Banks, Law Agencies Team Up To Fight PhishingBanks, Law Agencies Team Up To Fight Phishing

A group of businesses and law-enforcement agencies Wednesday announced the establishment of an information-sharing operation to better combat phishing, which is the use of E-mail to solicit personal information that can be used for identity theft and other fraud.

Digital PhishNet aims to provide a single line of communication between industry and law enforcement to compile critical data and provide it more efficiently to investigators. Its supporters include America Online, Digital River, EarthLink, Lycos, Microsoft, Network Solutions, VeriSign, the FBI, the Federal Trade Commission, the U.S. Secret Service, and the U.S. Postal Inspection Service.

Nine leading U.S. banks also are said to be participating, although the names of those banks weren't disclosed. A spokesman for Microsoft speculates that participating banks may be hesitant to advertise that they're targets of phishing scams. Such unwanted attention already has been brought to Citibank, a frequent target for phishers. It's not uncommon to hear IT security professionals say that a company has been "citibanked" when its brand gets hijacked by phishers.

There have been previous efforts between industry and government to collaborate on fighting phishing. In June, MasterCard International Inc. and digital-fraud-detection firm NameProtect Inc. joined forces to fight online fraud, in part by providing information to law-enforcement agencies.

That same month, companies including ABN Amro, AT&T Wireless, Best Buy, Charles Schwab, CipherTrust, DirecTV, E-Trade, Fidelity Investments, GE Access, HSBC, IBM, National City Bank, PostX, the Royal Bank of Scotland, and Siebel System formed the Trusted Electronic Communications Forum for the same reason.

There's also the National Cyber-Forensics & Training Alliance, a cybercrime lab established in 2002. It's supported by funds from federal agencies, businesses, and academic organizations.

Such cooperative action reflects the widespread realization that phishing attacks reflect an increasing level of intensity, sophistication, and organization on the part of criminal hackers.

"The real motivation behind this was trying to come up with a solution to working these cases," explains Stirling McBride, a senior investigator in Microsoft's digital-integrity group. "When I started working on phishing cases about a year and a half ago, it became apparent to me very quickly that we had a very small piece of the puzzle." Upon further investigation, Microsoft learned that some of the phishers pursuing the company's MSN and Hotmail customers also were attacking other companies. "But as long as we only had the data that only related to the MSN and Hotmail pieces, we didn't have a full picture," says McBride. "As we started to talk as an industry, it was very apparent to all that we had to start sharing that data."

As part of the Digital PhishNet program, investigators from participating companies will enter phishing-related data into a database at the National Cyber-Forensics & Training Alliance in Pittsburgh, where FBI analysts will identify trends and pass along significant details to agents.

McBride says that a rapid response is critical. "Phishing sites come up very quickly and disappear very quickly," he says. "Unless law enforcement is brought in at the onset, they oftentimes don't have the ability to react quickly enough."

Law-enforcement agencies have scored some high-profile successes recently, notably the Secret Service's arrest in late October of 28 individuals alleged to be part of a global cyber organized-crime network.

While officials and security experts believe such arrests deter others from similar crimes, criminals may be pursuing a different tactic. According to FBI supervisory special agent Kenneth McGuire, who leads a cybercrime unit in Los Angeles, there's been a large increase in reports of low-level fraud. One strategy for thieves is to conduct many small acts of fraud, since investigators tend to focus on single cases with significant losses.