(Standard preface: I am not a lawyer, this is not legal advice, and I do not condone any illegal activities. And if you are going to do something illegal, at least don't be stupid about it.)
It always bothers me when I see someone waste a good opportunity.
Before starting any project, ask yourself these questions:
- What is the goal?
- How will you achieve the goal?
- What are alternate methods to achieve the goal? (Just in case the first method fails.)
- What will you do after you achieve the goal?
People who don't think problems through always get in trouble. Your goal is to win the lottery. You buy a lottery ticket. If you don't win, you will buy another ticket. But what if you do win? Uh... no clue. This is why
many lottery winners end up bankrupt, depressed, divorced, or worse. They didn't know what to do after they accomplished their goal.
Another example of incomplete planning recently appeared in the news. According to
Wired, three guys were recently hit with federal conspiracy charges for defacing Comcast's homepage. They changed the web page for Comcast.net to say "KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven".
Basically, a "hacker gang" (Wired's description, not mine) decided to deface Comcast. They achieved their goal by social engineering Comcast's domain registrar (Network Solutions). They ended up controlling
200 Comcast domains, including Comcast.net.
And then? "What will you do after you achieve the goal?" They... redirected Comcast.net to a different server that listed their online handles. That's just stupid. They could have just as easily linked to Google Maps and put a dot on their homes.
Forest and Trees
This situation has a bunch of problems. First, Kevin Poulsen's Wired article calls them "hackers". However, a hacker would have seen the bigger picture had fully thought out the goal. Defacing a web page by redirecting the site? Please... these were script kiddies and social engineers who had no long-term vision.
Meanwhile, the three defendants clearly lacked the hacker mentality. They had no clue what to do after achieving their goal. They had control of 200 Comcast domains! Here's some alternate things that they could have done, had they applied the hacker mentality of thinking outside the box...
Mixup
There are two hundred domains! Make queries to comcast.net go to the server at comcastadvertising.com, and comcastadvertising.com should go to cablelatino.org... This will cause some serious chaos and does not disclose your own names.
Cause fear
Since they can intercept all accesses to the Comcast search engine, make it appear that Comcast has added a new feature!
Here's what other people are currently searching for:
billy@comcast.net (67.163.200.7) searched for 'Divorce lawyers'.
mike@comcast.net (71.56.45.12) searched for 'big boobs'.
jess@comcast.net (24.9.5.254) search for 'how to get pregnant'.
Not only does this make Comcast look bad, it makes customers fear Comcast. And it would have a long-lasting impact. Long after the hijacking is corrected, people will always fear the type of information Comcast collects, regardless of whether Comcast actually collects this information or not!
I view this as educational. If you walk into the lobby of Google's Sunnyvale campus, you can see a real-time scrolling display of searches being performed. Most people don't realize that
Google saves every search. And if you are logged into Google, then they can associate the data with you. You can actually see this if you use
Google Dashboard. As Lance Ulanoff wrote, "Why, for example, did I search for Teddy bear images on June 19, 2008 at 10:05 AM? That is embarrassing."
Make it better!
Anyone who has used Comcast.net knows that it is an overly complicated web site. If the item you want isn't on the front page, then good luck finding it. Between the JavaScript navigation, ads, very deep menus, and bugs (with Firefox and the NoScript plugin, many of the hyperlinks send me to http://comcast.net/browserupgrade/, which creates an infinite reload loop), the site really lacks usability.
So instead of defacing the web site, redesign it and make it better! And then? Pay your $35 to the
Copyright Office for a registered copyright on your changes. Here's what will end up happening:
- Comcast customers will love the new design. They won't realize it is a hijacking. (This makes it a great hack.)
- Comcast will take it down, making customers upset that the new design is gone.
- Comcast will try to find out who is behind the hijacking. It is very unlikely that they will check with the Copyright Office.
- Comcast is a big company with many battling business units. While the security side are tracking the hijackers, the business side will try to address the complaints. Seeing how the new design was popular, they will incorporate parts of it (or maybe even the whole thing).
- Since you paid your $35 for your registered copyright, you can sue Comcast for copyright infringement. Without the $35 registration, you can only sue them for "actual damages" (you'll get nothing), but with the registration, you can include legal fees and emotional distress in your claim. (With a good enough attorney, even their claim of trademark infringement won't go far, because you were not competing against them; you were them). The net result? Bingo -- even if you are in jail, this is like winning the lottery.
Plan For Success
I'm sure you can come up with other great uses for 200 Comcast domains besides "shoutz and greetz" and listing personally identifiable aliases. If you're going to start any project, then begin with a plan. And if you're going to do something illegal, at least make it a good plan. As Wired quoted:
"The situation has kind of blown up here, a lot bigger than I thought it would," said Defiant, who said he was 19 years old, and that his first name was James. "I wish I was a minor right now because this is going to be really bad."
With regards to James: It still isn't too late to develop a plan. Start with "Don't drop the soap."
