Private Sector, Feds Team Up Against Phishing

When phishing emerged as a serious problem in 2003, many law enforcement agencies were caught off guard.

When phishing emerged as a serious problem in 2003, many law enforcement agencies were caught off guard. The Internet boom had spawned special task forces staffed with investigators trained in electronic crimes, but these teams were uniformly understaffed and overburdened.

As a result, the FBI and the Secret Service have relied on the private sector for a great deal of help in tracking down phishing sites and taking them offline. The Internet Crime Prevention & Control Institute, a joint project of the University of Miami and Zero Spam Network Corp., has been working with federal authorities for nearly a year on this task and has seen its share of success.

/zimages/6/28571.gifHow big a business has phishing become? Click here to find out.

In one case last month, ICPCI staffers began seeing phishing messages seeking donations to help victims of the Asian tsunami. The messages were trading on the name of a Portland, Ore., charity known as Mercy Corps.

Within a few hours, the ICPCI, of Coral Gables, Fla., had contacted the charity to alert officials to the problem and talked with the Secret Service, which turned the case over to the FBI. The charitys general counsel sent messages to all its donors warning them about the fake e-mails.

The Portland FBI field office then got involved, and agents arrested a suspect a few days later in Pittsburgh. Matthew Schmieder, 24, an unemployed painter, faces fraud charges for allegedly sending approximately 800,000 e-mails soliciting donations in Mercy Corps name.

Such quick results are rare, however, for several reasons.

"The feds have a prosecution-driven culture, so a crime has to be committed for them to get involved. And there are more economic crimes of a sizable nature than there are resources," said Bill Franklin, president of Zero Spam, also in Coral Gables. "Were usually trying to stop it before theres a loss, and thats hard for them to justify devoting resources. Its not the Secret Services primary mission."

Although every Secret Service agent now receives electronic crimes training, the number of agents assigned to one of the task forces at any given time is small. And agents are often transferred to handle other assignments, such as protective details.

"Everyone gets training now, and we all have a level of familiarity with Internet crime. But were trying to step up the level of training for some of the agents, as well as state and local law enforcement agencies," said Larry Johnson, special agent in charge of the Criminal Investigative Division at the Secret Service, in Washington.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.