Police maintain uneasy truce with cybervigilantes

The Metropolitan Police have turned to some unlikely allies in the fight against internet crime — cyberactivists who are taking action against online fraudsters.

The police are working with certain cybervigilante groups, using them as a source of information in the fight against fraud, according to sources within the Metropolitan Police Fraud Alert Unit. This includes Artists Against 419, whose activities include consuming the bandwidth of fraudulant banking and lottery sites in an attempt to take them off the internet.

The police have traditionally sought to discourage any form of vigilantism, as there is no guarantee that self-appointed guardians will have information good enough to target those responsible for crimes, or the necessary skills. However, due to funding and resourcing pressures the police are having to tap alternative information and revenue streams to combat cybercrime.

But while the police could not work with some groups suspected of illegal methods of vigilantism, there are other groups with whom the Metropolitan Police have good relationships.

"There are a number of groups we won't have a relationship with, because it would be inappropriate. We have good relationships with groups like Artists Against 419, and Data Wales's Internet Fraud Advisory. We try to work with any organisation that sends us information," said one source within the unit.

Internet vigilantism can come in many different forms. Groups such as Artists Against 419 and the Internet Fraud Advisory offer advice and tools on how to avoid scammers and list suspected fraudulent websites. Others, such as 419 Eater, engage in scam baiting — deliberately trying to waste scammers' time, including have them take trophy photos of themselves to send to the scam baiters, in the hope it will limit scammer's activities. Ethical hackers try to disable botnets and limit hacker activity by hacking the hackers themselves.

While the Metropolitan Police do work with some vigilante groups, they are uneasy about the concept of vigilantism — especially those groups that break the law.

Senior security experts and police officers also have mixed feelings about cybervigilantism.

Ed Gibson, chief security advisor to Microsoft UK, said that vigilantism involving people taking the law into their own hands by responding in kind could not work on the internet, as spam is usually relayed through proxy servers belonging to innocent third-parties. "The difficulty with cybervigilantism is this: you spam me to death — you send me viruses — so I finally lose patience and I send you back a virus. But the spam has been proxied through another country's health service — somebody opens the email — and I've just blown that health service apart," Gibson told ZDNet UK.

Chris Atkinson, partnerships liaison officer for the Child Exploitation and Online Protection Centre (CEOP), also warned against mob rule on the internet — especially naming and shaming suspected scammers. "Our position has always been that cybervigilantism can have unfortunate consequences. Naming and shaming can target innocent people. The classic scenario was people [in Portsmouth] mistaking paediatricians for paedophiles. The same can happen on the internet," Atkinson told ZDNet UK.

419 Eaters have a "trophy room" of photographs of suspected scammers — but they warn that criminals often bribe or threaten people to appear in the photographs instead of themselves, and use aliases to remain anonymous.