Packet Rat: Rat worries agency users could be phish food
Michael J. Bechetti
The Rat hauled his three offspring to Baltimore's National Aquarium on Veterans Day'partially out of parental duty and partially because the bottom of the Atlantic coral reef exhibit is one of the deadest wireless dead spots in the greater Baltimore-Washington area.
He could bond with his kids and not be reached by the skeleton crew at his command bunker. As the cyberrodent luxuriated in digital isolation, the sight of a passing sandbar shark mauling a hapless baitfish reminded him of the latest security scare sweeping the Internet: phishing.
A nearby docent read his mind. 'Phishing,' she said. 'Doesn't that have to do with a shaggy-looking band from Vermont that broke up this year?'
The Rat explained that phishing is named after the sport of angling, not a band, and it's sometimes referred to as brand spoofing or carding. In case you've been spending too much time at aquariums to notice, phishing is the latest effort by the Malicious Internet Minions of Evil (MIMEs) to bring the wheels of Internet progress to a grinding halt'or at least steal the hubcaps as it rolls by.
'The bad guys try to lure you with something that looks real, like an e-mail saying your eBay account needs updating,' the whiskered one explained. 'The lure takes you to a Web site that looks authentic but is really running on some nefarious overseas server, where scammers try to get you to give up credit card information. Or they dupe you into downloading a program that monitors your movements online and steals data.'
That's what happened recently to customers of several British banks. A phishing scam released a Trojan software program called Banker-AJ that watched when users visited British online bank sites and recorded their account information. It even sent screenshots of the sessions to the hacker.
This news made the docent blanch. 'I thought it was strange that my eBay account expired, considering I don't have one,' she said.
The increasing sophistication of phishing attacks has the wirebiter worried about his users' security. What if someone launched a phishing attack to fake a supplier Web site and steal government credit card numbers? Some of the problems could be solved through better online identification methods than passwords or by controlling what workers do on their computers. 'Those thin clients are looking better all the time,' the furry one mused.
But the Rat didn't have much time to reflect on his phishing phears because there was a more clear and present danger. His preschool daughter had managed to improvise a fishing rod and lure from things she'd found in her backpack and was trying to catch a tarpon from an open tank.
'I don't know whether to be proud or horrified,' he sighed as aquarium security converged on the scene.The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at [email protected].