Phishing Group Caught Stealing From Other Phishers 129
An anonymous reader writes "Netcraft has written about a website offering free phishing kits with one ironic twist — they all contain backdoors to steal stolen credentials from the fraudsters that deploy them.
Deliberately deceptive code inside the kits means that script kiddies are unlikely to realize that any captured credit card numbers also end up getting sent to the people who made the phishing kits. The same group was also responsible for another backdoored phishing kit used against Bank of America earlier this month."
How times have changed: you can't trust.....wait! (Score:3, Interesting)
Re:How times have changed: you can't trust.....wai (Score:5, Interesting)
This is really sad.. (Score:5, Interesting)
Really though, this is nothing new. IIRC, some builds of Sub7 [wikipedia.org] had a reverse backdoor (not covered in the wiki article), as well as a master password that let the Sub7 crew take over a server (covered by the wiki article), and some builds even included hard drive killer when the master password was in use.
Just what is stopping law enforcement? (Score:4, Interesting)
Isn't it trivial for a government agency like the FBI or Treasury to track payments charged to any kind of electronic banking back to the recipient? Wouldn't an investigation "following the money" ultimately lead you to either the thief or at least greatly disrupt his activities? At a minimum it would expose the people that made their transactions work (banks, hosting companies, other otherwise "normal" business people).
A couple of decent RICO prosecutions and you would drive this stuff out of the United States and greatly reduce the scale of it.
But it never happens, and I can only think that somehow the government has somehow turned these people into some espionage rabbit hole and high level prosecutions would disrupt intelligence gathering. Because there is little reason the government couldn't do something about it if they wanted to.
Phishing... (Score:4, Interesting)
Re:How times have changed: you can't trust.....wai (Score:3, Interesting)
Yet, despite this paranoia, she still buys hordes of knick-knacks, limited edition "collectibles", sewing supplies and such on EBay. Paypal being too scary for her, she uses her CC to pay for all of that. Try as I might, I can't seem to persuade her that a person in CA selling cutesy crocheted animal sweaters could be a Bad Man just as easily as some person rooting through her trash. As for email based scams; well, I set up her email client to reject anyone not already in her address book and have trained her in the habit of sending the initial email to them, rather than waiting until she gets one. As a major side benefit for me, it has drastically cut down the number of "cute", "humorous" or "inspirational" forwards she sends me.
*The bar to appear safe and legit enough for some users can be staggeringly low. Lets face it, there are always going to be some stupid people around.
Re:Script kiddies? (Score:4, Interesting)
From Wikipedia [wikipedia.org]:
In hacker culture, a script kiddie (occasionally script bunny, skidie, script kitty, script-running juvenile (SRJ), or similar) is a derogatory term used for an inexperienced malicious cracker who uses programs developed by others to attack computer systems, and deface websites. It is generally assumed that script kiddies are kids who lack the ability to write sophisticated hacking programs on their own,[1] and that their objective is to try to impress their friends or gain credit in underground cracker communities.
And that's exactly what's happening.
Re:How times have changed: you can't trust.....wai (Score:5, Interesting)
One of my ATM cards has 2 different pin numbers. If I use the alternative one, the transaction is completed normally (so no one on the spot gets wiser), but the institution will flag it and notify the police at once, providing my identity and location. I have to pay a little extra for eat (about US$ 3/month), but it is well worth it. It is considered (and marketed as) an insurance. I have this since 1996, and I'm happy to say I never needed.
So yes, the banks know this kind of thing can be done. I wonder why other institutions don't do it or even why this is not mandatory for all cards.
I really don't mind the extra US$ 3/month for this service.
Re:How times have changed: you can't trust.....wai (Score:3, Interesting)
Looking at the larger picture, I want as small amount of fraud as possible because the cost of goods will be cheaper. Somebody has to recoup that $4000 or $8000 in your example, but what happens, everyone pays for fraud, but spread out over every purchase made, it is probably lower than the sales tax you pay on each individual transaction.
For what it's worth, I have found a way to never have my credit card info stolen - I use cash. For you conspiracy minded people out there, my purchases are not trackable. Even better, the amount of debt I have is $0 which comes out to $0 per month in interest with a grand total of $0 per year. You'd also be amazed at the businesses (big box stores and little local stores) that will give you a discount for cash if you ask.
Re:How times have changed: you can't trust.....wai (Score:3, Interesting)
Exactly, in the chat rooms the criminals are far more worried about each other than the forces of law and order. OK they are concerned that the person might be from a security company (our guys) or a police officer. But they are rather more angry about 'rippers' -criminals who take the money but never deliver the goods or take goods and don't pay for them.
In the shadowcrew organization about a third of the management team was occupied as enforcers. In fact that is how they got caught, they ended up in a turf war and someone turned them in to police.
As in all criminal organizations the guys at the bottom get chicken feed. All the money flows up the pyramid, just like the Sopranos. A street drug dealer is likely to be in prison of dead in two to three years on average and makes less than minimum wage. The typical botnet herder makes less than they would flipping burgers. All the money flows up.