Computer vigilantism and a call for a Dark Knight.

Josh recently brought my attention (via Twitter) to a website he dubbed “basically the most evil product ever” (to clarify, Josh meant “evil” in intent, as a business model, not in effect). According to a Wired article, websites like av-check.com and virtest.com will scan your file to check that is not detected by the most common forms of anti-virus and anti-spam protection. These websites allow hackers to test their viruses before releasing them into the Internet to maliciously infect our computers. After reading this article, I tried to think of a good legal way for the authorities to stop this activity. Not only do I doubt the federal government could ban these websites under the law, but even if could do so, I doubt that any such measures would be very effective. I have no idea where they are hosted, but not in the United States is a good bet. The Internet is like the underbelly of Gotham City, so filled with a myriad of niches for criminal elements to hide it is beyond the reach of the government’s law enforcement.

Like in Gotham City, the innocent civilian users of the internet need a protector that can go where their flatfoots cannot, that can use tactics that the feds are not allowed to use. We need dark knights who would bring the terror of the night back to those who would shroud us in darkness, courageous computer programmers who would bring the spam back to the spammers who would shove it down our throats. We need an Internet Batman, an Internet Punisher, a veritable Internet Justice League.

Internet vigilantism, judging from Wikipedia, is nothing new. There was a case in 2007 where an internet vigilante distributed Trojans that would infect computers and report if they contained downloaded child pornography, and caught a California judge who confessed to the crime. Another famous case involved an anti-spam firm, Blue Security Inc., which galvanized over half a million users in a return e-mail campaign to cripple spammers. It folded after a denial of service counterattack by spammers shut down its website, which it closed for good. Lycos attempted a similar anti-spam war, but was also forced to back down; its DDOS attacks at spammers might have even been illegal. A major flaw in the latter anti-spam campaigns was that the instigators were too public and accessible; a vigilante must be as anonymous and masterful in guerrilla tactics as his criminal prey.

There is a huge niche for internet vigilantes to combat the spammers and hackers that infect our computers. Large corporations, and/or the government, can’t or won’t act because they don’t want to become targets themselves, or they lack authority and jurisdiction. I suspect that many computer programmers, like me, grew up on comic book heroes that stood up for those too weak to stand up for themselves, and secretly dreamed of finding a Green Lantern’s ring or building a Bat Cave. Unlike me, they actually have the programming and hacking skills (we blog on WordPress.com…) necessary to mount a decent counter-attack.

To start the counter-hacking war, I can suggest no better target than the sites indicated at the top of this entry. Sites that profit by helping hackers check their work before unleashing it are clearly responsibly, at least partly, for incredible destruction–financially, and emotionally. These sites should be taken down, and the only people in a position to do that are internet vigilantes.

(update: 1/5/2010)

Hackers attack Ahmadinejad’s website.

Users trying to access it last night were redirected to the following message:

Dear God, In 2009 you took my favorite singer – Michael Jackson, my favorite actress – Farrah Fawcett, my favorite actor – Patrick Swayze, my favorite voice – Neda.
Please, please, don’t forget my favorite politician – Ahmadinejad and my favorite dictator – Khamenei
in the year 2010. Thank you.

Advertisements

5 thoughts on “Computer vigilantism and a call for a Dark Knight.

  1. It remains to be seen if the Internet will retain it’s “wild west” organizational structure, where people are more or less free to generate the content they want. If it manages to stay that way, however, we absolutely could use people stepping up to the plate to help fend off malicious predators.

    I think we’ve already seen something like it on Wikipedia, where a vibrant community helps ensure that vandalism and misinformation is mostly kept in check. Obviously, any attempt to fight off more talented hackers would require a bit more expertise, but it’s not hard to imagine that there are people out there up to the task.

    And, luckily, most of those people live in dank basements that are already a sort of de facto Batcave.

  2. You either root for the “default” web server options to be relatively hack-proof or you don’t. The world has a lot more to lose by rogue hackers having the ability to arbitrarily disable web sites than it has to gain by self-appointed white hats shutting down anything with which they disagree.

    Internet thuggery of the kind that you describe has a rather poor record. More often than not, it’s motivated less out of altruism than out of greed, petty vengeance or ego, and it’s targets aren’t limited to the “deserving” ones that you identify. And even if it starts with the best of motives, simple programming bugs in the kind of “child porn trojans” that you describe could cause instability, security breaches or data-loss in the infected machines, making them no different than ordinary viruses.

    Additionally, it’s not exactly hard for a virus writer to download a warez copy of the most popular antivirus suites to “test his work,” so it’s not exactly like shutting down this site is some kind of singular good. And if that’s that worst website that you can think of, you need an imagination transplant. Do you really think that avcheck.com or whatever is more dangerous than websites where the personal addresses of abortion doctors are posted or suicide bombers are recruited? Heck, even your average virus installing activex redirect nightmare is probably more of a net social negative.

  3. I definitely lack the technical knowledge that Rob has about viruses and etc. I agree that using widespread viruses/Trojans is problematic, and to bring up another reason against it, if you actually want law enforcement to intervene (in the case of child pornographers or etc.) it can be difficult to get the evidence admitted because it could have been the Trojan itself that downloaded pornography. I am more concerned with spammers and malicious websites.

    I should have addressed the ethics of vigilantism in my post but I worried that it would be too debater-y, or alternatively redundant for the debaters who read this. In short, I agree I think that there’s a heavy burden against vigilantism IF there are existing systems in place designed to fight wrongdoing. Having individuals take the law into your own hands, as you say, makes the justice meted capricious, and we are better working in a consistent, democratically agreed-upon system. Forcing rules upon individuals who did not agree to them (or a fair system of generating rules), or that they could not have known about, is a rights violation. Vigilantism might actually obstruct legitimate law enforcement. The vigilante might for example accidentally destroy or taint evidence, or disrupt long-term investigations. The vigilante might also inspire less well-intentioned copycats with more extreme agendas, the “white hats” you allude to.

    I think this situation is different in a few ways. First, there is not currently an effective system of policing the Internet, and there doesn’t seem to be one on the way anytime soon. The government is almost nonexistent in the fight against internet scams. For the websites that I mention that assist hackers in improving their viruses, they are likely to be beyond the reach of the government, hosted in other countries where U.S. law or EU law cannot reach. In the absence of a governmental authority, private individuals have a right to protect themselves (and private companies already provide anti-virus and anti-spam software, the “default” options you refer to); I would argue that in the absence of government protection, private individuals can defend themselves by pre-empting attacks. Why should we wait for sites that create viruses to perfect them? Why can’t we go after them first? You mention that some websites are far more harmful than avcheck.com. Setting aside the fact that this has no bearing on whether avcheck.com independently is worth vigilantism, let’s imagine that the abortion “hit list” websites were ruled illegal, but instead of taking down their site, the group just moved it to Russia (or something). Would you still agree that it wouldn’t be preferable for some vigilante to forcibly take down the site?

    Websites that distribute (or help perfect viruses) are more clearly malicious by intent than the abortion hit lists, which one could theoretically stretch into a free speech claim or rest on genuinely held (if deeply flawed) beliefs. But Rob thinks that this would inspire other hackers to adopt petty vendettas against say, Krugman or the Limbaugh, basically legitimate but controversial websites. So the second main difference is that I just don’t believe that people would be inspired by internet vigilantism to attack the NYTimes or Planned Parenthood. This isn’t because I think that hackers don’t have the ability to, or that people don’t want to; it’s because I think the people who have that ability, and that willingness, are already doing so in the status quo. The Internet Batman (or Web Spiderman?) isn’t creating supervillains… the supervillains already exist. Hackers are everywhere. On the other hand, I think there are a lot of basically decent people with the computer programming skills to hack (for good) but aren’t doing so. I think those individuals should fill in the regulatory void and help defend the rest of us until our governments can get their acts together.

    If the Internet is more like the Wild West than Main Street America, and lawlessness abounds without interference from the law, then I think the normal arguments against vigilantism fall away. I will certainly “root” for commercial servers to be hack-proof, while hoping that internet vigilantes fight the source of viruses. And since all we’re doing is “rooting”, I can also hope that some left-wing PETA wingnut or right-wing anti-abortion extremist doesn’t decide to take down Columbia University and Planned Parenthood.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s