Forgot your password?
typodupeerror
Security IT

Hackers vs. Phishers 137

Posted by CmdrTaco
from the better-than-predator-vs-alien dept.
An anonymous reader writes "Some hackers out there don't like to do all the hard work of running a successful phishing campaign. Instead, they developed a simple online service to 'steal' account details from the hard-working phishers. Named AutoWhaler, the service allows anyone to scan a phishing server for log files that contain juicy information such as usernames and passwords."
This discussion has been archived. No new comments can be posted.

Hackers vs. Phishers

Comments Filter:
  • Hacker culture (Score:5, Interesting)

    by Anonymous Coward on Monday December 07, 2009 @09:02AM (#30352286)
    That's the hacker culture allright. Use inventivity rather than "hard work" to get your result with the least possible effort :)
    • by Anonymous Coward

      Hackers vs. Phishers.

      Two go in. One comes out.

    • by commodore64_love (1445365) on Monday December 07, 2009 @10:21AM (#30353296) Journal

      Yes. If you're going to steal, then steal from a known thief, because he's unlikely to go to the cops and report you.

      Same applies to shopping on ebay

      • The whole concept reminds me of arguments about scanned pictures, where one guy who scanned a copyrighted image and put it on the Internet gets all pissed off that some other guy uses it on his site. "You're ripping off all the work I did!"

        • The whole concept reminds me of arguments about scanned pictures, where one guy who scanned a copyrighted image and put it on the Internet gets all pissed off that some other guy uses it on his site. "You're ripping off all the work I did!"
          no, really- I wrote this.
    • by Tirith45 (1687810)
      Not all hackers aspire to be phishers, or vice versa or even remotely close. I am a hacker, I don't do it to steal passwords and or valuables, I do it to get into places I shouldn't, expose the holes, confront the company explaining how I did it, and why I did it. Then leave out... minor... details so they have to ask more and then they pick me up on a contract. It's not "wrong" because I'm not making the holes, I am just finding them.
  • by MathiasRav (1210872) on Monday December 07, 2009 @09:03AM (#30352288) Journal
    In other news, some Slashdot users don't like to do all the hard work of writing inspiring posts to build karma. Instead, they developed a simple online service to 'steal' karma from the hardworking posters. The service allows anyone to scan Slashdot articles for underrated comments and automatically post replies urging moderators to "mod parent up".
    • by Chrisq (894406) on Monday December 07, 2009 @09:14AM (#30352462)
      "mod parent up" This comment was generated by HackBot 01928
      • Re: (Score:2, Insightful)

        "mod parent down" - This comment generated by AntispamWikibot. If you feel this was an error, report your complaint to Abusebot.

        Aside -

        I always find it amusing when I see wikipedia bots caught in a revert war with one another. Who watches the watchers? Apparently nobody.

    • Re: (Score:2, Interesting)

      by Entropy98 (1340659)

      In other news, some Slashdot users don't like to do all the hard work of writing inspiring posts to build karma. Instead, they developed a simple online service to 'steal' karma from the hardworking posters. The service allows anyone to scan Slashdot articles for underrated comments and automatically post replies urging moderators to "mod parent up".

      Actually I've found that "mod parent up" posts are quite likely to get you modded down.

      Replying to let someone know how they're wrong, now that's how you get easy karma!

      • Re: (Score:2, Funny)

        by Anonymous Coward
        No it's not.
      • by smitty777 (1612557) on Monday December 07, 2009 @09:31AM (#30352688) Journal

        That is the most asinine, idiotic comment I have ever read. If your intellect was 1/8th of mine, you would simply burn your keyboard and never show your face on /. again. I shall now go back to reveling in my own smugness - the rest of you may continue the conversation.

        *...I hope the mods have a sense of humor this morning*

        • by Cwix (1671282)
          (Score:1, Flamebait) Guess not, that sucks.. its my experience they NEVER have a sense of humor in the morning *prepares for his down modding*
          • Geez - they probably didn't even read the whole thing. I think you're right. Next time, I'll send a cup of coffee with my ironically phrased posts.

          • by Stregano (1285764)
            Lol, at least your comments are looked at. I posted 1 dumb comment awhile back that was tagged as flamebait, and it seems that since then, I get no love, which is disappointing. I do not understand the system, especially when people make posts that just say mod parent up and get tagged 5 for funny. Oh well. I am not complaining, just stating that some of us try to actively post and still have bad karma from way too long ago, hehehe
            • Re: (Score:1, Informative)

              by Anonymous Coward

              I can only offer a couple of suggestions that seemed to have worked for me, if you're really interested in boosting your k-score. 1) Keep in mind that +Funny doesn't get you Karma points, and you are very likely to get mis-read (see thread to parent above for a good example). 2) RTFA - many don't and comment anyway, so you look informed if you do. Finally 3) read the FAQ - some good suggestions on there as well.

            • it seems that since then, I get no love, which is disappointing.

              In my experience you have to be out early to have your post modded at all - most mods (afaik) simply don't look beyond the first 50, 100 or 150 posts in a discussion, and some articles easily have 400 comments by the first 6-12 hours.

              Posts that could potentially be Score:5, Whatever are simply left at the initial 0, 1 or 2 (depending on karma) since the mod points were all spent before your post could make it to the counter.

              I was lucky this time to even get a thread ancestor modded up, but that's all thanks

  • Well, obviously (Score:5, Insightful)

    by Anonymusing (1450747) on Monday December 07, 2009 @09:03AM (#30352292)

    FBI: Why do you rob banks?
    Willie Sutton: Because that's where the money is.

  • Not surprised (Score:4, Insightful)

    by zmaragdus (1686342) on Monday December 07, 2009 @09:05AM (#30352324)

    Criminals stealing from criminals? Doesn't surprise me. It happens all the time in the physical world.

    (Before the deluge of malice-laden replies regarding "how I make all hackers out to be villians," yes, I know the difference between white hat and black hat.)

    • Re:Not surprised (Score:5, Insightful)

      by nahdude812 (88157) * on Monday December 07, 2009 @10:09AM (#30353130) Homepage

      A big part of why it's so alluring is that when you steal from a thief, not only is the grunt work already done, the chain of evidence gets disrupted. Leads past that point are likely to be interpreted as an attempt at misdirection (particularly in the case where information theft does not destroy the original information - the original phisher looks like the end of the line). Plus nobody is going to call the police that illegal information was stolen, doing so requires them to first admit their own crime, or at least put themselves at very high jeopardy of discovery.

      So if you can crack a phisher, you're far less likely to face real world retribution (though maybe they'll work on cracking you back).

      This makes phishers a much juicier, safer target, though presumably they're quite a lot more savvy than the average user, so pulling it off is likely harder.

      • Re: (Score:3, Interesting)

        by jimbolauski (882977)
        You've never seen cops before, they could do whole episodes where all the do is arrest people that call the police after a prostitute/drug dealer takes their money.
      • No, phish kits are pretty simple, and can be bought pretty cheaply. This isn't really about "hacking" anyone, it's more about knowing the most common places that phish kits keep their passwords.txt or whatever. AutoWhaler is like nikto for phishing websites :-)

        Seriously though, I doubt it will get much use beyond academic, since I doubt there are many hackers out there that want to share their findings with whoever it is that runs that site.

      • ...Leads past that point are likely to be interpreted as an attempt at misdirection...

        Maybe. But did you ever stop and think that maybe the said hacker is actively giving the phisher another avenue of misdirection?

        If the phisher becomes aware that he is actively being probed for information, what's stopping him from reversing the hack to get the hacker busted (perhaps anonymously) to create a diversion? Not saying it happenes everyday or that phishers are usually that smart, but it's definately plausible

      • Yes and no, for physical evidence you are right, however for virtual evidence, you would have to store the IP of the person you stole from and then copy it in (as well as mac address cloning) and use tor to then be able to look like the original thief to use the info you stole, else the track begins a subset of parallel evidence which can all be lead back to you.

        You have to know how to store the logd to know how to delete them, then also know how to delete the backups for those logs, then on top of that you

    • This would've been considered as an act of war, and the next thing you know people in the streets are cutting each others in half with tommy guns.

    • by Spykk (823586)
      What is being stolen from the phishers is stolen account information. The only way to make money with that is to use it to steal from the phisher's innocent victims. There is nothing white hat about this.
      • There is nothing white hat about this.

        Just a little clarification:

        My original point with the "black hat/white hat" thing was to forestall people who would take my "criminals stealing from criminals" to mean "all hackers are criminals" (which is not what it meant). Some hackers are criminals, others not. That's all I was trying to convey.

  • by asdf7890 (1518587) on Monday December 07, 2009 @09:05AM (#30352332)

    People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?

    This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.

    • People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?

      This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.

      I think the subtext here is that hackers aren't necessarily bad guys and so it's more like repo men stealing from car thieves, still not completely shocking but somewhat more interesting.

  • by Runefox (905204) on Monday December 07, 2009 @09:06AM (#30352338) Homepage

    Hard-working phishers? What? Did we cross over into the Twilight Zone, here?

    • Re: (Score:1, Funny)

      by j1r3 (586944)
      Nope, more like the Scary Door.
    • by IBBoard (1128019)

      Yeah, what's hard about cloning a site (not always that well), hiring a botnet and spamming the whole world (again, not always that convincingly and not always to the relevant people) before sitting and waiting for the account details to roll in?

      Next thing you know there'll be an article about how migrants are stealing jobs from these poor, hard-working phishers!

      • Yeah, what's hard about cloning a site (not always that well), hiring a botnet and spamming the whole world

        Probably hiring a botnet.

        • by IBBoard (1128019)

          I dunno. BBC Click [bbc.co.uk] managed to do it seemingly quite easily (thereby giving some of the BBC license fee to criminals), and broadcast it on TV, and subsequently modify people's computers (they changed the desktop to one of their own messages), and still they didn't get charged over it. If you can be that blatant and make it appear that easy then I can't imagine the phishers will have much trouble with it.

  • by captainpanic (1173915) on Monday December 07, 2009 @09:06AM (#30352342)

    Suddenly sounds like they are all bankers to me.

    • Suddenly sounds like they are all bankers to me.

      Maybe lawyers, too, twisting the truth back & forth

    • by baKanale (830108)
      Speaking of which, I'll bet the phishers aren't doing so well in this economy. Sounds like somebody needs a bailout!
    • by Yvanhoe (564877)
      At least the meta-thief doesn't try to convince the thief he has made a good deal.
  • by schmidt349 (690948) on Monday December 07, 2009 @09:07AM (#30352348)

    Great fleas have little fleas upon their backs to bite 'em,
    And little fleas have lesser fleas, and so ad infinitum.
    And the great fleas themselves, in turn, have greater fleas to go on;
    While these again have greater still, and greater still, and so on.

    • by soccerisgod (585710) on Monday December 07, 2009 @09:21AM (#30352556)
      If that's what they tought you in biology, I don't want to know what they tought you in sex-ed...
      • Sex ed (Score:3, Funny)

        by nacturation (646836) *

        Adults chat in the online world,
          decide to meet for coffee.
        To great effect she did a-twirl,
          sparks fly that scare Khadafi.
        Until one day she chatted coy,
          paid nary a thought to time.
        Turns out it was a 12 year old,
          they charged her with a crime.

    • by natehoy (1608657)

      And on that flea there was a rash a rare rash, a rattlin' rash. The rash on the flea and the flea on the wing and the wing on the bird and the bird in the egg and the egg in the bird and the bird in the nest and the nest on the leaf and the leaf on the twig and the twig on the branch and the branch on the trunk and the trunk on the tree and the tree in the bog and the bog down in the valley-o.

    • As the little old lady tought Betrand Russel, it's turtles all the way down !!!
  • There is always a bigger fish.
      -- Qui-Gon Jinn

    • Re: (Score:1, Funny)

      by Anonymous Coward

      There is always a bigger phish.

        -- Qui-Gon Jinn

      There, fixed that for you

  • In a web 3.0 show-down who would win?

    1) Hackers.
    2) Pirates.
    3) Phishers.
    4) Ninjas.
    5) The Man.
    5) Cowboy Neal.

    Missing option being a tag-team of Chuck Norris and Angelina Jolie.

  • I've always wanted to say this.
  • Dag-nabbit! (Score:5, Funny)

    by jellomizer (103300) on Monday December 07, 2009 @09:12AM (#30352434)

    These young hackers causing all this hutinanity and without any real work.

    Back in my days youngans, Hacking or cracking as it was sometimes called, while still illegal was something to be respected, you had to know what you were doing to break into a system and the harder the break-in the more respect you got... Now todays you kids got all comerical and you can break into computers without having the break into them. You just ask someone for the passwords and they give them to you... Dag-nabbit that is not hacking that sounds like politicians to me.

    • Re:Dag-nabbit! (Score:5, Insightful)

      by Chrisq (894406) on Monday December 07, 2009 @09:18AM (#30352514)
      Well, back in my day we had to do real work. There were no computers to help like you namby pamby phishers have to day. It was get up at 5am, check out the garbage of the local banks, then spend 8 hours hand typing investment certificates and forging cheque books. What is the criminal underworld coming to?
      • by Xacid (560407) on Monday December 07, 2009 @09:23AM (#30352586) Journal
        Two words "Process Improvement".
        • Re: (Score:2, Funny)

          by Anonymous Coward

          Let's hope they take it all the way to CMMI Level 5. Then we won't have to worry any more - they'll be too busy working on their process documents to steal.

          Anon because I work at a CMMI-5 company...

          • by Xacid (560407)
            Ughhh, we have some CMMI guys and they're on a totally different planet so I can totally see what you're saying. The Six Sigma Black Belts are just as good too.
        • Improving the process of creating inefficiencies.....somehow that seems kind of backwards to me.

          -Oz
      • by natehoy (1608657)

        When *I* was a kid, we had to walk to the banks. Uphill. Both ways. In the snow.

    • Re: (Score:3, Interesting)

      by spyrochaete (707033)

      Hacking is about finding the most efficient route to the juiciest payload without ruffling feathers unduly. Here's a fun article [seoblackhat.com] that I think illustrates this concept really well.

    • by StikyPad (445176)

      Did you mean hootenanny [wikipedia.org] ?

    • Back in our day, we had to move the electrons around with tweezers.
  • "Some hackers out there don't like to do all the hard work of running..." Nuff said.
  • by Anonymous Coward

    ...all it does is to try access a number of pre-defined files from the root directory of the probed host: passwords.txt, logs.txt, l0gz.txt, accounts.txt etc. -- talk about sophisticated hacker tool! massive all phreaker big-up! what a joke...

    the tool also "epically fails" if you supply a host that is not encapsuled in http:// ... /

  • Is it just me or is there more and more biology-like complexity evolving?

  • by gadget junkie (618542) <gbponz@libero.it> on Monday December 07, 2009 @09:56AM (#30352984) Journal
    I am not a lawyer (and I use Acronyms sparingly), but stealing accounts from other phishers may be a DMCA violation!!! [copyright.gov]
  • by fishtorte (1117491) on Monday December 07, 2009 @10:04AM (#30353060)

    from the jargon file [catb.org]:

    hacker: n.

            [originally, someone who makes furniture with an axe]

            1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.

            2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.

            3. A person capable of appreciating hack value.

            4. A person who is good at programming quickly.

            5. An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)

            6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

            7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

            8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.

            The term ‘hacker’ also tends to connote membership in the global community defined by the net (see the network. For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic (see hacker ethic).

            It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled bogus). See also geek, wannabee.

            This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.

    Note that the perjorative use has been deprecated.

    • by MarkvW (1037596)

      Hacking started out as a slang term that means one cluster of things. The meaning has since evolved.

      Now we've got people citing dictionary meanings of the term.

      The drive to classify--and to impose your classification upon others--must be a human biological imperative.

    • Note that the perjorative use has been deprecated.

      Note that the act of deprecating definitions you do not like has been deprecated.

    • Re: (Score:3, Insightful)

      by Princeofcups (150855)

      Note that the perjorative use has been deprecated.

      And the jargon file represents, what, less than 5% of the English speaking world? The rest use the word hacker. Sorry, the battle is already lost.

    • Unfortunately, the people who need to know this don't read the Jargon File.

    • from the jargon file [catb.org]:

      [long definition]

      Note that the perjorative use has been deprecated.

      I thought dictionaries were supposed to be descriptive, not prescriptive.

  • If you can get the phishers to concentrate on the hackers, while the hackers are concentrating on the phishers, maybe they will leave the rest of us alone.

  • I would be tempted to use this for honourable reasons (ie wait for phishers to email me, then get the details off their site and let someone know that these account details had been stolen) but I'm not sure how. I strongly suspect actually posting them on a website would likely get you in trouble with the authorities, and I'm not sure how effective emailing either the bank(s) or websites in question, or the people whose details were stolen, would be.
  • by Animats (122034) on Monday December 07, 2009 @03:19PM (#30357232) Homepage

    I've seen that, too. Recently, Stanford University came up on our short list of major sites being exploited by phishers. [sitetruth.com] I was surprised, because Stanford is usually good about stopping that. It was a weird subdomain under "stanford.edu", and at first I thought someone had compromised Stanford's DNS to get their site under the "stanford.edu" domain. But no, it was just some minor machine that had had a break-in.

    The directory with the phishing page was readable as a web page and contained the log of captured passwords, so I sent those to Stanford security and Bank of America security. Haven't heard back from either. After the end of the weekend, the site was taken down, and that took Stanford off the blacklist.

    We've been reasonably successful at cleaning up that list. We're trying to popularize the idea that one verified phishing URL blacklists the whole domain until the problem is fixed. (The idea behind SiteTruth is to take a hard-line approach and measure the collateral damage so it can be minimized.) The oldest sites on that list are ones which won't respond to complaints by e-mail or phone. In some cases we've sent faxes.

    The worst offenders are Piczo and FortuneCity. Piczo is some kind of social network/hosting service for teenage girls, and it's full of phishing pages, mostly for Habbo logins. PhishTank counts 15, and there are probably more. The phony pages are often not in English, and the Piczo abuse department may not recognize a French Habbo phishing page. This may be the next trend in phishing - put your page on a site run by someone unlikely to understand the page. I've seen a phishing page in Greek on an Indian site.

    It's getting harder to run a phishing site. Since the end of "domain tasting", the business of high-volume bogus domain registration has tapered off. We haven't seen an "open redirector" on a major site in a while; eBay, Yahoo, and Microsoft Live all used to have at least one. The "url shorteners" are getting very aggressive about killing links to phishing sites. This might be winnable.

  • Since the tool is not run locally you can only assume that all the submitted url's are going into someone's database.

    That someone is going to collect a lot of hacked accounts very quickly.

    Hackers vs Phishers vs Hosted Hacked account collection Service?
  • Yesterday the Auto Whaler was something I would thumb up for. Now when I finally got my chance to abuse it, it somewhat became old news too quick.

    During my sleep I finally received some phising mails to test with the Auto Whaler.

    First one gave no hits Second one gave green lines all over. Trying to open one of the text files I was just redirected to a sub page on the site where all the red lights starts flashing. Tons of malware trying to be installed.

    So do not let the phishers fool you, they too k

"It's when they say 2 + 2 = 5 that I begin to argue." -- Eric Pepke

Working...