Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Reports On Spear Phishers

Posted by CmdrTaco on from the something-to-think-about dept.

FrenchyinOntario writes "IBM reports that while "regular" phishing is declining the black hats are now engaging in targeted spear phishing to glean as much information about a specific identity as they can for all the usual cybercrime reasons. It concerns authorities because the usual suspects - criminal and terrorist organizations - will want to take advantage of this, but the chilling part is how your identity will now be dependent on multiple institutions protecting your personal information, as opposed to eBay, PayPal, your bank, etc."

9 of 169 comments (clear)

  1. I have to say ... by Daniel+Dvorkin · · Score: 3, Interesting

    ... I think it's kind of hilarious how stuffed-shirt companies like IBM, and the news organizations that report on them, have tried to adopt hacker slang. "Spear phishing"? It kind of reminds me of Christian pop music that desperately tries to be cool but always looks and sounds ten years behind the times.

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
  2. it's bad on IRC by eight+and+a+quarter · · Score: 3, Interesting

    i've found a gang of romanian scammers on a popular IRC server because a friend's machine was compromised for spamming. i joined the chan and just monitored for a few hours.. i logged everything, e-mailed them to the IRC administrator, and absolutely nothing has been done.

    --
    lameness filter thwarted.
  3. An Open Information Society by under_score · · Score: 4, Interesting

    I'm starting to feel like the right to privacy might be a red herring. The benefits of technology and a truely collaborative and just society might only be fully realized if we completely give up privacy... and that that might actually be a good thing. I know that I've read an essay or something about this before, but I can't find a link - anyone know who wrote about this or where I can find some references? (Actually, Robert J. Sawyer wrote a series of books where one of the societies is like this... but it's not what I'm thinking of.)

    --
    Helping with organizational effectiveness is our job.
  4. Opportunity to make a difference? by It+doesn't+come+easy · · Score: 4, Interesting

    I've always thought that someone with a strong opinion on the pitiful state of privacy laws in the US would ... how do you say it ... demonstrate just how easy it is to steal someone's identity in this country (using, of course, selective politically connected individuals as test cases). Nothing like getting a senator interested in stronger privacy protection after they get the bill for that $5000 digital camera someone "bought" using their credit card.

    --
    The NSA: The only part of the US government that actually listens.
  5. Multiple institutions *are* responsible by MirrororriM · · Score: 5, Interesting
    but the chilling part is how your identity will now be dependent on multiple institutions protecting your personal information

    The way I see it, all personal information I send to a particular company should be confidential and protected. Some if it they simply don't need. For instance, why the hell did the clerk at Hollywood Video ask for my SSN to open a damn account to rent movies?! They did not need my SSN and I sure as hell didn't give it to him either, but it makes me wonder how many people actually *have* given out their SSN just for a Hollywood Video account. Not good.

    If a company does not protect my personal information and it gets stolen and/or misused, you bet your ass they'd see some backlash from me. The only bad thing is, it's hard to figure out exactly *which* company that held your personal information was compromised. It's certainly not like they're going to volunteer the fact that they were comprimised, otherwise you might take your business elsewhere (to a more responsible company). Just look at the millions of people who had their information on backup tapes "misplaced" by a UPS driver (posted on slashdot a while back) after the company was stupid enough to send that info via UPS to begin with.

    Companies that have our personal information need to be held accountable on how they handle it and should be prosecuted to the fullest when they mishandle it.

    --
    Content Management System: A pretentious way of saying "text editor."
    1. Re:Multiple institutions *are* responsible by Karma_fucker_sucker · · Score: 3, Interesting
      why the hell did the clerk at Hollywood Video ask for my SSN to open a damn account to rent movies?!

      Video places use it for a credit check. They're loaning you a movie.

      On the other hand, here's a trick I learned. When you're asked for a SSN, say "I'm soooo sorry! I didn't think I needed it. I'll have to come back!" 90% of the time, the clerk will just say "We really don't need it, just hang on." I kid you not! Try it! It pisses me off that a lot of firms "require" this information but when you balk or plead stupidity (in my case),it's amazing how it all of a sudden "doesn't matter."

      When I was taking a marketing class, we were told by the Prof. that to get information for whatever reason, all we had to do was ask. Most people just hand it over. I would love to get into the social reasons for this, but for now, I'll just say that we're all (in Western countries at least) to just shutup and hand over anything anyone in authority or perceived authority requests...I'm starting to rant and my spellink is going to hell. Off to the porn sitesss!

      --
      Evil people don't think they're evil. - George Lucas, Making of Ep III
  6. Re:A way around this... by Atzanteol · · Score: 2, Interesting

    What if that ID card stored a private key and a chip to do encryption of incoming data on it? The bank/gov't has your public key. Near impossible to 'forge', and if it goes missing you can report it.

    If we're going to get ID cards, I'd at least want them to be useful. At this point I'm in more danger of having my identity stolen than of being tracked by black helicopters...

    --
    "Ignorance more frequently begets confidence than does knowledge"

    - Charles Darwin
  7. Identity proxy by digidave · · Score: 2, Interesting

    I wonder how long before some company comes out with an identity proxy service. You sign up for, say $10/month, and create your virtual identity complete with a real credit card number that's mapped to yours through the service, then sign up to eBay, PayPal, etc using the virtual identity. If it gets compromised, you get a free switch to a new identity.

    You'd end up having to trust that one company, but a single company could quite easily put in place policy and technology to keep your identity safe... that would be their primary focus. That's unlike eBay and others who really just want to do business with you and happen to also have your personal information. Their policies aren't as good as they need to be.

    Besides, with your info only at one place it'd make spear phishing much harder: no relying on little bits of info from many places as a hacker would need to get all your personal info from one place.

    --
    The global economy is a great thing until you feel it locally.
  8. Re:A way around this... by collinl · · Score: 2, Interesting

    So, its just a card with a password, and a chunk of crypto that said the password was right or wrong - e.g. by oututting a a transaction wrapped in other crypto.
    No one ever explains why this is better than an ID/account number and password?

    Lyal