Find more Phishing Funda....


Wednesday, March 19, 2008

Cyber Law : The Obstacles Facing Cyber Law Enforcement

The online community is cruel and ruthless leaving no margin of error for anyone. Once you make a bona fide mistake you get crucified immediately. It is because of this general attitude among many people in social communities, that people jump to unfair and unjustified conclusions. Most participants of these communities are used to this behaviour and are not bothered by it too much. Most of these unjustified remarks often cause embarrassment for the comment maker, which is well deserved, because you should take the consequences of your actions for speaking out loud without thinking. Where am I going with this? What does this have to do with fighting cyber crime?

Let me explain with an example: When a big company like Microsoft cause a security risk for users of Internet Explorer out of negligence, you can be sure that the press (including the online community) will throw some big stones at them. This response is justified because the safety of innocent users is put at risk because of the negligence of a respectful organisation. But when Microsoft makes a remark that is misunderstood by some people, without causing any security threats because of this ill formulated remark, why should they be crucified? Microsoft is run by people and people make mistakes. If the community wants to rant and rave about something, then find something that deserves some ranting and raving and stop wasting time on things that can be excused. The company has to waste valuable resources to put out the fires caused by this overreaction instead of using those resources to improve the security of their products. No, I am not a Microsoft prophet, I am simply using them as an example.

Investigating spam and determining the origin of a scam letter is not as simple as tracking an IP address. Most people think so, but that is because they never really tried to locate a spammer on their own after being spammed. It is very easy to forge an e-mail header and that makes it almost impossible to locate the real sender of the e-mail. Even if the header is not forged, you never know whether it is a case of identity theft. Computer criminals hack into e-mail accounts, they hijack web sites and use it to their advantage under the identity of an innocent victim. This enables them to operate undetectable by moving from one account to another. Jurisdictional constraints makes it is hard for federal organisations of one country to prosecute crimes committed in another crime, not even to speak of locating the criminal.

Abuse departments of hosting companies and service providers are so swamped with so many daily reports of spam and network abuse that it is impossible for them to respond to each and every spam report individually. It obviously creates the impression that they do not really take action against the guilty parties. Of course, some companies appear to have an abuse department, but it is only a front to make people believe that they take action against spammers. This discourages people from reporting cyber crime and it effectively allows cyber criminals to operate in the open without the risk of getting caught.

People take cyber crime lightly, cyber crime is being handled as crime committed in another dimension, a dimension not regulated by law. Cyber crime is just like any other crime committed in the normal world, the only difference comes in the methods of investigation. Cyber swindlers are real life criminals, they should never be underestimated. The fact that they operate behind a computer screen makes no difference. Law enforcement agencies do not really care about the person robbed from a couple of dollars, they only pursue the big fish. Unfortunately this is how most scammers operate. They steal a bit from one victim, they steal a bit from another victim, they steal a bit from hundreds of helpless victims and pocked thousands of dollars in the end. Law enforcement agencies will take this crime more serious if everyone starts to report it to their local police department. Sooner or later they will realise that something has to be done. Many police departments are also not equipped to handle digital evidence effectively and many police officers still do not have the skills to conduct proper cyber crime investigations.

Cyber crime is very volatile and cannot always be solved using conventional methods, so I appeal to the online community not to question the unconventional methods of cyber crime investigators. At least they are doing something about an epidemic that is ignored by many influential and powerful organisations.

Sunday, March 16, 2008

Phishing Attacks Reach New Level

The Georgia Institute of Technology has teamed up with Google to investigate how to counter new forms of phishing attacks by hackers. Hackers are able to control users' internet browsing by using the "open recursive" DNS (Domain Name System) server. This type of attack is not new, although hackers have developed a technique that makes it almost undetectable by anti-virus and anti-phishing software.

A DNS server is an internet service that translates domain names into a numerical internet protocol address. For example, users would type "" into an internet browser and it would translate it to something that would look like this: "207.35.118,135". The internet browser would then direct the user to the site.

DNS servers work together in a network. If one DNS server can't find the address it would send it to another one until the address is found. Unlike other DNS servers, open recursive DNS servers answer all DNS look-up requests from any computer on the internet. It is this feature that hackers use.

Google and the Georgia Institute of Technology have discovered that there are over 17 million open recursive DNS servers. Most of these give accurate information, but 0.4% or 68,000 are giving users false addresses to phishing sites. The hackers are able to send users to phishing sites with the DNS.

Phishing sites are false sites set up by hackers. Hackers would create sites that look like the original and get users to give information such as usernames, passwords and pin numbers. For example, they could copy an online bank site and get users to register and log in. The login information is sent to the hacker and he or she is able to use it to gain access to the user's bank account. They trick users into entering their phishing site by sending a fake email. The email, for example, could be made to look as though it came from the user's bank, asking them to login and update their details. The e-mail would then contain a link to the phishing site.

Hackers are using the open DNS system by targeting the user's settings. The user would either open a virus infected attachment on an e-mail or a website with the virus embedded in it. The virus will exploit the user's computer by changing just one file in Windows registry setting. The changed setting will allow the hacker to have complete control over the user's browser.

If the virus is not stopped during the initial stages, it can go undetected for the rest of its existence. Users might believe that because they have anti-phishing software they can't be infected. However, because the hacker is operating at DNS level, the anti-phishing software is rendered useless. Hackers would allow the user to browse normally, but would re-direct them suddenly if they tried to use online banking.

Google and the Georgia Institute of Technology are looking into developing a type of software that will counteract the hackers. They are also trying to create more awareness among all administrations to change their DNS servers. There is no real benefit from having an open-server. The Georgia Institute has marked phishing attacks as one of the top threats for 2008.

Help Stop Phishing and Pharming

Technology has brought along with it some criminals too who have found many crooked ways to use the internet to deceive people. They do this by robbing them of their identity and their life savings too. Most people begin to react to phishing attacks slowly as they get completely devastated to find that they have lost everything they have got. This is why even though it may be difficult for most to handle phishing attacks at least we must be aware of how to stop phishing.

To stop phishing it is important that users report these phishing attacks to government agencies, banks and credit card companies. It is only when we report of such phishing emails to the respective banks, credit card companies etc that they will be aware that such fraudulent emails are making the rounds and they will quickly alert all their clients thus saving many innocent people from losing their money.

If you have been a victim of a phishing fraud, make sure that you have all the bank accounts in question closed immediately and inform your banks and credit card companies about your having been deceived into revealing all personal particulars. This is one of the best ways to stop phishing at its source itself.

Another way by which you can stop phishing is by installing anti phishing software in your system so that the software prevents any kind of fraud by scrutinising all the emails coming into your box and alerts you in case there is a suspicious email trying to phish. Once you are alerted, do not on any account open such emails.

Make sure you have an effective anti phishing software installed on your system, which will immediately alert you in case of suspicion. There are spyware programs that effectively detect scam mails and send them to junk.

Most of these phishing emails always play on your sentiments like your having won a lottery ticket etc. You will be naturally thrilled about this and would not think before you unwittingly provide all your personal information and financial information. If you have any suspicion immediately, inform any of the following groups. To stop phishing send the email you have received to the Internet Fraud Complaint centre of the FBI by filing a complaint on their website. You can also report to anti phishing groups. You can find the email addresses of anti phishing groups on the internet.

Copyright 2009 Phishing : A Online Robbery.. Powered by Blogger Blogger Templates designed by Deluxe Templates