My colleague Lee Gomes writes in WSJ.com in his Portals column (a few days old, this, sorry; but it is free) about phishers, and what they’re really like, quoting a guy called Christopher Abad, a researcher for Cloudmark:
Mr. Abad himself is just 23 years old, but he has spent much of the past 10 years hanging out in IRC chat rooms, encountering all manner of hackers and other colorful characters. One thing that’s different about phishers, he says, is how little they like to gab.
“Real hackers will engage in conversation,” he says. “With phishers, it’s a job.”
Readers may remember my piece a year or so back (sorry I can’t find the URL for this, and it would be subscription anyway) based on interviews with several people from East European and former Soviet Union countries who worked in various stages of the phishing train, from trojan writers to mule hunters (folk who try to recruit foreignes to move money from stolen accounts to overseas havens).
I found something slightly different to Abad: For sure these guys think it’s just a job, but they also were quite keen to justify what they did, either saying it was the only work around, or else talking in terms of redistributing a little wealth. One guy in some obscure former Soviet bloc town said he trudged several miles each day to an Internet cafe, where he worked sometimes 20 hours a day trying to recruit mules on ICQ and IRC, before walking back to his apartment where his wife and baby waited. She thought he was a stockbroker, he said.
A good piece by Lee; too little light is shed on this submerged industry. But I wonder whether, as phishing gets more popular and focused, it hasn’t moved west?