Partial Witness-Update: The Anti-Phishing Action
Since I don't want to spend the bulk of tomorrow's witness update talking about phishing, I figured making a separate mini-update is best.
This was an impromptu project that I never wanted to have to take on simply because I would never wish upon anyone to have their account stolen like that. The phishing attack is ongoing and more and more accounts are compromised.
You can read about the actual attack in my earlier posts: Initial Warning Post and Update.
Other projects suffered minor delays
A total of two full-time days and part-time hours in subsequent were spent on monitoring, discovering, and otherwise dealing with the phishing scam. Because of this, I must apologize to the community and those who vote for @guiltyparties as witness. Ongoing and new projects were delayed on different levels or had fewer man-hours assigned to them. Although I apologize, I don't regret it.
Flagging trigger-finger
This week I used the official @guiltyparties account to do the one thing that none of us ever meant to use it for, which is flagging. Guilty Parties as a rule respects all views, opinions, and stances, irrespective whether we personally agree with them or not. All members on our team including myself, 'Patriot', have been part of, initiating and leading online communities for some 20 years and counting. We know the sanctity of the free speech concept on the internet and the lack there of on platforms controlled by anyone other than ourselves. We never intended to flag anyone for anything.
However, that changed when faced with the impact of the phishing infestation. To end the spread of this disease, I made the decision to flag phishing posts. I can tell you that I made this decision on behalf of my team and all supported it.
I wiped out our Voting Power and I'm glad I did so. My main regret is that it wasn't enough to completely halt the hacker.
Unflagging for recovery cleanup
A portion of the infected accounts were recovered that same or next day. I'm glad I've made the decision to flag because that also allowed me the opportunity to unflag posts after the original owners cleaned them up and manually deleted the phishing links. My deepest respect to them for recognizing their mistake and then spending hours cleaning it up. I had long conversations on Steemit.chat with several users as they waited for their recovery or were trying to figure out how to move on.
Could've done more
I've got to be honest, this phishing attack caught me off guard. I've since pondered how as a witness I can either provide a tool to increase user resilience or support negative impact mitigation. There's some ideas here that I'm hoping will get fleshed out in time through trial and error. Account security starts with user resilience to shit scams, phishing, trojans and other tricks that scum use to steal people's hard work and currency.
Before I end this I've got to thank one young lady for listening to my findings, theories and solutions. Thank you @patrice.
Our VP is currently in recovery for future anti-phishing flagging.
Like what we're doing? Support us as a Witness.Go to https://steemit.com/~witnessesAt the bottom, type in guiltypartiesClick VOTE |
@originalworks