people that are profiting from phishing, a pair of security researchers at
Black Hat have argued that most aren’t all that bright.
at Their Own Game” researchers Nitesh Dhanjani and Billy Rios demonstrated (sometimes with hilarious
detail) how many phishing attempts are basic and not the work of sophisticated
phishers use readily available phishing kits. Dhanjani noted that though there
are many different phishing kits that he could find online for the most part
they’re all quite similar since a lot of the functionality is stolen from each
other (so one kit steals from another and vice versa).
argued that many of the kits are using basic PHP scripts that aren’t exactly
rocket science either.
reuse in phishing kits means is that 1) Phishers are lazy 2) The phisher didn’t
know how to create the kit themselves and 3) They just want to
phishers ripping off other phishers. Rios told the capacity audience that he
was able to find a blacklist for blacklisters. That is a list of phishers that other phishers
didn’t want to do business with because they had been wronged in some way. Rios
commented that one list he found had 3500 people on it.
when it comes to phishers.
step ahead of us the reality is that they rely on infrastructure that is
already in place to help them to do what they need to do,” Rios said.
“It’s good that these people are not as technically savvy as ninja hackers
but it’s bad because basically anyone can do this.”