I realize I’ve been on a serious cybercrime and identity theft kick lately, but so much of interest has been published on these topics lately, it’s hard to resist. Thanks to an article on Help Net Security, we can get a much more nuanced look at the world of phishing, which is more of an ecosystem of bumbling bad folks than several separate super hackers.
From the article, you can get a good sense of how many people are actually involved in identity theft. Help Net Security gives a good overview of the identity theft ecosystem with an interview with two security researchers who infiltrated a phisher community. As opposed to what one might fear — a scrum of computer experts bent on our destruction — the researchers instead found a complex community of people who write “kits” to make phishing sites, scam artists who deploy them (who often cannot read the code that make the kits go), and then a market of people who buy the stolen identities, create fake credit cards from stolen data, and trick others into laundering money from the accounts of identity theft victims. What surprised the researchers most was the lack of savvy of most members of the community; as the article explained, “Maybe a few phishers out there are skilled, but the majority are clueless.” Many of the kits that the scammers deploy have simple “back doors” in them that allow the authors of the kits to steal information from the identity thieves who use the kits. Additionally, according to the researchers, the phishers steal from one another. “These shady characters may work with each other but they sure don't trust each other, that's for sure,” the article said.
The article itself is well worth the read, especially if you find Internet security research as fascinating as I do. Personally, it’s hard to decide whether I’m more hopeful or insulted that the phishers are so disorganized. For crime prevention practitioners generally, though, the research shows us a path to more successful prevention; the better we understand the parts of a criminal ecosystem, the more opportunities we have to prevent the crime by breaking down the system itself.
Hat tip to slashdot.