Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking the Password Thieves

Posted by CmdrTaco on from the naked-attachment-never-is dept.

wiredog writes "From The Washington Post, yet another story about phishers, keyloggers, and viruses. The story is nothing new, but the author has a blog where he describes how he gathered the information that went into the story. Information including the locations of the victims, and the ISPs likeliest to be hit. Some of the victims included "an engineer for the Architect of the Capitol" and a man who "works in computer security for IBM." One victim "was fresh out of college, where he'd just earned a degree in information security. (He was actively looking for a job in the field; I suggested he may want to go back to the classroom.)" A compromised machine was also found in "the new accounts department at Bank of America" (Score!)"

9 of 112 comments (clear)

  1. Re:A list could be good by Sunburnt · · Score: 3, Insightful

    A list of vulnerable ISPs may help encourage those ISPs to help change.
    Not so much as a series of lawsuits.
    --
    Tags != Comments, and -1 (Troll) != -1 (I Would Respond Angrily To This Poster So They Must Be Trolling)
  2. ISPs most likely to be hit by DarkLegacy · · Score: 4, Insightful

    That chart simply looks like a demographic on the amount of users currently using those ISPs. As with spyware, it makes sense of course that the biggest population will be hit the hardest. That's effectively why alternative operating systems are impenetrable to virii and other nasty things. They aren't looked at by the majority of the 'bad people' out there. :P

    --
    127.0.0.1
  3. Re:A list could be good by geoffspear · · Score: 5, Insightful

    I doubt it's the ISPs' fault; looking at the list it seems plausible that the "most likely" to be hit are simply the largest ISPs, so you'd expect the largest numbers of affected users to be using those ISPs.

    Besides, if 2 supposed "network security" people got hit, do the ISPs really have any hope whatsoever in trying to educate their users to avoid phishing?

    --
    Don't blame me; I'm never given mod points.
  4. Re:A list could be good by Balsamic+Moon · · Score: 4, Insightful

    "Likeliest to be hit" is a mislable. It should read "ISP's inept users" who allow themselves to become vunerable due to ignorance or carelessness.

    This isn't some war between ISPs. The graph shows clearly what ISP had the most victims due to this virii. But even that isnt conclusive of anything because of the quantity of overall customers isnt revealed. Yeh sure we can say Comcast has the most, but they surely have more customers overall than say, oh Qwest.

  5. Looking at the Distribution Map by Gryle · · Score: 3, Funny

    It would appear that nobody in South Dakota has an identity worth stealing. That's gotta hurt your pride.

    --
    Only two things are infinite, the universe and human stupidity, and I'm not entirely sure about the universe - Einstein
  6. Re:It's the Russian mafia! Ahhh! by geoffspear · · Score: 4, Insightful

    The problem is that you apparently need to make the requirements to get a "computer license" more stringent than those required to get a job in network security at IBM or a degree in information security. Good luck legislating that when you're going to have to take away the computers of everyone in Congress and all of their staff.

    --
    Don't blame me; I'm never given mod points.
  7. Did you major in arrogance? by Digital+Vomit · · Score: 3, Insightful

    One victim "was fresh out of college, where he'd just earned a degree in information security. (He was actively looking for a job in the field; I suggested he may want to go back to the classroom.)"

    Because college creates people who are perfectly skilled at a certain field...

    --
    Modern copyright is theft of culture from everyone and it retards the progress of the useful arts and sciences.
  8. hacking/phishing/logging != stealing, called fraud by plasmacutter · · Score: 3, Insightful

    let's use proper diction here..

    i'm getting really tired of everything under the sun being called "theft". It just allows certain other interest groups to keep implying greater moral bankruptcy than actually exists.

    a more proper term would be "fraud".

    --
    VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
  9. Re:A list could be good by russ1337 · · Score: 3, Interesting

    You might still start to get spam, if someone on your list has a compromised address list or computer.

    I've often thought of generating some kind of unique e-mail address for each of my friends, to detect if my e-mail address has been compromised by them (or their PC). e.g:

    asdf2344ks@gmail.com for my emails to Tom
    oieo116i2k@gmail.com for my emails to Liz

    The idea is they reply to that address, and mail to these addresses would aggregate to my inbox. If one of those email addresses starts to get spammed, I'll have an idea of who's responsible, change the address for them and see if it continues. After it happening a couple of times I could inform them that they may have a compromised computer and help them out etc.

    I just dont have the time to implement such a scheme and rely on Gmails spam filtering which i think is pretty good.