Hi folks, no matter how good intentioned it is to fight crime sites with attacks, its something castlecops does not encourage. From a post I made in another thread I explain why:

Quote:

I want to make it clear that CastleCops completely discourages any attack on any computer system. In fact, such actions are against US Law. http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html Title 18 Section 1030(a)(5)(A)(1) Quote: knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; Title 18 Section 1030(e)(2)(B) Quote: which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; Title 18 Section 1030(e)( Quote: the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information; There is an article from the DOJ that describes the above: http://www.cybercrime.gov/ccmanual/01ccma.html See sections: http://www.cybercrime.gov/ccmanual/01ccma.html#tocF. http://www.cybercrime.gov/ccmanual/01ccma.html#tocF.1. http://www.cybercrime.gov/ccmanual/01ccma.html#tocI. CastleCops does not tolerate such behavior, no matter who the target is. Anyone participating in such a behavior is not harming the bad guys, but rather innocent victims, and putting yourselves into illegal activity as proclaimed in the above statute.

Tembow wrote it best for me:

Acknowledged!

In the case of AA419.ORG it means establishing relationships with hosters/ISPs and law enforcement, as well as regulatory bodies. In fact, our database has become a regular ressource for them.
The criminals get nothing but an UPYRS from us.
I think Paul is saying something similar.

yes,
i think so too,
because we end up engaging in the same debilitating tactics if we retaliate and waste someone else's bandwidth and cash assets.
the innocent ones are caught in the middle.
..
...

When I first started getting involved in all of this, my only motive at the time was wasting a spammer's time and leeching their profits.

I started by creating nonsense postings for mortgage forms in 2002 or so. This definitely made some of them mad enough that they chose to DDOS my home pc.

After that died down, I began work on a more smoothly automated targeted mortgage retaliator which became the basis for the Refi Retaliator II, which SpamSlayer ultimately refined. This created believable fake identities and most definitely ate up a large amount of the spammers' profits. Each contact entry had to be verified, which also ate up a lot of time.

Later I focused on retaliating against pharmacy sites and the retaliators got more and more robust with each iteration.

By the same token, I also joined in the domain reporting which Terry got to the lean / clean state that it's in now.

My point: I will still retaliate via time-wasting means against a spammer's website. I'm not sure I would use a tool like Lipo much if at all simply because (yes) that is really stooping to their level. It also definitely does result in swift retaliation from the spammers. The same is true if you attempt to play around with any of their Storm Worm infection ip addresses. I prefer something stealthier that takes the spammers a bit more time to figure out what's going on, meantime we're also reporting their DNS.

If I discover that a site is hosted on botnet servers, my first tactic is to report the infection, plus report the domans and DNS. Then I'll place several fake orders for whatever it is they're attempting to promote. I would never attack any of these servers, and I do enough research overall that you can likely believe that statement.

Also: following up on cancelled orders can eat up a huge amount of their profits. Any of these sites that feature a live chat feature or an 866 number: I complain to them repeatedly. (Not like I have all the time in the world.) Seveal sites have since gotten rid of the live chat feature, probably because I cost them enough not to warrant using it anymore.

There is attacking, and there is retaliation. I side with retaliation personally, and I do think it's distinct from just shotgun-blasting traffic.

SiL

Hi Paul

I agree very much with your Rules and Theory.
Sorry to see this crap coming down the pipe.
I guess i missed my Addy you send out once a month.
It dos sometimes makes you want to put the harm on these Bad guys.But like you say that would make us all bad guys or a Bunch of Vigilantes.
I did't know anything about all of these dos crap until tonite.This is a Bummer.............
Mark T Sunbelter
P:s I talked to Alex in email Exchange once a week.
But i hav'nt seen anything on his blog about it i think it is better to have a closed mouth on whats going on.