USPS text scammers duped his wife, so he hacked their operation

Original Article ↗ Hacker News Discussion ↗

Legality of “hacking back”

  • Many commenters note that retaliatory hacking likely violates the CFAA and similar laws, even when targeting scammers abroad.
  • Some want explicit legal carve‑outs or licensing schemes for anti‑scam operations; others strongly oppose exceptions, citing risk of abuse, framing innocents, and selective enforcement.
  • Several point out disclaimers (“this isn’t my work / not condoning”) are mostly CYA and may have limited legal value.

Vigilantism vs. formal law enforcement

  • Strong emotional support for hitting scammers back; some even fantasize about extreme responses, especially against hospital ransomware.
  • Others warn that vigilante justice is dangerous: poor evidence handling, emotional overreaction, risk of targeting innocents, and erosion of rule of law.
  • There’s debate over whether society has a “natural right” to justice that justifies vigilantism when the state is ineffective; others counter that this leads toward lynching or anarchy.

Jurisdiction and international limits

  • Many stress that scammers operating from China, Russia, or similar jurisdictions are hard to prosecute; extradition is rare and depends on local politics, not just treaties.
  • Some argue that if a state won’t or can’t act, practical impunity results even if the act is “illegal on paper.” Others reply legality and enforceability are distinct.

Telecom, SMS infrastructure, and incentives

  • Commenters criticize carriers for profiting from scam traffic and having little incentive to stop it beyond regulation.
  • Discussion of STIR/SHAKEN and number reputation as partial progress for calls, but SMS/MMS remain a “giant hole”.
  • Proposals include:
    • Opt‑in for international calls/texts in the US.
    • Stronger spam filtering and liability for carriers.
    • Even rebuilding messaging with secure, non‑spoofable, end‑to‑end systems.
  • Some note that easy reporting (e.g., “report scam” like *69) is missing, but others warn that without resources, more reports just add noise.

Human impact and ethics

  • Recognition that scams cause severe emotional and financial harm, sometimes leading to suicide.
  • Counterpoint: many call‑center “scammers” are themselves trafficked and coerced, complicating blanket calls to “attack” them.
  • Thread raises need for ethics in CS education; others argue ethics courses change little when crime is so easy and lucrative.

Operational and attribution risks

  • Several warn about weak OPSEC when going after scammers; retaliation can include serious counter‑attacks or SWATting.
  • Misattribution examples (e.g., stale DNS records, compromised third‑party sites) show how easy it is for amateurs to hit the wrong target.