MySpace Predator Caught By Code

An anonymous reader writes, "Wired News editor and former hacker Kevin Poulsen wrote a 1,000-line Perl script that checked MySpace for registered sex offenders. Sifting through the results, he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result. MySpace told Congress last June that it didn't have this capability." Wired News says they will publish Poulsen's code under an open-source license later this week.

May I be the first to say...

PWND.

Re:May I be the first to say...

Einstein said: "there are two infinite things, the Universe, and the human stupidity. And I am not sure about the Universe..."

What kind of a dumb criminal would willingly give their real name and address while indending to then break the law.

What next? Robbing your local sperm bank's register after leaving a DNA "deposit"? Stealing a credit card to pay your utility bills?

Re:May I be the first to say...

The only thing that worries me about this is 'authenticity'. What's to stop a vigilante group creating Myspace accounts in the names of registered sex offenders, and then reporting said accounts to the police? Sure, it's traceable with a bit of effort - but you just know that there'll be slips made, especially when you connect the words "sex offender", "children", "myspace", "police", and "media" in the same sentence.

Re:May I be the first to say...

These people are on Myspace. 'Nuff said.

Re:May I be the first to say...

"Stealing a credit card to pay your utility bills?"

Somebody around here did almost that. Stole a credit card, bought some home furnishings, and had it delivered. She was still trying to come up with a coherent explainantion as they took her away.

Re:May I be the first to say...

Just like this band [bbspot.com] was pwned by this teenage girl on MySpace.

Re:May I be the first to say...

Please, someone tell me that's an Onion story.

Please.

We can't seriously be getting this stupid as a species.

*cries*

MySpace told congress...

[sarcasm]While most of us here know how trivial searching for string a in string b is, I for one believe that Tom couldn't do it. Aside from all the horror that it is conceptually, the (lack of) stability of their site actually makes that statement believable![/sarcasm]

Whack myspace hard

MySpace needs to be whacked, hard. Harder.

The lazy, lying bastards should be shut down, made an example of. At the least, they're now liable because someone showed it could be done, and because they were too lazy to do it themselves, they now have a liability exposure for any child that was preyed upon through their web site.

Re:Whack myspace hard

Oh, bullshit. It may be a PR nightmare for them, but the truth is that they likely don't have a true liability in the situation, any more than ICQ/AOL, MSN, Yahoo, etc. would have liability if their software was used by a pedophile to make contact with a child.

In fact, the question could be posed whether they would have liability if they went hunting for "sexual predators" and made a public spectacle of someone who could be guilty of nothing more than propositioning a police officer posing as a street walker - in other words, someone who could be required by their state to be registered as a sex offender but has shown no predilection towards the exploitation of children or forcing sexual contact on someone.

Re:MySpace told congress...

The main difference between this and if MySpace were doing it is: if MySpace put protections in place and just one sex offender was missed and wound up molesting some kid, MySpace would be culpable. But if protections are not in place, then it's not MySpaces responsibility. By taking responsibility it become their responsibility and not the responsibility of the kid or their parents...

Sure it's trivial to find some child predators with a 1000 line perl script, but finding everyone of them would be nearly impossible.

Re:MySpace told congress...

Sad, but true. I can't tell you how many times I've heard similar things from legal folks over the years.

That said, if it can be shown that a trivial amount of effort could have prevented someone from being injured, that falls into the category of gross negligence, for which liability cannot be waived. In much the same way, if you serve alcohol at a party and someone has a wreck because they drove home while severely intoxicated, that person and/or his/her victims can sue you for not taking responsibility. The reasons for this are twofold: A. you should reasonably have known that people at your party would get drunk (since you served the alcohol) and B. the effort needed to prevent people from driving home while severely intoxicated is relatively low.

In short, not taking responsibility doesn't get them off the hook. It makes it a little harder for the parents of some abused kid to sue them, but only a little.

IANALBIPOOSD

Re:MySpace told congress...

IANALBIPOOSD

What's frightening to me is not the (presumed?) sex offenders on MySpace, but that I could translate this acronym into words.

Re:MySpace told congress...

The single biggest problem, in my opinion, is that you can't be sure. Just because a person has registered with a certain name doesn't mean they are that ONE person. I've got the same name as a black minor league hockey player. But I'm not.

This is why it's not as simple as searching for string a in string b. You'll end up with half a million names, and not only do you have to monitor those half a million users to see what they're up to, you have to prove, beyond a shadow of a doubt, that Dougy is the infamous sex offender, and not an 11 year old trying to pick up 16 year olds.

Don't believe it

This article isn't credible. It must be a hoax. I mean, c'mon, you really expect me to believe someone wrote a 1,000 line perl script. And that it did what it was supposed to?

Re:Don't believe it

Yeah, these days *real* programmers code in AJAX.


*Hides*

Re:Don't believe it

I mean, c'mon, you really expect me to believe someone wrote a 1,000 line perl script. And that it did what it was supposed to?

Yeah, everyone knows that good perl scripts only occur between 5 and 20 lines. DeCSS is what, 7?

Re:Don't believe it

you really expect me to believe someone wrote a 1,000 line perl script.

It was originally only 17 lines, but he had to make it 1,000 so it'd be readable.

The results from the script was only the start...

He still had to ...manually confirmed over 700 offenders...

I sure hope he wore gloves and/or other protection for that part!

Heh, don't ask me - and I posted it!

I was only looking for a "funny".

I posted it under another "funny".

I think there are folks who take the mod system way too seriously and have some sort of problem with the fact that "funny" doesn't garner "karma", so they feel obliged to give it "insightful" or some such. I don't care, If I post a "funny", I don't expect "karma".

My personal opinion is that "funny" is just that - for those who think it is funny. Maybe having zero karma for funny is "right", maybe it is "wrong".

I dunno.

Hey mods - don't zap me down too much. I didn't mod myself up. You are in a pissing match with other mods! (Not that I give a shit what my "karma" is, I am soo going to hell, maybe, depending on who you ask.)

Re:Don't believe it

If he were hardcore, he'd have done it in awk.

Re:Don't believe it

This article isn't credible. It must be a hoax. I mean, c'mon, you really expect me to believe someone wrote a 1,000 line perl script. And that it did what it was supposed to?

actually, the script was originally intended to locate hot teenage girls.. like any good programmer, when he saw the results, he updated the spec sheet.

Give this man an Award

I am a big fan of privacy. But I am also a big fan you losing your rights to privacy when you continually break the law in a fashion that puts others at risk, especially minors.

Maybe Myspace is just really that stupid (heck, their site design casues me to thik their programmer can;t be all that bright).
___________________________
Free iPods? Its legit [wired.com] and simple [feedroom.com]. 5 of my friends got theirs. Get yours here! [freepay.com]

The only thing suprising about this is...

It took 1,000 lines to do a string compare?

Re:The only thing suprising about this is...

Doing a bunch of HTTP fetches, parsing and extracting the data -- from sources that were probably never designed to be automatically parsed, and hence have lots of weird exceptions and corner cases -- and then performing string compares, easily adds up to 1000 lines, especially with comments and error messages. The task is trivial in theory but somewhat hairy in practice.

And speaking from unpleasant experience, doing something like this in a language without features dedicated to text parsing (like C++ without the Boost Perl regexp library) would take at least three times the lines.

Is this legal?

I know what he did was a good thing, but what if I wrote a script to go through MySpace looking for other "stuff?" Isn't this a breach of privacy and wouldn't this person or MySpace be vulnerable to lawsuits?

Re:Is this legal?

Isn't this a breach of privacy and wouldn't this person or MySpace be vulnerable to lawsuits?

Anything you put on a public web site is--by definition--not private. It would be a breach of privacy if MySpace used private, personal information, but if the script just culled information from public pages, there's no breach of privacy.

Re:Is this legal?

If you are only sifting through public information, then there is nothing illegal about this.

If you are sifting through private information, then one of the following is true:

• If you are a Law Enforcement Official, anything you discover cannot be used to obtain a warrant, nor can this evidence be used against someone without it being lawfully reacquired once a warrant has been issued
• If you are a private citizen, unless you violated some sort of Terms of Use or other agreement to obtain the information, it is not illegal for you to use it

Yes. It is perfectly legal for a private citizen, acting on his or her own volition, to perform searches. The illegality occurs when laws are broken to obtain the information (breach of contract, breaking and entering, etc).

Caught by code? Or by hand?

It looks like from TFA that the code did very little of the work, and the vast majority of effort was done by hand. So this guy wasn't really "caught by code", was he?

didn't have the capability

...he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result. MySpace told Congress last June that it didn't have this capability.

Thus spake the article:

...Lubrano was so easy to find. "He registered on MySpace using his real name? What a nitwit."

No amount of rummaging through any database is going to detect someone who registers under a false name, so no MySpace will NEVER really have the ability to find all the sex offenders, unless they can somehow verify that people are who they say they are when they sign up. Though they do now have the ability to catch the really stupid ones it seems.

Re:didn't have the capability

Greventls wrote:

here would need to be a cutoff age, but anyone over a certain age with a large number of underage friends could be flagged. Then their account can be searched for sex related terms, particularly in messages to underage people, and flagged to be looked at.

Holy thought police batman!

I do not need to be red flagged and reviewed based on these criteria. I can think of a variety of reasons why an adult could potentially have many people on their friends list who are underage. Do some of them coincide with people who "could be" sexual predators? Of course they do, but that is because sexual predators are attracted to positions that afford them opportunities -- and not because we should be red flagging every teacher, priest and family member that uses a website!

You know what else? Alot of children turn to these people with sexual concerns during maturity. Not everyone speaks as formally in private as I am right now, people do talk about sex, and sometimes people are just crude. You want to investigate every football coach who gets asked about the birds and the bees, or has some kid moon him via webcam?

Innocent until proven guilty; remember that always. Having people on your buddy list and being crude on the internet isn't anywhere close to probable cause. Not for the commu^H^H^H^Hterrorists, not for witc^H^H^H^Hmuslims, and not to 'think of the children'.

~Rebecca

Re:didn't have the capability

Though they do now have the ability to catch the really stupid ones it seems.

That's all we ever catch. The stupid ones. Well, that and the really unlucky ones. The ones that are smart enough to kidnap some kid from some non-surveillance location, abuse them, and release them far away from either the pickup point or the place where they abused them are seldom caught - and the ones that are so successful at their emotional abuse that the victim (regardless of age) never even reports the abuse. I'm not sure if that's intelligence or just skill at manipulating people.

Ever watch 60 Minutes? They had a special on a sting they did and guys just kept showing up at the house all day. Some of them even saw a cop, or some other guy, and waited for a while, then came back. I mean, what kind of idiot do you have to be?

Re:didn't have the capability

> Though they do now have the ability to catch the really stupid ones it seems.

We had a sliding screen door that didn't work too well. My wife left it half-open one day. I asked her how many flies she thought that would keep out:
a) all of them
b) half of them
c) none of them
d) just the dumb ones

Re:didn't have the capability

We had a sliding screen door that didn't work too well. My wife left it half-open one day. I asked her how many flies she thought that would keep out:
a) all of them
b) half of them
c) none of them
d) just the dumb ones

And the real answer is...
e) half of the dumb ones

Re:didn't have the capability

(e) you're sleeping on the couch tonight, smart ass.

A little perspective

Given all the people with convictions that were checked, less than one in a thousand had a conviction since 2000 and were on MySpace. Of those couple of hundred, one seemed to be trying to prey on little girls. This seems to be pretty much of a non-problem.

On the other hand, if I had to worry about anybody, I'd worry about our senators. A way higher proportion of our elected elite prey on the young than we have caught doing so on MySpace. In case you hadn't been paying attention, here's a link: http://en.wikipedia.org/wiki/Mark_Foley_scandal [wikipedia.org]

We spend way too much time worrying about things that aren't much of a problem and way too little time worrying about the things that can really get us.

Re:A little perspective

Make anything personal and you'll care a lot more. It doesn't change the statistics. If you've got fifty million idiots congregated at one place, many of whom are always-horny teenagers, you'd expect more than a handful of predators to try to take advantage of the system. Sure, it's still unfortunate, but considering the numbers we've seen in other situations, it seems remarkably low.

Re:A little perspective

Make that little girl that he targets your daughter and we'll see how your "perspective" changes.

You're absolutely right, that sort of thing is enough to change anybody's perspective and turn just about anybody into somebody who would suddenly support torture and summary execution.

That is, perhaps, the best reason of them all that it should be impartial parties who administer justice and decide the punishments for these sorts of things. Child sexual abuse is just one prime example. Replace it with "terrorism" and you have another one playing out each day before our very eyes.

Often times it is best to leave the emotion at the doorstep and debate things logically and dispassionately. Pretty much any issue with as much emotion behind it as this one is going to be one of those cases.

Another thing to consider with these "lock them up forever!" attitudes toward some crimes: You run the risk of making things worse. Somebody sexually abusing a child is bad. Somebody sexually abusing a child and then killing him/her because, in terms of their sentence, it is essentially free--that is worse. I'd rather get my child back and the offender get out of jail than have him/her killed and see the offender locked away forever. No contest.

Congressmen

Perl is a great language for writing such sophisticated logarithms.

Does slashdot lead by example?

With tens of thousands of teens visiting a site daily there is a significant risk is that a couple of sex predators are on the prawl.

So the question is... does Slashdot check all users if they are registered sex offenders or does this Paulsen guy have to run his script here too?

The best line in there...

Best part:

That position drew a skeptical line of questioning from Congressman Greg Walden, R-Oregon

"If you're checking for the amount of skin in an image and that sort of thing, and however your logarithms work, you'd think you ought to check, you know, 'John Doe', who happens to be a sex offender, and weed them out," Walden said at the time.

(In fairness to the Congressman, it's certainly possible that he said "algorithms" and it was mistranscribed...)

Good Job Kevin

As an ex-MySpace drone, I only joined becuase I wanted to see how far I could customize the HTML for my own account. I did very well, then looked at all the friends list and figured... "Who the hell are these people?"

No doubt, all sorts of personalities exist on MySpace. I can deal and respect many of the objectionable ones, but I think a couple of crimes are universal. Child (a real child not 'underage' teenager, a *child*) molestation, and ratting on another person. Even those incarcerated tend to target such people found guilty of these crimes. A lot can be said here, if even those the greater society outcasts chose to outcast such people.

Re:Good Job Kevin

I can deal and respect many of the objectionable ones, but I think a couple of crimes are universal. Child (a real child not 'underage' teenager, a *child*) molestation . . .

Now why is that, exactly?

We know that child molestation has occurred for untold eons. Humans are therefore resilient, resistant to such things, for the sake of survival. And at the risk of getting flamed, I want to point out the evidence that most victims of such mistreatment do in fact go on to lead normal lives. Natural selection sternly requires it.

So. Why is child molestation such an obviously hideous evil?

Is it just because we in the West are presently obsessed with sex?

I swear I am not trolling. I myself am actually a victim, from age 8, but I seem to be fine (although my level of slashdotting may be a sign of a deep malfunction). Ever since I realized that I survived unscathed, I have been wondering for a long time why this subject gets an automatic "OMG teh molestation!!!11!" response, when it is actually such a commonplacde in human history.

It almost -- ALMOST -- smells like we are protesting too much.

Re:Good Job Kevin

It's because people want to outlet their aggressive tendencies someplace, and we've all collectively aggreed that "child molesters" (and now, to some degree "terrorists") are a target that no one will object to our over-reactive hatred for. Other acceptable groups include "cop killers". Let's get all righteous and bloodthirsty over these groups of people, now that it isn't socially acceptable to hate a group based on their skin color.

See how far we've come?

Re:Good Job Kevin

Yes, children are resilient, but another instinct that is supposedly hardwired into us is protection of our offspring. This (perhaps more than the "I want government to raise our kids" thing) is a big factor in heightened reactions to crimes against children. Add in the more rational sympathy for living beings that can't protect themselves like adults can, and you can end up with people overreacting to, and often overestimating the frequency of, these crimes.

My personal feeling on this specific issue is that I don't think MySpace has any true responsibility to monitor this, any more than other social networking programs/websites (like the many IM programs). The only real recourse society has in this case (barring violation of MySpace's rights) would be to legislate them into things like requiring credit cards for access (thus supposedly proving adult status), boycotting the service or going "vigilante," rooting out the pedophiles Dateline style.

Re:Good Job Kevin

We know that child molestation has occurred for untold eons. Humans are therefore resilient, resistant to such things, for the sake of survival. And at the risk of getting flamed, I want to point out the evidence that most victims of such mistreatment do in fact go on to lead normal lives. Natural selection sternly requires it.

Actually, not exactly, natural selection just requires that the problem doesn't get so bad that it has a significant impact on the ability of the species as a whole to survive. It's perfectly compatible with natural selection if, say, 2% of the population, despite being totally innocent, meets some horrible unfair death, as long as the other 98% gets along fine. If that's enough to keep the species going, then it's all that natural selection requires.

I think there's a common misconception that evolution is a force which is so powerful that it eliminates all imperfection. That's not necessarily the case. It only eliminates perfections that threaten the ability of the species to do the minimum necessary to survive. All other imperfections are relatively unimportant, at least as far as evolution is concerned.

Having said that, I've heard it said that of the people who experience some form of severe trauma or abuse, there is a certain percentage who become pretty much permanently (or at least over the long term) messed up in the head and have trouble coping with life in a wide variety of ways. But then there is also a large percentage of people who come from a messed up background who grow up to be perfectly healthy adults. In fact, these people tend to take their messed up background and find some way to make it into something positive. They may even be more successful than the average person. Years ago, I knew someone who came from a background where he and his siblings had all been abused. He wasn't able to deal with it very well and his life was, I hate to say, a serious mess. (I hope he's managed to iron some things out by now.) His sister, on the other hand, had earned a graduate degree in social work (I think) and had written at least one book on the subject of child abuse. She had done well for herself and was making a real difference in the world, and I think she was emotionally healthy as well.

Basically, it seems like when something really terrible happens to someone, either they are never able to overcome it or they are able to overcome it, and they grow from it in ways that others never would even have the ability to grow. I'm thankful that a good percentage of the people are able to totally recover and be a stronger person as a result. But the reason child molestation and similar things are so bad is that a certain number of people will fall into the first category and never get past it. I don't know why some people are able to get past it and some aren't, but it seems to be the case, and that's why I think we should continue to treat it as a very serious issue.

Sex crimes and the big picture

So has murder, rape, robbery, torture, etc. Those things aren't any less evil just because they've been around for a long time.

Again, how does that imply it's not evil? Only things that kill, maim, or emotionally scar someone for life are truly evil?

I think the point he was making was NOT that child molestation isn't a bad thing; rather, that it's no different than murder, rape, etc. Possibly even less of a crime than murder or other violent assault. Murder deprives you of your life, and it is thus the highest of crimes. Assault deprives you, sometimes, of physical health and capabilities. Lesser forms of assault deprive you of your rightful control of your own body and leave nothing but psychological scarring; non-violent rape (e.g. the kind where you are not beaten or stabbed, etc) falls into this category. (Violent rape obviously falls into the former category, and nonviolent rape can segue into for former if STDs or unwanted pregnancy follows). Mind you, I'm not in any way saying that these lesser crimes are at all OK; I'm just saying, look at them in comparison to other, much greater crimes.

Child molestation is categorically no different than rape; the victim is just younger. Some "child molestation" (statutory "rape" of 16 or 17 year olds, who are biologically adult) is even less of a crime, since the act would by all objective standards be considered consensual if it weren't for the legal fiction that people younger than 18 are incapable of giving consent.

But we freak the hell out about child molesters and lose all sense of rationality when anything about them comes up. We don't freak out this much about murderers. We still *do something* about murderers; that's why we have police, and courts, and jails and such. We still do something about people who physically assault others, but you don't see this vigilanteism toward your run of the mill violent criminals around. You don't see people writing 1000-line perl scripts to try to identify known gang members on MySpace - particularly because there's not as convenient a list of known gang members to compare with. But a lot of those people are violent criminals guilty of much greater offenses than the pedophiles that every mom in America is terrified of.

Americans just get particularly worked up about sex, and particularly worked up about children; combine the two together and you get instant emotional frenzy, no rational thought involved. Pedophiles, rapists, witches, communists, terrorists... hell, the whole terrorist scare seems sane in comparison to the frenzy that people get into over sex offenders. At least terrorists actually murder people. Pedos and rapists are the next nearest the top on that little list I just gave, and at least they're a step up from just persecuting people with different beliefs (witches and communists). But next time you or anyone else starts to get riled up about sex offenders, ask yourself why you don't feel the same way about all the more violent criminals out there. Do you want them all on watch lists too? Every man who's ever gotten into so much as a fist fight, a much more violent act than rape? Are you constantly concerned about your children running into people like them on MySpace? If not, why not?

If so, well, at least you're consistent. I have to give you that.

I wonder how many false positives he got

I suspect the answer will illustrate why a white hat wouldn't be doing this sort of thing.

I think these quotes says it all

It's all up to MySpace. We can't count on parental supervision...

And then there is Jacob, one of the kids this 39 year old had "friended":

I do think its kinda weird for that age to flirt with me and stuff," he writes. "Like, kinda desperate and kinda leading me to think that something's wrong. But I didn't really do anything. I love being complimented. So, I thought it was nice of him to say that he thought I was cute or whatever."

MySpace is a big part of Jacob's life, and his greatest fear is that this story, or the ongoing police investigation, will get him banned from the internet, or he'll lose his MySpace profile. I urge him to be more careful about adding friends -- he has 3,800 of them -- and to make his profile private. He says he will, but so far his MySpace page remains wide open.

So Jacob's parents can't be bothered to, you know, go see wtf this kid is doing on MySpace? The earlier comment snippet makes it seem like the parents of this kid are totally off the hook here, but guess what? Wether your kid is hanging out at the local corner or someplace online, you really need to know where they are and what they are doing. And then there is the whole issue about not talking to stangers in the first place; apparently his parents have completely missed the boat in that area. Scary.

Okay, the FBI is a bunch of *******

I'm quite glad for this guy; but law enforcement's malaise still cheeses my off a bit. Indeed, writing a Perl script to spider MySpace is not rocket science -- I whipped one up six months ago as part of a graduate school project. Immediately sensing the possibilities of catching people like this, I contacted several people in the CIA and FBI through my school. After several painfully blunt explanations, none of them could grasp how the script could be used in their agencies. Governments and major corporations wonder why China can get into "secure" sites and "kids" write viruses like "ILoveYou" or "Blaster". It's because they're so monolithically slow, stupid, and blind that they can neither see nor react to their environments. Maybe law enforcement will "wise up" and start offering prize money / sponsoring competitions, just like the recent Bio-Tech news here on Slashdot.

argh

3 pages of articles

Only to get to a misdomeanor charge of attempting to endanger

What a let-down

With a MAX of 90 days in jail, gee, the world is safe now ;)

They had hundreds of hits on the names and that's the best they got?

I am all for catching the bad guys, but you have to KEEP them to do any good ya know.

why release it?

You're just going to have a huge drain on resources from people doing redundant searches (to put it simply, the search feature is going to get a captcha). It would be better to have mySpace cross check user data with sex offender data and then take the time to verify and then pass the information quietly off to officials who can double check before knocking on any doors.

It would also be trivial to implement reports on age discrepencies. If someone is messaging a number of people that are significantly younger then the user would be flagged and the communications checked to see if there's a potential problem. It's entirely possible a teacher is communicating with students so obviously a real human is going to have to verify findings.

Since all the data resides on mySpaces server, as long as they don't publish their findings publically, there isn't an issue with privacy.

It's very simple why mySpace doesn't want to implement this ability into their system: it costs them money and people will whine about privacy.

Privacy for you means privacy for everyone including criminals.

Names

So how many false positives and false negatives does this produce? i.e., how many non-offenders does it misidentify as being offenders and how many offenders does it misidentify as non-offenders? Furthermore, of the offenders properly identified, how many of them are actually committing, planning to commit, thinking about committing, wanting to commit, or some other way being involved with the committing of a sexual offender related crime on myspace?

While the tool may produce results, are the results good enough and non-damaging enough to be useful? (I'd consider any given non-offender being identified as an offender and subsequently harrassed as such rather extensively damaging.)

MySpace told Congress

MySpace told Congress last June that it didn't have this capability.

Should read: Jim Foley breathed a sigh of relief when MySpace told Congress last June that it didn't have this capability.

Reporters should not be agents of the state.

Hey folks.

Picking and choosing when it is/is not OK to cooperate with authorities in a criminal investigation might be very convenient for Kevin Lee Poulsen, but it should give his sources -- past, present, and future -- significant pause.

Wired News -- and Kevin -- have shown that writing a splashy story means more to them right now than the danger of blurring the lines between reporter and cop. This isn't about protecting kids, or about what MySpace should or should not do. It's about eroding the role of the journalist as a fair and impartial witness, in a time when too many people are already barking up that tree.

A hacker should know better.

-- Adrian Lamo

Hmm...

Looking at myspace I doubt if their programmers COULD write a 1000 line perl script. Just because you're average slashdot user has this technology, does not mean that the programming geniuses at myspace do.

Re:Hmm...

Myspace IS a 1000 line pearl script.

Do one better

Think MySpace is incompetent with the "We can't do this" statement? Try one better. You really, really don't want to actually do the below; it's probably illegal. I am not responsible for how anyone abuses the below conjecture.

MySpace seems to let users put JavaScript on their pages. MySpace also seems to check your authentication token on their pages. So, javascript to use xmlhttpobject and go to their profile pages and submit a password change, invisibly? One better, steal the MySpace login form code and throw an HTML hidden area that's a log-in form and let Firefox/IE/Opera auto-fill with their password, and send its contents to your personal Web server with XMLHttpObject.

1,000 lines?

I suspect that once this is released under that open-source license, a lively round of Perl Golf will follow.

"I can write that script in 70 characters or less, George!"

Bravo, Kevin.

Good work. -jcr

I would just like to point out

That he manually confirmed 700 of the results.
That doesn't say how many false positives he sifted through to get to those.
Should Myspace be required to have people who manually confirm all users aren't sex offenders?

Wow

... I did the same thing with only 3 lines using Ruby ....

big deal

1000 lines, bah. I could have done it with .NET in 10,000 lines.

eh.

I once used an image from an offender website as a message board avatar.

Really, really scary looking guy, convicted of several counts of incest.

But, HE didn't have an account, his image was used without his knowledge or permission.

I guess this means

Andrew Lubrano will soon be open source himself!

Are "sex offenders" not allowed to use MySpace?

Setting aside issues of what is a "sex offender" vs what I think the public perception of one is, are all "sex offenders" not allowed to use MySpace?

This is a little like cross referencing a list of library card holders and comparing it to the list of "sex offenders" and waxing hysterical that there are "sex offenders" in the library. Do the same with Blockbuster cards, or the phone book. Geee gads, there are "sex offenders" in the city...

Yes, there are young people on MySpace, but not all MySpace users are young. Some people are well into their 30s and 40s and use it to connect with other 30 and 40 year olds.

The mere presence of "sex offenders" should not be cause for concern anymore then if they were in a library, Wal-Mart, mall, grocery store, etc. This is reinforced with the fact that many "sex offenders" really aren't-people who were 18 and their partner was 15, public urinators, that guy that grabbed that girl to yell at her for jaywalking or whatever, etc.

I believe them.

MySpace told Congress last June that it didn't have this capability.

Looking at the site, I completely believe them. Myspace is a teettering pile of junk, and unless I miss my guess, could very well been done in coldfusion (was it, I'm not a full time web guy?).

Something about running an Internet Community

As I am running a couple of Internet-communities, I think I have more understand of these matters than most others, MySpace included.

On my sites there is a simple "report this member" button. If someone is trying to pick up kids, they will be reported. It's that simple and it works just fine.

As for name-searching: Some people really really didn't like an older guy that dated a 17-year old girl. So what to do? Of course register a user in his name and pretend to search for kids to molester.

Once I've worked with the police. It was a 13-year old girl that was supposed to be kidnapped by her boyfriend. And he got convicted to 2 years because USA has a law-system stuffed with morons, bribed people and psychopats that care nothing about justice. The real story was that he resqued her from a molestering father and she had a nice time on the run before they got caught partly from me and partly from MSN-logs. She was at least saved from her father in the end.

And then we have the reports that say "He talked to me and I'm 15 and he's like 30!!!" (And the talk was something like "I really like the style you draw in").

But I've had one real offender. He threatened a lot of girls and got kicked out (He tried to get back in some times, but I hope he's in jail now) and then he threatened to report me to the police because it was possible to do illegal stuff with kids on my sites. Good luck to get that through Interpol and to Sweden!

After reading about Spamhaus I realize that it however is a real problem for me, so I'm not planing to go to USA. It's much safer to run a Internet community from another country because the accusations have to go through two legal systems. I'm quite small in Sweden and 50% or more of the users are in USA.

MySpace is in the USA though, so please sue them out of business and I'll have a competitor less! ;)

Why open source?

Whats the point in open sourcing something newscorp would no doubt buy from you real fast to limit the negative publicity.

I believe MySpace

This is just such a wonderful example that solution to a problem often is not provided by intelligence but the multitude of views on the problem. I believe MySpace truely couldn't solve the problem. Not because their people are not intelligent, but simply because you cant beat the problem cracking force of the public.
Penguins rule again.

When is Tom going to learn how to program?

Isn't it about time he stopped getting other people to do the work for him while he sits back and reaps all the glory and fame? When is he going to learn how to control 'his' creation?

Grounded.

FTA: Ashley Morgan, 13, has used her 'sonymusicexec' MySpace profile to lure several bands to her Los Angeles home. Ashley was grounded so she couldn't talk to us on the phone for this report

Ahahahahahahahaha.

Run away!

You'd think that Adults and Children exist in two totally seperate universes. Parents need to watch their kids and what they do. It's that simple. So what if the guy didn't use his real name or picture? The kids would still be at risk. No amount of regulation or supervision will prevent every crime. Don't expect the Government to watch every bad guy, because they can't.

I would say Poulsen has redeemed himself.

go and sin no more.

oh, you want a second opinion? YESSSSsssssss!!!! Woo! good work!

So it only catches stupid molesters?

Seriously, how stupid must a convicted sex offender be to put any accurate info into their MySpace profile?

Also, something struck me as curious from the article:

That's because much of what happens on MySpace unfolds outside public view. The computer crime unit has erected bait profiles registered to fake underage teens, but so far the tactic has netted only one arrest. Proactively scouring MySpace pages is futile: The smarter sexual predators stick to private messages, and diligently prune their public comment boards of any posts from young friends that hint at what's happening behind the scenes.

Dateline NBC's To Catch a Predator [wikipedia.org] has been FAR more successful. I'm guessing this is because they have an actress (or is it more than one?) who looks underage using a webcam to talk to the perps. Can't the cops learn from this? It can't be the budget, it's for the children!

computer is cause and cure of its crimes

For every new type of scam criminals conceive of for crime, the computer is also the means to capture the criminal. We see this is in the case of plagarism. We are seeing this now for predators in social networks.

That's SIC!!!

He shows me part of a chat log, Lubrano asking "u into hair? Like hary (sic) men? Where do you have hair at?"

This article shocked me and made me realize how old I am: "hary" gets a "sic" but "u" does not.

Take a virtual class from Kevin P on this topic!

Today only, 5:30pm Pacific time in Second Life:

http://stateofplayacademy.com/calendar/view.php?vi ew=day&course=11&cal_d=17&cal_m=10&cal_y=2006 [stateofplayacademy.com]

It's a virtual class in Second life that a group of Uni people are experimenting with. Show up and see what's happening in there! Kevin's an interesting guy and this class should be fascinating..

Info on State of Play Academy: http://stateofplayacademy.com/mod/resource/view.ph p?id=17 [stateofplayacademy.com]

awareness

great, so before we could catch them all, they now know to duck underground...?

Re:Easy?

Just skimmed the article, and it didn't seem all that easy even with the code.

How hard could it be? Supposing you have a list of registered sex offenders (and they *are* registered, so that should be relatively easy to obtain), all you have to do is write a Perl script that crawls through MySpace user pages, checking each page for those particular names. You'd get a lot of false positives off of people with names like "John Smith", but I could see where "Andrew Lubrano" would be caught easily. Most of the hard work in writing something like this has already been done in various modules on CPAN.

Re:Easy?

No. Most of the hard work in writing something like this is dealing with server errors, which Myspace serves up in lieu of content based on a sinusoidal pattern where you have between 10 and 100 percent probability of getting an error depending on the time of day on Mars.

Re:Easy?

Sure it's easy. Suck down the HTML to the search page. Build a routine that does the HTML POST, and iterate through each name in the Offender's list, using it for the value of the "search by real name" field. Parse for the result count string in the returned HTML. When result count >0, investigate further. Now, how easy is it for MySpace? I'd say about an order of magnitude easier - they have direct access to the database. Roughly something like: SELECT * FROM userbase WHERE EXISTS (SELECT offenders.realname FROM offenders WHERE offenders.realname like '%'+userbase.realname+'%') Sure, there's a little added complexity for slight spelling variations, but SoundEx and the like can be used for such purposes.

Easier

That seems like a complicated way to get the same results as:
SELECT * FROM userbase WHERE SexOffender="1";

Re:Easier

or SELECT * FROM userbase WHERE interests LIKE '%molest%' OR interests like '%catholicism%' ouch, yes he did!

Re:MySpace should check for more than this!

And how do you check if they are related. I like knowing what my nephew is doing on line, but because of a serperation an marriage, his last name, my last name, and his mom's current last name, and his mom's previous name do not match.

I can see keeping someone out that has been tried and found guilty in a court of law, "Stop it now before abuse happens" smack of guilty until proven guilty. You don't even get a shot at proving yourself innocent, yet alone being presumed innocent. I agree with check to see what is happening. Require an email address for a guardian for anyone under 18, and notify them if an adult wants to be the child's friend, but there are several reasons for an older man and younger kid to interact on the internet as well as real life.

In my above situation we are related. In another, my live in girlfriend has a 6 year old daughter that I am not related to, but lives with me. She already has an email account, that her mother monitors strictly. In a few more years, when she gets her own computer with internet access, I am the one that is going to be making sure she learns about the internet. If she has an account anywhere, I will be monitoring it on a regular basis. There is no way to determine that I am a protector and not a predator other than asking her parents.

On top of that, people seem to get child molester and sexual offender mixed up. He wrote a script that checked for sexual offenders. A few of them turned out to be child molestors. In some states if you are caught at a frat party in your underwear, you are a sexual offender. I think it was Ohio that tried to pass a law, that if you were accused of being a sexual offender, you had to register as a sexual offender for 7 years before you could petition the court to get your name removed.

Re:MySpace should check for more than this!

Unless they are related adults and children should not be chatting with each other on the internet. No normal 40 year old man likes making friends with 12 year old boys!

I agree to some extent, the parents should definitely be very heavily involved in any relationship a 12 year old boy has with a 40 year old man. Furthermore, for a 12 year old boy to develop a relationship with someone he met online is extremely risky.

Having said that, mentoring relationships can be extremely valuable. Some of my parent's friends, for example, have provided me with incredibly valuable guidance - not just direct advice but also as examples of how to live and solve life's problems.

Basically, I think younger people should seek out older people for guidance much more often than they do but, for younger children in particular, the parents do need to be heavily involved.

If some 12 year old boy contacted me on the internet, I would want to talk to his parents before I had any kind of interaction with him at all. On the other hand, if some 17 year old boy contacted me to discuss a scientific topic then I see nothing wrong with corresponding. If I did start to become friends with the 17 year old then I would want to get to know his parents but, although I would restrict my interaction to technical topics (no advice on relationships), I wouldn't rule out a casual friendship.

Re:MySpace should check for more than this!

I run a CS Clan, we have many members that range from 12 years old right up until 40. Yes we all talk together, are all friends and *GASP* meet up every month for a Lan party. And I could say the same about my local Cricket club.

Re:MySpace should check for more than this!

I can't decide whether mods should mark this funny or as a troll. You'd think that adults and minors lived in totally seperate physical universes normally. At least I hope it's a troll.

Re:perl?

"My road to this New York police unit began in Perl."

There ya go...from the article.