Hacker group Rex Mundi has published thousands of loan-applicant details it siphoned off from US payday loan outfit AmeriCash Advance. The move follows AmeriCash Advance's refusal to sump up $15,000 in what Rex Mundi describes as an idiot tax for maintaining insecure systems and what AmeriCash Advance characterises as an …
process of notifying affected customers
I believe the correct terminology is "marks" not customers.
Re: process of notifying affected customers
"I believe the correct terminology is "marks" not customers."
You might feel a bit differently if it were you who needed a small advance your paycheck.
Reading a robots.txt and visiting a URL referenced therein is considered hacking now?
Unfortunately, Hieronymus Howerd, journalists and/or their editors don't seem to know the difference between skiddies and hackers. Shame, that.
"skiddies", "crackers", and "hackers". Especially since the last wasn't something that you could simply claim for yourself. This skiddies and journo hacks alike got wrong from the start. "Hacking" in the original sense only marginally had to to with security anything, much less extortion, nevermind hats. Arguably even the terminology colouring the hatted industry is entirely due to people not qualifying as "hackers" on merits.
Concur. I just didn't want to confuse the editor(s) ;-)
IT isn't a field suitable for the easily confused.
In fact, I'd argue that it wouldn't be a bad idea to stop propagating ignorant confusion. If that means various hacks and their editors need to have their attitudes adjusted, well....
It used to be that I would spend hours hacking away at code. I still do. But I wouldn't tell anyone nowadays that I've spent most of the day hacking.
Maybe not... but asking for $15k not to publish is certainly blackmail.
Poor site security, but nobody is going to sympathise with the hacktivists, due to the blackmailing.
but asking for $15k not to publish is certainly blackmail.
Its not blackmail - its hackmail!
BOOM BOOM I'm here all week *cheesy wink*
The Reg reporter didn't say they hacked the system. He reported they claim to be a hacker group. He also reported they siphoned the info from an unsecured page that was referenced by the robots.txt file.
I don't see any problem with this. In fact I actually like it. It lets the reader decide whether or not the group is what they claim to be without the reporter coloring that decision one way or the other.
Tom, the title of the article is "Hackers publish payday loan emails".
I don't think you can blackmail those people, it was not their data that was exposed, but their customers. And I don't think that they will give a (whatever) about that.
The people who fall for a loan shark company that charges you up to 1200% interest are usually not the ones that have top rate lawyers on standby to sue someone for breach of privacy, most of them might not even be aware that it happened. So people who have been hit (that's why they're on the database in the first place) will get hit again.
Sad, but true: Business as usual.
Re: Not 'blackmailable'
And never will be untill some CIO's/Directors start doing jail time for breaches of this nature.
Until that happens it’s just somebody else problem and not worth worrying about.
Criminal prosecutions required please.
Re: Not 'blackmailable'
Not mention using them for identity theft word be worthless. Their credit is likely to be in the toilet. Spamming them might be waste of time to. The odds of them having any extra money is low.
There's no doubt that the loan company were lax, but attempting to get money out of them in exchange is juvenile, ludicrous and makes Rex Mundi look like idiots. It would have been far more effective to get the data and publicise that they had it, and let Americash's executives squirm.
"There's no doubt that the loan company were lax, but attempting to get money out of them in exchange is felonious and this attempted extortion makes Rex Mundi a criminal organization."
Fixed it for ya!
BTW: The US needs bring back usury laws.
Buying credit at a fraction of a percent and selling it along at 31 percent plus really is usury.
Anything beyond 10 points over prime should be considered usury.
Since the bankers got their bonuses off of the government dole this is the least the government could do to repay the favor.
Well, there is this little problem that laws don't make reality go away.
"Credit and income information was hard to obtain just after the turn of the century, thus credit was granted to those known and trusted. John Mackey built what would become Household Finance Company, lending small amounts of money at monthly interest rates of 10 percent. The cost of collection was high, and there was no Federal Reserve spewing forth liquidity. Mackey had plenty of customers because banks didn't lend to consumers. Usury laws began to pop up, setting maximum rates at a fraction of what Mackey was charging, but as Hyman points out, the laws only served to send working class people to loan sharks charging between 60 and 480 percent per year."
I DONT GET IT
WHY WOULD ANYONE NEED A LOAN ON PAYDAY
Re: I DONT GET IT
Because you are already in the dumps and need some cash, like, right now.
"What Payday Lending Is"
Payday lending is a relatively new development in consumer finance. Payday lenders market their service as a credit instrument to bridge the borrower until the next paycheck. Popular examples are companies "Check into Cash" and "Check ‘n Go." A typical payday loan works like this: the borrower writes a post-dated check to the payday lending company. In return, the borrower receives cash, minus lending fees. For a $250 loan, the lending fee might be $50 and the loan term 30 days. That works out to a 240% APR —a hefty rate!
...The high APR in part reflects the relative size of transaction costs to the small loan amount (<$300). The lending company must run credit checks, process paperwork, etc., regardless of whether the loan is $100,000 or $100. In this way, a reasonable $50 transaction fee translates into an APR that appears unreasonable. Even if transaction fees were removed from the picture, one would still expect large APRs for payday loans because of the relative credit risk of payday borrowers.
...Now consider the situation from the borrower’s perspective. Most who turn to payday lending have poor or limited credit history. Although their situations may be dire, they naturally find few people stepping up to extend them a loan. Credit is a measure of the reliability of a borrower to live up to a loan contract. As economist Henry Hazlitt pointed out, credit is not "something a banker gives to a man. Credit, on the contrary is something a man already has." For a borrower with bad credit, payday lenders offer an invaluable service few banks will offer. Not only do they provide liquidity when it is most needed, payday lenders provide the borrower an opportunity to establish a positive credit history. In short, payday lenders provide a means for the unbanked to join the financial mainstream.
Re: I DONT GET IT
"A typical payday loan works like this: the borrower writes a post-dated check to the payday lending company. ... In short, payday lenders provide a means for the unbanked to join the financial mainstream."
Er... how do the unbanked write post-dated checks?
Re: I DONT GET IT
By using a pen?
Seriously, they may have a checking account at some bank (to which their employer transfers the money at some future time). But the bank won't give them credit.
Not "as usual" at all.
White-hat hackers do not blackmail. E.g., the Chaos Computer Club routinely hacks into "secured" systems. Often enough, they do that because they were asked to, but that is another story.
Thing is, they do *not* blackmail; they quietly notify the company owning the compromised server of the security problems. Depending on the individual hacker, they may even offer free advice on how to plug up the security holes.
Blackmail is never an option. Yes, the loan company should be persecuted for breach of privacy of its customers; they have no right to be so lax with their potential customers' data. The blackmailers, however, should be locked up and the key very carefully melted down and consequently lost at sea, for both blackmail and aggravated breach of privacy.
re."... what AmeriCash Advance characterises as an extortionate demand..."
It's not an extortionate demand; it's extortion. If $15,000 was an extortionate demand, there would be a lower amount that could be regarded as a reasonable demand.
Re: re."... what AmeriCash Advance characterises as an extortionate demand..."
It was only $15, the rest is the transaction fee*
*Not interest, that would be usury, but a transaction fee is totally different.
What is a checking account? I don't think we have them in the UK.
We have current accounts which provide a cheque book.
Are they the same thing seen from different sides of the Atlantic?
Have I got, sorry gotten, hold of the idea that we are all now to speak, write and read in American?
It's Merkin to yew.
Learn to spell things like Colour and Blacke properly or your Merkin spell chequer will rhejekt tit.
I for one will continue to use the Queens English - with propera enounciation.
No-one comes out of this clean
Whether or not Rex Mundi broke laws by obtaining the data they did is beside the point: their criminality was in attempting to blackmail for cash. If they had asked for evidence that their "idiot tax" was paid to an internationally-recognised charity - perhaps one that helps people in debt - it's possible they could have got away with it. Now they're looking at what will probably be years of being _very_ careful how they pick up their "dropped" soap in the prison showers. Extortion for certain. Federal wire fraud, maybe. More fool them. Perditus Mundi, more like.
On the other hand, whilst I don't know nearly as much about American data protection laws as I do about UK and European legislation, I should imagine that the US Consumer Financial Protection Bureau and/or the Office of the Comptroller of the Currency (both Federal authorities) will be taking a very close look indeed at AmeriCash Advance and its staff, and the probity of their management of customer data.
High interest rates?
I like the way Americans seem to think 1200% is a high interest rate.
UK rates are much better^...
Wonga.com Have a Representative APR of 4214%
^better in this case is a relative term.
Re: High interest rates?
Yeah bit they do have "adorable" granny puppets.
We need a "puked all over my keyboard / tablet / whatever device we're using" button.
Just thinking about them makes me ill. eeeewwwwww!
LOL - IDIOT TAX....
The move follows AmeriCash Advance's refusal to sump up $15,000 in what Rex Mundi describes as an idiot tax for maintaining insecure systems and what AmeriCash Advance characterises as an extortionate demand.
I deal with so many companies that are run by DUMB FUCKS, and they employ DUMB FUCKS.....
Oooooohhhhh rightey yes,...... "The company that just rung me using my phone number has no record of me on their accounts.... including the phone number that they just rang me on....., and they are asking me to give them my credit card details for a phone charge - for a phone account that I have not gotten, when the arrangement was for a direct debit, on a service that I did get...."
Yeah fuck yeah - I'll be paying that - via the fucks in the foreign call center.
Rexmundi - "Your systems are insecure, give us $15K and we will help you fix it...
Americash Dumb Fucks.... "Oh ummmm what do you mean, oh umm we use Microsoft Windoze, so it's secure."
So why do people think
it's OK to take unsecured data?
If the banks left the door and vault open, you went in a nd took money, it's still burglary and an offence, open doors do not negate the act of criminality, as such people that walk from open prisons are still escapees.
Charging 2146% interest on short term loans is a norm, else why does your credit card not cost 4.2% same as your mortgage? the fact that you need recoup costs in a shorter term mean higher charges aqnd also Wonga etc do not ask for collateralunlike your house belonging to the bank until paid for in full