Hi, a press release on new work at InternetPerils. (Note, I serve on their
advisory board.)
cheers
martin
---
http://www.prweb.com/releases/2005/5/prwebxml243759.php
InternetPerils Online Visualization Technology Actively Tracks and
Pinpoints Phishing Websites
Tuesday May 24, 4:00 am ET
Internet Radar Locates Phishers and Provides Trend and Growth Patterns
AUSTIN, Texas, May 24 /PRNewswire/ -- InternetPerils Inc, a leading
provider of automated products for Internet Business Risk Management,
today announced that it is utilizing its PerilScope(TM) visualization
technology to track down and identify Internet domains that harbor,
knowingly or unknowingly, malicious Phishing websites. InternetPerils is
working in association with research from Corillian Corp. (Nasdaq: CORI -
News), the top provider of online banking and anti-fraud solutions to
leading financial institutions, Websense, Inc. (Nasdaq: WBSN - News), the
world's leading provider of employee Internet management solutions, and
the Anti-Phishing Working Group (APWG) to follow trend and growth
patterns.
By hijacking the brands of banks, credit card companies, and e-tailers,
Phishing scams typically operate counterfeit websites that lure consumers
into revealing their personal and financial data, including social
security numbers, bank and credit card account information, and details of
online accounts and passwords. In a 2004 report, Gartner estimated that 57
million people had received online Phishing attacks, costing banks and
credit-card issuers over $1.2 billion in 2003 alone. In addition, Phishers
are beginning to target employees within organizations, attempting to
gather valuable network identification and passwords that can result in
the loss of confidential information or lead to security breaches.
By utilizing a combination of data gathering, data analysis, and
visualization of the results, InternetPerils is able to locate individual
computers and networks of computers that are used for Phishing and online
fraud, often in the setup phase. The collaboration of InternetPerils, with
statistical data from Corillian's Fraud Detection System, Websense, and
the APWG demonstrates that through a variety of disciplines and
techniques, it's possible to visualize the servers involved in Phishing
scams to facilitate technical, legal, and law-enforcement intervention and
mitigation.
"Essentially, we've created an online radar that can detect Phishers,"
explained John Quarterman, president of InternetPerils Inc. "Further
development and refinement will provide even more powerful forensic
analysis, pattern recognition, and metrics needed to automate the
visualization of similar anomalies."
"This visual approach involves using latency as a form of inferential
geolocation," said Peter Cassidy, secretary general for the APWG. "This
technique is based on the speed of electrons that can describe entire
arrays of Phishing attack servers. When fused with other data, we can
visualize the server and its network so that all stakeholders can quickly
grasp the attack scenario and mount appropriate action."
PerilScope visualization gives insurance companies, banks, credit card
companies, e-tailers and ISPs, as well as government regulatory and
enforcement agencies, a highly effective tool to help stop Phishing
attacks, illustrate how attacks occur, and combat the impact Phishing
schemes have on Internet commerce, performance, and security.
"The capability developed by our companies has resulted in an early
warning system that can find the computers used to launch attacks related
to online fraud," said Jim Maloney, chief security executive at Corillian.
"The technology is similar to a long range radar for cyberspace."
"The active visualization of Phishing attacks serves as a useful
investigative tool and predictor of future tactics," said Dan Hubbard,
senior director of security and technology research for Websense, Inc. "As
we continue to gather insight into the world of Phishing, this technology
can also prove valuable to trace other types of online fraud as well."
To see the latest PerilScope visualization of Phishing scams please visit
http://www.internetperils.com/ . For John Quarterman's report on this
project to the APWG, please visit
http://www.internetperils.com/tech/conferences/apwg2005-1/index.php
About the Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is an industry association focused
on eliminating the identity theft and fraud that result from the growing
problem of Phishing and email spoofing. The organization provides a forum
to discuss Phishing issues, define the scope of the Phishing problem in
terms of hard and soft costs, and share information and best practices for
eliminating the problem. Where appropriate, the APWG will also look to
share this information with law enforcement.
Membership is open to qualified financial institutions, online retailers,
ISPs, the law enforcement community, and solutions providers. There are
nearly 900 companies and government agencies participating in the APWG and
nearly 1400 members. Note that because Phishing attacks and email fraud
are sensitive subjects for many organizations that do business online, the
APWG has a policy of maintaining the confidentiality of member
organizations.
The website of the Anti-Phishing Working Group is
http://www.antiphishing.org . It serves as a public and industry resource
for information about the problem of Phishing and email fraud, including
identification and promotion of pragmatic technical solutions that can
provide immediate protection and benefits against Phishing attacks. The
analysis, forensics, and archival of Phishing attacks to the website are
currently powered by Tumbleweed Communications' Message Protection Lab.
The APWG was founded by Tumbleweed Communications and a number of member
banks, financial services institutions, and e-commerce providers. It held
its first meeting in November 2003 in San Francisco and in June 2004 was
incorporated as an independent corporation controlled by its steering
committee, its board and its executives.
About Corillian Corporation
Corillian is the top provider of online banking, bill payment and
anti-fraud solutions to leading financial institutions. Corillian provides
the most flexible, scalable and secure set of online banking applications
across multiple lines of business. Corillian features integrated
applications across Consumer Banking, Small Business Banking, Wealth
Management, Credit Card Management, and Cash Management, as well as
enterprise-wide solutions, including Payments Warehouse, Alerts,
eStatements, and OFX. Corillian's fraud prevention solutions use
Preemptive Forensics(TM) to protect web sites from Phishers, hackers, and
fraudsters. Corillian's strong authentication solution provides a low-cost
solution for multi-factor authentication while maintaining high user
satisfaction. Empowered with Corillian solutions, some of the world's most
visionary financial institutions provide their customers with the tools to
manage their finances more effectively and securely. For more information
about Corillian Corporation, visit the company's Web site at
http://www.corillian.com .
About Websense, Inc.
Websense, Inc. (Nasdaq: WBSN - News), the world's leading provider of
employee Internet management solutions, enables organizations to optimize
employee use of computing resources and mitigate new threats related to
Internet use including instant messaging, peer-to-peer, and spyware. By
providing usage policy enforcement at the Internet gateway, on the network
and at the desktop, Websense products enhance productivity and security,
optimize the use of IT resources and mitigate legal liability for our
customers. For more information, visit http://www.websense.com .
About InternetPerils Inc.
InternetPerils Inc. provides automated quantification and visualization
products for Internet Business Risk Management. For more information,
contact InternetPerils at http://www.internetperils.com
About John S. Quarterman
http://riskman.typepad.com/about.html
Subscribe to Perilocity (John's Security Blog)
http://riskman.typepad.com/perilocity
Media Contact:
Worldview
Bill Gram-Reefer
925-215-8463
This press release distributed by PRWEB (http://www.prwebdirect.com/ ), a
service of eMediawire.
_________________________________________________________________________
martin dodge
cyber geography research
centre for advanced spatial analysis, university college london
gower street, london, wc1e 6bt, united kingdom
email: [log in to unmask] (remove the nospam bit)
http://www.casa.ucl.ac.uk http://www.cybergeography.org
__________________________________________________________________________
