Giving phishers the boot

Opinion
Jun 9, 20052 mins

It’s easy enough to report phish sites. But it’s a bitch finding where they’re hosted and getting them shut down. From a topological standpoint, a phish node could appear to be based in the U.S. when it’s really just a relay to Bejing. Or it could look like an isolated node in a hosting service when the service itself is riddled with phish sites. “What investigators need is a visualization of the topology leading to phishing nodes,” says John Quarterman, founding CEO of network performance mapping company, Internet Perils, during a recent phone interview. Enter a new program dubbed Internet Radar, which relies on several components to work. Quarterman’s company provides the visualization part. Fraud detection vendor, Corillian, provides tracking and forensics. And Web content filtering vendor, WebSense handles the reporting. In a recent test run, investigators mapped several phishing nodes going into the same hosting center and, at the time of this interview, they were trying to determine if they were looking at a major hack or at hosting provider collusion. It’s too early to tell whether programs like this will have any impact on getting phishing sites shut down faster. For starters, they’ll need advance cooperation with every major and not so major ISP around the globe so they can run their probes real-time. For the most part, ISPs will want to cooperate and get the bad doers off their networks as fast as possible, so that might not be so much of a problem. But when investigators need to call in the guns and badges, there’s no guarantees they’ll get any help. “First, we need big, aggregated cases to even catch the interest of law enforcement,” Quarterman says. “And criminals are deliberately obscuring their trails through Moscow and Korea and other legally-difficult jurisdictions.” Over the past two years, I’ve written about a number of ways the technical community has tried to combat phishing (see here and here)

deb_radcliff

Deb Radcliff is an investigative journalist and analyst focused on computer crime and security. Her work has appeared on Security Boulevard, the SANS Cyber Security Blog, and SC Media, among other outlets. She stood up an analyst program for SANS Institute and ran it for 15 years before joining the Cyber Risk Alliance as strategic analyst on the business intelligence unit. She is author of the popular cyber thriller series, “Breaking Backbones,” available at Amazon.

Deb won two Neal Awards for investigative business reporting. She holds a Bachelor’s degree in journalism from San Jose State University.

More from this author