Law Enforcement Doing Its

By Dennis Fisher  |  Posted 2005-03-07 Print this article Print

Best"> Law enforcement officials said theyre doing the best they can under the circumstances. "The sites come and go really fast. We usually target an informant or look for data on an attack in one of the Internet groups where we have people," said the Secret Services Johnson. "Its tough to track. Were making a lot of inroads with international prosecution, but there are countries where we dont have agreements. Then we have to have a dialogue to educate law enforcement," Johnson said.

In one of the few phishing-related arrests in recent months in the United States, law enforcement officials in Massachusetts took down Andrew Schwarmkoff, a suspected member of a Russian organized-crime group who is charged with running an extensive and profitable phishing scheme.

When he was arrested in October, Schwarmkoff was found with about $15,000 in cash, several thousand dollars worth of stolen merchandise and personal data belonging to more than 100 victims, according to law enforcement authorities.

Such cases have the attention of legislators. Congress has introduced a series of bills this year targeting online identity theft. Last week, Sen. Patrick Leahy, D-Vt., launched legislation aimed at phishing. The ranking Democrat on the Senate Judiciary Committee said wire fraud and ID theft laws are not adequate in this battle because they depend on someone being defrauded first, and phishing scams are often too difficult to track once a victim is identified. The Anti-Phishing Act of 2005 would criminalize fraudulent Web sites created for the purpose of crime.

Meanwhile, federal law enforcement agencies have begun working with private organizations in a bid to respond more quickly to new attacks. One such group is the Internet Crime Prevention & Control Institute, a cooperative effort between Zero Spam Network Corp. and the University of Miami. Staffed by Miami undergraduate and graduate students and Zero Spam employees, the ICPCI works closely with the Secret Services Electronic Crimes Task Force and ISPs in the United States and abroad to identify and block traffic to machines hosting phishing sites.

Click here to read about the Phish Report Network, a planned Phishing early warning service. Bill Franklin, president of Zero Spam, in Coral Gables, Fla., and his team at the ICPCI, also in Coral Gables, often work directly with CERT teams and service providers in countries such as China, South Korea and Brazil to choke off traffic flowing to phishing sites. Because many scam sites are hosted by tiny ISPs in remote areas, its often faster and simpler to locate the peering points of the service provider that hosts a phishing site and ask the ISP to block the site, Franklin said. Security teams and most ISPs in foreign countries have proved cooperative and effective at taking down phishing sites, he said.

"Six or eight months ago, it might take 10 or 14 days to get a site taken down, and by then the damage was done," said Franklin. "Now, I can get someone on the phone any time of the day or night who knows who I am and what to do. We can have sites down in a few hours."

Blocking traffic or taking sites down is one thing, but finding and prosecuting those responsible for the scams is the real goal, and that has proved difficult. But despite the continued flood of phishing e-mails, the Secret Services Johnson is optimistic that the problem may have peaked. "I think a lot of people have reached the conclusion that it will go away once everyone is educated," Johnson said. "Its starting to taper off in terms of success rate."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel