1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is clickjacking illegal?

Discussion in 'Black Hat SEO' started by Darkone, Dec 24, 2010.

  1. Darkone

    Darkone Junior Member

    Joined:
    Jul 11, 2009
    Messages:
    189
    Likes Received:
    21
    I cant seem to find any solid information and or facts stating that clickjacking is illegal. I have some sweet methods using a clickjacking script + facebook, just want to make sure its not illegal.:confused:
     
  2. aReJay

    aReJay Power Member

    Joined:
    Apr 29, 2009
    Messages:
    736
    Likes Received:
    237
    Location:
    Down under
    A) Its breaches the TOS of any/all ad networks
    B) It is straight up fraud which is illegal

    -aReJay
     
    • Thanks Thanks x 1
  3. peixe01

    peixe01 Junior Member

    Joined:
    Apr 17, 2010
    Messages:
    198
    Likes Received:
    336
    what do you think...
     
  4. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    Guys I don't think OP is talking about defrauding ad networks, but asking about this for social networks...

    Darkone I have never really head of any criminal or civil cases involing it, but there's no doubt in my mind that it could easily fall under the Computer Fraud and Abuse Act. I have heard of people getting c&d for doing this on fb, and I'm sure at some point we will see some civil action from them as well..

    It's one thing to abuse the privilages you are given as a developer (not following tos to the letter when it comes to using publish_stream for example), but clickjacking is a much more direct and blatent breach of computer 'authorization'.. It is a whole other can of worms so be careful ;)
     
    • Thanks Thanks x 1
  5. safex

    safex Jr. VIP Jr. VIP

    Joined:
    Dec 28, 2009
    Messages:
    3,433
    Likes Received:
    518
    Occupation:
    Search Engine Optimization
    Location:
    BLCVA.com
    Home Page:
    It is making them to click at any cost...So it is not fair..Simple if you visit a site and it gives you a click to visit a Hot babe then tell me..will you click!!!lols..
     
  6. HeXeR

    HeXeR Junior Member

    Joined:
    Dec 30, 2007
    Messages:
    121
    Likes Received:
    15
    Occupation:
    Self-employed
    Location:
    EU
    Home Page:
    Any new thoughts about that? I mean, is it legal or not? Since there is loads of pages clickjacking facebook users ...
     
    Last edited: Apr 6, 2011
  7. tacopalypse

    tacopalypse Executive VIP Jr. VIP Premium Member

    Joined:
    Nov 30, 2009
    Messages:
    980
    Likes Received:
    2,485
    Home Page:
    likes have no monetary value, so its not fraud, and not illegal.
     
    • Thanks Thanks x 1
  8. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    I don't think there's been a case involving it specifically, but I think if it went to court you'd probably be convicted. You're using a browser vulnerability to execute some code you shouldn't have the permissions to execute. Not only that, but you're executing code that posts an unauthorized message that appears to come from the victim.

    The law is vague on purpose and if they do catch you, the evidence is always stacked way against you. It's basically up to the court to agree that you're a dick for doing it and you're stuck with it. Here's the law in NJ:

     
  9. HeXeR

    HeXeR Junior Member

    Joined:
    Dec 30, 2007
    Messages:
    121
    Likes Received:
    15
    Occupation:
    Self-employed
    Location:
    EU
    Home Page:
    What about if you play with layers? I mean, almost no JavaScript, you just put on facebook like button and mask it like something else, I'm not even sure if that's clickjacking but I saw that on one page...
     
  10. PlanetSEO

    PlanetSEO BANNED BANNED

    Joined:
    Dec 20, 2010
    Messages:
    279
    Likes Received:
    403
    Your not 100% correct, i mean yes its forces them to click but its all happened in my site. i mean when they get to a clickjacked paged they usually get to a picture and when they click on it then they will get clickjacked but until then its their choice if to click or not.

    For me usually when i get to a site with a picture "click here to enter" etc etc, its always feel fishy for me so basically all the clickjack process happened on your site.

    now you can see it this way, each site has it own terms its right that the clickjack script is against Google TOS and almost any other ppc/ad network but its not against your site terms, meaning lets say you inviting people over to your house so i guess you decide the terms of entering your house because you set you set the rules, so in this case if people will decide to enter you house one of the terms is that they can be clickjacked of course you can't use that as an excuse to tell the adsense team or any other network your dealing with but still i see it that in the worst case youll get banned and wont get paid which is pretty worst to me.

    Im no recommending starting using clickjack script for adsense ppc networks,
    but i did heard somewhere that it works pretty nice with Facebook like buttons specially if its social network and friendly traffic so you wont have to fake referrer etc etc.

    also since its facebook like buttons the and you using Facebook traffic you can have higher success rate, because when you clickjack people for facebook likes when they get clickjacked they have to be logged to facebook when they clicked so they will hit the like automatically instead of getting to a login page which in most of the case they will quit the process since they didn't tried to get to this page they got clickjacked ;)

    Cheers
     
  11. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    It does work really with Facebook, but I'm sure they'll fix it soon. It breaks my rule of the not leaving an easy paper trail though. If Facebook wants to make an example out of someone, they can just subpoena the affiliate program, web host, whoever. You're linked directly to a pretty serious crime.

    Like back when I was mailing, I'd phish tons of accounts for various purposes, but I'd never ever use them to mail even that was a way to make huge money. Some guys I knew did, and got busted.
     
  12. Monrox

    Monrox Power Member

    Joined:
    Apr 9, 2010
    Messages:
    615
    Likes Received:
    579
    Great quote. Laws are never black&white, they are almost always darkish. For example popups actually are screen space jacking and ARE exploiting browser weaknesses. Most browsers have popup protection. When a user enables it, he or she explicitly signals his desire to not want popups. Yet no court cares. It'd be interesting to try and connect click jacking with freedom of speech :D
     
  13. HeXeR

    HeXeR Junior Member

    Joined:
    Dec 30, 2007
    Messages:
    121
    Likes Received:
    15
    Occupation:
    Self-employed
    Location:
    EU
    Home Page:
    What about likejacking? With no moving like buttons and stuff like that, only masked like button...

    How (il)legal is that? :)
     
  14. promosirupiah

    promosirupiah Junior Member

    Joined:
    Jul 11, 2010
    Messages:
    149
    Likes Received:
    33
    I've done likejacking before, then norton and mcafee detect my site as clickjacking infect, so I remove it immediately.
     
  15. HeXeR

    HeXeR Junior Member

    Joined:
    Dec 30, 2007
    Messages:
    121
    Likes Received:
    15
    Occupation:
    Self-employed
    Location:
    EU
    Home Page:
    Well I'm not talking about that code. No crazy JS just like jacking...
     
  16. scalehard

    scalehard Newbie

    Joined:
    Apr 18, 2011
    Messages:
    28
    Likes Received:
    4
    Occupation:
    Physconaut
    Location:
    Outerspace
    i believe it'll prob violate someone's TOS for sure.
     
  17. RSnake

    RSnake Newbie

    Joined:
    Apr 21, 2011
    Messages:
    3
    Likes Received:
    0
    If Samy got arrested for XSS, which essentially did the same thing that clickjacking does (in his case - adding friends), yes, it's illegal. They'll find a way to prosecute you.