Hacker Group Demands "Idiot Tax" From Payday Lender 263
snydeq writes "Hacker group Rex Mundi has made good on its promise to publish thousands of loan-applicant records it swiped from AmeriCash Advance after the payday lender refused to fork over between $15,000 and $20,000 as an extortion fee — or, in Rex Mundi's terms, an 'idiot tax.' The group announced on June 15 that it was able to steal AmeriCash's customer data because the company had left a confidential page unsecured on one of its servers. 'This page allows its affiliates to see how many loan applicants they recruited and how much money they made,' according to the group's post on dpaste.com. 'Not only was this page unsecured, it was actually referenced in their robots.txt file.'"
Strange sense of morals (Score:5, Insightful)
Just because I left my door open, doesn't mean it's okay to steal.
Re: (Score:2, Insightful)
'Not only was this page unsecured, it was actually referenced in their robots.txt file.'
Sounds more like they took the door off the hinges, and put up a big sign saying "NO DOOR! COME ON IN!".
Re:Strange sense of morals (Score:5, Interesting)
If it was explicitely mentions in their robots.txt file, I assume it was done so to be excluded from robots.
More like having an unlocked door with a sign saying "Do not enter".
Yes, it was pretty damn stupid and very easy to avoid. That still doesn't make it okay for anybody to copy the data. If you see such security failures on a website, the right response is to inform the website owners. As I said; it's a strange sense of morals.
If those hackers get caught and fined, I assume the hackers will consider that an "idiot tax" as well. Afterall, they were idiotic enough to get caught.
Re:Strange sense of morals (Score:5, Insightful)
If those hackers get caught and fined
These geniuses will get more than a fucking fine if they're caught. Blackmail and extortionare serious criminal offences, so fthey'll be spending some quality time in prison.
Re: (Score:3, Insightful)
Really? If someone illegally obtains information, they should be allowed to ask for money to keep quiet?
Re: (Score:2)
Downloading a file that is listed in robots.txt (and therefore is by inference available for humans to access through a browser) is illegal?
Re: (Score:2)
Re: (Score:3)
No, it is the Internet equivalent of "dumpster looking", since you aren't physically there and the original objects remain untouched.
Also to reply to the GP who started the no door metaphor: That one is inaccurate and deceiving. A correct metaphor would be: Leaving you front door unhinged while also having wallpapered your entry hall with classified documents, with a banner outside saying "Classified documents. Do not look!"
Re:Strange sense of morals (Score:4, Informative)
Re: (Score:2)
Re: (Score:3)
Reputations aren't your possessions. They are what other people think of you. You can't own other peoples thoughts.
Same thing with anything of value. You can own the item but not the value of it since the value is only what someone else is willing to pay for it.
Re: (Score:2)
"Blackmail is such an ugly word. I prefer 'extortion' - the 'X' makes it sound cool." - Bender Bending Rodriguez
Bad definition (Score:3)
Re:Strange sense of morals (Score:5, Funny)
...the right response is to inform the website owners.
Well, they did.
Re: (Score:2)
If it was explicitely mentions in their robots.txt file, I assume it was done so to be excluded from robots.
More like having an unlocked door with a sign saying "Do not enter".
Yes, it was pretty damn stupid and very easy to avoid. That still doesn't make it okay for anybody to copy the data. If you see such security failures on a website, the right response is to inform the website owners. As I said; it's a strange sense of morals.
If those hackers get caught and fined, I assume the hackers will consider that an "idiot tax" as well. Afterall, they were idiotic enough to get caught.
After reading about the people behind anonymous getting sent to federal "pound me in the ass" prisons, I'm sure these guys will as well. They'll probably be in even more trouble since it was an extortion scam. The only thing I wonder is how long until that happens.
Re:Strange sense of morals (Score:4, Interesting)
Sounds more like they took the door off the hinges, and put up a big sign saying "NO DOOR! COME ON IN!".
Since the robots.txt was actually asking search engines not to index that page.
The sign was more like "You see that door there. Yes, that one. Do not go there. Do not open it. There is nothing to see there. "
Hopefully, that was just a robot's trap with dummy data in it.
Re:Strange sense of morals (Score:4, Interesting)
It will be fun to see, one day, when someone sets up the equivalent of a shotgun behind the door.
Re: (Score:2)
'Not only was this page unsecured, it was actually referenced in their robots.txt file.'
Sounds more like they took the door off the hinges, and put up a big sign saying "NO DOOR! COME ON IN!".
Yes, but only for 0.01% of the population, everybody else saw a stone wall.
Seriously, if a bank left the vault door open (which they do), would you feel comfortable walking in with a camera and taking pictures of account numbers?
Re:Strange sense of morals (Score:5, Insightful)
It's not stealing, since they didn't delete the original file...
By putting a file on a public webserver, they were PUBLISHING that data. Wether they did so intentionally or not is irrelevant, they did publish it.
Anyone who accessed it did nothing wrong, they were simply using the website for the function it was intended, to access data made available to the public on it. They did not have to exploit any vulnerable services, nor did they bypass any form of access control.
The fault lies purely with the company for publishing such information.
The only thing the "hacking" group have done wrong is the attempted blackmail, they got the actual information fair and square.
Re: (Score:2, Insightful)
Not stealing, no. Extortion, blackmail, whatever you want to call it, yes, and still very illegal and rightfully so.
Re:Strange sense of morals (Score:5, Insightful)
Not stealing, no. Extortion, blackmail, whatever you want to call it, yes, and still very illegal and rightfully so.
Sort of like the current pay up or i take you to court that is all the rage these days?
Re: (Score:2)
Police do it all the time (Score:2)
while questioning suspects & informants, so it must be ok.
Re:Strange sense of morals (Score:5, Insightful)
Even if they did delete the original file it would not be stealing, but destruction of property.
Thank you for pointing out the flaw in the open door analogy that always gets trotted out. Although intent does play a factor, the important word in the law is "unauthorized" or whether or not actions "exceeded authorization".
Web servers are not open doors, and they are not like TRON.
They simply serve documents. Sometimes they will ask for security credentials before serving the document, or check internal policies (htaccess/session based authorization and ACL), but always end up serving a document even if it is a simple response in a header like a 404.
The only thing these hackers did was ask for a file (robots.txt) and notice that it mentioned another file and then asked for it directly.
"Exceeded authorization" would be an interesting argument because computers always do what you tell them to do, not what you meant for them to do. So while this company may not have intended to give authorization, they did in fact, give authorization to download the file. At the very least, they did not deny the hackers the ability to download the file, and were at no time confused about the identity of the hackers (representing public users).
If there is any appropriate analogy here it is that the company had a moron executive walking around with a briefcase full of business data, some random person asked if it was the business data and if they could have it, and the moron executive said why not, here it is. After the fact, random person contact company, informs them of said stupidity, and attempts to assess "idiot tax".
Idiot tax is highly appropriate here.
I would not prosecute these so-called hackers for computer crimes, but simple extortion.
Re: (Score:2)
The only thing these hackers did was ask for a file (robots.txt) and notice that it mentioned another file and then asked for it directly.
Plus the whole "give me money or I will make your customers pay" thing.
It boggles my mind that people will avoid morality issues like this by hiding behind semantic considerations.
Re: (Score:2)
Irrelevant.
Federal Law says that if you access their servers and you were not authorized to do so, then you have committed a computer crime, no matter what analogy you come up with.
Re:Strange sense of morals (Score:5, Interesting)
So if I set up a public webserver and send out an internal memo saying only certain people can access my web page and then google finds my webpage and you click on the link, I can have you charged with a computer crime?
robots.txt doesn't say "do not go here," instead it says "do not index this page." You can put a page in robots.txt that is meant to be accessed.
Re:Strange sense of morals (Score:4, Insightful)
The web server authorised you to have access to it. Period.
Authorized (Score:4, Insightful)
Right, but I think the point is that it's a stupid law. (And therefore nobody respects it or obeys it, and therefore nobody expects anyone else to obey it, and therefore that law is useless to (and probably even contrary to) the cause of justice.) In a thread titled "strange sense of morals" that's not irrelevant.
Are you authorized to read the data at http://amazon.com/ [amazon.com]? How do you know? Who authorized you? When? What evidence do you have that you were authorized to request that page? What evidence do you have that you were authorized to receive the reply after you request that page?
I know those are all stupid questions, but only because you have not been authorized to read Amazon's page, or if you have, it was done secretly inside Amazon and was never communicated to you. That is why it is a stupid law.
It reminds me of how nobody has ever actually been prosecuted for playing a CSS-protected DVD on a DVDCCA-approved DVD player. Every time you descramble the CSS on a DVD, that's "circumvention" and illegal per DMCA, unless you have authorization by the movie's copyright holder, to do that. But of course, nobody has ever gotten authorization to do that. (Disagree? Prove it, or at least show some modest indirect evidence. This is harder than you think. Hint: purchasing the DVD does not imply permission to descramble the CSS, or else 2600 would have won their DeCSS case.) Every time anyone played a commercial DVD or BluRay, they were breaking the law, and the player manufacturer and the retail store who sold the player, broke the law too. That is, unless there's some sort of secret and uncommunicated authorization.
So how do you know if you're authorized? You don't. You never know, until you moment you die without ever having been called to court.
Same for public web servers. Everyone just assumes that information left in public, and without any notices it shouldnt' be accessed, nor with any even half-hearted ineffective attempts to limit access, is .. well .. publically accessible. But then fuckwits come along with a law saying you need authorization -- something that no one ever has, or at least can never show or demonstrate they have. The only authorization is hidden within the mind of whoever owns the server. It is never revealed, and it's lack is also never revealed, until the moment you get a letter from a lawyer or are confronted by a cop.
They can retroactively say you didn't have authorization, and there's nothing anyone can do about it. Any arguments they make which happen to get applied to clearly valuable or sensitive information (situations where common sense tells you the owner wouldn't want the information to be public -- situations the law was ostensibly intended to cover) apply just as logically to Amazon's home page. It's just that if Amazon prosecuted you for shopping at their store, the judge wouth laugh them out of court despite the technical wording of the law, simply because it's so absurd. Common sense would prevail if Amazon sued you for being a customer -- in defiance of what Congress wrote.
But in between these two extreme examples, is a shitload of gray area. (Nearly everything you did on the web today was technically illegal.) The written law doesn't distinguish between any two points along this spectrum, just as DMCA doesn't distinguish between pirates and people merely playing their DRMed movies on Sony players. It must necessarily comes down to a judge needing to pull an arbitrary decision out of their ass, every single time.
Not that I have any sympathy for the bad guys in this case. The extortion is illegal in itself, and shows some clearly malicious intent. If
Re:Strange sense of morals (Score:5, Insightful)
"Exceeded authorization" would be an interesting argument because computers always do what you tell them to do, not what you meant for them to do. So while this company may not have intended to give authorization, they did in fact, give authorization to download the file.
One of the core principles of American law is that the intent matters. You can kill someone in a horrifically gruesome manner, but if it was purely accidental, you'll get a much smaller punishment, if any. Here, if the system administrators made any effort to restrict access to the data (such as explicitly blocking it from search engines, for example) they can make the case that it was their intent to keep the information hidden, so any attempt to access it is unauthorized.
Authorization does not stem from what you can do, but what you have been explicitly given the authority to do. Putting a thin veneer of technology over "might makes right" doesn't change the underlying principle.
Here's another appropriate analogy. A moron executive is walking around with a briefcase full of business data, and some random person comes up, grabs the briefcase, and runs off. The thief wasn't given permission to take it, so it's theft, regardless of the executive's inability to stop it, and regardless of the fact that the briefcase was visible to the world.
Re:Strange sense of morals (Score:5, Insightful)
Intent is rather difficult here.
You got the briefcase analogy wrong. You're forgetting that the executive was asked what the briefcase contained and handed it over without duress . There was no theft, and all times, all actions were authorized by the executive.
The webserver can only do what a company representative told it to do. So the intended level of authorizations needs to match the programmed level of authorizations. The responsibility for that lies entirely with the company.
Pedantic? Not hardly.
Consider this analogy:
You have a food cart. It is staffed by an incompetent employee. Customer walks up and asks if there are hamburgers available. Employee responds yes. Customer asks if just anyone can have it (more accurately the employee never asks who the customer is). Employee responds that it is for everyone. Customer asks for 10 hamburgers. Employee hands over 10 hamburgers.
Now 4 hours later when the police arrive at the customer's home and charge him with theft, is it correct?
I would argue that it is not. The owners of the food cart may not have intended for the hamburgers to be free, or even advertised as available yet, but that is not what their employee said is it? It could even be highly unusual that hamburgers are free, and that a normal person would find it unusual, but once again, the employee handed them over.
It's an important distinction for me because I don't like legislating the protection of the stupid, and don't want corporations to get off lightly. It's a really bad precedent in which logic and reason get thrown out the window to protect the rich and powerful. Standards need to be maintained.
Put the hackers in jail for extortion and fine the crap out of the company for not properly configuring their webserver.
Re: (Score:3)
No, I presented one that's closer to the subject of this story. The attackers didn't call the company and ask if they could have access to records. They just did what they wanted, and you're arguing that it's legitimate because nothing successfully stopped them.
You don't have to make a voice call to a company to authorize the retrieval of a document from a webserver.
They did not do just what they wanted. They did what the webserver allowed them to do. Your ignoring the cooperation of the webserver.
The records were retrieved using a tool that is incapable of conferring any legal authority, and in this case not even capable of validating the client's authority. Knives don't magically dull when you try to stab someone, guns don't check their target for a pulse before firing, and web servers don't deny requests that they aren't told are special.
No. Webservers are a tool that are perfectly capable of representing legal authority. They must be programmed. The person programming it must be representing the legal authority. Therefore, the programming represents the legal authority.
Not capable of validating
Re: (Score:3)
No. They should not be prosecuted. Depending on the state, the company should be prosecuted, and/or fined.
The company was the one at fault here. While computers and webservers can be complicated at some points, that does not excuse a company taking appropriate steps to secure customer data.
This was not a security exploit and no hacking was actually performed. That webserver was configured to deliver that customer information upon request to any public user without prior authorization.
Re: (Score:2)
It was obviously not intended to be published to the world. Once you're doing hostile penetration analysis, you've well beyond "fair and square".
Re:Strange sense of morals (Score:5, Interesting)
Accessing a page referenced in robots.txt is not "hostile penetration analysis." It's basically just picking up a dollar bill left on the ground. Just because half the population doesn't know how to look at the ground (metaphorically) doesn't mean that it's stealing.
Re: (Score:3)
Accessing a page referenced in robots.txt is not "hostile penetration analysis." It's basically just picking up a dollar bill left on the ground. Just because half the population doesn't know how to look at the ground (metaphorically) doesn't mean that it's stealing.
If I put a dollar on the ground on my driveway, its stealing for you to pick it up.
Re: (Score:2)
If you put a "no entry" sign on your driveway, is it stealing for me to read it?
Re: (Score:3)
Re: (Score:2)
The assumption here is the page referenced by robots.txt simply dumps *all* this information. I'm not sure that's the case.
While it's possible this page just dumps everyone's info, it's more likely that it dumps for a specific affiliate account. I feel like there had to be some SQL injection or s
Re: (Score:3, Insightful)
I really hope people like you get their bank accounts cleared out by criminal twats like these idiots, then you'll see whether "just copying" information is so fucking harmless. Want to share your bank login and password information with me?
Re:Strange sense of morals (Score:5, Insightful)
More accurately, it's like accidentally posting a photocopy of your credit card on a bulletin board, presumably with a variety of other documents.
Interestingly enough, if you were to do the above and be so careless, I'm not entirely sure if the bank would be obligated to refund your money. Certainly, most banks/credit card companies have policies speak about only 24 hours to report "stolen" credit card information to maintain minimal liability on the card holder's part. Having said that, the criminal is still, well, criminal.
Considering the GP didn't speak about "just copying" information being harmless, I'd gather the answer is no. After all, the point isn't that blackmail or clearing out someone else's bank account isn't illegal and unethical/immoral. It's that one can't charge the person with "hacking" just because you're careless anymore than you could charge people with theft because they took a photo of your photocopied credit card. I mean, a lot of people may have accessed the information and done little or nothing with it; but certainly, there's a lot of legal things you could do, like mock the person who was so careless with their personal/company details.
Re:Strange sense of morals (Score:5, Insightful)
That is like saying that if I drop my credit card in the street I have "published" its details for everyone to see due to my own carelessness.
Yes, that's precisely what you've done.
"just copying" information is so fucking harmless
Correct. It's what's done with the information afterwards that inflicts the harm.
Re: (Score:2)
Re: (Score:3, Insightful)
OK, pedantry +1.
I know people on slashdot LOVE to 'game' legalities in this sort of situation (let's do one about copying music without paying for it next!), but to suggest that people who accessed it did 'nothing wrong' you have a pretty fucked-up moral code.
I'll absolutely agree that the company putting it up unsecured was at fault for doing something staggeringly dumb.
But having to 'exploit' something, or 'bypass' things isn't the line by which I measure whether something is 'wrong' or not. Ethically, p
Re: (Score:2)
It's unfortunate that today's society seems more concerned with what they can 'get away with' or how closely they can skate to the rules, than simply recognizing the difference between right and wrong.
Meanwhile, the 29.97% interest rate that the payday loans people charge (and that only because 30% is considered usury and is illegal) is in no way wrong? Even when you consider that the people who take payday loans are generally the poorest part of the population?
I'm not arguing that trying to extort money from the payday loans people isn't wrong... it is. Very much so. But simply obtaining the information from the website is not wrong... people are using the open door analogy which is fundamentally flawed
Re: (Score:2)
The only analogy that applies is the one the Federal one. You know, the one that says if you access unauthorized information, you have committed a computer crime.
Re: (Score:3)
Meanwhile, the 29.97% interest rate that the payday loans people charge (and that only because 30% is considered usury and is illegal) is in no way wrong?
Don't forget the mystery math that lets them charge that percentage against your payment, not your principal.
$100 principal loan at 29.97% of the principal owes the obvious amount of $129.97 in payment.
$100 principal loan at 29.97% of the payment costs the more common amount of $142.80 in payment, an effective (and legal) 42.8% interest rate.
Re:Strange sense of morals (Score:4, Informative)
There is, however, a distinction between morality and legality. Just because something is immoral doesn't make it illegal. Extortion is illegal. I don't think anyone is arguing that it isn't. The argument is if accessing a public webpage is a criminal act under the computer fraud and abuse act.
Being an ass, like stupidity, is not necessarily a criminal offense.
Re: (Score:2)
People who make a living off the misfortune of others, like pay-day lenders, also have a fucked-up moral code. And just because they have money to influence legislators to make their practices legal, doesn't make it right.
So of course the moral thing to do in retaliation is to share the private data of the people who use these services.
Yep. That'll teach those evil companies and politicians.
Re: (Score:2)
So it's copyright infringement, They can be fined $29,000,000,000,000,000,000 for lost revenue. That's what the RIAA claims for a Justin Beeber song.
Re: (Score:3)
From http://www.robotstxt.org/robotstxt.html [robotstxt.org]: Web site owners use the /robots.txt file to give instructions about their site to web robots; this is called The Robots Exclusion Protocol.
robots.txt is not a "forbidden list." It is simply a polite request to avoid a robot crawling things that should not be indexed. It is often used to avoid a bot pulling an ftp site published via http or crawling dynamically generated content.
Nothing illegal, immoral or fattening about manually accessing a file listed in a rob
Re:Strange sense of morals (Score:5, Interesting)
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Re:Strange sense of morals (Score:5, Funny)
Not quite the same as you've got an expectation of privacy if you're in your house. This situation is more like a beautiful woman undressing on a theatre stage and not realising that people were watching.
This situation is most like someone accidentally leaving their Ferrari unlocked with the keys in, and some fourteen year old joyrider borrowing it for a few hours, then attempting to blackmail the owner because he found some pictures of his mistress in the glovebox.
If you're going to do a stupid analogy, at least make it a car one.
Re: (Score:2)
Not quite the same as you've got an expectation of privacy if you're in your house.
Yes, but the post you replied too stated that the hypothetical woman had stripped in front of an open window. That's carelessness, and in the UK at least you can't complain if you feel your privacy was violated by someone observing you from beyond the boundaries of your own property. In a recent court case mentioned by Private Eye magazine, a man was even found guilty of indecency for cracking one off in his own bathroom, s
Re: (Score:3)
I think how well you analogy fits might get to intent.
You could also look at it like. These guys showed up at their house, with burglars tools planing to beak in. They try the door first and discover its been left unlocked. Okay its not longer breaking an entering but its still trespassing. What they did with the data afterward is still extortion.
Most crimes have intent as part of their definition. That is how we have to separate innocently running across confidential data mistakenly published and acti
Can I get a car analogy instead, please? (Score:4, Funny)
Fucking door analogies, how do they work?
It's not okay to steal? No shit, Sherlock.
Re: (Score:2)
No, but if you left the curtains open, it is not illegal to stand on public property and look into your living room - or bedroom, for that matter. It might not be morally okay, but it is not illegal.
Re: (Score:2)
Actually that probably is illegal. Public property is not freely available for any use whatsoever. Pavements are for getting from one place to another. Any other use, such as setting up a tent to sleep in, selling things, busking, and (quite possibly) standing and staring into someone's bedroom are not legitimate, legal uses of common property.
Re: (Score:2)
I'd prefer to say that stealing is wrong on principle, but the precautions or invitations one emits may change whether or not it's really stealing.
Re: (Score:2)
If you are already stealing from others? yeah it's ok.
Re: (Score:2)
That doesn't make extortion right at all, of course, but looking at it the other way around: don't let the extortion attempt distract you from expecting the company in question to take more than a little flack for not being able to do their job (that part of the job which involves keeping their client's information secure) properly.
Re: (Score:2)
Just because I left my door open, doesn't mean it's okay to steal.
Yes, but it was still a crazy stupid move of Americash not to pay. It would have been worth way more than $15,000 just to find out details on how they had done it (and close a major vulnerability in the system).
Re: (Score:2)
What kind of morals did you expect from a group calling itself "king of the world?"
Re: (Score:3)
no it's not, in your analogy the person is consciously sending the contents of the safe to you. at no point in the actual scenario did this happen.
we can agree however, that accessing the information was not a criminal offence.
what they did with the data afterwards quite clearly is though.
Really ... (Score:2)
One would suspect the FBI might soon be levying it own 'idiot tax' on Rex Mundi ...
unless of course said hacker is not US-based but that would raise EVEN MORE questions about the ethics if hackers are getting involved in commercial arrangements in FOREIGN countries
Re: (Score:3)
The article also mentions some Belgian institutions like Dexia Bank and a temping agency.
Re: (Score:2)
My only worry is that "Rex Mundi" is probably an autistic thirteen year old and therefore can't be prosecuted as a mentally competent adult.
Re: (Score:2)
I don't understand. Is it more ethical to do extortion in your own country than in a foreign country?
No laws borken? (Score:3)
Re:No laws borken? (Score:4, Insightful)
Even if the publishing of the data itself has no legal implications, I suspect the extortion would be enough to get these guys into a sh*tload of trouble,.
Re: (Score:2)
Re:No laws borken? (Score:5, Insightful)
You're kidding, right? This is clear-cut extortion. You don't have to threaten to commit a criminal act to be guilty of extortion: all you need to do is threaten to do something unpleasant and demand something in exchange for not doing it. "Give me $5 or I'll punch you" is extortion, but so is "Give me $5 or I'll tell everyone you have a crush on Suzie", even though saying so is not a crime, and even though Suzie may already know.
http://en.wikipedia.org/wiki/Extortion [wikipedia.org]
Re: (Score:2)
Re:No laws borken? (Score:4, Insightful)
Among other elements, extortion requires a threat to the person or property of the victim, or someone associated with the victim. There is none here.
Bullshit, if I say "pay me $20,000" or I'll do X" that is extortion (demanding money with menaces in the UK i.e. what gangsters do)..
Re: (Score:3)
You're kidding, right? This is clear-cut extortion. You don't have to threaten to commit a criminal act to be guilty of extortion: all you need to do is threaten to do something unpleasant and demand something in exchange for not doing it. "Give me $5 or I'll punch you" is extortion, but so is "Give me $5 or I'll tell everyone you have a crush on Suzie", even though saying so is not a crime, and even though Suzie may already know.
http://en.wikipedia.org/wiki/Extortion [wikipedia.org]
Pay up or I'll sue you.
Re: (Score:3)
You're kidding, right? This is clear-cut extortion. You don't have to threaten to commit a criminal act to be guilty of extortion: all you need to do is threaten to do something unpleasant and demand something in exchange for not doing it. "Give me $5 or I'll punch you" is extortion, but so is "Give me $5 or I'll tell everyone you have a crush on Suzie", even though saying so is not a crime, and even though Suzie may already know.
http://en.wikipedia.org/wiki/Extortion [wikipedia.org]
Pay up or I'll sue you.
Pay me royalties for patents i have, that may or may not apply, or I'll sue you.
Re:No laws borken? (Score:5, Interesting)
Actually, depending on jurisdiction there are these small, but important, differences.
Where I live, for example, it is only extortion if you threaten someone with illegal consequences. So beating them up if they don't pay is extortion, but telling his wife about his mistress if he doesn't is not.
Yeah okay (Score:2)
But give me 5 dollar or I tell everyone about this post of yours on slashdot, that is a bit less clear. How can you extort someone with information they published themselves?
Also, for a financial institution, it is illegal to have information so readily available. Who is the bigger criminal here?
If I exort your by saying give me a fiver or I will tell everyone where you buried your victims MIGHT see the police question me but it is YOU that will end up in jail.
Go ahead bank, file charges against the hackers
Re: (Score:2)
"Who is the bigger criminal here?"
One crime doesn't excuse another. AmeriCash might receive a substantial fine, but Rex Mundi is looking at serious jail time if they get caught. Since they've done this more than once, they can be prosecuted under US racketeering law, which means decades in federal jail, forfeiture of assets, etc.
Re: (Score:2)
"But give me 5 dollar or I tell everyone about this post of yours on slashdot, that is a bit less clear. How can you extort someone with information they published themselves?"
There's a difference between accidental exposure of embarassing material and deliberate publication. This is more like if a love letter from my mistress fell out of my briefcase and you picked it up. Yes I should have been more careful, but you're still committing a crime.
"Go ahead bank, file charges against the hackers"
The bank doe
Sources (Score:3)
This here is an example of not using appropriate sources:
Customers? (Score:5, Insightful)
First time protecting their customers was part of these people's business model.
Re:Customers? (Score:5, Insightful)
A farmer might protect his cattle herd, doesn't mean he isn't going to eat them.
Re: (Score:2)
Apparently, their costumers' data doesn't worth $20000 to them (or they don't trust the hackers.).
robots.txt (Score:2)
I.e., they left the front door open and attached a post-it saying "please don't look under the shelf".
Re: (Score:2)
I.e., they left the front door open and attached a post-it saying "please don't look under the shelf".
in a building that had a constant stream of visitors. don't forget that.
Re: (Score:2)
More specifically, they said "please don't look under the shelf IF YOU ARE A ROBOT"
Re:robots.txt (Score:5, Insightful)
and then someone came and looked under the shelf anyway, found embarrassing photos that would be incredibly embarrassing to you and thousands of your friends. made copies of the photos and tried to illegally extort money from you.
My heroes! (Score:5, Insightful)
So basically, they're coming to the defense of customers being ripped off by this lender, and are they're going to show 'em who's boss by widening the customers' exposure to identity theft? Wow, there's some moral high ground there. The customers must be so grateful.
"Howdy neighbor. I happened to hear you beating your wife last night. You can give me $1000 and I'll go away quietly. Otherwise, I'll give her another beating myself."
Re: (Score:2)
Wow, there's some moral high ground there.
The people you are talking about are sociopathic, socially inadequate egotistical fantasits, if you're being generous, and simple criminals if you're not. Morals don't come into it either way.
Re: (Score:3)
To which AmeriCash shouted back, loud enough for everyone to hear:
"A thousand dollars? Are you nuts? Just come over here and see how much I care about my wife!"
Re: (Score:2)
The only losers here are AmeriCash Advance customers.
Re: (Score:2)
The only losers here are AmeriCash Advance customers.
True. Only losers would get a loan from AmeriCash Advance.
So that's OK then, Mr Fucking Billionaire-Twat?
Re: (Score:3, Informative)
People don't have a clue as to how difficult that business is!
You have to look at losses as well to judge. Imagine you put your entire savings on the street, and anyone who came to you and said "hey, can I borrow some money?", you simply hand them a stack of bills. How many of those people are going to pay you back?
The loans are expensive because the default rates are phenomenally high (depending on the biz, up to 50% simply walk away from the loan at some point). And the
Re:Scum fighting scum. (Score:5, Insightful)
no, the reason to hate them is that they're giving loans to people who shouldn't be given loans in the first place. otherwise they could be getting it from the bank for 15% apr.
usually it's just plain old usury.
(I guess in usa you can bankrupt yourself and really walk away from the loan though? or is it like europe where you can't pretty much walk away from it short of stopping to paying taxes and having legal income totally).
Re: (Score:3)
The loans are too small for it to be practical to take legal action...your typical loan is $300 with a $90 finance charge. A lawyer costs much more than that... So yeah, you can walk away and forget about it. And many people do, fraud and default is rampant, and that fact makes the entrapment argument is kind of silly.
And the funny part is, despite the e
Re:Scum fighting scum. (Score:5, Informative)
Sorry, but gl4ss was right when he said:
no, the reason to hate them is that they're giving loans to people who shouldn't be given loans in the first place. otherwise they could be getting it from the bank for 15% apr.
You give a few specific examples of times when people need to take payday loans, but the simple reality is that if you have a credit card or an overdraft with the bank, you don't need a payday loan. That's what credit and overdraft are for.
And I'm not entirely sure where you get the idea that a $300 loan with a $90 finance charge is "much, much cheaper than bank overdrafts". I have an overdraft on my chequing account, and the APR for going into it is prime + 2%. Prime lending rate with my bank right now is 2.25%, meaning that the *annual* interest rate for going into overdraft is 4.25% for me. There is a "convenience fee" stipulated in the contract of $25, but that gets waived if I haven't used the overdraft in more than 30 days. The point of an overdraft is *not* to give you an extra $1000 to spend as you will, it's to let you write cheques for emergency things like fixing your car without worrying about whether you'll have the money until next Friday.
And the funny part is, despite the expense, the only people who hate payday loans are the people who have never had one. The lenders are scared of being legislated into the dog house, so they're careful and play nice.
29.97% interest rate on loans is *not* playing nice. That's how much the payday loans people charge in this neck of the woods, and the only reason they charge so little is because usury laws prohibit charging 30%. My Visa rate is 12.9%. It could be lower if I was willing to pay an annual fee, but I don't carry a balance, so I don't really care what the rate is. It is cheaper, by far, for almost all of us to put that car repair on credit than it is to get a payday loan. The only people who *need* to get a payday loan are the people whose credit is bad enough that they can't get a credit card, and you need to have pretty bad credit to be in that situation. (if your credit is absolutely *terrible* you can still get a card at 29% annual interest, which is the same that the payday lenders charge, but the credit card won't charge you the $90 processing fee on a $300 loan, they'll just start charging interest 30 days after the purchase date).
If a customer is having trouble, all they have to do is say so. Generally they'll stop assessing interest, and then they'll create an installment plan that works best (e.g. one that makes the customer happy so they won't walk away).
If you think credit cards and bank loans don't work like that, then you've never dealt with a credit card or a bank. If you have a good relationship with your bank manager, then this kind of thing is easy to arrange with them. Even if you don't have that kind of relationship, most of them have a clause that will let you skip a payment, and most credit card companies will lower your interest rate without argument if you call them and ask them to do it. (the "official" interest rate on my Visa is 19.99% to start... I called them and asked them to lower it).
So yeah. I do hate payday lenders. And no, I've never needed to use one. But I still have a legitimate reason for hating them: their client base is, by and large, people who are at the lower income tiers and can *least* afford to pay the exorbitant rates they have. Beyond that, their client base is, largely, people who were never taught how finance actually works, and they are being taken advantage of. Nobody has bothered to explain to these people that they are buying the most expensive credit on the market, and it sets up a vicious cycle. I know too many people who get into a payday loan and end up getting one every paycheque because they have bills that they can't pay because they're paying last week's loan.
So yes. I have an ethical problem with payday lenders... they are the dregs of society, and they are feeding on the poor. And they are set up in such a way that keeps the poor down. They need to go.