[15790] in cryptography@c2.net mail archive
Re: Using crypto against Phishing, Spoofing and Spamming...
daemon@ATHENA.MIT.EDU (John Denker)
Sun Jul 18 21:42:30 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 18 Jul 2004 12:30:28 -0400
From: John Denker <jsd@av8n.com>
To: Enzo Michelangeli <em@em.no-ip.com>, cryptography@metzdowd.com
In-Reply-To: <026e01c46cb0$e50d1420$0200a8c0@em.noip.com>
Enzo Michelangeli wrote:
> Can someone explain me how the "phishermen" escape identification and
> prosecution? Gaining online access to someone's account allows, at
> most, to execute wire transfers to other bank accounts: but in these
> days anonymous accounts are not exactly easy to get in any country,
> and anyway any bank large enough to be part of the SWIFT network
> would cooperate in the resolution of obviously criminal cases.
Good question.
Actually there are two questions we should consider:
a) What are the procedures phishermen are using today,
procedures that they manifestly *can* get away with?
b) Why why why are they allowed to get away with such
procedures?
Here is something of an answer to question (a):
http://www.esmartcorp.com/Hacker%20Articles/ar_Watch%20a%20hacker%20work%20the%20system.htm
The details are a bit sketchy, and maybe not entirely to
be trusted since they come from self-described crooks,
but they are plausible.
Still question (b) remains. The described procedures seem
to be the e-commerce analog of parking your car in a bad
neighborhood with the windows rolled down and the keys in
the ignition. That is, I expect that most people on this
list could easily think of several things the card-issuers
could do that would shut down these attack-procedures,
significantly raising the phishermen's work-factor and risk
of arrest -- without significantly burdening legitimate
merchands or cardholders.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
