Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Phishers Think, Act, and Make a Profit

Posted by timothy on from the good-laugh-at-your-expense dept.

whitehartstag writes with a write up of "the excellent session at Black Hat that detailed 'how phishers create sites, share info and code, and basically are lazy.' They store their stolen data 'on websites that they have hacked into, or on [publically available] sites like guestbooks. And even worse, they are not protecting their stolen data ... which means that all one needs to do to find this info is to reverse engineer a real phisher's website, look at their PHP script, and find out where they are storing the data.'"

5 of 133 comments (clear)

  1. Re:How is this useful for law-abiding citizens? by urcreepyneighbor · · Score: 5, Informative

    I wish the article had good suggestions for how to prevent phishing attacks.

    Super secret information! Don't share with anyone! Majestic Clearance only!

    --
    "The fight for freedom has only just begun." - Geert Wilders
  2. Re:How is this useful for law-abiding citizens? by Gyga · · Score: 2, Informative

    I think it is gray hats who break the law for ethically okay reasons.

    --
    I don't preview or spellcheck.
  3. Re:How is this useful for law-abiding citizens? by davester666 · · Score: 3, Informative

    Maybe, but you could spoof the IP and/or MAC address of the phishing site, and you've got the code the guy is using to update the database, so you could probably get really close to looking like the real phishing site.

    Of course, if the phisher is storing the data on some 3rd party guestbook, you may not want throw thousands of entries a second at it...

    And this could easily cross over to the illegal side... Technically, it probably is illegal to write bogus entries into a hackers data, as it would be gaining improper access to a companies information [probably some federal statue].

    --
    Sleep your way to a whiter smile...date a dentist!
  4. Re:How is this useful for law-abiding citizens? by janrinok · · Score: 4, Informative

    Certainly over here in Europe you will have just committed an offence. The unauthorised access of someone else's computer is illegal, yes, even those computers being used by criminals. There is no "Robin Hood Excuse" that will change the fact that your actions are illegal. Now, as the US has just been successful in claiming the extradition of a British cracker, I'm sure that the US will be equally happy to extradite all those Americans who hack into European criminals' computers to face charges over here. Alternatively, you might have been suggesting that all phishers are American and that as long as such actions are contained inside the USA it is all entirely acceptable.

    That's one of the problems of being a vigilante, you often have to be a criminal to do what you 'believe' to be justice. It doesn't make the vigilante any better in my eyes.

    --
    Have a look at soylentnews.org for a different view
  5. Re:"non-cisco vpn" client? by Eskarel · · Score: 2, Informative
    Basically a vpn(virtual private network) is a way of connecting securely to a network remotely. In essence it makes you appear as if you are on the remote network even when you're not.

    This like pretty much every other networking task imaginable requires a client(it connects the ssl connection and handles the routing as appropriate).

    Cisco makes one, as do a number of other vendors(CheckPoint comes to mind, but only because it's the client I have to use for my work vpn connection).

    All they're saying was that one of the vpn client vendors has a bug which allows an exploit of some description. If you don't have one, don't worry about it, if you do have one check yours and don't worry about anyone elses.