Phishers are dumb, rip each other off like crazy

Nitesh Dhanjani and Billy Rios are security researchers who penetrated the "phishing underground" -- the ecosystem of scam-artists who run rip-off phishing sites and the toolsmiths and fences who supply them and vend the identities they steal. The conclusions are fascinating: first, phishers sell on the stolen identities to more sophisticated crooks; second, phishers steal from each other -- phishware is riddled with back-doors installed by other phishers to phish the phishers; finally, phishers are dumb and unsophisticated, doing nothing more technical than unpacking a directory on an exploited website, lacking even the competence to spot the backdoors in their tools.
The number of backdoors we saw was staggering. The servers serving the phishing sites had backdoors, the code used in the phishing kits had backdoors, the tools used by phishers had backdoors. Phishers aren't afraid to steal from regulars people and they are also not afraid to steal from other phishers. Some of the backdoors were meant to keep control over a compromised server, while other simply stole information that had been stolen by other phishers! We came across several forums where phishers, scammers, and carders basically identified other phishers, scammers, and carders that had scammed them. These shady characters may work with each other but they sure don't trust each other, that's for sure.
Link (via /.)

(Image: The scam truck, a Creative Commons Attribution ShareAlike photo from Jepoirrier's Flickr stream)


  1. I recently had my Amex card used fraudulently. I was able to get the shipping address (in the US) of the goods that were purchased; I then googled this address. It showed up at in some sort of discussion forum between Russian carders (in Russian). A friend translated it for me – basically, is a blacklist of carders who have scammed other carders. In this case the guy who “owned” the US shipping address wasn’t sending the money to the other guy, and the other guy blacklisted him as a result.

  2. I read the shummary as:

    “Phishers, phishing phishing phishers sophishticated phishers phishware phishers to phish the phishers; finally, phishers unsophishticated. Shervers sherving the phishing, phishing phishers. Phishers other phishers. Shimply shtole inphormashion stolen by other phishers! Phorums where phishers, shcammers, and carders identphishied other phishers.”

    Phunny, and kind of phoetic!

  3. And this surprising? “There’s no honor among thieves.”

    Seems that if they’re so dumb, and their sites full of back doors, then it should be easy for someone smart enough to go in and completely screw with them, even shut them down (at least for a time).

Comments are closed.