MySpace Predator Caught By Code

An anonymous reader writes, "Wired News editor and former hacker Kevin Poulsen wrote a 1,000-line Perl script that checked MySpace for registered sex offenders. Sifting through the results, he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result. MySpace told Congress last June that it didn't have this capability." Wired News says they will publish Poulsen's code under an open-source license later this week.

May I be the first to say...

[Capella or Bust (521807)]

PWND.

Re:May I be the first to say...

[megaditto (982598)]

Einstein said: "there are two infinite things, the Universe, and the human stupidity. And I am not sure about the Universe..."

What kind of a dumb criminal would willingly give their real name and address while indending to then break the law.

What next? Robbing your local sperm bank's register after leaving a DNA "deposit"? Stealing a credit card to pay your utility bills?

Re:May I be the first to say...

[Achromatic1978 (916097)]

The only thing that worries me about this is 'authenticity'. What's to stop a vigilante group creating Myspace accounts in the names of registered sex offenders, and then reporting said accounts to the police? Sure, it's traceable with a bit of effort - but you just know that there'll be slips made, especially when you connect the words "sex offender", "children", "myspace", "police", and "media" in the same sentence.

Re:May I be the first to say...

[Tiger4 (840741)]

"Stealing a credit card to pay your utility bills?"

Somebody around here did almost that. Stole a credit card, bought some home furnishings, and had it delivered. She was still trying to come up with a coherent explainantion as they took her away.

Re:May I be the first to say...

[briggsb (217215)]

Just like this band [bbspot.com] was pwned by this teenage girl on MySpace.

MySpace told congress...

[sdBlue (844590)]

[sarcasm]While most of us here know how trivial searching for string a in string b is, I for one believe that Tom couldn't do it. Aside from all the horror that it is conceptually, the (lack of) stability of their site actually makes that statement believable![/sarcasm]

Re:Whack myspace hard

[Babbster (107076)]

Oh, bullshit. It may be a PR nightmare for them, but the truth is that they likely don't have a true liability in the situation, any more than ICQ/AOL, MSN, Yahoo, etc. would have liability if their software was used by a pedophile to make contact with a child.

In fact, the question could be posed whether they would have liability if they went hunting for "sexual predators" and made a public spectacle of someone who could be guilty of nothing more than propositioning a police officer posing as a street walker - in other words, someone who could be required by their state to be registered as a sex offender but has shown no predilection towards the exploitation of children or forcing sexual contact on someone.

Re:MySpace told congress...

[cswiger2005 (905744)]

IANALBIPOOSD

What's frightening to me is not the (presumed?) sex offenders on MySpace, but that I could translate this acronym into words.

Don't believe it

[illegalcortex (1007791)]

This article isn't credible. It must be a hoax. I mean, c'mon, you really expect me to believe someone wrote a 1,000 line perl script. And that it did what it was supposed to?

Re:Don't believe it

[Compholio (770966)]

I mean, c'mon, you really expect me to believe someone wrote a 1,000 line perl script. And that it did what it was supposed to?

Yeah, everyone knows that good perl scripts only occur between 5 and 20 lines. DeCSS is what, 7?

Re:Don't believe it

[jazman_777 (44742)]

you really expect me to believe someone wrote a 1,000 line perl script.

It was originally only 17 lines, but he had to make it 1,000 so it'd be readable.

The results from the script was only the start...

[NotQuiteReal (608241)]

He still had to ...manually confirmed over 700 offenders...

I sure hope he wore gloves and/or other protection for that part!

didn't have the capability

[nizo (81281)]

...he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result. MySpace told Congress last June that it didn't have this capability.

Thus spake the article:

...Lubrano was so easy to find. "He registered on MySpace using his real name? What a nitwit."

No amount of rummaging through any database is going to detect someone who registers under a false name, so no MySpace will NEVER really have the ability to find all the sex offenders, unless they can somehow verify that people are who they say they are when they sign up. Though they do now have the ability to catch the really stupid ones it seems.

Re:didn't have the capability

[sootman (158191)]

> Though they do now have the ability to catch the really stupid ones it seems.

We had a sliding screen door that didn't work too well. My wife left it half-open one day. I asked her how many flies she thought that would keep out:
a) all of them
b) half of them
c) none of them
d) just the dumb ones

Re:didn't have the capability

[rkcallaghan (858110)]

Greventls wrote:

here would need to be a cutoff age, but anyone over a certain age with a large number of underage friends could be flagged. Then their account can be searched for sex related terms, particularly in messages to underage people, and flagged to be looked at.

Holy thought police batman!

I do not need to be red flagged and reviewed based on these criteria. I can think of a variety of reasons why an adult could potentially have many people on their friends list who are underage. Do some of them coincide with people who "could be" sexual predators? Of course they do, but that is because sexual predators are attracted to positions that afford them opportunities -- and not because we should be red flagging every teacher, priest and family member that uses a website!

You know what else? Alot of children turn to these people with sexual concerns during maturity. Not everyone speaks as formally in private as I am right now, people do talk about sex, and sometimes people are just crude. You want to investigate every football coach who gets asked about the birds and the bees, or has some kid moon him via webcam?

Innocent until proven guilty; remember that always. Having people on your buddy list and being crude on the internet isn't anywhere close to probable cause. Not for the commu^H^H^H^Hterrorists, not for witc^H^H^H^Hmuslims, and not to 'think of the children'.

~Rebecca

I think these quotes says it all

[nizo (81281)]

It's all up to MySpace. We can't count on parental supervision...

And then there is Jacob, one of the kids this 39 year old had "friended":

I do think its kinda weird for that age to flirt with me and stuff," he writes. "Like, kinda desperate and kinda leading me to think that something's wrong. But I didn't really do anything. I love being complimented. So, I thought it was nice of him to say that he thought I was cute or whatever."

MySpace is a big part of Jacob's life, and his greatest fear is that this story, or the ongoing police investigation, will get him banned from the internet, or he'll lose his MySpace profile. I urge him to be more careful about adding friends -- he has 3,800 of them -- and to make his profile private. He says he will, but so far his MySpace page remains wide open.

So Jacob's parents can't be bothered to, you know, go see wtf this kid is doing on MySpace? The earlier comment snippet makes it seem like the parents of this kid are totally off the hook here, but guess what? Wether your kid is hanging out at the local corner or someplace online, you really need to know where they are and what they are doing. And then there is the whole issue about not talking to stangers in the first place; apparently his parents have completely missed the boat in that area. Scary.

Okay, the FBI is a bunch of *******

[adaptive_tech (1014369)]

I'm quite glad for this guy; but law enforcement's malaise still cheeses my off a bit. Indeed, writing a Perl script to spider MySpace is not rocket science -- I whipped one up six months ago as part of a graduate school project. Immediately sensing the possibilities of catching people like this, I contacted several people in the CIA and FBI through my school. After several painfully blunt explanations, none of them could grasp how the script could be used in their agencies. Governments and major corporations wonder why China can get into "secure" sites and "kids" write viruses like "ILoveYou" or "Blaster". It's because they're so monolithically slow, stupid, and blind that they can neither see nor react to their environments. Maybe law enforcement will "wise up" and start offering prize money / sponsoring competitions, just like the recent Bio-Tech news here on Slashdot.

Names

[ezzewezza (84083)]

So how many false positives and false negatives does this produce? i.e., how many non-offenders does it misidentify as being offenders and how many offenders does it misidentify as non-offenders? Furthermore, of the offenders properly identified, how many of them are actually committing, planning to commit, thinking about committing, wanting to commit, or some other way being involved with the committing of a sexual offender related crime on myspace?

While the tool may produce results, are the results good enough and non-damaging enough to be useful? (I'd consider any given non-offender being identified as an offender and subsequently harrassed as such rather extensively damaging.)

Re:Is this legal?

[omeomi (675045)]

Isn't this a breach of privacy and wouldn't this person or MySpace be vulnerable to lawsuits?

Anything you put on a public web site is--by definition--not private. It would be a breach of privacy if MySpace used private, personal information, but if the script just culled information from public pages, there's no breach of privacy.

Re:Is this legal?

[KiltedKnight (171132)]

If you are only sifting through public information, then there is nothing illegal about this.

If you are sifting through private information, then one of the following is true:

• If you are a Law Enforcement Official, anything you discover cannot be used to obtain a warrant, nor can this evidence be used against someone without it being lawfully reacquired once a warrant has been issued
• If you are a private citizen, unless you violated some sort of Terms of Use or other agreement to obtain the information, it is not illegal for you to use it

Yes. It is perfectly legal for a private citizen, acting on his or her own volition, to perform searches. The illegality occurs when laws are broken to obtain the information (breach of contract, breaking and entering, etc).

Easier

[MrSquishy (916581)]

That seems like a complicated way to get the same results as:
SELECT * FROM userbase WHERE SexOffender="1";

Re:Easier

[sdBlue (844590)]

or SELECT * FROM userbase WHERE interests LIKE '%molest%' OR interests like '%catholicism%' ouch, yes he did!

Re:Easy?

[ari_j (90255)]

No. Most of the hard work in writing something like this is dealing with server errors, which Myspace serves up in lieu of content based on a sinusoidal pattern where you have between 10 and 100 percent probability of getting an error depending on the time of day on Mars.

Re:The only thing suprising about this is...

[pilkul (667659)]

Doing a bunch of HTTP fetches, parsing and extracting the data -- from sources that were probably never designed to be automatically parsed, and hence have lots of weird exceptions and corner cases -- and then performing string compares, easily adds up to 1000 lines, especially with comments and error messages. The task is trivial in theory but somewhat hairy in practice.

And speaking from unpleasant experience, doing something like this in a language without features dedicated to text parsing (like C++ without the Boost Perl regexp library) would take at least three times the lines.

Re:Good Job Kevin

[inviolet (797804)]

I can deal and respect many of the objectionable ones, but I think a couple of crimes are universal. Child (a real child not 'underage' teenager, a *child*) molestation . . .

Now why is that, exactly?

We know that child molestation has occurred for untold eons. Humans are therefore resilient, resistant to such things, for the sake of survival. And at the risk of getting flamed, I want to point out the evidence that most victims of such mistreatment do in fact go on to lead normal lives. Natural selection sternly requires it.

So. Why is child molestation such an obviously hideous evil?

Is it just because we in the West are presently obsessed with sex?

I swear I am not trolling. I myself am actually a victim, from age 8, but I seem to be fine (although my level of slashdotting may be a sign of a deep malfunction). Ever since I realized that I survived unscathed, I have been wondering for a long time why this subject gets an automatic "OMG teh molestation!!!11!" response, when it is actually such a commonplacde in human history.

It almost -- ALMOST -- smells like we are protesting too much.