Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers vs. Phishers

Posted by CmdrTaco on from the better-than-predator-vs-alien dept.

An anonymous reader writes "Some hackers out there don't like to do all the hard work of running a successful phishing campaign. Instead, they developed a simple online service to 'steal' account details from the hard-working phishers. Named AutoWhaler, the service allows anyone to scan a phishing server for log files that contain juicy information such as usernames and passwords."

22 of 137 comments (clear)

  1. Hacker culture by Anonymous Coward · · Score: 5, Interesting

    That's the hacker culture allright. Use inventivity rather than "hard work" to get your result with the least possible effort :)

    1. Re:Hacker culture by commodore64_love · · Score: 4, Funny

      Yes. If you're going to steal, then steal from a known thief, because he's unlikely to go to the cops and report you.

      Same applies to shopping on ebay

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  2. Parasites are everywhere, for natural reasons by MathiasRav · · Score: 4, Funny

    In other news, some Slashdot users don't like to do all the hard work of writing inspiring posts to build karma. Instead, they developed a simple online service to 'steal' karma from the hardworking posters. The service allows anyone to scan Slashdot articles for underrated comments and automatically post replies urging moderators to "mod parent up".

    1. Re:Parasites are everywhere, for natural reasons by smitty777 · · Score: 5, Funny

      That is the most asinine, idiotic comment I have ever read. If your intellect was 1/8th of mine, you would simply burn your keyboard and never show your face on /. again. I shall now go back to reveling in my own smugness - the rest of you may continue the conversation.

      *...I hope the mods have a sense of humor this morning*

      --
      "Before God we are all equally wise - and equally foolish"
      Albert Einstein
  3. Well, obviously by Anonymusing · · Score: 5, Insightful

    FBI: Why do you rob banks?
    Willie Sutton: Because that's where the money is.

    --
    Liberal? Conservative? Compare perspectives at Left-Right
    1. Re:Well, obviously by commodore64_love · · Score: 4, Insightful

      Reporter: Why are you a bank?
      AIG: Because that lets us rob the U.S. Treasury

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  4. Not surprised by zmaragdus · · Score: 4, Insightful

    Criminals stealing from criminals? Doesn't surprise me. It happens all the time in the physical world.

    (Before the deluge of malice-laden replies regarding "how I make all hackers out to be villians," yes, I know the difference between white hat and black hat.)

    --
    (((dB)))
    1. Re:Not surprised by nahdude812 · · Score: 4, Insightful

      A big part of why it's so alluring is that when you steal from a thief, not only is the grunt work already done, the chain of evidence gets disrupted. Leads past that point are likely to be interpreted as an attempt at misdirection (particularly in the case where information theft does not destroy the original information - the original phisher looks like the end of the line). Plus nobody is going to call the police that illegal information was stolen, doing so requires them to first admit their own crime, or at least put themselves at very high jeopardy of discovery.

      So if you can crack a phisher, you're far less likely to face real world retribution (though maybe they'll work on cracking you back).

      This makes phishers a much juicier, safer target, though presumably they're quite a lot more savvy than the average user, so pulling it off is likely harder.

      --
      Slay a dragon... over lunch!
  5. People of ill repute diong thingfs of ill repute by asdf7890 · · Score: 4, Insightful

    People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?

    This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.

  6. Wait a second, here. by Runefox · · Score: 5, Funny

    Hard-working phishers? What? Did we cross over into the Twilight Zone, here?

    --
    Screw the rules, I have green hair!
  7. Thieves stealing from thieves. by captainpanic · · Score: 5, Funny

    Suddenly sounds like they are all bankers to me.

  8. Hackers and phishers by schmidt349 · · Score: 4, Insightful

    Great fleas have little fleas upon their backs to bite 'em,
    And little fleas have lesser fleas, and so ad infinitum.
    And the great fleas themselves, in turn, have greater fleas to go on;
    While these again have greater still, and greater still, and so on.

    1. Re:Hackers and phishers by soccerisgod · · Score: 5, Funny

      If that's what they tought you in biology, I don't want to know what they tought you in sex-ed...

      --
      If a train station is a place where a train stops, what's a workstation?
  9. Dag-nabbit! by jellomizer · · Score: 4, Funny

    These young hackers causing all this hutinanity and without any real work.

    Back in my days youngans, Hacking or cracking as it was sometimes called, while still illegal was something to be respected, you had to know what you were doing to break into a system and the harder the break-in the more respect you got... Now todays you kids got all comerical and you can break into computers without having the break into them. You just ask someone for the passwords and they give them to you... Dag-nabbit that is not hacking that sounds like politicians to me.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Dag-nabbit! by Chrisq · · Score: 4, Insightful

      Well, back in my day we had to do real work. There were no computers to help like you namby pamby phishers have to day. It was get up at 5am, check out the garbage of the local banks, then spend 8 hours hand typing investment certificates and forging cheque books. What is the criminal underworld coming to?

    2. Re:Dag-nabbit! by Xacid · · Score: 4, Funny

      Two words "Process Improvement".

  10. "mod parent up" by Chrisq · · Score: 5, Funny

    "mod parent up" This comment was generated by HackBot 01928

  11. I think this is a grave offence. by gadget+junkie · · Score: 5, Funny

    I am not a lawyer (and I use Acronyms sparingly), but stealing accounts from other phishers may be a DMCA violation!!!

    --
    "If a boss demands loyalty, give him integrity. But if he demands integrity, give him loyalty." (John Boyd, 1927-1997)
  12. misuse of the term 'hacker' by fishtorte · · Score: 5, Informative

    from the jargon file:

    hacker: n.

            [originally, someone who makes furniture with an axe]

            1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.

            2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.

            3. A person capable of appreciating hack value.

            4. A person who is good at programming quickly.

            5. An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)

            6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

            7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

            8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.

            The term ‘hacker’ also tends to connote membership in the global community defined by the net (see the network. For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic (see hacker ethic).

            It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled bogus). See also geek, wannabee.

            This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.

    Note that the perjorative use has been deprecated.

  13. Re:The hunter becomes the hunted by Publikwerks · · Score: 5, Funny

    If we can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate

  14. Re:I Had to comment this has bothered me by ChienAndalu · · Score: 3, Funny

    Is this a Markov chain text generator or something?

  15. Low-quality phishing software by Animats · · Score: 3, Interesting

    I've seen that, too. Recently, Stanford University came up on our short list of major sites being exploited by phishers. I was surprised, because Stanford is usually good about stopping that. It was a weird subdomain under "stanford.edu", and at first I thought someone had compromised Stanford's DNS to get their site under the "stanford.edu" domain. But no, it was just some minor machine that had had a break-in.

    The directory with the phishing page was readable as a web page and contained the log of captured passwords, so I sent those to Stanford security and Bank of America security. Haven't heard back from either. After the end of the weekend, the site was taken down, and that took Stanford off the blacklist.

    We've been reasonably successful at cleaning up that list. We're trying to popularize the idea that one verified phishing URL blacklists the whole domain until the problem is fixed. (The idea behind SiteTruth is to take a hard-line approach and measure the collateral damage so it can be minimized.) The oldest sites on that list are ones which won't respond to complaints by e-mail or phone. In some cases we've sent faxes.

    The worst offenders are Piczo and FortuneCity. Piczo is some kind of social network/hosting service for teenage girls, and it's full of phishing pages, mostly for Habbo logins. PhishTank counts 15, and there are probably more. The phony pages are often not in English, and the Piczo abuse department may not recognize a French Habbo phishing page. This may be the next trend in phishing - put your page on a site run by someone unlikely to understand the page. I've seen a phishing page in Greek on an Indian site.

    It's getting harder to run a phishing site. Since the end of "domain tasting", the business of high-volume bogus domain registration has tapered off. We haven't seen an "open redirector" on a major site in a while; eBay, Yahoo, and Microsoft Live all used to have at least one. The "url shorteners" are getting very aggressive about killing links to phishing sites. This might be winnable.