Artists Against 419
Artists Against 419 (commonly abbreviated to AA419) is an Internet community dedicated to identifying and shutting down 419 scam websites. Its members work pro bono to stop, disrupt or hinder fraudsters' activities by cataloging and reporting fraudulent domains.
The Artists Against 419 site was set up in October 2003 and began tackling fraudulent websites in an artistic way: by hotlinking their images to drain their small bandwidth allowance over their monthly limit. Over time the fraudulent sites have evolved and so have the Artists. On November 30, 2003, the Artists Against 419 hosted its first international flash-mobsee below. There were many subsequent mobbings designed to make internet hosting service providers aware that the Artists Against 419 would not tolerate hosters knowingly hosting websites that AA419 had evidence to show were criminal.
At the same time, they started to list the allegedly fraudulent sites that members had found in a database. With these database entries, if a potential scam victim were to search a website they had been sent by a possible fraudster, the victim might see the database entry on an anti-fraud site and be inclined to cease contact with the scammer. This list now contains nearly 100,000 websites (as of August 31, 2014), and is one of the world's largest databases of fraudulent websites.
Sophisticated tools and techniques are used to search for fake sites and domains. When there is sufficient evidence to prove that a particular domain is fraudulent, it is entered into the database by a select experienced member after careful review. AA419's members then compose abuse reports to the domain registrar and/or hosting service provider with the evidence and ask for them to review/suspend the fraudulent site. Frequently, fake sites are closed within days or even hours of being set up. As great care is taken to check each site before it is listed, the AA419 website is increasingly used by law enforcement agencies as a source of information. The UK Metropolitan Police force is reported to work with AA419. AA419 also escalates any websites found linked to South Africa to the South African Police Service (SAPS) and such websites will only be reported after giving those authorities the chance to investigate.
AA419 maintains constant relations with numerous internet registrars and hosting companies, who themselves have no wish to host criminal activity and cooperate willingly by suspending the fraudulent sites once the evidence is presented. However, certain companies fail to respond to AA419's abuse reports. In such circumstances (in the past) they arranged virtual sit-ins.
AA419 described its past actions as flash-mobbing but in actuality, this activity is called a virtual sit-in. Virtual sit-ins entail large numbers of individuals intently visiting a target site and downloading pages or requesting large numbers of information, with the intent that their requests will cause a rapid drain of bandwidth, and if there is a bandwidth quota it goes offline. For example, if 100 people continuously download a 10 kilobyte image simultaneously for 12 hours, this uses 40 gigabytes of allocated bandwidth. Assuming that the fraudulent site has 40 Gb of allocated bandwidth per month, it will automatically shut down after 12 hours, when the bandwidth threshold is exceeded. The fraudulent website will then remain off-line until the following month, when the bandwidth quota is re-set. Virtual sit-ins were achieved using freeware tools such as Muguito or the Lad Vampire. A computer flash-mob is a similar case where the sites' sudden popularity brings an unexpected large numbers of visitors which the server is unable to handle, except that there is no actual audience and the action is designed to be destructive.
In some cases, particularly when a small web-hosting company is involved, the volume of traffic can be so large that access is slowed to all sites on the server, this held the hoster at ransom until they suspended the scam site, then things returned to normal. It is important to note that no site was ever "mobbed" until at least two letters had been sent to the hosting company notifying them of the abuse:-
- informing them that they are hosting a fraudulent site
- detailing evidence of such fraudulent activities
- requesting that the site be shut down for violating the hoster's terms of service
The Artists always preferred that hosting companies to take responsibility for the actions of their clients as well as the content of their web sites. A virtual sit-in is a tool of last resort, and was used only after other attempts to shut down the fraudsters' website had failed. Fortunately, the vast majority of web-hosting companies find the activities of internet fraudsters highly objectionable and swiftly intervene to stop them.
What AA419 describes as flash-mobbing, is considered by others to be an illegal electronic offensive called a Distributed Denial-of-service attack (DDoS). By their own admission they affect "all sites on the server", and they have attacked systems without checking if bandwidth limits are in place.
Legal scholars like Susan Brenner, a law professor and expert on cybercrime at the University of Dayton School of Law, while sympathetic to aa419's aims and supportive of their more peaceable efforts, find these aggressive techniques akin to DoS attacks, which are illegal. Many jurisdictions prohibit anyone from sending a command to another computer with the intent of causing harm, and DoSes definitely aim to do damage.
Change in direction
The following is from the AA419 web site, discussing the discontinuation of Lad Vampire and other software from their site:
- As of September 14th 2007 the Artists Against 419 discontinued the use of Bandwidth Hogging tools
- As regular viewers will have noticed, the Artists discontinued the use of the Deadly Duo, Mugito and Lad Vampire on September 14, 2007.
- As a community we have grown more sophisticated and effective in the art of shutting down fake web sites with words alone. Our database is the largest of its kind, and our expertise at identifying, cataloging, and terminating fraud sites is unmatched. We have shut down over 95% of the fakes in our database by letter-writing and establishing good relationships with hosts and domain registrars, and so we believe that it's time to move on.
- We have listened to feedback from all sections of the internet, and realize that there is less need for these tools. With so many reputable hosting companies supporting the work of AA419, we no longer need the pressure tactics that worked in our infancy.
- This is not to say that AA419 has lost its teeth. We remain committed to locating, and closing fakes web sites of all descriptions. We will continue to make known the names of web hosts and registrars that support fakes within their ranges, and we will bring our reputation, and our artists with us to every fight.
In recent years, Artists Against 419 have developed new techniques and have acquired numerous new members who are highly skilled at finding fraudulent websites. Many more scam websites are found these days. Also, AA419 is constantly developing and building relationships with domain registrars and hosting companies. Because of this, even though more and more fraudulent sites are being found now, more are more are being shut down by responsible companies who work on an almost daily basis with AA419. The days of "flash-mobbing" are long past, but by using responsive tactics Artists Against 419 is more effective than ever before.
The Artists have had considerable success in closing fraudulent websites. Of the more than 90,000 sites listed in their database, less than 600 are currently active, and many of these are very recent additions.
Since January 2016, the Artists Against 419 database also reflects separate scam category, autonomous system number (ASN) and domain name registrar fields, enabling ISPs and registrars to easily determine which sites under their responsibility have been listed. An additional comments field was also added showing the contact details the scam website used.
- "Police maintain uneasy relations with cybervigilantes". CNET News.com. Retrieved 2007-03-25.
- "Artists Against 419 - Fake Bank Database". AA419. Retrieved 2014-08-31.