National Threat Assessment 2008. Organised Crime - Politie
National Threat Assessment 2008. Organised Crime - Politie
National Threat Assessment 2008. Organised Crime - Politie
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
takes them to a counterfeit website where they are asked to enter personal<br />
information. Potential victims are approached in an increasingly personal manner<br />
(spear phishing). The risk of discovery is smaller with this type of targeted attack.<br />
Security packages do not recognise these emails as phishing emails and the<br />
personal nature of the message makes victims less suspicious.<br />
In cases of pharming, victims who contact an institution or company online are<br />
secretly redirected to a counterfeit version of the website of that institution or<br />
company. They are then asked for personal details. The redirection is caused by<br />
‘malware’ (which is a contraction of ‘malicious software’) with which the victim’s<br />
computer is infected. Victims arrive at the wrong sites because the links used<br />
for looking up domain names have been changed by malware.<br />
Phishing with malware without using counterfeit web pages is called ‘spy<br />
phishing’. In spy phishing the behaviour of computer users is spied on. For<br />
example, ‘key loggers’ are used to record key strokes, which are then sent to the<br />
fraudsters. Infection with malware not only for spy phishing, but also for pharming,<br />
is primarily achieved through email messages, website visits, the downloading of<br />
software, the use of search engines and the use of Instant Messaging.<br />
The development of phishing techniques has not stopped in the past two years.<br />
Two trends that have developed are ‘phishing by proxy’ and ‘man-in-the-middle<br />
phishing’. ‘Phishing by proxy’ is aimed at hiding the actual location of the<br />
phishing website and to keep it up and running for as long as possible. In this<br />
phishing technique ‘botnets’ 68 are used as proxy servers. Large numbers of IP<br />
addresses are linked to a phishing URL and therefore form an intermediate step<br />
en route to the counterfeit website. As a result, having these sites blocked and<br />
tracking down the offenders is a highly complex operation.<br />
Man-in-the-middle phishing also makes it possible for phishers to gain access<br />
to websites that are secured by two-factor authentication. In two-factor<br />
authentication a second code is entered after the login details; this second code<br />
is often generated per transaction. As a result, this method is safer than using<br />
a single password. A man-in-the-middle attack allows phishers to intercept the<br />
second code. After using the details for their own criminal purposes, the<br />
phishers send the details on to the customer, which makes it seem to the<br />
customer that the order has arrived in the usual manner.<br />
68<br />
A ‘botnet’ is a robot network, which is a collection of infected computers that are remotely<br />
controlled by Internet criminals. Botnets can be used, for example, to send phishing emails<br />
or to infect other computers.<br />
196 <strong>National</strong> <strong>Threat</strong> <strong>Assessment</strong> 2008 – <strong>Organised</strong> crime