Forgot your password?
typodupeerror
Security Your Rights Online

IBM Reports On Spear Phishers 169

Posted by CmdrTaco
from the something-to-think-about dept.
FrenchyinOntario writes "IBM reports that while "regular" phishing is declining the black hats are now engaging in targeted spear phishing to glean as much information about a specific identity as they can for all the usual cybercrime reasons. It concerns authorities because the usual suspects - criminal and terrorist organizations - will want to take advantage of this, but the chilling part is how your identity will now be dependent on multiple institutions protecting your personal information, as opposed to eBay, PayPal, your bank, etc."
This discussion has been archived. No new comments can be posted.

IBM Reports On Spear Phishers

Comments Filter:
  • by winkydink (650484) * <sv.dude@gmail.com> on Thursday August 04, 2005 @02:41PM (#13242789) Homepage Journal
    click me, click me! [networkmirror.com]
  • A way around this... (Score:5, Informative)

    by ajiva (156759) on Thursday August 04, 2005 @02:42PM (#13242806)
    There is one way around this, that's to go to the 3 large credit companies and tell them to "Freeze" your credit (I think it costs $5-$10). Anyway nobody can open an account in your name, and as long as you remember to "thaw" your account before getting a loan, you'll be ok. It's no perfect, and I'd argue that all credit information should be purged from people who don't need it (this includes SSN numbers). Heck none of this should even be on file...
  • Server (Score:2, Informative)

    by cached (801963) on Thursday August 04, 2005 @02:51PM (#13242911)
    Because the server is being /.ed, heres TFA:

    A report published this week from IBM Corp. suggests that phishing schemes are growing in sophistication, allowing would-be Internet criminals to target their victims by name. A targeted or "spear phishing" attack is designed to extract data from a specific individual or organization, maximizing damage caused and financial gain. IBM estimates that these types of attacks have grown ten-fold this year alone. According to the company, they can be used for identity theft, extortion, fraud and to steal specific intellectual property. "We're seeing it as a targeted security threat within financial institutions as well as government regulatory bodies," said Michael Small, security practice leader for IBM Canada. "It's very targeted with a specific purpose to ensure that they try to get access to privileged information for, usually, profit. Its concerns are linked to cyberterrorism as well as obviously organized crime." Until now, the most common form of phishing attacks were those that attempt to disguise themselves as e-mail from banks or common consumer Internet services like eBay or its payment arm PayPal. They aren't addressed to a specific person but are sent out as widely as possible in an attempt to snare a few unfortunates who are willing to part with bank account information or their eBay identities. Mary Kirwan, CEO of Toronto-based security firm Headfry Inc., said that these types of attacks may be on the decline but agreed with IBM that spear phishing is a growing concern. "These are higher payoff crimes, so it's in their interest to follow the money, essentially," she said. "There's no real consensus among the global banks as to how to deal with that right now. Some of the banks are acknowledging that you don't have to be a dummy to fall for these scams." This isn't the first time banks have been identified as a lucrative target. In 2003, Symantec Corp. noted that a virus called Win32.Bugbear.B was sent by likeminded criminals to financial institutions such as J.P. Morgan Chase, Citibank and American Express. Security experts believed that Bugbear was designed to scan an inbox for any indication that it belonged to a bank employee. Recovery from targeted attacks and malware in general costs a Canadian organization an average of $30,000 to $40,000, said Small. He added that IBM is sharing its research with customers, partners and vendors to help them prevent such attacks. Nuisance e-mail like spam appears to be leveling off, according to the IBM report. In January of this year, spam accounted for 83 per cent of global e-mail. That number had fallen to 67 per cent by June. There are new problems on the horizon, however. In March, a new threat called Domain Name Service (DNS) cache poisoning was discovered. Cache poisoning can hijack a user's browser and direct them towards a specific site or advertisement by corrupting a DNS server's ability to map machine host names to a correct IP address. Variations of these types of attacks have been around for years, but cache poisoning is becoming more sophisticated and a DNS server that isn't configured properly is particularly susceptible.
  • by Locke2005 (849178) on Thursday August 04, 2005 @02:58PM (#13243001)
    Are you thinking of the Transparent Society [davidbrin.com] essay by David Brin?
  • by liquidpele (663430) on Friday August 05, 2005 @12:48AM (#13247204) Journal
    Bruce now disagrees with a lot of his past beliefs (that cryptography can fix everything kind of stuff), and that huge complicated systems are considered a horrible idea since they rarely fail well. Read his "homeland insecurity" interview from The Atlantic for more info.

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun

Working...