Monday, May 14, 2007

RSnake and the phisherman

RSnake has a very interesting interview with a phisher on his blog.

There are a number of obviously interesting points - the high level of password re-use, the price that accounts can get, and that the anti-phishing technologies are starting to become annoying to the professional thief. I'm sure I'll be seeing the blog post quoted in more than one Powerpoint presentation this year.

What stood out to me, however, is why lithium got started - he saw an opportunity in the spam email his parents were receiving and thought that he could do it better. That's how many entrepreneurs get started, and is, in many ways how technical folks tend to think. This creates an arms race for technical superiority.

Where does RSnake's article leave us? I think it reminds us to remember that a lot of today's hacking world is built on a profit motive. While a certain crowd is definitely still in it for the fame, the more serious threats are from people who make their living stealing cycles, identities, and money.

Or, to put it another way...they get paid to do this. Is your organization treating external threats like they are professionals?

No comments: