06 October 2004

Anti-Phishing Consortium created...A Risky Business

As the newest band of banks collaborate on Anti-Phishing strategies one can only wonder what they will do differently to mitigate this operational risk.

The Financial Services Technology Consortium, a financial-industry research group, said Monday that 11 financial institutions--which include Citicorp, J.P. Morgan Chase, Comerica, Visa USA, ABN Amro, KeyBank, Capital One, and University Bank--will define technical and operating requirements for counter-phishing measures, and clarify the infrastructure fit, requirements, and impact of technologies when deployed in concert with customer education, enforcement, and other industry initiatives. The consortium named Gene Neyer, managing executive of its Security Standing committee, to lead the initiative.

The banks own FDIC has also been a recent target of this social engineering trend. Hopefully they will soon find out that these attackers are not using scripts, data taps or autonomous agents as their tools. A new generation of firewall will not stop this threat. These attackers are not exploiting vulnerabilities in design, implementation or configurations of web services.

These attackers are using social engineering stategies and tactics to create the unauthorized result that they seek:

1. Increased Access
2. Disclosure of Information
3. Corruption of Information
4. Denial of Service
5. Theft of Resources

These attackers only have the following general objectives:

A. Challenge, Status, Thrill
B. Political Gain
C. Financial Gain
D. Damage

And the trend will continue to escalate as fast as new people are getting online. Think about all of the 60+ people in the world who are now moving to online banking and other e-commerce services. A whole new generation of naive kids getting on the Internet before they are in middle school are falling prey to the social engineers we sometimes call voyeurs.

It's a risk to be doing business on the web today. The strategies of these criminals have not changed. What has changed is that now they can do it from the other side of the globe in countries our own FBI will continue to have challenges getting their cooperation. This is one risk we will be living with for some time to come.

No comments:

Post a Comment