CastleCops.com Hit With Reputation-Based Attacks

An anonymous reader writes "The all-volunteer based online fraud fighting group CastleCops.com is currently the target of ongoing reputation-based attacks in which criminals use phished PayPal accounts to donate thousands of dollars to CastleCops from dozens of victims. This attack appears to be in response to a recent series of failed denial-of-service attacks against the CastleCops, Web site. From the story: 'A few donations were for as little as $1, while other fake donations ranged as high as $2,800. To the victims of the stolen PayPal accounts, it looks as if CastleCops is the one stealing their money, when in reality, it's the attackers. Also, the fraudulent activity seeks to ruin their relationship with PayPal.' In a comment left on Washingtonpost.com's Security Fix blog, CastleCops co-founder Paul Laudanksi says while the group's site remains under a heavy DDoS attack, it is currently down due to a hardware failure, not the attack itself."

Re:Hobby or business?

[Umuri]

"CastleCops needs to start treating what they are doing more like a business and less like a hobby."

Thank you for your very deep and wonderful insight!
Obviously you have found the core of all their problems was that they obviously don't take what they are doing seriously, and because of that, the groups they are fighting against use sneaky tactics through third party companies to enact harm upon them.

Because that makes sense and is something they obviously could have stopped if they had only "treated it more like a business", whatever that means. No one knows, because you didn't even elaborate.

[/sarcasm]

Modern-day Joe Job

[njfuzzy]

A few years ago, I got hit with a Joe Job. Someone sent out spam to a very large list, pretending to be me, advertising a service I actually provided then. The email was badly spelled, made the emphasis very unprofessional, and linked to my site. The goal, and maybe the result, was to make me look like an ignorant, asshole spammer. They paaid to do this, though not a lot I imagine. This seems to be a very similar kind of attack.

Re:Modern-day Joe Job

[tomstdenis]

At least your joe-job sounded PG-13. When crypto trolls in sci.crypt wanted me off the scene they posted child porn with my home address and phone number (neither kept secret, but obviously I didn't want them tied to that). After the initial wave of kiddie porn, they decided to re-post my posts in thousands of groups. When my 2nd book was coming out they re-posted a single post I wrote about the book (sans URL) and included the URL. Net result, lots of death threats, spam, hate mail, and low reviews on Amazon from people who have never read the book.

The sad thing is, if someone really wants to cause hell for another it's not all that hard. 99% of net users are ignorant to how trustworthy things like a "from" address are. In fact, we had to joe-job [privately] one irate poster who kept assuming joe-jobs were impossible with email. So my brother and I sent him emails with his name and address on them. (this was all in private, not public). In the end he told us to leave him alone (and we did) and he never really conceded the point.

People are dumb. This just proves they're also mean.

Which is why I study music instead now. The Internet is just too much of a waste.

Re:You'd think...

[Anonymous Coward]

Oh, aren't you the optomist.

To get bot/zombie nets shutdown would require MASSIVE multi-National support of Government's, TELCO's, ISP's, and politicians. The Gov's are too busy with the future of oil for that to every happen. As far as the Telco's are concerned, they're too busy tracking your web usage and shoving money in their back pocket. ISP's are just trying to stay in the market, much less effectively clamp down on traffic coming from their users. As for Policitian's, the software and hardware companies got them elected in the first place.

Can anyone say, 'Massive shutdown of internet services at some point in the future'?

Re:While you were sleeping

[packetmon]

No doesn't take as much as you think. http://www.arbornetworks.com/index.php?option=com_content&task=view&id=56&Itemid=33 [arbornetworks.com] If NAP's and NSP's created a policy to their downstreams vis-a-vis this would almost be a thing of the past. http://www.infiltrated.net/?p=23 [infiltrated.net] (warning if you're a network engineer, this will likely piss you off love it or hate it)

Re:It's ironic...

[FrameRotBlues]

This article caught my eye because I recently had my PayPal account hacked, and someone tried to withdraw (coincidentally?) $2800. I don't have $2800, so my bank denied the transaction and charged me $35. I immediately logged on to PayPal and they had put up a bunch of verification hoops to jump through, which I gladly did.

I'm pretty savvy when it comes to phishing, I always hover over questionable links to see where the HTML leads to, and some of the phishing e-mails I get purporting to be PayPal are laughable, rather than laudable. Spelling errors, typos, repeat sentences with different information... I swear, the majority of phishers are complete idiots, and couldn't hold a job at McDonalds if they tried.

But that really says something about the intelligence of some of those recipients, since some people DO fall for the e-mails.

FYI, I changed my PayPal password from an 8-digit to a 20-digit, but my bank made the good suggestion that I change bank accounts as well, since that information might not be secure now, either.