Phish Fighters Form Alliance

UPDATED: Banks, ISPs and software companies formed a high-profile coalition to go after phishers,
those increasingly sophisticated identity thieves.

Digital PhishNet combines the forces of nine of the top 10 U.S. banks and financial
services providers, four of the top five ISPs and five digital commerce
and technology companies. They’ll cooperate with the FBI, Federal
Trade Commission (FTC), U.S. Secret Service and the U.S. Postal Inspection Service, under the aegis of
the FBI’s Internet Crime Complaint Center (IC3).

The idea is to establish a single, unified line of communication between industry and law
enforcement, so that critical data to fight phishing can be compiled and provided to law
enforcement as exploits happen.

“IC3 is the referral agency. We build the case and get it marketed to law enforcement,”
said Dan Larkin, IC3 unit chief. “We have a lot of data, and much of it overlaps with what’s
coming in to us from industry. Connecting the dots [between those different data sources] helps us to
build these cases to a more attractive level so we can get someone to work them.”

Phishers send spam directing consumers to visit a phony Web site that’s often an exact
replica of a legitimate corporate Web site. The spam messages may tell recipients that they
need to update their information. When the unsuspecting consumers click on a link in the e-mail,
they’re taken to a look-alike site and asked to fill out a form with their contact information,
account number and password.

The Anti-Phishing Working Group, a different industry consortium, reported a 25 percent monthly
growth rate in phishing exploits from July through October, with 1,142 active phishing sites
reported in October, the last month for which statistics are available.

Microsoft senior investigator Stirling McBride said an industry-wide approach would make
phish-fighting more effective. “In the past, the norm has been that Microsoft worked on phishing
sites that targeted its customers. And that was the only piece of the puzzle ever seen by me. And
other companies had the same experience. By sharing the information, we’re able to target phishers
on a much grander scale.”

He explained that all industry members of the alliance would have access to a Web site with an
attached database. As they deal with phishing exploits, they’ll collect data about the sites, such
as the registrar, registrant and IP address, and upload this data for analysis by the National Cyber
Forensics and Training Alliance.

“They’ll attempt to create a footprint of an attack, then they will ask the industry members to
notify the FBI as soon as they see another attack that has this footprint,” McBride said.

The IC3’s Larkin agreed that the master database could speed justice. “The idea is to put as much
data as possible into the database, so we can learn and see early warning signs. We can send the
information back so [industry members] can put it into filters or software and get law enforcement
on the trail as quickly as possible.”

The founding industry members of Digital PhishNet include America Online, Digital River
, a provider of e-commerce technology and services, EarthLink ,
Lycos, Microsoft Network Solutions and VeriSign . McBride said
that some of the industry members didn’t want to be named.

The alliance will provide federal, state and local law enforcement agencies with aggregated data
about phishing exploits, as well as offer technology tools and strategic advice to help identify
and arrest suspected phishers. It will supplement plenty of individual and industry efforts to go
after the bad guys.

For example, EarthLink offers
ScamBlocker, a free downloadable tool that warns Internet users away from sites that want to steal their info, as well as SpamBlocker.

“Our most effective tool for fighting phishing scams has been our SpamBlocker tool. It stops the
initial e-mails from getting to customers in the first place, and that’s made a huge difference,”
said Les Seagraves, Earthlink chief privacy officer.

But while ScamBlocker may protect
consumers, it does nothing to get rid of the scamsters.

EarthLink also is a member of the Anti-Phishing Working Group; Seagraves said Digital PhishNet is
a necessary addition to phish-fighting efforts. “The working group is different companies coming
together to figure out what’s going on, offer tips, come up with industry practices,” he said.
“Digital PhishNet is the actual machine that leads to prosecution.”

In March Microsoft, AOL, EarthLink and Yahoo
the Anti-Spam Technical Alliance, a group dedicated to fighting spam.

Corrects reference to ScamBlocker in prior version.

News Around the Web