Police maintain uneasy relations with cybervigilantes

The London-area Metropolitan Police Service has turned to some unlikely allies in the fight against Internet crime: cyberactivists who are taking action against online fraudsters.

The police are working with certain cybervigilante groups, using them as a source of information in the fight against fraud, according to sources within the Metropolitan Police fraud alert unit. This includes Artists Against 419, whose activities include consuming the bandwidth of fraudulent banking and lottery sites in an attempt to force them off the Internet.

The police have traditionally sought to discourage any form of vigilantism, as there is no guarantee that self-appointed guardians will have information good enough to target those responsible for crimes, or the necessary skills. However, due to funding and resource pressures, the police have decided to tap alternative information and revenue streams to combat cybercrime. Advance-free fraud, or 419, is named for a section of Nigeria's criminal code.

The police cannot work with groups suspected of illegal methods of vigilantism, but there are other groups with whom the Metropolitan Police have good relationships.

"There are a number of groups we won't have a relationship with, because it would be inappropriate. We have good relationships with groups like Artists Against 419 and Data Wales' Internet Fraud Advisory. We try to work with any organization that sends us information," said one source within the unit.

Internet vigilantism can come in many different forms. Groups such as Artists Against 419 and the Internet Fraud Advisory offer advice and tools on how to avoid scammers and list suspected fraudulent Web sites.

Others, such as 419 Eater, engage in scam baiting: deliberately trying to waste scammers' time, including have them take trophy photos of themselves to send to the scam baiters, in the hope it will limit scammers' activities. Ethical hackers try to disable botnets and limit hacker activity by hacking the hackers themselves.

While the Metropolitan Police do work with some vigilante groups, they are uneasy about the concept of vigilantism, especially those groups that break the law.

Senior security experts and police officers themselves also have mixed feelings about cybervigilantism.

Ed Gibson, chief security adviser to Microsoft U.K., said that vigilantism involving people taking the law into their own hands by responding in kind could not work on the Internet, as spam is usually relayed through proxy servers belonging to innocent third parties.

"The difficulty with cybervigilantism is this: You spam me to death--you send me viruses--so I finally lose patience and I send you back a virus. But the spam has been proxied through another country's health service--somebody opens the e-mail--and I've just blown that health service apart," Gibson told ZDNet UK.

Chris Atkinson, partnerships liaison officer for the U.K. Child Exploitation and Online Protection Center, also warned against mob rule on the Internet, especially naming and shaming suspected scammers.

"Our position has always been that cybervigilantism can have unfortunate consequences. Naming and shaming can target innocent people. The classic scenario was people (in Portsmouth) mistaking pediatricians for pedophiles. The same can happen on the Internet," Atkinson told ZDNet UK.

419 Eater has a "trophy room " of photographs of suspected scammers. But they warn that criminals often bribe or threaten people to appear in the photographs instead of themselves, and use aliases to remain anonymous.