Monday, January 28th, 2008
A colleague (Nitesh Dhanjani) and I were recently accepted to speak at Black Hat Federal in Washington DC. What basically started as a few laughs over a phishing site, eventually turned into months of serious investigation into the entire ecosystem that supports the phishing effort.
Nitesh and I basically infiltrated a few phishing forums, tracking a phisher from compromised webservers, to phishing forums, to carderz sites. We managed to get a hold of about 100 different phishing kits, various tools used by phishers, and gained some insight as to how phishers do their business. I was STAGGERED by the amount of PII (full names, DOBs, credit card numbers, SSNs, addresses, phone numbers…) that is placed on public web servers by phishers, hidden only by obscurity. Once this obscurity is broken, even a simple query in a search engine will reveal a significant amount of stolen identity related information including names, credit card numbers, SSN, DOBs…
I was also FLOORED by the number of phishing and credit card fraud related forums.
Nitesh and I basically stopped our research because the number of sites and the staggering amount of exposed PII was simply too much. There literally is an entire ecosystem devoted to supporting the phishing effort that plagues modern day financial institutions, one that simply cannot be viewed by two Security Researchers alone. If you’re in the DC area, stop by for Black Hat and we’ll show you some of the things we saw. We give a brief description of some of the things we saw during an interview for Help Net Security. For those of you who are curious, due to the ENORMOUS amount of PII we came across, we’ve contacted the FBI and we’ll be sharing some things with them that WILL NOT be in the talk or any interviews!