Beware - peer-to-peer networks are making it easier for
phishers to cover their tracks before striking elsewhere, warns
Simon Moores.
Phishing, using hijacked corporate logos and deceptive
spam to steal personal information over the internet, appears to
have taken a more sinister turn.
Reported attacks against well-known online brands such as
Citibank, PayPal and eBay appear to be running as high as 200 a
month and none of the leading UK internet banks and building
societies remains untouched by increasingly imaginative criminals
who can create near perfect digital copies of the website of the
business they are targeting - all the way down to the SSL key-lock
on the browser.
A week ago, I’m told, something new and different appears to
have happened in a phishing scam involving one of the UK’s largest
banks. On the same day, two high-street banks were targeted with
elaborate scams but one introduced a new dimension to the
crime.
In this case, the website was so perfect that I doubted at first
that it was a fake. All the links to the bank’s service worked
perfectly and the only suspicious difference was that on asking for
the user account and password details, it came back with a “Sorry,
try again” message, with a different combination of the secret
password letter sequence to complete or enough to harvest the user
password in a couple of attempts.
This is not unusual, it’s how these scams work and some are more
subtle than others and outside of this, the spoofed URL, when it
was examined, using Visual Route, resolved to an address in
Anchorage, via a hosting service in France and New York.
However, even with our banks enthusiastically outsourcing much
of work abroad, it’s hard to imagine that a leading UK bank would
have its website in Alaska.
A little deeper investigation and a conversation with one of the
UK’s leading security experts revealed something unusual. This
time, the website didn’t appear to be "hosted" in a location where
the FBI could break down the door, make arrests and pull the plug
on the scam.
What was worrying is that this appeared to be the first evidence
of organised crime using peer-to-peer computing and the expanding
domestic broadband network to host the spoof bank site.
“You might think it’s in Anchorage," my friend told me, “But
it’s not. It’s rather like using a file-sharing service like Kazaa,
something we’ve been worrying might happen.
“The criminals can move the domain address of the site around
and, rather like Alice in Wonderland’s Cheshire cat, it can
disappear and pop up somewhere else, on a PC, perhaps, with an open
back door caused by a virus."
On both sides of the firewall, viruses and worms are,
increasingly, exploiting network security weaknesses and the
thought that organised crime might be starting to harness the power
of hundreds of thousands "zombie" PCs is a deeply worrying one.
In the UK alone, it’s been estimated that as much as 5% of the
PC population is compromised with potential back-door Trojans, a
figure that not only presents nuisance value, but a potential
weapon of mass destruction if turned against any target attached to
our critical infrastructure.
Best not tell the Americans!
What do you think?
Has the recent spate of phishing turned you off internet
banking?
Tell us in an e-mail >>
ComputerWeekly.com reserves the right to edit and publish
answers on the website. Please state if your answer is not for
publication.
Setting the world to rights with the collected thoughts and
opinions of leading industry analyst Dr Simon Moores of
Zentelligence.
Acting globally, Zentelligence (Research) advises
governments, suppliers, business and the media on the evolution,
application and delivery of leading-edge technologies and
specialises in the areas of eGovernment and information security.
For further information on Zentelligence and its research,
presentation and analyst services
visitwww.zentelligence.com