The term “phishing” can be traced back to the 1970’s, when a group of hackers known as “phreaks” would experiment with ways to get in and out of network systems. The earliest phreakers began with telephone systems and mimicked tones to get unauthorized calls to connect. Once they could trick the system into letting the call go through, they had unauthorized use of the system. By 1996, the term phishing was being used to describe folks who used computer networks, like America Online, to conduct attacks on credit card processing systems.
When America Online (AOL) eventually shut down the credit card racket, the phishing hackers began posing as AOL Technicians. With fake accounts on the AIM messaging service and email addresses from AOL accounts, requests were made to have users verify account and billing information. Because the fake accounts were inside the network, people didn’t suspect it was fake, and the AOL system couldn’t filter out these accounts.
By 2003, the phishing hackers were setting up spoofed sites made to look like big-name e-commerce companies like eBay and PayPal. Email worm programs sent out spoofed emails with links to the sites and a familiar request to verify account and billing information. Pop-up style windows would be used to grab user attention and be worded with urgent messages warning of personal danger if the sites were not updated.
In a real world example of how phishing is used, we need only to look at the headlines. The Bank Info Security site reported in February of 2015 that Russian hacker Vladimir Drinkman was extradited to New Jersey from the Netherlands to appear Federal Court. He pleaded not guilty to 11 charges, which include targeted attacks on NASDAQ, the Dow Jones, VISA, 7-Eleven, and Heartland Payment Systems. Drinkman is tied to a 2009 attack on Heartland along with Albert Gonzalez, who is in a federal prison serving a 20 year sentence.
Vladimir Drinkman worked with at least 5 others, 3 of which are still at large, to get inside corporate networks, install programs that would gather data, and have the data sent to computers around the world in their own network of collection and storage servers. The level of patience exercised with the type of hacking that was done is remarkable. This group would be inside some corporate networks, undetected for up to a year, mining data that included identity info and of course financial data. Credit cards would be sold to others via web hosting services and using encrypted messaging services.
In part 2, we will look at a targeted version of Phishing: Spear Phishing.
Christoper Watson is an Information Technology professional with success in both public and private sector businesses. Technical and business experience is complimented with operational and strategic planning, international contracting work, leadership development and team building competency in challenging physical and political environments. Experience leverages strengths with technology services and providing timely and relevant information to senior executive leadership. Christopher is based out of the Oklahoma City office.