Kelly Jackson Higgins at Dark Reader today published an interesting blog "The Phisher King". It describes how a phisher thinks about phishing. It's definitely worth a read.
The article describes "lithium". "Lithium, who says he's 18 and has been phishing since he was 14, said he has stolen over 20 million identities, mostly via social networking worms. "I have so many hundreds of thousands of accounts to many websites I haven’t even got a chance to look through," he wrote to RSnake, who today published the responses on the ha.ckers.org blog."
The blog says he makes between $3,000-4,000 per day.
"RSnake asked him how many people he typically phishes per day. Depending on the size of the Website, lithium said, it's usually about 30,000."
"Lithium, meanwhile, told RSnake he uses a dedicated server, VPN, network encryption software, and a 1-Mbit/s ADSL line. Tool-wise, the phisher said he uses MyChanger for most social networking sites: "This makes pishing [sic] so much faster on social networking sites. Everything is automated! messaging/bulletins/comments/profile modifications it's great. Other than that, I get ALOT [sic] of custom programs built to suite [sic] my needs from freelance developers," he wrote."
"How does he remain in the shadows? "I use VPN's, Dedicated servers, Proxies and my network traffic is encrypted. All payments are made through egold." "
All in all a very interesting read. This is not organized crime. This is just one criminal. Now expand your thoughts to include organized crime operating out of jurisdictions where the authorities won't prosecute them.
Now that's what I call a big problem.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us