NOTE:
Gearblog has morphed into Gibbsblog. All new postings, same great Gibbs. Come on over!
The world of phishers and what it tells us about on-line crime
By Gearhead, NetworkWorld.com, 06/20/05
"The typical phisher ... isn't a movie-style villain but a Romanian teenager, albeit one who belongs to a social and economic infrastructure that is both remarkably sophisticated and utterly ragtag."
An interesting story in the Wall Street Journal discusses the world of phishers as charted by Christopher Abad, a researcher who works for Cloudmark.
Abad apparently spent months digging into how phishers work and one of the more bizarre aspects of phishing is that "... phishing scams ... have ... become so complicated that, just as with medicine or law, the labor has become specialized."
Turns out there are guys who work the front end of the scam (getting the identity information and bank account data), guys who design the "bait" (the bogus Web sites), while others run the back end, getting the actual funds and routing the proceeds to the other parties. How is cheating prevented? The phishers have a rating system to track who is "honest" and who is isn't!
That this world should exist doesn't come as a surprise -- with every new, poorly policed market where any significant amount of money is involved comes organized crime. But this isn't like real world organized crime.
We've read any number of articles that refer to "Mafia" involvement in on-line crime but usually don't have any solid evidence to back up the assertion. It appears that for today, the bulk of on-line crime can be attributed to "working hackers" running what might be thought of as cottage businesses. Interestingly, should the Mob ever want to take over the on-line crimes business the decentralization and lack of physical access would make such a play extremely difficult.
The problem for law enforcement is that the on-line world will always be diffuse, decentralized, and highly volatile making catching the bad guys a matter of luck rather than traditional crime solving. Add to that the inherently trans-national nature of the problem and unless international law enforcement becomes a lot more cooperative and sophisticated we can expect the problem to grow rapidly.
The cheapest and most effective solutions lie in better consumer education, better business processes on the part of financial institutions, and better client operating systems. The first two are very difficult as consumers are hard to educate and banks and their ilk seem to be willing to operate on-line at a level of acceptable risk for them (but not for the consumer). As for better operating systems (either by engineering the OS itself or adding extensions that make a more secure environment), well, there's where the opportunity lies.
Back to Gearblog
Comments
