FBI Spearheading Anticrime Initiative Against Phishing
Industry leaders in technology, banking, financial services and online auctioneering have joined forces with international law enforcement agencies to form Digital PhishNet, to tackle criminals "phishing" for online identity theft victims.
The Digital PhishNet initiative creates a single, unified line of communication between industry and law enforcement. It enables both groups to gather and distribute the critical data needed to fight phishing in real time.
Phishing is the all-inclusive term used to describe efforts to deceive consumers into going to phony Web sites through forged or "spoofed" spam e-mails. Once there, consumers unwittingly input personal financial information such as credit card numbers and passwords, because they think they are on a legitimate financial Web site.
Criminal Law Enforcement
Other industry groups have focused on identifying phishing Web sites and sharing case information. Digital PhishNet, however, is the first group to focus on aiding criminal law enforcement and assisting in catching and prosecuting those responsible for committing crimes against consumers through phishing.
Digital PhishNet brings together nine of the top 10 U.S. banks and financial services providers, four of the top five Internet service providers, and five digital commerce and technology companies. The new group also works with top federal and international law enforcement agencies.
Supporters of Digital PhishNet include America Online, Digital River, EarthLink, Lycos, Microsoft, Network Solutions, VeriSign, the Federal Bureau of Investigation (FBI), the Federal Trade Commission (FTC), the U.S. Secret Service (USSS) and the U.S. Postal Inspection Service (USPIS). More information can be found at http://www.digitalphishnet.org.
"The key to stopping phishers and bringing them to justice is to identify and target them quickly," said Dan Larkin, unit chief at the FBI's Internet Crime Complaint Center (IC3). "Phishers create and dismantle these phony sites very, very fast, stockpiling credit card numbers, pass codes and other personal financial information over the course of just a couple of days, in order to avoid detection.
He said Digital PhishNet is a powerful response to this type of online fraud because it facilitates critical data collection between a large number of the targets of these crimes. This information pipeline will let law enforcement agencies identify phishers before they have time to disappear back into the anonymity of cyberspace.
Participants in Digital PhishNet are actively and aggressively seeking out phishing Web sites and identifying the origins of the spam e-mails designed to deceive consumers into visiting these phony Web sites.
One of the goals of the new anti-phishing group is to change the focus away from categories of online crime activities.
"Phishing as a type of online fraud has been around for only 11 months. It already has redefined itself several times," Christopher Babel, vice president for managed security services at Verisign, told the E-Commerce Times. "Focusing on the definition of the crime is missing the point," he said.
The new approach will focus the efforts of law enforcement agencies on getting results. Participants are looking at how to interact with one another to get the job of stopping online fraud done.
"This method of online identity fraud is in its early stages of development. So is finding the solution," Babel said.
Turf War Shunned
The FBI's Larkin downplayed criticism that the Digital PhishNet Initiative will lead to fragmentation and in-fighting among the international members.
While some agencies might shun the involvement of the FBI, the bureau isn't flaunting itself as the lead entity.
Larkin said the FBI has extended an invitation to the U.S. Secret Service and U.S. Postal Service and the Federal Trade Commission (FTC) to join the initiative.
The combined effect, Larkin said, is to maximize resources so that together all the agencies can present a coordinated level of law enforcement against ID theft.
"A turf war could be a concern," Verisign's Babel said. "Only time will tell. But there is no sign of such trouble yet."
"We want to minimize the turf war aspects. We are portraying this as a joint effort," Larkin told the E-Commerce Times.
The Digital PhishNet initiative has already netted some early successes in catching the bad guys, Larkin said.
One success was the cracking of several West African reshipping schemes. "But that part of the world is still a major part of the phishing part of the ID theft problem," Larkin said.
Other successes involved the operation dubbed Slam Spam Initiative. This investigation probed the sources of spam.
"We learned some key things about how spammers are working," Larkin said. "We are connecting the dots and putting together our best efforts to solve the spamming problem."
He said the FBI and others in the Digital PhishNet group have already been to Nigeria to conduct training of that country's law enforcement agencies. Similar visits to European spam centers were recently completed.
Larkin said the organization will be going to Russia next for group training. Digital PhishNet also will tackle resources in some Far East countries.
"Our international outreach is producing unprecedented results that were not available before," Larkin explained.
Strong Industry Backing
Leaders of key companies in the banking and computing industries have registered their support for Digital PhishNet's efforts.
"Phishers are the street muggers of the digital age, using computers instead of weapons to steal financial information and identities from innocent people," Tatiana Platt, chief trust officer and senior vice president for Integrity Assurance for America Online, said. "Just like their street criminal brethren, phishers should be tracked down, arrested and locked away, and AOL is pleased to work with law enforcement agencies through Digital PhishNet to help bring them to justice."
Clearly, Digital PhishNet supporters are placing online criminals on notice. As Les Seagraves, chief privacy officer and assistant general counsel for EarthLink, sees it, Digital PhishNet is putting scammers and spoofers on notice.
"We're coming after you with the full force of industry and federal law enforcement combined. Working in cooperation with Digital PhishNet will greatly help us in our efforts to protect consumers and bring cybercriminals to justice," Seagraves said.