Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security Your Rights Online

IBM Reports On Spear Phishers 169

FrenchyinOntario writes "IBM reports that while "regular" phishing is declining the black hats are now engaging in targeted spear phishing to glean as much information about a specific identity as they can for all the usual cybercrime reasons. It concerns authorities because the usual suspects - criminal and terrorist organizations - will want to take advantage of this, but the chilling part is how your identity will now be dependent on multiple institutions protecting your personal information, as opposed to eBay, PayPal, your bank, etc."
This discussion has been archived. No new comments can be posted.

IBM Reports On Spear Phishers

Comments Filter:
  • I have to say ... (Score:4, Interesting)

    by Daniel Dvorkin ( 106857 ) * on Thursday August 04, 2005 @02:43PM (#13242825) Homepage Journal
    ... I think it's kind of hilarious how stuffed-shirt companies like IBM, and the news organizations that report on them, have tried to adopt hacker slang. "Spear phishing"? It kind of reminds me of Christian pop music that desperately tries to be cool but always looks and sounds ten years behind the times.
  • it's bad on IRC (Score:3, Interesting)

    by eight and a quarter ( 904629 ) on Thursday August 04, 2005 @02:45PM (#13242839) Homepage Journal
    i've found a gang of romanian scammers on a popular IRC server because a friend's machine was compromised for spamming. i joined the chan and just monitored for a few hours.. i logged everything, e-mailed them to the IRC administrator, and absolutely nothing has been done.
  • by under_score ( 65824 ) <mishkin@ber[ ] ['tei' in gap]> on Thursday August 04, 2005 @02:47PM (#13242868) Homepage
    I'm starting to feel like the right to privacy might be a red herring. The benefits of technology and a truely collaborative and just society might only be fully realized if we completely give up privacy... and that that might actually be a good thing. I know that I've read an essay or something about this before, but I can't find a link - anyone know who wrote about this or where I can find some references? (Actually, Robert J. Sawyer [] wrote a series of books where one of the societies is like this... but it's not what I'm thinking of.)
  • by It doesn't come easy ( 695416 ) * on Thursday August 04, 2005 @02:56PM (#13242972) Journal
    I've always thought that someone with a strong opinion on the pitiful state of privacy laws in the US would ... how do you say it ... demonstrate just how easy it is to steal someone's identity in this country (using, of course, selective politically connected individuals as test cases). Nothing like getting a senator interested in stronger privacy protection after they get the bill for that $5000 digital camera someone "bought" using their credit card.
  • by Anonymous Coward on Thursday August 04, 2005 @02:56PM (#13242979)
    This doesn't work. One of my best friends had his identity stolen and then Froze his credit, but Credit card companies were still issuing new cards in his name.
  • by MirrororriM ( 801308 ) on Thursday August 04, 2005 @03:03PM (#13243038) Homepage Journal
    but the chilling part is how your identity will now be dependent on multiple institutions protecting your personal information

    The way I see it, all personal information I send to a particular company should be confidential and protected. Some if it they simply don't need. For instance, why the hell did the clerk at Hollywood Video ask for my SSN to open a damn account to rent movies?! They did not need my SSN and I sure as hell didn't give it to him either, but it makes me wonder how many people actually *have* given out their SSN just for a Hollywood Video account. Not good.

    If a company does not protect my personal information and it gets stolen and/or misused, you bet your ass they'd see some backlash from me. The only bad thing is, it's hard to figure out exactly *which* company that held your personal information was compromised. It's certainly not like they're going to volunteer the fact that they were comprimised, otherwise you might take your business elsewhere (to a more responsible company). Just look at the millions of people who had their information on backup tapes "misplaced" by a UPS driver (posted on slashdot a while back) after the company was stupid enough to send that info via UPS to begin with.

    Companies that have our personal information need to be held accountable on how they handle it and should be prosecuted to the fullest when they mishandle it.

  • Re:I have to say ... (Score:1, Interesting)

    by Anonymous Coward on Thursday August 04, 2005 @03:24PM (#13243268)
    Um yeah, maybe in the 80's.

    I suggest you actually listen to some of it today.... in fact you have, many hit the top 40 charts in "secular alternative" music over the past 5 years.

    the clueless like you stay on your path to what you think. the rest of us get bit shit eating grins as you not realize that bands like Creed and others are simply christian rock bands that are flying under the radar subverting you in your music... (OMFG! I better listen to some Insane clown Possee to cleanse my soul of this evil christanity! OMFG! OMFG! OMFG!)

    Oh let's forget that alternative HIt from 3 years ago "flood" that STILL shows up in airplay on the "aleternative rock" stations around the country....

    get a clue. you know nothing about which you speak of.
  • by Karma_fucker_sucker ( 898393 ) on Thursday August 04, 2005 @03:26PM (#13243288)
    why the hell did the clerk at Hollywood Video ask for my SSN to open a damn account to rent movies?!

    Video places use it for a credit check. They're loaning you a movie.

    On the other hand, here's a trick I learned. When you're asked for a SSN, say "I'm soooo sorry! I didn't think I needed it. I'll have to come back!" 90% of the time, the clerk will just say "We really don't need it, just hang on." I kid you not! Try it! It pisses me off that a lot of firms "require" this information but when you balk or plead stupidity (in my case),it's amazing how it all of a sudden "doesn't matter."

    When I was taking a marketing class, we were told by the Prof. that to get information for whatever reason, all we had to do was ask. Most people just hand it over. I would love to get into the social reasons for this, but for now, I'll just say that we're all (in Western countries at least) to just shutup and hand over anything anyone in authority or perceived authority requests...I'm starting to rant and my spellink is going to hell. Off to the porn sitesss!

  • by Atzanteol ( 99067 ) on Thursday August 04, 2005 @03:45PM (#13243484) Homepage
    What if that ID card stored a private key and a chip to do encryption of incoming data on it? The bank/gov't has your public key. Near impossible to 'forge', and if it goes missing you can report it.

    If we're going to get ID cards, I'd at least want them to be useful. At this point I'm in more danger of having my identity stolen than of being tracked by black helicopters...
  • Identity proxy (Score:3, Interesting)

    by digidave ( 259925 ) on Thursday August 04, 2005 @04:43PM (#13244266)
    I wonder how long before some company comes out with an identity proxy service. You sign up for, say $10/month, and create your virtual identity complete with a real credit card number that's mapped to yours through the service, then sign up to eBay, PayPal, etc using the virtual identity. If it gets compromised, you get a free switch to a new identity.

    You'd end up having to trust that one company, but a single company could quite easily put in place policy and technology to keep your identity safe... that would be their primary focus. That's unlike eBay and others who really just want to do business with you and happen to also have your personal information. Their policies aren't as good as they need to be.

    Besides, with your info only at one place it'd make spear phishing much harder: no relying on little bits of info from many places as a hacker would need to get all your personal info from one place.
  • by Anonymous Coward on Thursday August 04, 2005 @09:03PM (#13246217)
    "Subverting" us in our music? Funny. You go right ahead believing that. Here are some random thoughts from someone who's worked on Music Row for the majors and hosted an award-winning show on a major FM station (WRVU-Nashville, 91.1) in a top market, so I probably know more about this subject than you. Plus I have a little time to kill & feel like ranting until my date arrives.

    The charts are for record label execs and commercial radio playlist programmers, and all they really measure these days is payola, ad rates, product placement, how many units were pressed and shipped to stores - *not* how many cds were bought by actual paying customers, or how many people are actually hearing the chosen "hits" on radio. It's a scam.

    "College alternative" is a demographic; there is no "secular alternative" listing in the industry trade journals (ie - Billboard, etc), though I wouldn't be surprised if the xtians made up a category for their own marketing purposes in their internal industry reports.

    "College alternative" was created as a demographic in the early 1990s when the major labels finally figured out that Gen-X was *not* listening to "top 40 classic rock" stations that were still playing Boston and Journey, and that the major labels had missed out on almost an entire decade of truly underground (at the time) college music, ie - Sonic Youth, Husker Du, Negativland and the whole 1980s SST Records catalog; the dance/industrial scene - Skinny Puppy, Front 242, FLA, Ministry, Coil, Nine Inch Nails, etc; misc acts like the Red Hot Chili Peppers, Jane's Addiction, Love & Rockets, the Butthole Surfers - *this* was the real underground college scene.

    When "college alternative" finally wound up in Billboard in the early 1990s, Nirvana and grunge were taking off, and *this* is what the labels decided the underground college music scene was supposed to sound like, forever and ever, amen. The major labels are big corporations, and big corporations hate change, partially because they are slow to react. This is also why the "college alternative" charts have been dominated by the same-sounding, easily forgotten grunge-ish retread acts for almost 15 years, and why what you actually hear on college radio stations has little resemblance to the industry trades. As long as the majors can keep turning a profit by marketing product under this label, they don't care if it accurately reflects what people are listening to in the demographic, or if anyone is actually listening to it period.

    Commercial radio in the US is dying a well-deserved death, losing listeners to commercial-free college and community stations, XM, streaming internet radio (especially for non-US news) and podcasts, LPFM and (of course) mp3 trading. I'm forced to endure typical commercial radio stations a few times a week in the gym, and I can't believe how horrible it's become, or that anyone can leave it on even as background noise for more than a few minutes. Unfunny morning shock-jocks, the same limited playlist cycling every 90-120 minutes, and over half the content is advertising that's screamed at you in as obnoxious a fashion as possible. Good luck sneaking Jeebus in that mess anywhere and actually getting anyone to hear it. ...which finally brings us to the religious stations; they have always been a niche market in that there's very little crossover in either direction; they are already preaching to the choir (pun intended), so their listeners tend not to listen to anything else, and no one who isn't already tuning in regularly to religious stations wants to listen to their content either.

    Which brings us back to the whole "subverting" non-xtian secular music by Jeebus bands pretending to be something else. It just doesn't work. People who don't want to be preached to can spot it a mile away, plus the xtian rock acts are mind-numbingly boring, unoriginal and derivative (IMO); gimmie an xtian band that does something crazy-interesting like, say, Einsturzende Naubauten, or Tom Waits, or even mid-60s John Co
  • by collinl ( 114075 ) <lyal.collins@nim ... minus pi> on Friday August 05, 2005 @12:01AM (#13247023) Homepage
    So, its just a card with a password, and a chunk of crypto that said the password was right or wrong - e.g. by oututting a a transaction wrapped in other crypto.
    No one ever explains why this is better than an ID/account number and password?


"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe