Forgot your password?
typodupeerror
Security The Internet

CastleCops.com Hit With Reputation-Based Attacks 79

Posted by Zonk
from the its-a-dirty-web-out-there dept.
An anonymous reader writes "The all-volunteer based online fraud fighting group CastleCops.com is currently the target of ongoing reputation-based attacks in which criminals use phished PayPal accounts to donate thousands of dollars to CastleCops from dozens of victims. This attack appears to be in response to a recent series of failed denial-of-service attacks against the CastleCops, Web site. From the story: 'A few donations were for as little as $1, while other fake donations ranged as high as $2,800. To the victims of the stolen PayPal accounts, it looks as if CastleCops is the one stealing their money, when in reality, it's the attackers. Also, the fraudulent activity seeks to ruin their relationship with PayPal.' In a comment left on Washingtonpost.com's Security Fix blog, CastleCops co-founder Paul Laudanksi says while the group's site remains under a heavy DDoS attack, it is currently down due to a hardware failure, not the attack itself."
This discussion has been archived. No new comments can be posted.

CastleCops.com Hit With Reputation-Based Attacks

Comments Filter:
  • You'd think... (Score:4, Interesting)

    by ackthpt (218170) * on Tuesday September 18, 2007 @01:52PM (#20656143) Homepage Journal

    With CastleCops.com as a honeypot, ISPs could be contacted to the origin of the DDoS attacks, PayPal could do some investigating of their own as to the IP origins of donations and do something about this stuff.

    Fer Bob's sakes, this isn't 2001 anymore, when are these companies and perhaps goverment going to make some strides in shutting down bots and zombies?

    • by khasim (1285)
      It costs the ISP's money to turn off a customer's account ... and then deal with the customer calling and swearing that HIS computer is not the problem.

      The ISP's are NOT going to spend the money UNLESS they're facing larger fines if they do not do so.

      Not to mention that the ISP's usually don't hire the best and brightest out there. I don't believe they could tell the difference between the slashdot effect and a DDoS. How many of the people here would be happy to find out that their they've been cut off beca
      • Re: (Score:3, Interesting)

        by apt142 (574425)
        It also costs the ISP's money to leave the bot nets up. Imagine how much bandwidth would just free itself up if all the spam, phishing, DDoS, and virus attacks just stopped. I don't know the statistics, but it must make up a shit load of traffic.

        Of course, there is a profit to be made in people upping their connection speeds because their pwnd computer is spewing garbage.

        But, if I were offered a service where I could count on less of this crap clogging up my tubes, I'd take it.
      • by d3ac0n (715594)
        Actually, I know for a FACT that isn't true. Most ISP's (at least, US based ones) Are now using QOS and monitoring technology, and they regularly shut down virus-infected machines. I have contacts over at Time Warner's upper level tech support center, and they regularly get calls from people who have been shut down by TW's security division.

        Back when I was at that call center (it was Adelphia owned back then) Adelphia had an internal group call the Internet Policy Enforcement Team (IPET). They would co
    • Re: (Score:1, Informative)

      by Anonymous Coward
      Oh, aren't you the optomist.

      To get bot/zombie nets shutdown would require MASSIVE multi-National support of Government's, TELCO's, ISP's, and politicians. The Gov's are too busy with the future of oil for that to every happen. As far as the Telco's are concerned, they're too busy tracking your web usage and shoving money in their back pocket. ISP's are just trying to stay in the market, much less effectively clamp down on traffic coming from their users. As for Policitian's, the software and hardware compan
      • by ackthpt (218170) *

        Oh, aren't you the optomist. To get bot/zombie nets shutdown would require MASSIVE multi-National support of Government's, TELCO's, ISP's, and politicians. The Gov's are too busy with the future of oil for that to every happen. As far as the Telco's are concerned, they're too busy tracking your web usage and shoving money in their back pocket. ISP's are just trying to stay in the market, much less effectively clamp down on traffic coming from their users. As for Policitian's, the software and hardware comp

    • when are these companies and perhaps goverment going to make some strides in shutting down bots and zombies?

      It's up to you. Botnets allow this kind of activity and there really is no way to trace the communications back to the source without reverting to POTS. Even then, those with enough power and skill can go undetected. OS diversification will help. Elimination of the weaker OS will do more. You can demand your freedom, that the government quit subsidizing non free software and change the way you

  • How did we get here? (Score:4, Interesting)

    by Anonymous Coward on Tuesday September 18, 2007 @01:53PM (#20656155)
    How did we arrive at such a completely fucked-up state of affairs, where organized gangs from Russia control what is (arguably) the most powerful supercomputer in existence? How is it that cyber-criminals are able to act with such total impunity? Am I the only person who doesn't understand how this is being ignored amid all the noise about "the war on terror"?
    • Re: (Score:2, Interesting)

      by DragonTHC (208439)
      Russia doesn't care about this stuff. They are busy buddying up with china. And, china is busy hacking DoD servers.
      The russian mafia has been in control of the country since the fall of the soviet union. The FSB is made up of former KGB and mafia officers.
      These gangs operate with complete impunity.
      The answer to these problems is physically denying network access to these countries. Turn off their Internet access.
      This creates two problems: Let's see how long russia can go without the Internet, and let's
      • I'd have to say I agree... there isn't really any war against terrorism or really anything based on principle. It's all about what's politically ok. Making nice with Russia and China seems to be politically ok with the current administration, though it should make any true conservative cringe. From the liberal view point, we should not put up with these countries who have no basic declaration of rights for their own citizens. Anyone who thinks the Chinese and Russian governments aren't ecstatic about their
      • The storm bot network is mostly in western countries with unpatched windows machines. If we cut off the internet to russia a russian mob official could just log into the storm network from the Us or any other western nation.

        Also Reagan and many true conservatives refused to back down from the soviet union and neither will the current white house. However a second cold war is coming and you are 100% correct that Putin doesn't give a shit. Probably because the mobfia is more organized than his own security fo
    • It's much harder to get oil out of Russia. Plus Muslims and Arabs are much easier to target than some nebulous Russian Gangs. And as the final straw, it's a lot easier to scare joe sixpack that some ebil terrorist is going to blow up his minivan, than some Russian Gang is going to DDoS his non-existant website.

    • by db32 (862117)
      They aren't islamofacists that hate our freedom. They didn't try to kill our glorious leaders Daddy. They don't have vast...ok, well they do have a lot of oil, but its a hell of a lot more work to take it from them cuz they have "the bomb" already among other things. What are you confused about?
    • by psibrman (949329)
      It's because we elect the asses in the country to lead us. That makes our responsibility. I will write the asses called congress and senate and again they will
      sit on their asses. This why they're called asses. It's getting to the point
      that I think we'll only get the proper response is when a handfull of them are hanging from lamp posts in Washington. I will write the asses. I urge others to do so. Maybe
      we'll smell some gas from the hill which is not partisian
  • by EricKoh (669058) on Tuesday September 18, 2007 @01:56PM (#20656209)
    In Soviet Russia, phishers send you money..
  • by tomstdenis (446163) <tomstdenis@gmail.TIGERcom minus cat> on Tuesday September 18, 2007 @01:56PM (#20656225) Homepage
    Seriously. Is decency at such a low ebb that people have to stoop to attacking victim services and defense organizations? Seriously. Maybe if these people put half the time and energy they did into stealing they could actually get a real job and sleep well for a change instead of ripping people off all the time.

    And while they're at it, they could stop sporging sci.crypt and other groups. That'd be nice. :-)
    • Re: (Score:3, Insightful)

      get a real job and sleep well for a change

      I'm sure they sleep fine already. On a nice comfy expensive bed.
    • Seriously. Is decency at such a low ebb that people have to stoop to attacking victim services and defense organizations? Seriously.

      Nope. Thanks to our 24/7 instant news society, you just hear about things a lot more often

      Humans will always prey on one another. The only thing that varies is the degree

      • by Billosaur (927319) *

        Predators always tend to be outnumbered 100 to 1 by prey... which is why the predator becomes a consummate hunter and picks on the weak elements of the herd. No different on the Internet. The spammers and phishers are probably outnumbered 100,000 to 1, but as long as the continue to prey on the weak elements of society (read: the tech un-savvy), they will continue to prosper and flourish. They only way to make it harder for them is to change the environment they are operating in... or hunt them down.

    • by MLCT (1148749)
      What's wrong with people? The people that do this are scum, that's all. The digital age makes their activities much more visible, but they are essentially the same people that punch a grandmother in the face and steal her wedding ring - just criminal scum who will do anything to get what they want, no matter how low.
    • by Billosaur (927319) *

      Seriously. Is decency at such a low ebb...

      See also:

      • O. J. Simpson
      • Scott Peterson
      • Phil Spector
      • Robert Blake
      • Timothy McVeigh
      • by Afecks (899057)

        O. J. Simpson
        Hey, I thought he was innocent?
      • Jury is still out on Spector. While I understand what you are saying, let's at least uphold the "innocent until proven guilty" ethos.
        • by PhilHibbs (4537)
          I don't know if he's a murderer, but regardless of the current case, he's still a naughty man, and I'd have said he was such before the current case even started.
  • Modern-day Joe Job (Score:3, Informative)

    by njfuzzy (734116) <{ian} {at} {ian-x.com}> on Tuesday September 18, 2007 @01:59PM (#20656271) Homepage
    A few years ago, I got hit with a Joe Job. Someone sent out spam to a very large list, pretending to be me, advertising a service I actually provided then. The email was badly spelled, made the emphasis very unprofessional, and linked to my site. The goal, and maybe the result, was to make me look like an ignorant, asshole spammer. They paaid to do this, though not a lot I imagine. This seems to be a very similar kind of attack.
    • by tomstdenis (446163) <tomstdenis@gmail.TIGERcom minus cat> on Tuesday September 18, 2007 @02:04PM (#20656397) Homepage
      At least your joe-job sounded PG-13. When crypto trolls in sci.crypt wanted me off the scene they posted child porn with my home address and phone number (neither kept secret, but obviously I didn't want them tied to that). After the initial wave of kiddie porn, they decided to re-post my posts in thousands of groups. When my 2nd book was coming out they re-posted a single post I wrote about the book (sans URL) and included the URL. Net result, lots of death threats, spam, hate mail, and low reviews on Amazon from people who have never read the book.

      The sad thing is, if someone really wants to cause hell for another it's not all that hard. 99% of net users are ignorant to how trustworthy things like a "from" address are. In fact, we had to joe-job [privately] one irate poster who kept assuming joe-jobs were impossible with email. So my brother and I sent him emails with his name and address on them. (this was all in private, not public). In the end he told us to leave him alone (and we did) and he never really conceded the point.

      People are dumb. This just proves they're also mean.

      Which is why I study music instead now. The Internet is just too much of a waste.
      • by Billosaur (927319) * <wgrotherNO@SPAMoptonline.net> on Tuesday September 18, 2007 @02:44PM (#20657187) Journal

        Which just goes to show what psychologists have known for years: the mob is fickle and easily incited. All you have to do is chant "child porn" and point a finger and the dogs are all over you. What hurts with something like that is that information on the Internet has permanence unlike anything else, which mans even if you clear up a misconception, misunderstanding, or outright fraud, the original information continues to exist and people will still believe. To paraphrase, "a lie repeated often enough starts to sound like the truth."

    • The email was badly spelled, made the emphasis very unprofessional, and linked to my site. The goal, and maybe the result, was to make me look like an ignorant, asshole spammer. They paaid to do this
      Does that mean that this message is another fake attempting to make the real njfuzzy look unprofessional then?
      • Re: (Score:3, Funny)

        by njfuzzy (734116)
        Oh my god, I made a typo. You have shamed me for life.
        • by Dogtanian (588974)

          Oh my god, I made a typo. You have shamed me for life.
          That's odd, it was only supposed to be a lighthearted joke. Maybe I should go back to sticking ;-) smileys at the end.
  • fraud is the biggest problem of paypal. here we have an anti fraud org under attack by fraudsters.

    paypal under ebay is not stupid as the old paypal to not understand the importance of this, and not defend the enemy of its enemy.

    • by abbamouse (469716)
      "paypal under ebay is not stupid as the old paypal to not understand the importance of this, and not defend the enemy of its enemy."

      I seriously have no idea what this means. Try dropping out a few "nots" and rephrase. Is the new or old paypal more stupid? They both seem idiotic to me.
  • by packetmon (977047) on Tuesday September 18, 2007 @02:18PM (#20656631) Homepage
    You know... A while back I rambled on about lazy ass engineers [merit.edu] who have the capability to stop botnet DDoS traffic. Went unanswered, some mumbled those with the capabilities to stop it did nothing. As for the financial fraud occurring, its unfortunate but will likely be resolved too. Its a shame when people go out of their way to make things better only to be trampled upon. Kudos to Castlecop's team for their resiliency. As for the network engineers who peruse this site, this could one day be you too. Think about that before you decide to just brush away calls for assistance when dealing with botnets and attacks.
  • The Republican Party made a generous donation to the Black Panthers.

  • Paypal can add an option for your donation account to verify by phone before accepting the charge. This way you call every donator to confirm their donation (and probably thank them) before their credit card is charged.
  • for making it on the news. If it wasn't for you I wouldn't have know CastleCops.com excisted. Extra attention you didn't want.
  • by maxin16 (1112815)
    "the group's site remains under a heavy DDoS attack"

    Doesn't this always happen when a site is mentioned on Slashdot?
  • The internet is essentially currently ruled by the might-as-right school. Thus, the necessity of "vigilante" groups like CastleCops, and their own destruction at the hands of gangsters in control of botnets.

    Until national governments get serious about bad actors in their countries (China and Russia, I'm looking at you), we won't have real justice on the net.

    And then, once we do, we'll need to make sure our national governments keep it reasonable.

    Gah. Maybe anarchy is better.
  • I have always been fascinated with DDoS attack. The ability to attack a single target from various computers has made me grown knowing the importance of network security. And the target that can stand the test of DDoS is even fascinating. If it is as acclaimed, then, my heartiest congrates to CastleCops! And PayPal..just a reminder. Please be aware that PayPal is not a bank. So it doesn't have any kind of obligations to follow any of the rules and regulations of a bank. Which means it is not entitled, to r

Sentient plasmoids are a gas.

Working...