POLL: Sales of hacked, compromised, and/or unauthorized transfers of accounts.

[dscotese]

When someone permits you free usage of their stuff (this forum), you should help keep it in shape, rather than calling on them to keep it in shape.  Another way to look at it is that if a forum that did better policing would be more successful, then the neglect - or lack of ethics if you want - is an opportunity for you to run a better forum.  I really hate that providers of freebies on the Internet are so often expected to do work without compensation.

Perhaps if you post your concerns in the threads the thieves start, they will tend to hide from your shining light.  In that way you will be the change you wish to see in the world, which is ideal.

[1714974161]

1714974161

[theymos]

Try saying that while thinking of Goat and Rarity and maintaining a straight face.

There's also a forum policy against trolling. This is necessary to keep the forum usable.

I think this forum should prohibit ILLEGAL activities of where the servers are hosted. Are selling stolen property knowingly illegal? Yes, and there is reasonable evidence that torac is selling hacked accounts.

Trading hacked account info is not illegal as far as I know, though IANAL. If it is illegal, explain why. Illegal trades are not allowed.

Do you ban posts selling stolen credit card details?

This seems more likely to be illegal. If it's not illegal, it's a similar issue to the current one and I would be inclined to allow it.

[repentance]

This seems more likely to be illegal. If it's not illegal, it's a similar issue to the current one and I would be inclined to allow it.

So does this mean that until someone can prove to your satisfaction that selling stolen credit card or other financial service credentials is illegal you will not ban posts offering those credentials for sale?  People are looking for a yes/no answer here, not an "if, then" answer.

Yes or no.  At this point in time - when you consider that it's "likely" the sale of stolen credit card credentials is illegal - will you allow people to offer credit card/PayPal/Dwolla/bank account/etc credentials for sale on the forums?

[Jim Rockford]

Trolling = BAD

Selling hacked account info = GEE, I DUNNO, DUH....

Only in Bitcoin-Land.

[shep]

Try saying that while thinking of Goat and Rarity and maintaining a straight face.

There's also a forum policy against trolling. This is necessary to keep the forum usable.

I find it interesting that the goal post keeps on moving every time you respond.

11 days ago, you stated that you don't believe sales of hacked accounts are immoral, but you'd let the community decide the matter.
4 days ago, results of the community poll, 9-3 majority, 75% against sales of hacked accounts. (your response, not good enough)
Today, results of the community poll, 36-8 majority, 81.8% against sales of hacked accounts (your response, not good enough, you reiterate your personal opinion and kick the bucket along hoping people will get tired of pressing the issue.)


Did you ever intend to let the community decide on this matter?

If so what is the threshold that must be reached for you to change forum policy and not allow sales of hacked/compromised accounts or unauthorized transfers of credentials?

I think this forum should prohibit ILLEGAL activities of where the servers are hosted. Are selling stolen property knowingly illegal? Yes, and there is reasonable evidence that torac is selling hacked accounts.

Trading hacked account info is not illegal as far as I know, though IANAL. If it is illegal, explain why. Illegal trades are not allowed.

So now it's no longer a community decision, but we have to cite existing case law on hacked/compromised credentials?  When I come back with case law in one jurisdiction are you going to hide behind a new excuse because a seller lives in a country which may not have laws or existing case precedent on this topic?

Do you ban posts selling stolen credit card details?

This seems more likely to be illegal. If it's not illegal, it's a similar issue to the current one and I would be inclined to allow it.

You are openly advocating sales of hacked/compromised credentials for all online/offline accounts then. Credit card numbers and CCV numbers are plain text.  Access credentials are no different than login credentials used to verify authenticity of an account holder with the organization or piece of technology that generated those credentials for authorized users.

The doors on bitcointalk.org are now wide open for all sorts of disreputable sellers.

Do you have hacked credentials for...

• Fortune 500 firms? The victims probably never notice. It's not like they'll be missing them.
  
• Ebay, Amazon, Newegg accounts?  Sure why not. Victims can probably get their accounts back without too much hassle.
  
• 401K or stock market accounts? There is no violence or deception involved. We allow freedom of speech here.
  
• Government agencies or defense contractors?  Selling information can never be wrong.
  
  

http://krebsonsecurity.com/2012/12/exploring-the-market-for-stolen-passwords/
http://krebsonsecurity.com/2012/10/service-sells-access-to-fortune-500-firms/
http://boingboing.net/2012/12/26/once-your-pc-is-hacked-your-e.html

[shep]

It sure took all of 5 seconds to find and list a search hit covering this topic. I suppose I could search for more cases in EU nations.


United States Attorney, District of Massachusetts

http://www.justice.gov/usao/ma/news/2012/June/MillerAndrewJames.html

Pennsylvania Man Charged with Computer Hacking and Password Trafficking
June 14, 2012

BOSTON - Charges were unsealed this morning against a Pennsylvania man, alleging that he hacked into computer networks in Massachusetts and around the country and then sold unauthorized access to those networks.

Andrew James Miller, 23, of Devon, Pa., was arrested this morning and charged in a four-count indictment with committing conspiracy, computer fraud and access device fraud.

According to the Indictment, between 2008-2011, Miller and others remotely hacked into computer networks belonging to Massachusetts company RNK Telecommunications, Inc., Colorado advertising agency Crispin Porter and Bogusky, Inc., the University of Massachusetts, the United States Department of Energy, and other institutions and companies. By hacking into these computer networks, Miller obtained other users’ access credentials to the compromised computers. It is alleged that he and his co-conspirators then offered to sell, and sold, access to these computer networks as well as other access credentials.

If convicted, Miller faces up to five years in prison for the conspiracy count and one of the computer fraud counts, and up to 10 years in prison on one of the computer fraud counts and the access device fraud count, to be followed by three years of supervised release, a $250,000 fine and restitution.

United States Attorney Carmen M. Ortiz, Assistant Attorney General Lanny A. Breuer, of the Justice Department’s Criminal Division and Richard DesLauriers, Special Agent in Charge of the Federal Bureau of Investigation - Boston Field in Boston made the announcement today. The case is being prosecuted by Assistant United States Attorney Adam J. Bookbinder, of Ortiz’s Cybercrime Unit, and by Mona Sedky, a trial attorney with the Department of Justice’s Computer Crime & Intellectual Property Section.

The details contained in the Indictment are allegations. The defendant is presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

[21after2]

I would think sales of accounts would be considered an illegal activity, which we're not supposed to post here on BitCoinTalk.

[🏰 TradeFortress 🏰]

I would think sales of accounts would be considered an illegal activity, which we're not supposed to post here on BitCoinTalk.

No, that's ridiculous. I should be able to sell *my* accounts, but there should be forum rules prohibiting selling other accounts.

I honestly feel that the only reason this forum allows it is because of the donations.

[shep]

I would think sales of accounts would be considered an illegal activity, which we're not supposed to post here on BitCoinTalk.

No, that's ridiculous. I should be able to sell *my* accounts, but there should be forum rules prohibiting selling other accounts.

I honestly feel that the only reason this forum allows it is because of the donations.

Bitcointalk.org domain is registered in Toronto, Canada.
However, this forum is hosted in the US and is subject to US laws and regulations.

Bitcointalk.org
IP Location Results for 50.97.137.52
==============

City:        
Zip Code:    
Region Code:  
Region Name:  
Country Code: US
Country Name: United States
Latitude:     38
Longitude:    -97
GMT Offset:  
DST Offset:


Now, I'm sure some of you are asking, "what if the forum was hosted in Europe?"
The Council of Europe proposed a treaty covering cybercrime in 2001. A majority of
member states and non-member states have either signed the treaty or ratified
the treaty by accession over the past 11 years.

What is the definition of accession with respect to Treaties?

http://treaties.un.org/Pages/Overview.aspx?path=overview/glossary/page1_en.xml#accession

3. Accession

"Accession" is the act whereby a state accepts the offer or the opportunity to become a party to a treaty already negotiated and signed by other states. It has the same legal effect as ratification. Accession usually occurs after the treaty has entered into force. The Secretary-General of the United Nations, in his function as depositary, has also accepted accessions to some conventions before their entry into force. The conditions under which accession may occur and the procedure involved depend on the provisions of the treaty. A treaty might provide for the accession of all other states or for a limited and defined number of states. In the absence of such a provision, accession can only occur where the negotiating states were agreed or subsequently agree on it in the case of the state in question.

[Arts.2 (1) (b) and 15, Vienna Convention on the Law of Treaties 1969]

In simple terms, there are laws covering sales of hacked/compromised and or
unauthorized transfers of accounts.


Council of Europe Treaty - Convention on Cybercrime CETS No.: 185

http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=&CL=ENG


Chart of ratifications and signatures by member states and non-member states

http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=&CL=ENG


Full Text with relevant passage(s) cited.

http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

Article 2 – Illegal access

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system.

Article 6 – Misuse of devices

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:

a     the production, sale, procurement for use, import, distribution or otherwise making available of:

i    a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5;

ii    a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed,

with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and

b     the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches.

2    This article shall not be interpreted as imposing criminal liability where the production, sale, procurement for use, import, distribution or otherwise making available or possession referred to in paragraph 1 of this article is not for the purpose of committing an offence established in accordance with Articles 2 through 5 of this Convention, such as for the authorised testing or protection of a computer system.

3    Each Party may reserve the right not to apply paragraph 1 of this article, provided that the reservation does not concern the sale, distribution or otherwise making available of the items referred to in paragraph 1 a.ii of this article.

[shep]

Theymos, you asked for community feedback, you received it.  You asked for case precedent and laws that show sales of hacked/compromised and unauthorized transfers of credentials are illegal, you received it.

What is the threshold that must be reached for you to change forum policy and not allow sales of hacked/compromised accounts or unauthorized transfers of credentials?

[Gavin Andresen]

Seems to me account credentials are a kind of intangible property, and selling stolen property is illegal and shouldn't be allowed in the forums.

I am not a lawyer, so that might not actually be true.  But it seems to me that's the way the law should be, and the right thing to do.

[theymos]

I've been convinced that allowing trades of clearly-hacked accounts is too risky. So I locked torac's account-selling threads and I will ban him if he creates any more.

[greyhawk]

I think you broke him

https://bitcointalk.org/index.php?topic=134363.0

[BCB]

shep and theymos

Thank you for taking an importing issues to the community and coming to what I also agree is the right decision.

BCB

[Charles Bass]

We Need a btc Blacklist on blockchain.info And every Client And Service dont accept a blacklisted btc..

My 2 cents

[shep]

I've been convinced that allowing trades of clearly-hacked accounts is too risky. So I locked torac's account-selling threads and I will ban him if he creates any more.

Thank you for taking a position on hacked accounts.

If the admin of nzbs.org, dognzb.cr, gingadaddy.com and nzb.to email you or contact you directly would you be willing to share torac's pm so that they can identify the hacked accounts

Torac has also invited some friends and associates to join in on the fun. I think you should inspect these new users IP carefully.  The accounts they are selling are not authorized by the admin of nzbs.org.  It would be appreciated by admin if these threads were deleted.

https://bitcointalk.org/index.php?topic=134004.0
https://bitcointalk.org/index.php?topic=134287.0
https://bitcointalk.org/index.php?topic=134356.0



Theymos does this forum's policy of "free speech" allow publicly posting personally identifiable information of suspected hackers selling hacked/compromised accounts?  Can I post information I've collected on the user known as torac?  Besides the login credentials which you've already seen and have since been disabled by admin of other sites I am unaffiliated with, I have additional information to share. I am still collecting information on his handles, sites, and network of associates and it may be weeks before that information is revealed.

In the meantime can I post his prior history hacking games.  Can I post links to his internet profiles?  Can I publicly post his payment processing information? Can we post images of other members?  Images of prior and or current residences, etc.  I'll leave out information about his friends, and possible relatives because that's going a bit far.

What I'd like to know is what is acceptable for public disclosure on this forum so that I follow policies set in place.

[shep]

shep and theymos

Thank you for taking an importing issues to the community and coming to what I also agree is the right decision.

BCB

It took a lot of effort to reach this milestone, but I'm glad that the correct decision was reached.  My only concern is that I hope that this policy is enforced.

[torac]

Fuck you shep, unsatisfied customer, why didn't you ask for refund and money to shup UP, I know you figured it out I hack accounts, you think you are smart or whatever you want to say here in this thread and stuff like that but why fuck me over it, I did nothing wrong to you, I never scammed you, I give you refund if you want, what is your problem, I want to be nice...?
ALL MY BUYERS ARE HAPPY
I AM A HACKER, I USE BITCOIN, I DON'T GIVE A SHIT ABOUT ANY LAW, NEITHER SHOULD BITCOin

We are ANONYMOUS
We are LEGION
We do not FORGET
We DO NOT FORGIVE !

Treat me good and I'll treat you better treat me bad and I'll treat you worse
I hack only inactive people, I try not to cause any problems, everything I do is safe, will never cause any problems for this FORUM, I will donate, I will pay whatever it takes, just let me sell and be honest, refund any unsatisfied customer and everyone is happy, I am happy, buyers are happy, prices are cheap, everyone goes to sleep happy, 1% cry, 1% are unsatisfied, 1% open complaints, 97% are happy and go to sleep and love bitcoin, hackers, money, cheapness, and all the good things that happen in this life.


I DO NOT KNOW WHAT TO SAY ANYTHING ELSE, I JUST DID MY BEST TO TALK WITH YOU !!! PLEASE DO NOT MAKE ME FORGET TRYING TO BE NICE, PLEASE DO NOT MAKE ME WANT TO TREAT YOU WORSE THAN YOU JUST DID : ( YOU DISSAPOINT ME, I WANT TO HELP EVERYONE IN THIS FORUM, MAKE THIS FORUM GROW, PROVIDE CHEAPNESS, HELP EVERYONE, SUPPORT BITCOIN, I LOVE BITCOIN, I LOVE BITCOINTALK, I LOVE THEYOMS, DON"T DISSAPOINT ME, YOU DON"T WANT ME TO HATE YOU ALL!!!

[SgtSpike]

Sorry torac, but what you are doing is illegal, unethical, and immoral (in my eyes).  I completely agree with your banishment from selling these wares on this forum.

Inactive accounts?  What if the user comes back, only to find their account has been "overtaken" by someone else?

It's like stealing a TV from someone's home because you knew they hadn't watched anything on it in 6 months.  It's still their TV, you have no right to take it from them.

Of course, you're going to defend the practice because you are profiting from it.  You only "care" about the forum and people here because it helps put more money in your pocket.

[finkleshnorts]

Fuck you shep, unsatisfied customer, why didn't you ask for refund and money to shup UP, I know you figured it out I hack accounts, you think you are smart or whatever you want to say here in this thread and stuff like that but why fuck me over it, I did nothing wrong to you, I never scammed you, I give you refund if you want, what is your problem, I want to be nice...?
ALL MY BUYERS ARE HAPPY
I AM A HACKER, I USE BITCOIN, I DON'T GIVE A SHIT ABOUT ANY LAW, NEITHER SHOULD BITCOin

We are ANONYMOUS
We are LEGION
We do not FORGET
We DO NOT FORGIVE !

Treat me good and I'll treat you better treat me bad and I'll treat you worse
I hack only inactive people, I try not to cause any problems, everything I do is safe, will never cause any problems for this FORUM, I will donate, I will pay whatever it takes, just let me sell and be honest, refund any unsatisfied customer and everyone is happy, I am happy, buyers are happy, prices are cheap, everyone goes to sleep happy, 1% cry, 1% are unsatisfied, 1% open complaints, 97% are happy and go to sleep and love bitcoin, hackers, money, cheapness, and all the good things that happen in this life.


I DO NOT KNOW WHAT TO SAY ANYTHING ELSE, I JUST DID MY BEST TO TALK WITH YOU !!! PLEASE DO NOT MAKE ME FORGET TRYING TO BE NICE, PLEASE DO NOT MAKE ME WANT TO TREAT YOU WORSE THAN YOU JUST DID : ( YOU DISSAPOINT ME, I WANT TO HELP EVERYONE IN THIS FORUM, MAKE THIS FORUM GROW, PROVIDE CHEAPNESS, HELP EVERYONE, SUPPORT BITCOIN, I LOVE BITCOIN, I LOVE BITCOINTALK, I LOVE THEYOMS, DON"T DISSAPOINT ME, YOU DON"T WANT ME TO HATE YOU ALL!!!

Quoting because legendary