RealTime IT News

Phish Fighters Form Alliance

UPDATED: Banks, ISPs and software companies formed a high-profile coalition to go after phishers, those increasingly sophisticated identity thieves.

Digital PhishNet combines the forces of nine of the top 10 U.S. banks and financial services providers, four of the top five ISPs and five digital commerce and technology companies. They'll cooperate with the FBI, Federal Trade Commission (FTC), U.S. Secret Service and the U.S. Postal Inspection Service, under the aegis of the FBI's Internet Crime Complaint Center (IC3).

The idea is to establish a single, unified line of communication between industry and law enforcement, so that critical data to fight phishing can be compiled and provided to law enforcement as exploits happen.

"IC3 is the referral agency. We build the case and get it marketed to law enforcement," said Dan Larkin, IC3 unit chief. "We have a lot of data, and much of it overlaps with what's coming in to us from industry. Connecting the dots [between those different data sources] helps us to build these cases to a more attractive level so we can get someone to work them."

Phishers send spam directing consumers to visit a phony Web site that's often an exact replica of a legitimate corporate Web site. The spam messages may tell recipients that they need to update their information. When the unsuspecting consumers click on a link in the e-mail, they're taken to a look-alike site and asked to fill out a form with their contact information, account number and password.

The Anti-Phishing Working Group, a different industry consortium, reported a 25 percent monthly growth rate in phishing exploits from July through October, with 1,142 active phishing sites reported in October, the last month for which statistics are available.

Microsoft senior investigator Stirling McBride said an industry-wide approach would make phish-fighting more effective. "In the past, the norm has been that Microsoft worked on phishing sites that targeted its customers. And that was the only piece of the puzzle ever seen by me. And other companies had the same experience. By sharing the information, we're able to target phishers on a much grander scale."

He explained that all industry members of the alliance would have access to a Web site with an attached database. As they deal with phishing exploits, they'll collect data about the sites, such as the registrar, registrant and IP address, and upload this data for analysis by the National Cyber Forensics and Training Alliance.

"They'll attempt to create a footprint of an attack, then they will ask the industry members to notify the FBI as soon as they see another attack that has this footprint," McBride said.

The IC3's Larkin agreed that the master database could speed justice. "The idea is to put as much data as possible into the database, so we can learn and see early warning signs. We can send the information back so [industry members] can put it into filters or software and get law enforcement on the trail as quickly as possible."

The founding industry members of Digital PhishNet include America Online, Digital River , a provider of e-commerce technology and services, EarthLink , Lycos, Microsoft Network Solutions and VeriSign . McBride said that some of the industry members didn't want to be named.

The alliance will provide federal, state and local law enforcement agencies with aggregated data about phishing exploits, as well as offer technology tools and strategic advice to help identify and arrest suspected phishers. It will supplement plenty of individual and industry efforts to go after the bad guys.

For example, EarthLink offers ScamBlocker, a free downloadable tool that warns Internet users away from sites that want to steal their info, as well as SpamBlocker.

"Our most effective tool for fighting phishing scams has been our SpamBlocker tool. It stops the initial e-mails from getting to customers in the first place, and that's made a huge difference," said Les Seagraves, Earthlink chief privacy officer.

But while ScamBlocker may protect consumers, it does nothing to get rid of the scamsters.

EarthLink also is a member of the Anti-Phishing Working Group; Seagraves said Digital PhishNet is a necessary addition to phish-fighting efforts. "The working group is different companies coming together to figure out what's going on, offer tips, come up with industry practices," he said. "Digital PhishNet is the actual machine that leads to prosecution."

In March Microsoft, AOL, EarthLink and Yahoo formed the Anti-Spam Technical Alliance, a group dedicated to fighting spam.

Corrects reference to ScamBlocker in prior version.