Topic: [ON HOLD] Thoughts: paying hackers to get accounts back: ethical or not? - page 2. (Read 561 times)

If negative tag before selling the account then anyone will not buy the account. And if anyone buy account then the pharmacist will tag him/her. So, his/her account will not have any value. And in this case 25$ will be considered as something is better than nothing.

I don't think so. I think hacker do not hack account for such a small amount. Hacker usually hack account to sell or to scam a large amount. Eg: make reversible transaction, take loan and default, take payment first and never complete the deal and something like this.

I think still hacker can lock the account as s/he has received email but Not sure.

I have mentioned before that this is about the only way to get your account back to offer the guy some coin to give it back.

I doubt it will be the actual "hacker" you are dealing with. I think the hacker probably just sells them and then whoever actually bought the account is also screwed when it is outed.

I don't think it is unethical depending on how you feel about paying ransoms. In that case the "hacker" guy would probably be best off to demand a ransom for the account in the first place but this is more like an offer to return lost property.

I guess you could set up a specific escrow for this particular situation but what are you going to do for awareness? Offer your service to every "help account lost" thread?

So hacker gets account and sells it to a spammer (often plagiarist) and get paid, then the spammer that bought the account gets screwed when his bought account gets red trust but he can get $25 of his money back if he gives the account back. He might do it if he knows the deal is available.

Kinda dealing with some dirty folks.


What do DTs have to do with it? It's just $25 but DT doesn't equal escrow..
You will just have to convince whatever DTs tagged it to remove them once the original owner gets them back..

It might make you look like you are running an account hacking racket though. If you are profiting off of it and have success it might look like you are the one getting the accounts to make a few bucks as a tagged hacked account is basically worthless other than this ransom you are thinking of.

You don't need to wait 2 weeks. When you change the email you do this...
- Use a useless email address (like yopmail and let no one know about it). The confirmation email goes to the original account holder's email who has the current account.
- Now change the email again with your desire email address. The confirmation email goes to the useless email address which you only know.

This way the original account holder lose the activation/confirmation code 

I think you already answered you own question. This will most definitely lead to more account hacks and even though you mentioned you would keep it a fixed fee, it could also lead to higher ranked accounts(even if we use new passwords every so often to help prevent hacks) being targets for a higher ransom/reward/bounty.

Good point. If it becomes too time consuming, I'll have to charge a fee too. I don't want to end up with a backlog on recoveries like Admin has now. But instead of charging a fee, it's probably better if more DTs will join the effort.

It is a good idea. Actually many account holders wait for a long time to get account back and for negative tag hacker also cant be benefited. But if you do this service then hacker as well as real owner both will be benefited. And this 25$ will be considered as punishment of the real owner as not to protect his/her account or mistake of his/her or any bug of the forum.
I have a suggestion. By this service it will take a lots of time of you. So it would be better if there is a little fee (considered as service fee) of you.

Hacked accounts don't get recovered. I've seen people offer to pay for recovery, but money isn't what stops Admin from recovering accounts.
I have another idea, with pros and cons, and would like to get community feedback first.

What if I start a service, in Meta, like this:
1. I tag hacked accounts after sufficient proof (usually a signed message) has been provided (I already do this). Example:
Stolen account, see Reference link.
Dear thief, please give it back.
2. I add "The owner is willing to pay you $25, no questions asked" to my tag if the real owner is willing to pay $25 to get it back.
3. If the thief/hacker/buyer agrees, he'll send me the account details.
4. The real owner sends me $25 (), I change the email and password, and wait 2 weeks so it can't be locked.
5. I pay the thief $25 (minus the lowest possible transaction fee), give the account back to the real owner, and remove the red tag.
6. We can use the thief's Bitcoin address for a small chance to hunt him down

If the original owner doesn't pay in step 4, I won't change the account details and the account thief keeps it. I love to trick account thiefs, but if they can't rely on my service, this won't work.
If the hacker locks the account, he won't get paid.

Notes:
All communication (except for transfering account details in steps 3 and 5) about this has to happen in public, not through PM.
"$25" is more or less arbitrary. I want it to be a fixed amount, less than what accounts are sold for, hopefully low enough not to encourage hacking accounts for the bounty, and non-negotiable ("take it or leave it").
I won't charge anything for this.
This service will end the moment theymos' planned automated account recovery is implemented, or when (a new) Admin recovers accounts again.

Thoughts? Ideas? Improvements? Please post!