- How to use electrical outlets and cheap lasers to steal data
- The botnet world is booming
- NTIA seeks volunteers to review broadband applications
- The 10 dumbest mistakes network managers make
- What's driving this university to IPv6? Going green
Until just a few months ago, Gary Warner did not have the kind of day job you'd expect from an antiphishing crusader. He didn't work for a security vendor or a bank, or any kind of company you'd expect to care about phishing.
Warner's career as a cyber-sleuth began on Halloween 2000. That's when his company's Web site was defaced by a hacker named Pimpshiz as part of a pro-Napster Internet graffiti campaign.
"My boss came to me and said, 'Find out who did this and put them in jail,'" said Warner, who was at the time an IT staffer with Energen, a Birmingham, Alabama oil and gas company.
It was an eye-opening experience. "I called the police and they were like, 'What do you want us to do?'" he said.
Months later, when Pimpshiz struck servers at NASA, Warner reached out, calling staff there and saying "Hey, we know who this guy is. Here's his name and address."
Since then, Warner has quietly become one of the most-respected authorities on phishing in the U.S. -- the kind of guy that federal agents and banking IT staff call when they want to know how to catch the bad guys and shut down their credit-card-stealing Web sites.
With Warner's help, authorities eventually arrested Pimpshiz, whose real name is Robert Lyttle, [cq] in connection with the hacks.
Fishing for Phishers
Warner said that the Pimpshiz case was formative, underlining how hard it is for law enforcement to catch the bad guys on the Internet.
"The experience showed me that it's not that they don't care," Warner said. "Their hands are tied by the legal process."
Soon, Warner found himself spending dozens of hours each week compiling data on spammers and phishing attacks. "I would sit for a couple of hours every morning and find all the new phishing sites that I could," he said.
He'd take screenshots of the sites, e-mail the Webmasters who were hosting them and ask them for Web logs, and eventually he started making connections -- he'd connect one phishing group with several different attacks -- and learn who he needed to call to get Web sites removed, no matter where in the world they were hosted.
He'd get calls from IT staff at small credit unions asking for help taking down fraudulent sites, every day, all day long. It was cutting in on his work. Late last year, he decided to make a change. "I went to my boss and told him that I'm going to look for a way to do this full time."
Partner Content
Explore the Ultrium Edge
The powerful tape technology can address data security with tape encryption as well as long term data protection.
Find Out More
Disk and Tape Square Off
Discover what disk and tape really cost and which solution provides lower total cost of ownership and optimizes energy use for your organization
Download this White Paper
Don't Fall for the Myths
The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.
Review this information
information examination
An examination of information security issues, methods and securing data with LTO-4 tape drive encryption
Read this analysis
Comment