BlackHat Day 1 -- Bad Sushi and Phisher on Phisher Crime

Bad Sushi:Beating Phishers at Their Own Game
Nitesh Dhanjani and Billy K Rios

These guys easily infiltrated a bunch of phishing forums by pretending to be a young kid wanting to learn how to do it. They were very quickly "helped out" and handed tons of phishing kits, after claiming they couldn't afford the exorbitant prices for the kits. Some of the observations from the presentation were quite comical. The phishing scene (sub-culture?) is one of bravado and backstabbing. They even found lists of other phishers that will rip off other phishers. They called it "phisher on phisher crime." One phisher generously gave the two a bunch of kits, but had clearly attempted to obfuscate something in the primary php uploader code, so that each stolen identity would also have a copy sent to the author. Another hilarious example, was a guy that was giving "instructions" on how to hack yahoo. There were pages of completely fake instructions -- that only someone non-technical would write or believe -- but at the end, to get it to work, you had to enter a working credit card number! When they e-mailed the guy that it didn't work, he simply told them that they "did it wrong" and "do it again". They also talked a bit about the various pricing they saw for stolen credit cards and what some of the likely return rates were. Very fun, stuff.