Nitesh Dhanjani and Billy Rios are security researchers who penetrated the "phishing underground" — the ecosystem of scam-artists who run rip-off phishing sites and the toolsmiths and fences who supply them and vend the identities they steal. The conclusions are fascinating: first, phishers sell on the stolen identities to more sophisticated crooks; second, phishers steal from each other — phishware is riddled with back-doors installed by other phishers to phish the phishers; finally, phishers are dumb and unsophisticated, doing nothing more technical than unpacking a directory on an exploited website, lacking even the competence to spot the backdoors in their tools.
The number of backdoors we saw was staggering. The servers serving the phishing sites had backdoors, the code used in the phishing kits had backdoors, the tools used by phishers had backdoors. Phishers aren't afraid to steal from regulars people and they are also not afraid to steal from other phishers. Some of the backdoors were meant to keep control over a compromised server, while other simply stole information that had been stolen by other phishers! We came across several forums where phishers, scammers, and carders basically identified other phishers, scammers, and carders that had scammed them. These shady characters may work with each other but they sure don't trust each other, that's for sure.
(Image: The scam truck, a Creative Commons Attribution ShareAlike photo from Jepoirrier's Flickr stream)