Phishers Arrested In Eastern Europe and US

An anonymous reader writes to let us know about the roundup of a phishing gang by the FBI and authorities in Poland and Romania. 18 arrests were made in what the FBI calls "Operation Cardkeeper." The gang has allegedly been selling stolen identities and information on credit cards and bank accounts since at least 2004. To remind us what a drop in the bucket such international operations are, the article says: "The Anti-Phishing Working Group, an industry consortium, said more than 10,000 phishing Web sites were active on the Internet in August, about double the number of sites in January."

The reverse authentication problem

[140Mandak262Jamuna]

I have seen all kinds of tough authentication systems. My friend used to carry around a key fob with a random number generator that changes every minute. Along with his user id and password he needs to supply this random number to access his cray account. And I have seen others carrying a credit card sized challenge-and-response thingie from RSA. But all these elaborate measures are used to autheticate the user for the server.

In the phishing scenario, the user has to authenticate the server. That is the crux of the problem. The user base is vast and their technical expertise varies significantly. There is an urgent need to let the users spot phishing attacks easily and reliably. All the banks and financial institutions know it is a looming problem, still they dont do anything. Finally some lawyer sues some bank and suddently the pendulam will swing all the way to the other end and the banks will make us ALL jump through hoops of fire just to log in.