Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking the Password Thieves

Posted by CmdrTaco on from the naked-attachment-never-is dept.

wiredog writes "From The Washington Post, yet another story about phishers, keyloggers, and viruses. The story is nothing new, but the author has a blog where he describes how he gathered the information that went into the story. Information including the locations of the victims, and the ISPs likeliest to be hit. Some of the victims included "an engineer for the Architect of the Capitol" and a man who "works in computer security for IBM." One victim "was fresh out of college, where he'd just earned a degree in information security. (He was actively looking for a job in the field; I suggested he may want to go back to the classroom.)" A compromised machine was also found in "the new accounts department at Bank of America" (Score!)"

9 of 112 comments (clear)

  1. Re:A list could be good by Sunburnt · · Score: 3, Insightful

    A list of vulnerable ISPs may help encourage those ISPs to help change.
    Not so much as a series of lawsuits.
    --
    Tags != Comments, and -1 (Troll) != -1 (I Would Respond Angrily To This Poster So They Must Be Trolling)
  2. ISPs most likely to be hit by DarkLegacy · · Score: 4, Insightful

    That chart simply looks like a demographic on the amount of users currently using those ISPs. As with spyware, it makes sense of course that the biggest population will be hit the hardest. That's effectively why alternative operating systems are impenetrable to virii and other nasty things. They aren't looked at by the majority of the 'bad people' out there. :P

    --
    127.0.0.1
  3. Re:A list could be good by geoffspear · · Score: 5, Insightful

    I doubt it's the ISPs' fault; looking at the list it seems plausible that the "most likely" to be hit are simply the largest ISPs, so you'd expect the largest numbers of affected users to be using those ISPs.

    Besides, if 2 supposed "network security" people got hit, do the ISPs really have any hope whatsoever in trying to educate their users to avoid phishing?

    --
    Don't blame me; I'm never given mod points.
  4. Re:A list could be good by Balsamic+Moon · · Score: 4, Insightful

    "Likeliest to be hit" is a mislable. It should read "ISP's inept users" who allow themselves to become vunerable due to ignorance or carelessness.

    This isn't some war between ISPs. The graph shows clearly what ISP had the most victims due to this virii. But even that isnt conclusive of anything because of the quantity of overall customers isnt revealed. Yeh sure we can say Comcast has the most, but they surely have more customers overall than say, oh Qwest.

  5. Re:It's the Russian mafia! Ahhh! by geoffspear · · Score: 4, Insightful

    The problem is that you apparently need to make the requirements to get a "computer license" more stringent than those required to get a job in network security at IBM or a degree in information security. Good luck legislating that when you're going to have to take away the computers of everyone in Congress and all of their staff.

    --
    Don't blame me; I'm never given mod points.
  6. Re:It's the Russian mafia! Ahhh! by LighterShadeOfBlack · · Score: 2, Insightful

    Charts are nice and all, but I would life to see more work done to prevent this. Agreed.

    Or perhaps, don't let idiots use the computer (computer license). It's the only way! The biggest security hole in computers isn't the computer, but the user. :( And mugging and theft are up in my neighbourhood. It's all these old people. There should be a licence for walking the street! The biggest reason for crime is people who can't put up a fight. Euthanasia at 60 is the only way! :(

    Seriously though, users should definitely be educated on computer security wherever and whenever possible (ie. as a fundamental part of job training and IT education in schools). But any talk of computer licences is ridiculous.
    --
    Spelling mistakes, grammatical errors, and stupid comments are intentional.
  7. Did you major in arrogance? by Digital+Vomit · · Score: 3, Insightful

    One victim "was fresh out of college, where he'd just earned a degree in information security. (He was actively looking for a job in the field; I suggested he may want to go back to the classroom.)"

    Because college creates people who are perfectly skilled at a certain field...

    --
    Modern copyright is theft of culture from everyone and it retards the progress of the useful arts and sciences.
  8. Re:AOL is at the bottom of the list by Anonymous Coward · · Score: 2, Insightful

    AOL users being mostly dialup users likely has something to do with it. It's much easier for the phishing spyware to work when it has an active internet connection with which to report back. Even your most clueless AOL user would likely realize something is up if their computer "randomly" connected to the net all by itself.

    Even if their thing only works when the user is already online, you need to get it to the person to begin with. Sending the payload over dialup may not be feasible.

  9. hacking/phishing/logging != stealing, called fraud by plasmacutter · · Score: 3, Insightful

    let's use proper diction here..

    i'm getting really tired of everything under the sun being called "theft". It just allows certain other interest groups to keep implying greater moral bankruptcy than actually exists.

    a more proper term would be "fraud".

    --
    VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!