Description: Is it OK to steal from a thief? To phish a phisher? This talk does just that! In their Blackhat 2008 presentation titled "Bad Sushi: Beating Phishers at their own Game", Nitesh Dhanjani and Billy Rios intrude into the shady world of phishing and phishers, and help us see under the hood. They demonstrate how one can find the latest phishing sites online by using sites like PhishTank, which provide a almost live list of malicious sites sent in by users around the world. Then, using one of these sites as a starting point, they break into a phishing site and look at the tools left behind by the phishers to collect usernames and passwords. Interestingly, they uncover that most of the phishers actually are not very technically proficient at all, instead they seem to be relying on ready made tools made by others. Also, even more intereatingly the authors of these tools seem to have backdoored them and are stealing from the phishers using them. One funny example is that the tool emails every username and password the phisher steals from legitimate users back to its author. Anyways, overall the presentation is amazing! and provides a sneak peek into the world of phishing and the ecosystem of phishers. A must watch video in my opinion! <br><br>The slides for the presentation are available here and a high resolution version of the talk can be downloaded here.<br><br><br><br><style type="text/css"> body { background: #FFF; } </style> </div>
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.