Using crypto against Phishing, Spoofing and Spamming...

John Denker jsd at av8n.com
Sun Jul 18 12:30:28 EDT 2004


Enzo Michelangeli wrote:
> Can someone explain me how the "phishermen" escape identification and
> prosecution? Gaining online access to someone's account allows, at
> most, to execute wire transfers to other bank accounts: but in these
> days anonymous accounts are not exactly easy to get in any country,
> and anyway any bank large enough to be part of the SWIFT network
> would cooperate in the resolution of obviously criminal cases.

Good question.

Actually there are two questions we should consider:
  a) What are the procedures phishermen are using today,
     procedures that they manifestly *can* get away with?
  b) Why why why are they allowed to get away with such
     procedures?

Here is something of an answer to question (a):
http://www.esmartcorp.com/Hacker%20Articles/ar_Watch%20a%20hacker%20work%20the%20system.htm

The details are a bit sketchy, and maybe not entirely to
be trusted since they come from self-described crooks,
but they are plausible.

Still question (b) remains.  The described procedures seem
to be the e-commerce analog of parking your car in a bad
neighborhood with the windows rolled down and the keys in
the ignition.  That is, I expect that most people on this
list could easily think of several things the card-issuers
could do that would shut down these attack-procedures,
significantly raising the phishermen's work-factor and risk
of arrest -- without significantly burdening legitimate
merchands or cardholders.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list