Anti Phishing embraces Anti Pharming with a Great Report

A picture named phish-dec04.jpgThe Anti Phishing Working Group now includes Pharming on its web site. However, so far it has not changed its name to the “Anti Phishing and Pharming Working Group” – which is definitely a good thing. Anyway, the site says “Pharming uses the same kind of spoofed sites, but uses malware/spyware to redirect users from real websites to the fraudulent sites (typically DNS hijacking). By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince recipients to respond to them.” I think it would be wise to add attacks on DNS itself to this definition.

The Group has posted its report for December 2004, and I give it FIVE STARS. It goes way beyond counting incidents and into analysing trends. Email phishing had a 24% month to month growth rate since August (how's that for a CAGR?). The number of brands attacked grew as well (expanding into new markets, too).

“The number of reported hijacked brands grew again to 55, including nine brands first reported this month, eight of them financial institutions. This brings the total number of brands that have reportedly been hijacked to 131 since the APWG began examining phishing trends and reporting findings in November of 2003.”

A chart named countries.JPG

There is an analysis of hijacked brands by industry sector. as well as a sobering chart pointing to the international dimensions of the problem.

The report includes an examination of a sample malware attack – a significant contribution in helping people understand the attacks to which an identity system will be subjected.

One of the main goals of a unifying identity system for the Internet is to mitigate these attacks. But let's be clear. If it succeeds at this it will become the new prime target of Internet crime. It must be designed from the start to withstand such attacks, using technology flexible enough to evolve faster than that of the attackers.

Put another way, it can be neither an “expedient hack” nor an unchangeable monolith. I've just begun to understand how the metasystem characteristics we have been discussing relate to achieving the flexibility needed by a component which is under continuous and escalating attack. This, in turn, testifies to the wide applicability of the fifth and sixth laws of identity.

Published by

Kim Cameron

Work on identity.