote
Quote:
And to correct Zidane, we do only good and no harm.

Funny, that's what communists think. Don't get me wrong, I support you guys, but if you aren't aware that there is the very real potential for your ideals to become corrupted, then I'm a little worried.

Remember, Absolute Power Corrupts Absolutely.
Old Coaster 10th November 2005, 22:45 Quote
Mods forgive me if this is out of line, but is not the same true of fundamentalist Christians or indeed fanatics of any religion as well?

I would doubt that we have any power other than that of the mob of very angry internet users. If Governments acted to pacify the mob, we would have no power at all. So sort the problem and leave us powerless please!
dr_crazy 17th October 2006, 14:44 Quote
such a good idea, have got everyone in my office running lad vampire. These people are scum. Reminds me of that guy on Something Awful who messed with one of these guys who was based in Britain. Might have been through eBay though, read about it a few years ago.
cderalow 17th October 2006, 15:29 Quote
holy thread revival!
Cthippo 17th October 2006, 19:17 Quote
Quote:
Originally Posted by cderalow
holy thread revival!


Indeed

I'm going to go with Doug Edgey, this is natural selection at work. While I applaud what AA419 is doing, I can't get too excited about it since the people who fall for these scams very much victims of their own greed and stupidity. It seems that there might be better uses for their efforts such as spoofing sites and sites that distribute malware when you visit.

Personally, I kind of enjoy getting 419 emails just to see what the scam is this week.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums