Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cybercriminals Create 57,000 Fake Sites Each Week

CmdrTaco posted more than 4 years ago | from the because-they-can dept.

Crime 77

wiredmikey writes "In a recent investigation, it was discovered that cybercriminals are creating 57,000 new 'fake' websites each week looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. Banks comprise the majority of fake websites by far with 65 percent of the total. Online stores and auction sites came in at 27 percent, with eBay taking the spot as the No. 1 most targeted brand on the Web today."

Sorry! There are no comments related to the filter you selected.

Sure... (2, Funny)

mathmatt (851301) | more than 4 years ago | (#33522636)

Yeah but most of them just link to http://www.youtube.com/watch?v=oHg5SJYRHA0 [youtube.com]

Re:Sure... (2)

interkin3tic (1469267) | more than 4 years ago | (#33523076)

Is there a way someone could flood these websites with fake credit card numbers that when the scammers try to buy something with it, they get rickrolled? Like Mr. Douchebag scammer takes his girlfriend out for a nice steak dinner using a credit card he, er, downloaded or something from us, and then he goes to pay for it and the waiter swipes the card, and then the fancy music playing in the background screeches to a stop, and "Never gonna give you up" starts playing, and everyone laughs at him, and his girlfriend leaves with another dude...

I'm not the most technically gifted person on slashdot, if someone else knows how to make this happen...

Re:Sure... (0)

Anonymous Coward | more than 4 years ago | (#33523450)

I dont believe it. Does anyone have a URL to one of these scam sites because I just did a search on www.goggle.co.ru and didn't find any.

Re:Sure... (1)

pyrosine (1787666) | more than 4 years ago | (#33524068)

Seems natural considering goggle.co.ru doesnt point to anything

Re:SteakRolled (1)

TaoPhoenix (980487) | more than 4 years ago | (#33525806)

It's a piece of ...uh... Steak to do this. The scanner has to have an "invalid #" error code. Then the employee just presses three buttons on the sound system.

As usual, this won't happen for a few years for "social" reasons - until some really snarky hip young-person's bistro in NYC does it.

Re:Sure... (1)

seeker_1us (1203072) | more than 4 years ago | (#33526840)

There used to be a site, i think it was called phishfigthers, which would do just this. It was just some guys who got pissed off at scammers and set it up: they didn't charge anything. You could go to the site, submit the faked url, and their scripts would test it, and see if it took fake logins/credit cards/social security numbers/etc (fake sites back then typically would just take any crap you typed in, if it fit the regexp, and assumed you typed it in right). If so, they would flood it for a while. They shut down years ago though: they couldn't afford to keep it open.

Is there a way someone could flood these websites with fake credit card numbers that when the scammers try to buy something with it, they get rickrolled? Like Mr. Douchebag scammer takes his girlfriend out for a nice steak dinner using a credit card he, er, downloaded or something from us, and then he goes to pay for it and the waiter swipes the card, and then the fancy music playing in the background screeches to a stop, and "Never gonna give you up" starts playing, and everyone laughs at him, and his girlfriend leaves with another dude...

I'm not the most technically gifted person on slashdot, if someone else knows how to make this happen...

ISP (1)

ezwip (974076) | more than 4 years ago | (#33524240)

I receive at least one email a month from someone posing as my ISP. They'll spoof the name like supportcomcast.net instead of comcast.net and attempt to solicit information. They can get pretty elaborate. The last one actually had a guy hiding behind the chat program pretending to be support. He needed information due to an audit of my email account. I was bored and kept him on the thing for about 30 minutes laughing at him.

Simple searches should fix this (0)

Anonymous Coward | more than 4 years ago | (#33522640)

If you prioritize Google and Bing to look at and monitor those new sites, wouldn't it be trivial to search for those company names and alert the ISP to revoke the site?

Re:Simple searches should fix this (1)

oldspewey (1303305) | more than 4 years ago | (#33522692)

That's useful to some degree, but it doesn't solve the problem [wikipedia.org] .

Re:Simple searches should fix this (1)

Peeteriz (821290) | more than 4 years ago | (#33523072)

Still, it's something that these big companies can arrange - it would take something like an hour every morning for an intern to do, and even if it would reduce the uptime of these sites by 10%, it would be worth it.

Re:Simple searches should fix this (1)

dingbatdr (702519) | more than 4 years ago | (#33527754)

By that argument, no laws should ever be enforced because new criminals will appear to replace the old.

Re:Simple searches should fix this (1)

IBBoard (1128019) | more than 4 years ago | (#33531570)

I did wonder whether some kind of "deposit" is the way to go (increase the price of a domain name, but get most of it back at the end of a year so that it costs you the same as now). That'd make domain registrations for these sites more of a burden for them, but it'd also make it more of a burden for people like me who run hobby sites and who don't necessarily have extra money to spare. It'd also just move the "whac-a-mole" game to subdomains instead (which I've seen more than a few of).

Not. Your. Private. Army. (0)

Anonymous Coward | more than 4 years ago | (#33530308)

If you want someone to monitor websites, goto 4Chan.

Besides, search-engines are Moochers just like their end-users: they both steal content and will be shut-down eventually like MySpace and Friendster as soon as another drug replaces the middle-man like Chat over CBRadio.

Yawn (0)

Anonymous Coward | more than 4 years ago | (#33522654)

First.

Now, when they talk about how much information humanity creates every year, don't be so awed: a lot of it is this useless junk.

Probably not all that hard to do . . . (1)

spamking (967666) | more than 4 years ago | (#33522662)

57,000 sounds like a lot of sites, but when they more than likely all use a few of the same templates it isn't that difficult to accomplish.

Re:Probably not all that hard to do . . . (1)

Darkness404 (1287218) | more than 4 years ago | (#33522694)

Well, its not just one person and one organization its multiple people all across the world so I don't see why the number would be surprising.

Re:Probably not all that hard to do . . . (1)

spamking (967666) | more than 4 years ago | (#33523668)

I know there are multiple people involved. I actually figured it would be higher.

Re:Probably not all that hard to do . . . (1)

PocariSweat1991 (1651929) | more than 4 years ago | (#33524260)

I'm a drupal developer, and I agree.

Sweet (1)

The MAZZTer (911996) | more than 4 years ago | (#33522668)

I don't use any of the listed services*, I'm not being targeted!

* - Before you ask, yes, except for the IRS. But there's not much I can really do about that one.

Re:Sweet (1)

The MAZZTer (911996) | more than 4 years ago | (#33522680)

Addendum: Actually I was thinking of taxes when I saw "IRS". I've never actually dealt with them apart from filling out my tax forms and having my tax automatically deducted from my pay. Just to clarify *cough*.

IRS scam (1)

AnonymousClown (1788472) | more than 4 years ago | (#33522752)

The way the IRS one works is that you get a spam email with an attachment. You click on the attachment which brings you to a site that looks just like the IRS'. It then asks for bank accounts, credit cards, debit cards, SSN, DOB, adresses, names, etc... everything needed to rob you blind.

The IRS pretty much doesn't give a shit - they're pretty blaze about it when contacted.

Like everything with the internet:

ALL spam emails are scams. That's what I tell people when they ask about this shit.

Re:IRS scam (1)

noidentity (188756) | more than 4 years ago | (#33522826)

The way the IRS one works is that you get a spam email with an attachment. You click on the attachment which brings you to a site that looks just like the IRS'. It then asks for bank accounts, credit cards, debit cards, SSN, DOB, adresses, names, etc... everything needed to rob you blind.

The IRS pretty much doesn't give a shit - they're pretty blaze about it when contacted.

Just remind them that they won't be able to take the money if the other guy already took it.

Re:IRS scam (1)

Even on Slashdot FOE (1870208) | more than 4 years ago | (#33523352)

I think you are assuming they care. Typically, you owe what you owe, regardless of being robbed. If this means they garnish your wages, they do.

Re:IRS scam (0)

Anonymous Coward | more than 4 years ago | (#33537054)

Can I get a reward for turning in the scammers? I bet the IRS is salivating at the thought of all the scammers' unreported income.....

Re:IRS scam (0)

Anonymous Coward | more than 4 years ago | (#33523418)

I think they wills till take it regardless of the current possession; honestly they like this better, then they can tax the guy that stole it too ;)

Re:IRS scam (1)

noidentity (188756) | more than 4 years ago | (#33532524)

Hahaha you're totally right. (A+B)*0.50 = (A-5 + B+5)*0.50

Re:Sweet (1)

oldspewey (1303305) | more than 4 years ago | (#33522760)

I've seen some pretty obscure phish attempts - including some service providers I use that I would have never thought were "big" enough to be worth targeting.

Cost? (1)

mandelbr0t (1015855) | more than 4 years ago | (#33522710)

It is interesting that 57,000 sites can be created per week at a cost which still allows for a profit. I know that some of these sites are created using phishing kits, but does every one of these 57,000 sites represent an individual effort? TFA doesn't give any details of how such high numbers of fake sites are created, but I would expect that a large number of them are programmatic variations of the same site, hosted on different machines/networks. How many people are actually employed by the phishing con game?

Re:Cost? (1, Insightful)

DriedClexler (814907) | more than 4 years ago | (#33522816)

Oh, I am completely sure that this isn't profitable, because registrars and ICANN would crack down on it immediately, and credit card companies would quickly reverse fraudulent puchases made on these websites, and then pass on the fraudsters' information to law enforcement, allowing them to swiftly shut down these operations.

*jerk-off gesture*

Re:Cost? (1)

Anonymous Coward | more than 4 years ago | (#33522972)

Unfortunately, U.S. law enforcement does not currently have the jurisdiction to take down an operation based out of, say, eastern Europe.

My credit card company's been pretty quick about those chargebacks, though; maybe you should find a better one?

Re:Cost? (1)

John Hasler (414242) | more than 4 years ago | (#33523328)

Oh, I am completely sure that this isn't profitable, because registrars and ICANN would crack down on it immediately...

If there was a $10 cash in advance initial fee for a domain and a five-day wait before activation...

...and credit card companies would quickly reverse fraudulent puchases made on these websites...

They will, but how many people ask? Even if 90% of charges fail to stick many of these scams could be profitable. How many people bother to ask that the charge be canceled when it's only $9.00?

...and then pass on the fraudsters' information to law enforcement...

They will provide the information if asked. It is up to the victims to file complaints and to law enforcement to investigate. Why don't they?

Re:Cost? (1)

Nadaka (224565) | more than 4 years ago | (#33523714)

$14.74 but yes, I did.

I got it with 4 such charges from two different companies right before the $14.74 credit card scam ring in Spain got nabbed.

I reversed all 4, two from one company stayed reversed but the other two required me to contest, I have no idea how it will turn out.

I don't know exactly where they got my cc number, possibly from a gas station, fast food place or an online training/certification site I spent money on for my now ex fiances funeral service study books/national boards exam.

Re:Cost? (1)

cdrguru (88047) | more than 4 years ago | (#33525362)

Every time you use a credit card you should assume that someone in the back room is writing it down. Why? Because it is worth as much as $0.50. So if you are a waiter in a restaurant and can grab 100 credit card numbers a week that is like $50 in your pocket.

If you get caught, well, it wasn't that great a job anyway now was it?

One of my cards gets "borrowed" in this way every year. Sometimes the cards are used for purchases in the US, sometimes not. Sometimes they are for easily cancelled items online, sometimes the merchant gives the guy the merchandise and loses out. Most large stores have insurance for this kind of thing so they never lose anything.

Just a cost of doing business to the credit card companies. They will not prosecute because they think it is really bad form to have their customers arrested. Why they think someone committing a criminal act with a stolen credit card number is "their customer" I have no idea, but that seems to be the thinking.

You can't fight it and there is no "winning" in this. Live with it and cancel the purchases. I have never had a problem getting the charges removed. And like I said above, it happens to me a lot.

Re:Cost? (1)

Bigbutt (65939) | more than 4 years ago | (#33526576)

Well, they're not really putting the site on a new domain but one some guys Windows box that's now part of some botnet.

The botnet masters are warring to put up sites and take down sites on other botnet managed systems so that's why there are 57,000 per week.

Since they're linking to images from the real sites, they only need a bit of text also hijacked from the site. The answer is saved in a bit of data which the botnet masters retrieve at their leisure.

I image there's some guy in China with a 30" monitor watching credentials scroll by rubbing his hands.

[John]

Battle.net (4, Informative)

ildon (413912) | more than 4 years ago | (#33522754)

I'm honestly surprised that battle.net or World of Warcraft didn't make the top 10. Anyone who's been targeted by their phishing mails is probably familiar with domain names like "battle-auth-blizzard.com"

Re:Battle.net (1)

MetalPhalanx (1044938) | more than 4 years ago | (#33523516)

More often, WoW players are targeted in game, via in game mail, trade chat spam, whisper spam/phishing attempts, and lately on my server, the spammers have actually been running 25+ identically dressed characters into SW and arranging them into URLs and/or gold site names. I don't think I've ever received an actual email that was a WoW related phishing attempt. What amuses me is how broken the english usually is in these attempts, as if people wouldn't clue in that "Blizz SLECT U FROM ALL GAME PLAYS. U WIN FREE UNICORN-HORSE!!! Claim at " isn't from blizzard.

Re:Battle.net (1)

Nidi62 (1525137) | more than 4 years ago | (#33523672)

Ironically, in my server, the gold farmers advertising in trade chat generally have better spelling and grammar than the majority of players talking in trade chat.

Re:Battle.net (1)

Wiarumas (919682) | more than 4 years ago | (#33523674)

Yeah, I've seen the dead bodies in Orgrimmar as well. However, last night, they somehow made the dead bodies levitate vertically in the air like a 3D graphic. It was pretty wild - no idea how they did it. Annoying, but innovative.

Re:Battle.net (1)

Dexter Herbivore (1322345) | more than 4 years ago | (#33523732)

The client reports to the server the positioning of the character... fairly easy to hack if you know what you're doing. Seen the "underground hackers" yet, or are you on a low pop server?

Re:Battle.net (1)

WuphonsReach (684551) | more than 4 years ago | (#33529188)

The client reports to the server the positioning of the character... fairly easy to hack if you know what you're doing. Seen the "underground hackers" yet, or are you on a low pop server?

It's doing wonderful things in PvP like Arenas as well. Lots of PvP folks using hacked clients to move faster, or warp around to get out of line of sight. Fun times.

This nonsense has been going on for over a year now - Blizzard has done nothing.

Re:Battle.net (1)

ildon (413912) | more than 4 years ago | (#33523812)

I know people who have never even played WoW or have mail accounts that were never associated with WoW who sometimes get onto these phishing mailing lists. You're lucky if your mail accounts are still safe from this spam (or perhaps your ISP or spam filters are just better than mine).

In my experience, the in-game scamming has been greatly reduced to the point where I almost never receive tells. Yet I have one email account that sometimes receives multiple phishing mails per day, including ones for Aion (which I've never even played). Every single one has a different fake domain, and every domain is registered in China.

Re:Battle.net (1)

TheLink (130905) | more than 4 years ago | (#33523818)

Maybe they only want the really stupid victims? There are benefits from that approach you know, as long as there are enough candidates in that category.

So far there appear to be no shortage of stupid and ignorant people.

Re:Battle.net (3, Interesting)

cygnwolf (601176) | more than 4 years ago | (#33523900)

I think the wow ones that maybe work are the ones that say "Battle.Net account alert" or something to that effect, look kind of official and say things to the effect of 'Your account is under investigation for XYZ Reasons, if you want to contest these reasons, pleas visit your account page to contest this or else your account will be suspended," and then have 'links' to 'account management' login pages that catch your e-mail. 'course, my account had been turned off for years before I got the first one like this, and I keep getting more and more of them. I just forward them all unread to hacks@blizzard.com . Ironically enough, I keep tripping yahoo mail's spam filter when I forward more than two or three a day and then they lock down my ability to send mail

Re:Battle.net (1)

Jurily (900488) | more than 4 years ago | (#33524814)

I just forward them all unread to hacks@blizzard.com .

If you can't be bothered to read your own mail, why would they? Chances are, they know about the problem anyway.

Re:Battle.net (1)

Whyte Panther (868438) | more than 4 years ago | (#33525810)

Because Blizzard asks their playerbase to forward these e-mails for verification, and to help them locate the bogus sites and get them shut down. I'm getting these myself (although my B.net account is now on a different e-mail address), and they all have different bogus websites. While they know there's a problem, they still need to know where the new problems are.

Re:Battle.net (1)

cygnwolf (601176) | more than 4 years ago | (#33525840)

It's not that I can't be bothered, it's that I already know what it is without opening it and opening it would only be an unnecessary risk. I also know that they expressly say on their website to forward suspected phishing messages to that address so that they can do something about it.

Re:Battle.net (1)

flowwolf (1824892) | more than 4 years ago | (#33531830)

Okay, say you're fighting a war, and you constantly have no people telling you about the same problem.. the enemy. These reports are all slightly different yet amount to the same problem: The enemy is killing your dudes. Do you tell these people to stop bringing you all these reports of dudes getting killed? That would be bad strategy in my opinion. Blizzard requires it's player base to be their eyes and ears when it comes to these kind of scams. They wouldn't have much to go on without that email account. Personal email addresses are another thing. I ignore emails all the time that look unimportant. I never asked for them. The ones I am expecting to receive I'll read.

Re:Battle.net (1)

antdude (79039) | more than 4 years ago | (#33525524)

Not just Blizzard, also NCsoft. I got one yesterday morning with http://www.aion-account-ncsoft.com/ [aion-account-ncsoft.com] (already submitted and seems to be down now) for Guild Wars 2 beta. http://www.urlvoid.com/ [urlvoid.com] only showed two of them when it checked yesterday morning, and still is two today. These sites come fast and go fast. :(

Folks just using it (0)

Anonymous Coward | more than 4 years ago | (#33522828)

Ebay has always been shit for customer service and being targetted like this. The customers never catch a break.

Just goes to show you... (1)

Orga (1720130) | more than 4 years ago | (#33522876)

How many other potential sources of news /. submitters are missing.

around 6% (1)

zero0ne (1309517) | more than 4 years ago | (#33522938)

Assuming a "site" == new domain, that would give us roughly 6%* of the registered domains per week are used for phishing...

Curious what the percentage is for porn sites

* using these statistics. [domaintools.com]

Re:around 6% (1)

mcgrew (92797) | more than 4 years ago | (#33526068)

93.9%?

Is someone working on fixing this? (3, Insightful)

kheldan (1460303) | more than 4 years ago | (#33523012)

I know that DNS vulnerabilities are being addressed finally. Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?

Re:Is someone working on fixing this? (1)

binkzz (779594) | more than 4 years ago | (#33523148)

But how would the domain registrar know what a domain will be used for?

Re:Is someone working on fixing this? (1)

Aoet_325 (1396661) | more than 4 years ago | (#33524892)

Anytime someone registers something like www.paypal-loginweb.com it should be setting off red flags everywhere.
I'm not saying these domains should be shutdown automatically or anything, but they should be flagged for review every few weeks and it might not be a bad idea to ask a few questions either.

The fact is that many registrars have worked so hard to lower costs that they cut out the basic checks that would have caught these kinds of domains.

Sure it would never stop someone from setting up a phishing site with a domain like skljhf3lihgfsklh2jnf.com but that domain sure would make it easier for people to detect something wasn't quite right.

In many cases lazy irresponsible registrars are making things too easy for criminals.

sure... (4, Insightful)

damn_registrars (1103043) | more than 4 years ago | (#33523814)

Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?

I agree whole-heartedly that something should be done about the crooked and complacent registrars. The problem is, who should take the action? The most logical step is ICANN, since they handle registrar accreditation, except they have shown repeatedly that they will not take any meaningful steps. And of course, ICANN only does accreditation for registrars of the largest TLDs (for now), so anything from another country's list of TLDs is beyond their jurisdiction (and soon pretty much everything will be beyond their jurisdiction).

So if ICANN won't do it, who then should? It is pretty well impossible to take legal action against the registrars and expect anything meaningful to come of that, so unless you want to advocate vigilante justice you're just SOL.

Ideas... (1)

ResidentSourcerer (1011469) | more than 4 years ago | (#33534966)

1. Currently most DNS records have Time to Live of a few days to a week. I would expect that servers of secure sites would want much longer times than this. Clients then know that certain servers are to be connected at specific addresses, and bring up an alarm when the last IP of record for server.foobank.com has changed.

2. I'm always suspicious when any web site makes reference to a server outside of it's own domain. Is this not also a place that responsible secure servers could take a step. Couple this with browsers that recognize this step. (Perhaps special content on the web page, or an added HINFO record in DNS.) Thus the people in charge of foobank.com can take steps that in the long run will make them harder to spoof.

3. As criminal domains are found, their registrar gets a black mark. When your computer's DNS lookup goes and gets an address, it also checks who the registrar is. (can do that in background) and records that info locally. Your brower in turn can be programmed to warn/block domains that have greater than a certain black mark fraction. Of course it would more efficient if this were done at a larger scale.

4. Registars have to pay a fine if a domain registered with them is discovered to be engaged in criminal activity?

5. One of the DNS requests that is sent when you encounter a new domain name is a recursive one finding out when the domain was originally registered. (Not speaking of individual hosts, the domain) If foobank.com has been around for 50 years, but the domain is only 7 days old, I'm going to be suspicious. Indeed. Email servers could easily opt to not accept email, or alternately flag email when it came from a domain less than X days old. This in turn could mean that a young domain is scanned more closely for fraud & spam indicators.

Some of these won't work as done. Surely however this can be fixed.

Snakes (4, Funny)

CarpetShark (865376) | more than 4 years ago | (#33523244)

Slow down everyone. No one would argue that ASP.net sites aren't bad, but calling them criminal is a bit much.

so sick of seeing (2, Insightful)

nimbius (983462) | more than 4 years ago | (#33523332)

"articles" of this nature. When a company hocking a security product releases earth-shattering statistics for hackers and malware it is not research, or an investigation with any independent credibility. This is marketing fearmongering designed to get people to buy the product.

Re:so sick of seeing (1)

CarpetShark (865376) | more than 4 years ago | (#33528356)

This is marketing fearmongering designed to get people to buy the product.

Interesting. How much would I have to pay for one of these "marketing fearmongerings"?

Re:so sick of seeing (1)

omni123 (1622083) | more than 4 years ago | (#33528700)

The same amount you would have to pay for a piece of software from one of these security firms that can solve the fraudulent domain registration problem.

You can thank your favorite registrars there... (1, Insightful)

damn_registrars (1103043) | more than 4 years ago | (#33523722)

The registrars could do their part to shut down the bogus websites faster - by invalidating the WHOIS records - but they don't. Of course, we all know why they don't; it's because they make money by chosing to not do that. Of course if you read into the existing WHOIS records for the bogus websites you'll find that quite a few of them already have bogus WHOIS data; often the only part that means anything is the DNS referral, which shows quickly whose side the registrars are on.

If our good friends at ICANN actually gave half a shit about the problem they would crack down on complacent registrars, but that isn't very profitable for them, either.

Re:You can thank your favorite registrars there... (2, Insightful)

Phrogman (80473) | more than 4 years ago | (#33524406)

Which is why some Government agency and not ICANN should be administering the domain names, or at the least some governing body with members posted from each of the major nations on the net or something.

Re:You can thank your favorite registrars there... (0, Flamebait)

damn_registrars (1103043) | more than 4 years ago | (#33524638)

Which is why some Government agency and not ICANN should be administering the domain names, or at the least some governing body with members posted from each of the major nations on the net or something.

That wouldn't be nearly profitable enough for anyone's palette. And getting an agreement on domain name registration terms between the larger nations on the net would be a cat-herding exercise at best, to say nothing of the massive unpopularity in the US regarding any actions that resemble uniting nations.

Re:You can thank your favorite registrars there... (2, Insightful)

John Hasler (414242) | more than 4 years ago | (#33527944)

Because there is no chance at all that government would misuse control of DNS...

Stupid or ugnorant (1)

Dexter Herbivore (1322345) | more than 4 years ago | (#33523752)

As long as stupid or ignorant people exist, social hacks will work.

Stupid, or otherwise concerned (3, Interesting)

CarpetShark (865376) | more than 4 years ago | (#33523908)

The thing with social hacks, and a lot of things that script kiddies/hackers/maladjusted people do is... well, the "hackers" think of themselves as great for accomplishing this great feat of breaking into someone's property or outwitting them. It's like a kid jumping over a picket fence into someone's garden, and making a big deal because they broke through the guy's defenses. What they don't realise is that the guy with the picket fence has better things to do than mess up his front yard building impenetrable defenses, just to protect against the slight chance that you might mess up their grass. The average person just doesn't care about security, the way IT pros do. And in most cases, that's a fairly sane way to prioritise. This is only a problem in two ways:

* banks, e-commerce, and a few other kinds of site with sensitive data have a responsibility to protect confidential information. In this case, the site operators need to step up their game, but they usually know that.

* insignificant servers can be used to launch attacks on sites/systems that matter. But that's more of a problem for it pros, not the insignificant sites.

Re:Stupid, or otherwise concerned (1)

PerfectionLost (1004287) | more than 4 years ago | (#33527964)

The average person cares after they've had their bank account emptied 3 times despite their best efforts to fix it.

Re:Stupid or ugnorant (1)

snookerhog (1835110) | more than 4 years ago | (#33523916)

or lazy.

don't forget lazy

Poor security comes from early no security (2, Interesting)

magarity (164372) | more than 4 years ago | (#33523848)

I always think of the recollections in Levy's "Hackers" when the early days' programmers at Berkeley and MIT would insist security was only for fascists and even balked at passwords for accounts. Computer security will probably never catch up because it was never a focus at the start. What's always among the first things now when making a new software package but how to segment permissions, etc, but that's always on a system whose underlying base has security issues. Sigh, dang hippies!

Ebay! (1)

hesaigo999ca (786966) | more than 4 years ago | (#33524402)

>with eBay taking the spot as the No. 1 most targeted brand on the Web today
That's why i will never use Ebay again, as I have kijiji right now...

Not surprising. (0)

Anonymous Coward | more than 4 years ago | (#33526188)

In looking for more work (land surveying projects in GA have diminished dramatically), I chose Craigslist as one source for job hunting. I saw an ad for a company I've never heard of, so I used the middle-click feature of NoScript. Sure enough, the WOT scorecard, McAfee Site Advisor rating, wmtips info and google safe browsing diagnostic turned up zero information about the (non-existent) company. The subjective and amorphous language on their page pretty much gave it away, but it never hurts to check.

How do you think .co is going to effect it. (0)

BitZtream (692029) | more than 4 years ago | (#33527106)

Now that we've got .co domains ... to go right along side .com domains, I'm sure that taking advantage of the missing 'm' is going to be the most common practice in the world. .co was a fucking retarded idea.

Re:How do you think .co is going to effect it. (1)

IBBoard (1128019) | more than 4 years ago | (#33531546)

Now that we've got .co? They've been around for ages as the [url=http://en.wikipedia.org/wiki/.co]TLD for Columbia[/url], what with it being the nation's [url=http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2]ISO standard code[/url]. Ditto for .cm, which is the [url=http://en.wikipedia.org/wiki/.cm]TLD for Cameroon[/url] and also only one missed character off a .com. It's just because people like Twitter have started using them to be one character shorter on the extension and with shorter domains (since single letters aren't allowed in .com any more) that they're becoming more visible.

Re:How do you think .co is going to effect it. (1)

IBBoard (1128019) | more than 4 years ago | (#33531558)

D'oh! Stupid HTML vs BBCode confusion.

Now that we've got .co? They've been around for ages as the TLD for Columbia [wikipedia.org] , what with it being the nation's ISO standard code [wikipedia.org] . Ditto for .cm, which is the TLD for Cameroon [wikipedia.org] and also only one missed character off a .com. It's just because people like Twitter have started using them to be one character shorter on the extension and with shorter domains (since single letters aren't allowed in .com any more) that they're becoming more visible.

Grammar, please (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33527290)

"Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals." Please, please, for the love of god, grammar check your submissions. I am a proud grammar nazi because it really hurts my brain when I have to read a summary that contains a sentence that is missing a verb. How does this even get posted like this? Something is wrong here.

419 I am Austin Powers (1)

NSN A392-99-964-5927 (1559367) | more than 4 years ago | (#33531008)

Home Boyz and Fly Girlz, homo domesticus tis clearing out your ya Bank accounts... I have 100 trillion billion dollars printed freely by the IMF and if you help me me plz, you too can buy arms, become rich and siphen off international aid funds, corrupt governments. drink oil, eat diamonds. Well you get the idea "Fools Gold".
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?