QUESTION & ANSWER

Phishing, identity theft keeps law enforcement, researchers occupied

By Dennis Fisher, Executive Editor 05 Nov 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Let's talk about the cybercrime problem. What needs to be done on the part of the security and law enforcement communities to get this problem under control?
Derek Manky: There are no boarders in cyberspace, so you see a lot of these organizations hosted through ISPs in one region supported through a registrar in another region and can constantly move and migrate shop. One of the key areas that we need to concentrate on, and something of much interest to me coming from a security research standpoint, is the flow of this information – the legwork and coordination. There's a lot of research out there and a lot of informative technical articles. But right now as we've entered into this evolution where cybercrime has started to develop in professional organizations in the digital underground, this is something that law enforcement hasn't kept up to pace with. We're starting to see some steps forward in this area.

Listen to the interview: An expert on cybercrime and online scams, Derek Manky, security researcher at Fortinet, joins Dennis Fisher for a discussion of the threats from online organized crime and social networking sites and whether we've seen the last of the big worms. Download MP3 | Subscribe to Security Wire Weekly

A lot of researchers I talk to are willing to help law enforcement with this problem but some of them meet resistance. Do you run into resistance from law enforcement agencies?
Manky: I wouldn't call it resistance, I think it's a resource issue. Not only is this pinpointed on law enforcement, I think there are several areas that this need to go through. You have your level of law enforcement , which is key in terms of take down and the cattle prodder when it comes to investigating and there's action that needs to be taken at ISPs and registrars as well. There's a sort of a level of resistance at those levels as well. If you're trying to communicate with a specific registrar with phishing domains, there's still that level of resistance too. I think having the integration between those three areas with law enforcement acting on it and IT security space providing that action flow it will go a long way. Right now it is kind of slow moving.

Where do you see the next big threat coming from?
Manky: One of the key areas that we still need to improve on and that people should be scared about is identity theft and leveraging a lot of this personal information, not only from an end user point but from corporations as well. I think a key area is the education in this. It's not something new, but with social engineering tactics. It's an age old trick with social engineering emails using hot topics and current trends to capitalize on it. I think this is an especially sensitive time, just because there's a mass amount of people that are involved with it and the end user weak mental nature in terms of falling pray to these types of attacks. I think this is just the beginning of it. Right up there are some of these emails playing on this theme of the current financial crisis. We're going to see a lot more of that kind of activity and it looks like the perfect opportunity for the cybercrime community to sink its teeth into it.

It still amazes me that after so many years of getting these emails that some of them are still successful.
Manky: In terms of the scam itself, it's exploitation of the human mind. Social engineering is a proven technique that has worked time and time again. One thing they have adapted to is moving from their communication channel. You have traditional inbox email spam which is still very prevalent today. Because it's been around for so long click through has gone down because of spam filtering technologies. Now they're taking those scams and putting them in social websites and blog networks, but the social engineering in the scam stays pretty much the same. It proves time and time again to be very effective.

Do you think that we've seen the last of those really large scale worms and viruses we used to see all the time?
Manky: I don't think so. This is something that we're closely monitoring right now because of the most recent out-of-band patch from Microsoft which brought out some eerie reminiscence of worms of the past. As some of these issues are uncovered, it's only a matter of time before proof of concepts and the information falls into the hands of bad guys. We have made significant progress in protecting against these attacks but in terms of exploiting them, I think it's a matter of resources. If something like this is uncovered it will continue to haunt cyberspace for a while.

Tags: Identity Theft and Data Security Breaches,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation No major PCI DSS revision expected in 2010 Data breach costs continue to rise in 2009, Ponemon study finds Chinese hacker attacks target Google Gmail accounts, top tech firms Facebook, McAfee partner to fix social network security issues Hacker pleads guilty to orchestrating Heartland credit card heist MasterCard reverses PCI compliance requirement Verizon report goes deep inside data breach investigations Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Email and Messaging Threats (spam, phishing, instant messaging) Chinese hacker attacks target Google Gmail accounts, top tech firms PDF attack code complicates security analysis, skirts detection Panda warns of American Express phishing scam Active PDF attacks target Reader, Acrobat zero-day vulnerability Yahoo login credentials at risk to hijacking attack The world's top 5 riskiest domains How to secure a .pdf file Top spammer gets four years in jail for stock fraud scheme New Zeus spam poses as Social Security statements Messaging security risks have upper hand on solutions Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary