Regarding the topic of hacking crypto scammers

[NotATether]

Given that there are a lot of scams going around here that a) are harming newcomers, and b) giving cryptocurrency a bad name, I was contemplating the legality of launching DDoS attacks on scammer websites - not random scammer people on the internet, but just the websites of scam groups.

It is obviously a grey area, considering that the majority of agencies, institutions, and people classify DDoS as illegal - but that's DDoS'ing any website in general.

Also, DDoS attacks can harm the hosting provider, particularly if the scamming website is using shared hosting (but even with dedicated IPs, the networks of hosting providers can still get overloaded and take down the websites and servers of innocent people as well.

So it only really works if the scamming website is self-hosted (and not using Cloudflare, apparently - which anyone can set up for free).

An alternative option is to hatch a destructive malware onto the server i.e. one that simply deletes all files (ala rm -rf /) - the idea came from https://www.bleepingcomputer.com/news/security/vigilante-hackers-target-scammers-with-ransomware-ddos-attacks/ .

Definitely not sure about the legality of that one. Distributing malware is definitely illegal, and also it is particularly dangerous for shared websites in particular - because these are just using cPanel and deleting everything indiscriminately will destroy other people's sites. Although each site is hosted under /home so finding the scammer's website folder and just deleting everything under it should spare everyone else.

There's no easy way as a user to identify if a site is using cPanel so obviously this must be done on a case by case basis.

The alternative, legal option is to report the scam to a cybercrime agency somewhere and hope that they even do anything about it (usually they don't).

What are your thoughts about these topics? (This is of course only a thought experiment and not anything I am going to do!)

[electronicash]

nothing  can be done for them to stop scamming, they come back over and over. it will take up your resources and time. since your counter attack will affect the rest of the people, host and other websites when servers are down, you end up disturbing other businesses too.

posts in this forum i believe have helped a lot of people aready especially if those individuals do their DYOR and led here to the negative reviews about the websites.  i'm sure the scams had educate people as well because by then they know it exist not just offline.

[SFR10]

I was contemplating the legality of launching DDoS attacks on scammer websites - not random scammer people on the internet, but just the websites of scam groups.

It is obviously a grey area, considering that the majority of agencies, institutions, and people classify DDoS as illegal - but that's DDoS'ing any website in general.
~Snipped~
What are your thoughts about these topics? (This is of course only a thought experiment and not anything I am going to do!)

AFAICS, the only way for it to become legal is if you've been authorized ^{[e.g. by the government]} to do it. Anything other than that would be considered illegal ^{[it doesn't matter if you're targeting a scam website or not]} and if they catch you while doing it, you would probably spend the next decade in prison ^{[depending on where you are, you might get a lighter/heavier punishment]}.
^{- I can't think of a better example but in a way, if someone does that, it would look like without having the appropriate licenses, they've shot a criminal that had nothing to do with them!}

[Kyraishi]

I think that on a large scale, this is definitely not going to work.

There are all kinds of legal repercussions that can stem from this and no organization that is large and established would be willing to take on this type of risk.

Whether something is a scam or not is very subjective, and wrongfully hacking a legitimate site even with good intentions in the first place can cause serious chaos.

[Gozie51]

Whether something is a scam or not is very subjective, and wrongfully hacking a legitimate site even with good intentions in the first place can cause serious chaos.

I am with this view too. Such pursuit will amount to mere litiny of cases everywhere with no proper jurisdiction for it. Hacking a legitimate site on its own is an offense already except I'm not getting something correctly. I just suggest newbie should be careful not to be in a hate to invested and to ask questions.

[hugeblack]

The speed with which scammers can create sites is much faster than the possibility of stopping them even officially by governments.

You can succeed in eliminating scam by spreading awareness as it becomes more difficult for users to be deceived by traditional methods and thus scammers will need more resources to make scam work.

In general, however, there are some scam that cannot be discovered until after they have occurred, such as Bitconnect Coin, Confido^{[1] [2] [3]}.


[1] https://en.wikipedia.org/wiki/Bitconnect
[2] https://bitcointalk.org/index.php?topic=1681719.0
[3] https://bitcointalk.org/index.php?topic=2173212

[Maestro75]

The speed with which scammers can create sites is much faster than the possibility of stopping them even officially by governments.

Scammers get away because most times officials of the government refuse to act, especially when they have been bribed to look the other way. It is not that government can not apprehend them. I will support anything that can make scammers feel the pains they give out to their victims, including attacking their servers and sending malware to them. If hackers are hacked or scammers are scammed, there is nothing illegal or bad about that.

[dothebeats]

Not a lot of things one can actually do in order to ploy scams right even before they happen. The best course of action is to identify how scams are operating and familiarizing oneself with its intricacies, then educating other people about the situation. Scammers can hop from one scheme to the next without having a sweat, true, but there will always be a pattern to their activities which will eventually show how they do things that will eventually lead to people avoiding it.

[Gozie51]

Not a lot of things one can actually do in order to ploy scams right even before they happen. The best course of action is to identify how scams are operating and familiarizing oneself with its intricacies, then educating other people about the situation. Scammers can hop from one scheme to the next without having a sweat, true, but there will always be a pattern to their activities which will eventually show how they do things that will eventually lead to people avoiding it.

To avoid being scammed I think there are some signs you can watch at and stay away from the person. They are like

1. If it is looking very good to be true. The stories are all sounding sweet.

2. If the profit margin is very enticing. Of course that is to get your interest before they hit on you.

3. Persistent involvement of money before the deal is set.

4. Always being the first to reach out to you. This is because they need your money 

5. They are quick to dig up information about you before you are ready for the deal.

Scammers are better avoided if you have identified it to be a scam to safe your head.

[eaLiTy]

The speed with which scammers can create sites is much faster than the possibility of stopping them even officially by governments.

They can start a new site but you can still DDoS them if we collectively want to do even though how much domain they purchase or site they create and they are not going to be a secretive one, they need to advertise their scam and it is easier to spot them, for that you need to have a team of users and if our forum users can collectively combine and start a botnet attack it would be great and any site would fall.

You can succeed in eliminating scam by spreading awareness as it becomes more difficult for users to be deceived by traditional methods and thus scammers will need more resources to make scam work.

Spreading awareness is good but they will find new users, we can be a white hat team eliminating scams.

In general, however, there are some scam that cannot be discovered until after they have occurred, such as Bitconnect Coin, Confido^{[1] [2] [3]}.

Bitconnect was a multi level scam from the outset and you can find many users trying to expose them here in the forum but they had some followers vouching for them and attacking anyone trying to expose their scam.

[o_e_l_e_o]

scammer websites

I don't have any data on this, and it would be almost impossible to gather such data, but I would have thought that successful scams happening via standalone websites are in the minority.

The most common scams which we see people complaining about on this forum include things such as fake Twitter giveaways or "doublers", people posing on Telegram/Twitter/Reddit/etc as fake customer support agents, fake or malicious wallets uploaded to various app stores, fake or malicious browser extensions, fake escrow services, fake traders, etc. Sure, we occasionally see someone posting about some scam exchange website they have been suckered in to, but those are very much in the minority.

And speaking of these scam exchange websites, each one only usually lasts a few weeks at most before it has been reported enough to be taken down. Then an identical clone of the website with a different name pops up somewhere else.

I think you would essentially be playing an endless game of whac-a-mole for very marginal benefits, it any at all.

[nutildah]

From a legal standpoint of course its a no-go. But ethically speaking I don't have problems with the DDOS attack of known scam websites. Of course you have to be right when deciding what an actual 'scam website' is.

Quite a few episodes of the Darknet Diaries podcast deal with this subject and the idea of vigilantism in grey hat hacking. It can get pretty messy if the wrong people are targeted. I think people are already doing it, for good or for bad, better or for worse.

[yhiaali3]

This is like punishing the criminal yourself but if the police catch you then you will become the criminal and you will be punished, surely this wouldn't be legal unless you get permission from the government to do it, also I think these attacks will not be of much benefit as it can harm the innocent people who do it host their sites on these servers.
I think that this method is useless because scammers usually rent a domain on one of the servers for a limited period and then close the site after they are discovered and go to another site, so attacking them in this way will not be useful because they will simply build another site on another server.