ebook img

Phishing : cutting the identity theft line PDF

320 Pages·2005·4.816 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Phishing : cutting the identity theft line

01_584987 ffirs.qxd 3/30/05 7:12 PM Page iii Phishing Cutting the Identity Theft Line Rachael Lininger and Russell Dean Vines 01_584987 ffirs.qxd 3/30/05 7:12 PM Page iv Phishing: Cutting the Identity Theft Line Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN 13: 978-07645-8498-5 ISBN 10: 0-7645-8498-7 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1B/RZ/QU/QV/IN No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copy- right Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty:The publisher and the author make no repre- sentations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fit- ness for a particular purpose. No warranty may be created or extended by sales or promo- tional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in ren- dering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an orga- nization or website is referred to in this work as a citation and/or a potential source of fur- ther information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, read- ers should be aware that Internet websites listed in this work may have changed or disap- peared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Cataloging-in-Publication Data: Available from the Publisher Trademarks: Wiley, the Wiley Publishing logo and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. 01_584987 ffirs.qxd 3/30/05 7:12 PM Page vii About the Authors Rachael Lininger works as a technical writer in the information security department of a major U.S. financial institution. She has documented too many phishing cases to count. While writing this book, Rachael has become increasingly paranoid and expects to soon change her name, move to a remote island nation, and build a house out of tinfoil. Rachael was born in Anchorage, Alaska, and now lives in Minneapolis, Min- nesota. She is not, however, pining for the fjords. Russell Dean Vines, CISSP, CISM, Security +, CCNA, MCSE, and MCNE, is president and founder of The RDV Group Inc. (www.rdvgroup.com), a New York–based security consulting services firm. He has been active in the pre- vention, detection, and remediation of security vulnerabilities for interna- tional corporations, including government, finance, and new media organizations, for many years. Mr. Vines is a specialist in cyber-counterterror- ism, recently focusing on energy and telecommunications vulnerabilities in New York State. He holds high-level certifications in Cisco, 3Com, Ascend, Microsoft, and Novell technologies and is trained in the National Security Agency’s ISSO Information Assessment Methodology. He has headed computer security departments and managed worldwide information systems networks for prominent technology, entertainment, and nonprofit corporations based in New York. He is the author of six bestselling information system security pub- lications, and is a consulting editor for John Wiley and Sons for its information security book series. Mr. Vines’ early professional years were illuminated not by the flicker of a computer monitor but by the bright lights of Nevada casino show rooms. After receiving a Down Beat magazine scholarship to Boston’s Berklee College of vii 01_584987 ffirs.qxd 3/30/05 7:12 PM Page viii viii About the Authors Music, he performed as a sideman for a variety of well-known entertainers, including George Benson, John Denver, Sammy Davis, Jr., and Dean Martin. Mr. Vines composed and arranged hundreds of pieces of jazz and contempo- rary music recorded and performed by his own big band and others. He also founded and managed a scholastic music publishing company and worked as an artist-in-residence for the National Endowment for the Arts (NEA) in com- munities throughout the West. He still performs and teaches music in the New York City area and is a member of the American Federation of Musicians Local #802. 01_584987 ffirs.qxd 3/30/05 7:12 PM Page ix Credits Executive Editor Vice President & Executive Group Carol Long Publisher Richard Swadley Senior Development Editor Jodi Jensen Vice President and Publisher Joseph B. Wikert Technical Editor Russell Dean Vines Project Coordinator Erin Smith Production Editor Gabrielle Nabi Quality Control Technicians Leeann Harney Copy Editor Susan Moritz Foxxe Editorial Services Brian H. Walls Editorial Manager Proofreading and Indexing Mary Beth Wakefield TECHBOOKS Production Services ix 02_584987 ftoc.qxd 3/30/05 7:12 PM Page xi Contents About the Authors vii Introduction xxi Chapter 1: Phishing for Phun and Profit 1 Why Go Phishing? 5 It’s Everyone’s Fault 7 Terms 8 Phishing Scams 9 What Happens in a Phishing Attack 10 Who Is Doing the Phishing? 13 Script Kiddies 13 Serious Crackers 14 Organized Crime 14 Terrorists 15 Where They Come From 15 Who Is Targeted? 17 End Users 17 Businesses 17 Phishing Paraphernalia 18 Compromised Boxes 19 Free Email Accounts 20 The Other Kind of Phishing 20 Account Fraud and Identity Theft 21 Account Fraud 21 How Easy Is It to Steal My Identity? 22 Why Phishing Isn’t Going Away 23 xi 02_584987 ftoc.qxd 3/30/05 7:12 PM Page xii xii Contents Chapter 2: Bait and Switch: Phishing Emails 25 Spam! Wonderful Spam! 25 Bulk Mail 27 Legal Considerations 28 How to Send Spam 28 Where to Send Spam 30 HTMLEmail 35 How to Avoid Spam Filters 40 Break Up the Trigger Words 40 Use Filler Text 43 Hide the Spam 45 How to Fool a Phish 46 Spoof a Brand 47 Suggest Urgency 48 Fake a From: Address 50 Spoofed Senders 51 Near-Miss Domain Names 52 Webmail Addresses 52 Your Name and Number 53 Links 54 Basic HTMLLinks 54 JavaScript Rollovers 57 Image Maps 58 All-in-One Phishing Emails 59 Chapter 3: False Fronts: Phishing Websites 61 Phishing Servers 61 How to Take Over Computers 62 Which Computers to Take Over 62 What to Do Once You’re In 64 One Site, Two Sites 64 It’s Not Dead, It’s Resting! 65 Saving Information 66 Looking Good 66 Stealing Source Code 67 Progressions of Screens 70 Well-Placed Error Messages 75 Links Back to the Original Site 76 Disabling Right-Click 77 URLSpoofing 78 Popups 79 Address Bar Spoofing 79 Popups in Front of the Legitimate Website 82 Popups for Verisimilitude 84 Confusion 85 Near-Miss Domain Names (Again) 85 Bare Naked IPAddresses 86 User Authentication Confusion 86 02_584987 ftoc.qxd 3/30/05 7:12 PM Page xiii Contents xiii Vulnerabilities 87 Identifying Browsers 87 Internet Explorer 90 Other Browsers 91 Public Key Encryption, Certificates, and SSL 93 Public and Private Keys 93 Certificates 94 Secure Sockets Layer 95 Phishing for Certificates 99 Address Poisoning 100 DNS Poisoning 100 There’s No Place Like 127.0.0.1 101 Fooling the Postman 103 Chapter 4: Are You Owned? Understanding Phishing Spyware 105 Spyware Central 106 Common Spyware Uses 107 Advertising and Marketing 107 Governmental Monitoring 107 Corporate Monitoring 107 Child Monitoring 108 Criminal Cracking 108 Spyware Types 108 Adware 109 Keyloggers 109 Hijackers 116 Trojan Horses 117 Phone Dialers 118 Web Bugs 118 Spambots 119 Bogus Spyware Removal Programs 119 Not on My Machine: How You Get Spyware 120 Hot and Fresh to Your Door 121 Spyware versus Viruses 122 The Pop-Up Download 122 The Drive-By Download 123 Symptoms of a Spyware Infection 123 Attack Vectors 124 Email 125 Blacklist 125 Whitelist 125 Deception Schemes 126 Social Engineering 126 Counterfeit Websites 127 Naming Names: An Overview of Some Specific Spyware 127 Browser Hijackers and Redirectors 127 CoolWebSearch 128 Xupiter 128 Submithook 128 02_584987 ftoc.qxd 3/30/05 7:12 PM Page xiv xiv Contents Adware Trackers and Pop-Up Distracters 128 Downloader.GK 129 Gator Advertising Information Network 129 Bogus Adware Removers 130 Email Relay Trojans 130 As the Worm Turns 131 Multistage and Blended Threats 131 JS/QHosts21-A 131 Scob 132 WebMoney Trojan 133 Grams – E-Gold Account Siphoner 133 Department of Odd Exploits 134 Chapter 5: Gloom and Doom: You Can’t Stop Phishing Completely 135 Who Is Responsible? 136 Phish 136 Spoofed Nonfinancial Institutions 136 Financial Institutions 137 Government 138 The Internet Is Broken 139 Mutual Authentication Is Not Possible 142 The Domain Name System Is Fragile 143 Major Infrastructure Changes Happen Slowly 144 The Credit System Is Broken 145 Time Out 145 Marketing, Marketing, Marketing 146 Why Phishing Won’t Go Away 146 Man-in-the-Middle 148 Answers? 149 Educating Users 149 Using Prosecution as a Deterrent 150 Using the Profit Motive 150 Chapter 6: Helping Your Organization Avoid Phishing 151 Interacting with Customers 152 Email 152 Standard Customer Communication Policy 152 Email Authentication Systems 155 Web 159 JavaScript 160 Cross-Site Scripting Flaws 161 User-Agent Strings 161 Client-Side Solutions 163 Authentication 163 Two-Factor Authentication 163 European Solutions 166 02_584987 ftoc.qxd 3/30/05 7:12 PM Page xv Contents xv Toolbar Mania 170 SpoofStick 171 EarthLink Toolbar 171 eBay Toolbar 174 Google 175 Netcraft 177 Much, Too Much, Toolbar 178 Server-Side Solutions 179 Images 179 Near-Miss Domains and Webjacking 180 Sharing Information 180 IETF Draft Proposals 180 Info Groups 181 Anti-Phishing Working Group 181 Digital PhishNet 182 Internet Crime Prevention & Control Institute 182 Law Enforcement and Federal Agencies 182 Apres-Phish 183 Identity-Scoring Systems 183 Fair Isaac 183 ID Analytics 184 Problems with Identity-Scoring Systems 184 Other Fraud-Alerting Products 184 Intrusion Detection Systems 185 Honeypot Systems 185 Honeypot Issues 186 Dealing with Customers 186 Due Diligence 186 Privacy and the Law 187 Gramm-Leach-Bliley 187 Sarbanes-Oxley 188 The Data Protection Act and 95/46/EC 189 HIPAA 189 Chapter 7: Fighting Back: How Your Organization Can Respond to Attacks 191 Putting Together an Attack Response Plan 192 Liability 192 Monitoring and Auditing 193 Incident-Handling Capability 194 Computer Incident Response Team 194 Conducting an Investigation 195 Evidence 195 Evidence Admissibility 196 Forensic Evidence Handling and Preservation 196 Phishing Response 197 Find the Bad Servers 198 Find Out Who’s Responsible 198

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.