Hacker Group Demands "Idiot Tax" From Payday Lender 263
snydeq writes "Hacker group Rex Mundi has made good on its promise to publish thousands of loan-applicant records it swiped from AmeriCash Advance after the payday lender refused to fork over between $15,000 and $20,000 as an extortion fee — or, in Rex Mundi's terms, an 'idiot tax.' The group announced on June 15 that it was able to steal AmeriCash's customer data because the company had left a confidential page unsecured on one of its servers. 'This page allows its affiliates to see how many loan applicants they recruited and how much money they made,' according to the group's post on dpaste.com. 'Not only was this page unsecured, it was actually referenced in their robots.txt file.'"
Re:Strange sense of morals (Score:5, Interesting)
If it was explicitely mentions in their robots.txt file, I assume it was done so to be excluded from robots.
More like having an unlocked door with a sign saying "Do not enter".
Yes, it was pretty damn stupid and very easy to avoid. That still doesn't make it okay for anybody to copy the data. If you see such security failures on a website, the right response is to inform the website owners. As I said; it's a strange sense of morals.
If those hackers get caught and fined, I assume the hackers will consider that an "idiot tax" as well. Afterall, they were idiotic enough to get caught.
Re:Strange sense of morals (Score:5, Interesting)
Re:Strange sense of morals (Score:5, Interesting)
Accessing a page referenced in robots.txt is not "hostile penetration analysis." It's basically just picking up a dollar bill left on the ground. Just because half the population doesn't know how to look at the ground (metaphorically) doesn't mean that it's stealing.
Re:Strange sense of morals (Score:4, Interesting)
Sounds more like they took the door off the hinges, and put up a big sign saying "NO DOOR! COME ON IN!".
Since the robots.txt was actually asking search engines not to index that page.
The sign was more like "You see that door there. Yes, that one. Do not go there. Do not open it. There is nothing to see there. "
Hopefully, that was just a robot's trap with dummy data in it.
Re:No laws borken? (Score:5, Interesting)
Actually, depending on jurisdiction there are these small, but important, differences.
Where I live, for example, it is only extortion if you threaten someone with illegal consequences. So beating them up if they don't pay is extortion, but telling his wife about his mistress if he doesn't is not.
Re:Strange sense of morals (Score:4, Interesting)
It will be fun to see, one day, when someone sets up the equivalent of a shotgun behind the door.
Re:Strange sense of morals (Score:5, Interesting)
So if I set up a public webserver and send out an internal memo saying only certain people can access my web page and then google finds my webpage and you click on the link, I can have you charged with a computer crime?
robots.txt doesn't say "do not go here," instead it says "do not index this page." You can put a page in robots.txt that is meant to be accessed.