Forgot your password?
typodupeerror
Security

Tracking the Password Thieves 112

Posted by CmdrTaco
from the naked-attachment-never-is dept.
wiredog writes "From The Washington Post, yet another story about phishers, keyloggers, and viruses. The story is nothing new, but the author has a blog where he describes how he gathered the information that went into the story. Information including the locations of the victims, and the ISPs likeliest to be hit. Some of the victims included "an engineer for the Architect of the Capitol" and a man who "works in computer security for IBM." One victim "was fresh out of college, where he'd just earned a degree in information security. (He was actively looking for a job in the field; I suggested he may want to go back to the classroom.)" A compromised machine was also found in "the new accounts department at Bank of America" (Score!)"
This discussion has been archived. No new comments can be posted.

Tracking the Password Thieves

Comments Filter:
  • by DarkLegacy (1027316) on Wednesday March 14, 2007 @11:03AM (#18347541) Homepage
    That chart simply looks like a demographic on the amount of users currently using those ISPs. As with spyware, it makes sense of course that the biggest population will be hit the hardest. That's effectively why alternative operating systems are impenetrable to virii and other nasty things. They aren't looked at by the majority of the 'bad people' out there. :P
    • by danpsmith (922127)

      That chart simply looks like a demographic on the amount of users currently using those ISPs. As with spyware, it makes sense of course that the biggest population will be hit the hardest. That's effectively why alternative operating systems are impenetrable to virii and other nasty things. They aren't looked at by the majority of the 'bad people' out there. :P

      That's true, and I understand this argument as it is a familiar one. However, some systems make inherently insecure choices and are slow or late to

      • by Sunburnt (890890)

        it also helps if you design the code based on security from the beginning instead of attempting to bolt-on security like it's another feature when it definitely isn't.

        Or "letting the market handle it" by allowing your company's [microsoft.com] incompetence to effectively subsidize a third [symantec.com]-party [mcafee.com] industry possessing only marginally more competence.

        • by maxume (22995)
          Has any other os been deployed so widely in a user-managed, hostile network environment? Windows may very well be shitty shitty shitty, but there isn't any reason to conclude that there is actually something out there that isn't shitty shitty shitty.
          • Windows may very well be shitty shitty shitty, but there isn't any reason to conclude that there is actually something out there that isn't shitty shitty shitty.

            Windows has a specific security model designed and implemented by Microsoft.

            Microsoft's choices have been disparaged by security professionals for YEARS because they violate the BASIC rules of security.

            Ubuntu follows the basic rules far better than Windows. Ubuntu is far more secure than Windows.

            There are different categories of threats and each cat

            • by maxume (22995)
              If a tree falls in the for.. No wait, if a system has not been as widely deployed as Windows, is it worth comparing the security trade offs that have been made? "Better security" is only a feature if you are actually interested in using it, something which hasn't really been shown to be true. (OS X seems to be doing o.k., but it only has to be a little more secure than Windows to not be an interesting target).
              • No wait, if a system has not been as widely deployed as Windows, is it worth comparing the security trade offs that have been made?

                Well DUH! Of course it is.

                We have this thing called "The Internet" now which means that machines can be scanned and cracked 24/7.

                "Better security" is only a feature if you are actually interested in using it, something which hasn't really been shown to be true.

                Hmmm, I guess that the sales or McAfee and Norton anti-virus are not real then.

                • by maxume (22995)
                  The point I am failing to make is that the sales of antivirus, while they are probably due to design flaws in Windows, they might be due to trade offs that are necessary in order to get normal people to use computers. Until there is another system with hundreds of millions of users that just want the computer to work and be easy, the 'necessary trade off' side really can't be disproved.
          • by Kadin2048 (468275)
            I'd say that Linux-based webservers have withstood at least the same (or worse) adversaries and attacks that are plaguing Windows systems, and fared a whole lot better.

            Although there are probably more home PCs than servers, the servers are much bigger targets. Until very recently, it wasn't that common to find a home PC that was sitting on a really fat pipe 24/7. Servers, practically by definition, have loads of bandwidth available. If you think that somebody's crappy Windows box getting turned into a spam
            • by maxume (22995)
              Servers generally have 'competent' admins. Or a firewall policy. Everything you say about the resources available is true, but the weak link on home systems is generally weaker.
      • Also, if hackers are geeks and geeks have an inherent tendency to go Linux, they would be idiots to mess up their own world by writing Linux virii :P. So, I would say (even though I'm a windows user), that the Mac seems to be the most secure =D as whatever Mac users are, "geeks" they ain't :P.
    • >That's effectively why alternative operating systems are impenetrable to virii and other nasty things. They aren't looked at by the majority of the 'bad people' out there. :P

      Ya know, I'm glad that was modded insightful, 'cause I don't think anyone's ever made that point on /. ever before...

      Naah, just kidding! You're all right.
    • That's effectively why alternative operating systems are impenetrable
      I don't think that word means what you think it means.
    • by eMbry00s (952989)
      Like linux servers [netcraft.com], then? No, wait - that just ruined your insinuation that the reason linux is secure is obscurity.

      Anyways, with ISPs I would say the demographies are pretty equal (though I have no facts to back that up) - which means the amount of trojans per ISP would rise as the number of users increases.
    • by samotano (947004)
      A simple incidence rate like (# attacks)/(total users) for each IP would have been much more informative.
    • Re: (Score:3, Informative)

      by pilgrim23 (716938)
      So the gaping holes in Microsoft products, that any 16 year old with a few hours reading of a VB manual could exploit has nothing to do with it?
      Submarine one: "We are sinking because we are the most popular submarine.
      Submarine two: "uh, guy.. Try shutting your hatch"
      • Except that Submarine One got to be the most popular submarine by giving people what they wanted, namely a convertable submarine that allows all the sunshine in and saves all that hatch opening/closing time. If Submarine Two wants to be the most popular submarine, they're going to have to offer the same "feature".

        • Submarine One got to be the most popular submarine by giving people what they wanted

          Editorial suggestion: "Submarine One became the most popular submarine by advertising that everyone should want a submarine at a time when most people didn't know what a submarine was. The advertising was paid for using taxpayer money which was allocated in the form of research grants, business subsidies, and government backed low interest technology sector loans."

          In short... a scam.

    • If you're referring to Linux, that's just not true. Certainly fewer home users have Linux, and those users are generally better-informed about security. However, the bulk of the security comes from a better design[1]. For one, regular users do not have the equivalent of Windows "admin" privileges. Also, the components are more de-coupled. Knowing how to crack the web browser does not automatically imply knowing how to exploit the word processor, or how to hijack all CPU cycles. Critical directory path
    • That's effectively why alternative operating systems are impenetrable to virii and other nasty things.

      No, no no no. Did you not intend:

      That's why alternative operating systems are effectively impenetrable to virii and other nasty things.

      The words of ordering make a difference!
    • As with spyware, it makes sense of course that the biggest population will be hit the hardest.

      Target rich environment, eh?

      So goes the old addage "One million chinese people can't be wr^H^Hinfected, can they?

      Or, "give a man a phish, and his accounts will be emptied, teach a man to phish and we'll hunt your dumb ass
      down too!".

  • by Gryle (933382) on Wednesday March 14, 2007 @11:08AM (#18347593)
    It would appear that nobody in South Dakota has an identity worth stealing. That's gotta hurt your pride.
  • by Frosty Piss (770223) on Wednesday March 14, 2007 @11:09AM (#18347599)
    Interesting how AOL is at the bottom of the list of ISPs likeliest to be hit [washingtonpost.com]. Who would have thought.
    • Either their customers are still busy trying to get onto the internet in the first place, or those spyware/adware tools that they've been shoveling are actually doing some good...
    • by vertinox (846076)
      What so surprising about not targeting a group that can't even figure out how to connect to the internet much less figure out they even have online banking?
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      AOL users being mostly dialup users likely has something to do with it. It's much easier for the phishing spyware to work when it has an active internet connection with which to report back. Even your most clueless AOL user would likely realize something is up if their computer "randomly" connected to the net all by itself.

      Even if their thing only works when the user is already online, you need to get it to the person to begin with. Sending the payload over dialup may not be feasible.

    • Probably because AOL have almost no customers anymore and those they do have can't find the on/off switch so the scammers know they're not going to get anything useful.
  • Charts are nice and all, but I would life to see more work done to prevent this. Or perhaps, don't let idiots use the computer (computer license). It's the only way! The biggest security hole in computers isn't the computer, but the user. :(
    • by geoffspear (692508) on Wednesday March 14, 2007 @11:13AM (#18347651) Homepage
      The problem is that you apparently need to make the requirements to get a "computer license" more stringent than those required to get a job in network security at IBM or a degree in information security. Good luck legislating that when you're going to have to take away the computers of everyone in Congress and all of their staff.
      • The problem is that you apparently need to make the requirements to get a "computer license" more stringent than those required to get a job in network security at IBM or a degree in information security. Good luck legislating that when you're going to have to take away the computers of everyone in Congress and all of their staff.
        take away their computers, are you mad? but how will they get the internets that their assistants send them through the tubes?
    • Re: (Score:3, Insightful)

      Charts are nice and all, but I would life to see more work done to prevent this.

      Agreed.

      Or perhaps, don't let idiots use the computer (computer license). It's the only way! The biggest security hole in computers isn't the computer, but the user. :(

      And mugging and theft are up in my neighbourhood. It's all these old people. There should be a licence for walking the street! The biggest reason for crime is people who can't put up a fight. Euthanasia at 60 is the only way! :(

      Seriously though, users should definitely be educated on computer security wherever and whenever possible (ie. as a fundamental part of job training and IT education in schools). But any talk of computer licences is ridiculous.

      • But any talk of computer licences is ridiculous.
        I would have thought so as well, had I not seen how Britain's TV tax [bbc.co.uk] unfolded a few years ago. I know the two situations aren't entirely comparable, but still... Many countries charge license fees for television access - how much of a leap would that be to internet access?
        • I'm fairly certain that the British don't need to prove they're not too stupid to watch TV to get a TV license, though, so what you're talking about has nothing whatsoever to do with that OP is suggesting.
          • Nothing whatsoever? No, there's no user test for TV, hence my saying that they "aren't entirely comparable." But where I think you're missing the point is that it would be relatively trivial for a government to impose a licensing scheme upon users, therefore making the idea not quite so 'ridiculous.'

            I mean really, what would the test consist of? How about a series of check boxes attached to your tax/license form stating that the user understands that they need to install anti-virus software/not click on
            • by Moofie (22272)
              "it would be relatively trivial for a government to impose"

              That phrase gives me the screaming wiggins. ANY government imposition is, by definition, not trivial.
              • I didn't say that I was in favor of such a scheme; just that it would be fairly easy for a government entity to implement...
      • by pipingguy (566974)
        Why are there not computer/internet security PSAs on television?
  • While the above information in the article and above links is interesting, and you can sure feel for the victims, I'd be more interested in knowing what the individuals were or were not doing that allowed the viruses/hackers/keyloggers on the systems. Do these individuals/corporations not run behind a firewall? port blocker? run anti-virus software? run anti-spyware?

    I'm not the end-all-be-all security expert, but when I help individuals set up a 'net connection, I make sure all firewalls are on (or the r
    • Re: (Score:1, Informative)

      by Anonymous Coward

      Do these individuals/corporations not run behind a firewall? port blocker? run anti-virus software? run anti-spyware?

      The summary says that a machine was compromised at the Bank of America, though from my reading it seemed to just say at a bank. I happen to have some insight into Bank of America specifically. They run firewalls and configure IP access limitations on machines and run and expensive intrusion protection system that searches for this type of thing on their network. None of those, however, will stop a user from bringing an infected MP3 player into work, or in some cases installing software on their workstatio

    • by LilGuy (150110)
      I do this as well, not for their benefit but for mine. I don't want calls at 2 in the morning complaining that the computer is a slow piece of crap and I need to come fix it. I set them up with the tools, let them know what they're for, and tell them that any additional support will cost them money.

      Seems to work out well.
    • Re: (Score:3, Informative)

      by borkus (179118)
      It sounds like people opened one bad attachment and that was it. It's easy to blame them for that, but people get personal e-mail with legitimate attachments all the time. All it takes is one mistake to infect your PC. Also, the malware these days often does some devious things -

      *Often, the software uses your copy of outlook to hit other people in your address book. Consequently, the infected messages often come from a trusted source - bypassing spam filters as well as the recipients normal level of sus
    • by jerkychew (80913)
      Read the article; The virus that he back-tracked was sent via email. You can have all the firewalls in the world and your mail servers can be locked down tighter than my mom, but all it takes is one user with IE and a Hotmail account.
    • Re: (Score:2, Informative)

      by cyberbob2351 (1075435)
      The botnet problem is a little worse than you may think....And it is these botnets that are allowing such rampant system compromise.

      First of all, recognize that botnet malware evolves at a pace in which it is rather difficult for the antivirus vendors to keep up with. All it takes is a download of phatbot, a little code hacking to ensure it is just perfect for your uses, and then you run it through a packer. You won't preserve the same md5sum of course once your binary is customized, so the only other way

    • by evought (709897)

      According to 2005 FBI Internet Crime Report [ic3.gov], almost all surveyed companies used antivirus, antispyware, firewalls and antispam software. The article also says that many victims in this case were as well. I have also had a Win2K box compromised that was very well protected; malware detectors and updates do not work against new exploits. I generally run Linux and Mac systems, and, although there are many fewer threats, I have them protected to the nines. In this case, as others mention, it is the human eleme

  • "Likeliest" (Score:3, Funny)

    by mwvdlee (775178) on Wednesday March 14, 2007 @11:10AM (#18347619) Homepage
    "Likeliest" is a perfectly cromulent word.
    • But "which are most likely" seems a bit stilted. For a /. write-up, that approaches the "and then there's Albania" [washingtonpost.com] style of writing.
    • by soliptic (665417)
      I don't get it. If you're trying to imply "likeliest" is not a perfectly cromulent word, I'm afraid you're wrong, it definitely is a real word [reference.com]. If there's no sarcasm / tongue in cheek and you do literally wish to point out the word does exist, I don't understand why you'd pick on "likeliest" instead of any of the other words they used which do exist :)
  • I suggested that one of my relatives look into computer security as a career.

    Any recommendations from /.ers on a good school for studying this?
  • by Digital Vomit (891734) on Wednesday March 14, 2007 @11:27AM (#18347817) Homepage Journal

    One victim "was fresh out of college, where he'd just earned a degree in information security. (He was actively looking for a job in the field; I suggested he may want to go back to the classroom.)"

    Because college creates people who are perfectly skilled at a certain field...

    • by Sunburnt (890890)

      Because college creates people who are perfectly skilled at a certain field...
      It damn well better, for $120,000+ in some cases. After all, isn't that the assumption made by a thousand idiot HR folks every day? /sarcasm

    • by Jimbitz (1060548)
      To bad that person ain't that skilled in Information Security..
      I wonder if microsoft would hire him. [/sarcasm]
  • Poison their lists (Score:3, Interesting)

    by Martin Spamer (244245) on Wednesday March 14, 2007 @11:30AM (#18347857) Homepage Journal
    The corps that are targeted for login credentials should poison the phishers lists while they are waiting for the phishers ISP to take them down.

    When the poison credentials are used by the phisher the targeted corp should use their source ip and browser fingerprints help identify other compromised accounts logged in from the same source. Places like banks and pay-pal could also this information to freeze compromised accounts more quickly.
  • "...a hidden software virus that recorded his every keystroke."

    Yeah I know, everybody files all malware under 'virus'; but since the article comes off as somewhat technical it would be nice if this detail was correct. Keyloggers are almost always* trojans, not a viruses.


    *The only reason I say "almost always" is because it would technically be possible to put keylogging functionality in a virus.
  • by plasmacutter (901737) on Wednesday March 14, 2007 @12:13PM (#18348637)
    let's use proper diction here..

    i'm getting really tired of everything under the sun being called "theft". It just allows certain other interest groups to keep implying greater moral bankruptcy than actually exists.

    a more proper term would be "fraud".
  • That machine is probably secure unless the phisher speaks Spanish.
  • by ehaggis (879721) on Wednesday March 14, 2007 @03:46PM (#18352763) Homepage Journal
    Outside of the United States (at least according to the maps.)
  • I want preinstalled NOTHING. That is it, just nothing. No windows, no shovelware, no headaches and no anoyances of paying for crap I don't want, and won't use. Just give me the option to have a empty hard drive ON ALL MODELS.

    Seems simple enought to me. Then you can install what you like on it. I am sick of buying a new copy of a OS I already own again and again just to feed the MS machine.

"Tell the truth and run." -- Yugoslav proverb

Working...