Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Phishers are dumb, rip each other off like crazy

Cory Doctorow at 10:11 pm Sun, Jan 27, 2008

— FEATURED —

THE LATEST

Guatemala: Nation's highest court throws out Ríos Montt genocide trial verdict and prison sentence

Feature

Eurovision 2013: An American in London

Book Review

The Twelve-Fingered Boy - mesmerizing YA horror novel

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Nitesh Dhanjani and Billy Rios are security researchers who penetrated the "phishing underground" -- the ecosystem of scam-artists who run rip-off phishing sites and the toolsmiths and fences who supply them and vend the identities they steal. The conclusions are fascinating: first, phishers sell on the stolen identities to more sophisticated crooks; second, phishers steal from each other -- phishware is riddled with back-doors installed by other phishers to phish the phishers; finally, phishers are dumb and unsophisticated, doing nothing more technical than unpacking a directory on an exploited website, lacking even the competence to spot the backdoors in their tools.
The number of backdoors we saw was staggering. The servers serving the phishing sites had backdoors, the code used in the phishing kits had backdoors, the tools used by phishers had backdoors. Phishers aren't afraid to steal from regulars people and they are also not afraid to steal from other phishers. Some of the backdoors were meant to keep control over a compromised server, while other simply stole information that had been stolen by other phishers! We came across several forums where phishers, scammers, and carders basically identified other phishers, scammers, and carders that had scammed them. These shady characters may work with each other but they sure don't trust each other, that's for sure.
Link (via /.)

(Image: The scam truck, a Creative Commons Attribution ShareAlike photo from Jepoirrier's Flickr stream)

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

  • Frenetic

    I read the shummary as:

    “Phishers, phishing phishing phishers sophishticated phishers phishware phishers to phish the phishers; finally, phishers unsophishticated. Shervers sherving the phishing, phishing phishers. Phishers other phishers. Shimply shtole inphormashion stolen by other phishers! Phorums where phishers, shcammers, and carders identphishied other phishers.”

    Phunny, and kind of phoetic!

  • jplotz

    I recently had my Amex card used fraudulently. I was able to get the shipping address (in the US) of the goods that were purchased; I then googled this address. It showed up at kidala.info in some sort of discussion forum between Russian carders (in Russian). A friend translated it for me – basically, kidalo.info is a blacklist of carders who have scammed other carders. In this case the guy who “owned” the US shipping address wasn’t sending the money to the other guy, and the other guy blacklisted him as a result.

  • ill lich

    And this surprising? “There’s no honor among thieves.”

    Seems that if they’re so dumb, and their sites full of back doors, then it should be easy for someone smart enough to go in and completely screw with them, even shut them down (at least for a time).

  • Lou Logan

    I so wish the computer security researcher’s name was Billy Bios.