UGN Phishing & Online Crime Reports UGN Phishing & Online Crime Reports
criminals want your identity... they'll stop at nothing to get it. BEWARE
I usually keep our phishing reports clean and neat, just reporting news and events in the ongoing war against phishing and online crime. But with some of the news reports last week, this time I just have to include a rant about ICANN and the current methods of dealing with phishing.
The primary techniques that makes phishing and many other methods of online crime possible are:
1) the ability to forge headers in email
2) the ability to quickly set up domains at no cost,
3) the availability of free website hosting
4) the ability to falsify Whois data to elude detection.
Three out of these four are directly under the control of ICANN. Since ICANN has taken no steps to remedy organized crime's use of the DNS system in the past four years, despite repeated reports, it has become very clear that ICANN needs revamping. The Feds need to scrap ICANN and rebuild from the ground up. Domain kiting, rogue registrars, and criminal ISPs run rampant, laughing in the face of ICANN regulations, and all honorable internet users.
If any other entity in the world was aiding and abetting organized crime out in the open, they would be shut down. This is why I cannot understand why something hasn't been done about ICANN before now. If they opened a fire arms supermarket selling handguns with ammo, to anyone who walks through the door for five bucks, what would happen? Would that be tolerated? If they had a fleet of 'ice cream trucks' visiting school yards and mall parking lots handing out porno material -- to anyone, what would happen? You say that's preposterous? You say there's no way that would be allowed. Sorry, it's basically the same thing, and it's happening thousands of times each and every day. Probably every hour. It just happens to be electronic -- a venue that law enforcement and the judicial system can't seem to come to grips with.
One might certainly think that if you realized you were aiding online criminals you would take measures to stop, right? ICANN has made no efforts to stop. So, what does that tell you?
You hear the political puffery over border control. Online crime is the biggest and most potentially damaging violation imaginable. What if there were millions of terrorists walking through airport security each day -- unattended. How about each hour. Don't look now, but infiltration in the form of phishing and criminal hacker attacks raining in from China, Korea, Brazil, Germany, Romania, Iran and Jordan range in the billions per day. Who is looking? No one.
There's good news: All of it could be stoped with the control of ICANN.
The bad news: ICANN is totally unregulated, above the law, and has been evidencing signs of becoming rogue itself.
Probably never. They show no indication they even understand the solution. They're still immersed in a quagmire of groping around for filters and software email blockers. Duh. If it weren't so serious, it would be humorous. The worst part of it all is the media and the legislature actually believe the farse and simply ignore the real solutions.
Reading the news bytes makes you sick. Here, try these:
Phishing Domain Resale Market Booms
Gregg Keizer, TechWeb Technology News, is reporting a rather disturbing trend in the domain market -- criminals letting their phishing domains go, only to be snapped up by other criminals to use them again in phishing attempts. The smear in the nose of legitimate internet business is the fact that major domain resellers are aiding and abetting the criminals, daring law enforcement to do anything about it.
That's like criminal evidence lock-ups selling all the guns, bombs and other weapons confiscated from criminals back to vendors so they can sell them back into the underworld to commit more crimes. Ludicrous? Yes. Done every day? Yes. Anyone doing anything about it? No.
See: Phishing Domain Resale Market Booms
Ask yourself what anyone needs with a domain for "American Express" other than American Express -- or PayPal, eBay, Chase Banks and so forth. If you're not the entity, why would you need that domain? Well, phishers need the domains to extort billions of dollars from people every year.
Finnish-based F-Secure identified more than 30 registered domain names for resale (At Sedo.com, a U.S. firm) for citi-bank.com, bankofameriuca.com, americanexpresscredicard.com, mastercarding.com, and visacardcredit.com. Sedo doesn't check who buys them, they're only interested in the money. That kind of makes Sedo.com a key part in the organized crime cycle, doesn't it?
Gregg Kessler of TechWeb writes:
"Criminals often use misspelled and deceptive domain names for their bogus Web sites to fool users. Registrations of domains that closely resemble large financial institutions are common for that reason. Last March, for example, F-Secure identified nearly 500 domain names on variations of "citibank" and over 400 on versions of "bankofamerica."
These domains should be pulled, blocked and stricken from use. ICANN can do this. But they won't. They ignore the problem all together. Sedo has a lame excuse saying basically, we don't police that, it's up to the banks to do that. Sorry Sedo -- if you're not part of the solution, you're part of the problem. And the big problem is aiding and abetting criminals. Yes, Sedo, it IS your responsibility. If a vendor gives a hand gun to a criminal to rob a bank, it's not up to the bank to keep the criminal from getting the gun. Banks aren't in the gun business any more than they are in the domain business. Perhaps Sedo also needs to be investigated.
See: www.techweb.com article
*
www.theregister.co.uk article
There are from six to a dozen news level stories about phishing each and every day. These are the ones that actually get some attention in the drive-by media. A tip of the ice berg. This report continues...
Please share your concerns or discoveries, we're listening.
Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director