Mr. Christopher Abad

• 
  integralvisioning.org/article.php?story=p2p100 - [Cached Version]
  Last Visited: 11/22/2007  

  "Christopher Abad, a research scientist at Cloudmark(a spam filtering company) has done some amazing analysis on the phishingmarketplace.Phishing is a method of identity theft that uses fakee-mails and bogus websites to entice unwary consumers to disclose financialinformation (account details, credit card numbers, personal data).This data iscaptured and used in financial fraud.It is a big business.To deconstruct a phishingnetwork Christopher used an automated data collection system that monitoredchat rooms and activity on compromised servers.
  ...
  Christopher Abad Cloudmark

• 
  www.toorcon.org/2005/conference.html?id=30 - [Cached Version]
  Published on: 9/8/2005    Last Visited: 3/15/2007  

  Christopher AbadChristopher Abad is currently the lead research scientist at Cloudmark, where he spends a lot of time thinking about spam and online fraud.Previously, he has worked for numerous vulnerability management companies thinking a great deal about vulnerability assessment and host fingerprinting and he has spoken at a number of conferences on various topics.The similarity behind everything he has been implored to think about is the need to extract and identify meaningful characteristics from things around us.

• 
  www.findtechinsights.com/editor,%22Peter+Buxbaum%22/cat - [Cached Version]
  Last Visited: 10/20/2007  

  The inner workings of phishing operations have been recounted in a recently released paper by Christopher Abad, a research scientist with IT security company Cloudmark.Abad analyzed hundreds of thousands of messages collected from 13 phishing chat rooms and several thousand compromised computers used to run bots and host bogus Web sites.According to Abad, phishers rely on the same infrastructure as denial-of-service attacks because they can harness its power with automated bot programs.Abad's analysis denies the theory that organized gangs control all aspects of a phishing campaign.Those who collect the information don't end up with most of the cash, either.Instead, cashers, according to Abad, take as much as a 70 percent cut of the money they pull out and send the remainder to the credential supplier.

• 
  Global Guerrillas: Complex Networks - [Cached Version]
  Last Visited: 12/19/2006  

  Christopher Abad, a research scientist at Cloudmark (a spam filtering company) has done some amazing analysis on the phishing marketplace.Phishing is a method of identity theft that uses fake e-mails and bogus websites to entice unwary consumers to disclose financial information (account details, credit card numbers, personal data).This data is captured and used in financial fraud.It is a big business.To deconstruct a phishing network Christopher used an automated data collection system that monitored chat rooms and activity on compromised servers.He found that the network consisted of loosely affiliated groups with lots of horizontal specialization rather than vertically integrated gangs.He proposed the following structure for the phishing micro-economy (see diagram for more detail):

• 
  IT Observer - Researcher Describes How The Phishing... - [Cached Version]
  Published on: 8/1/2005    Last Visited: 8/1/2005  

  "Phishing economies are self-organized merchants and consumers governed only by the laws of supply and demand," said Christopher Abad, a research scientist with Cloudmark, a San Francisco-based spam filtering service provider.
  
  Abad probed the inner workings of phishers by analyzing hundreds of thousands of messages collected from 13 key phishing-related chat rooms and several thousand compromised computers used to run bots as well as host the bogus Web sites that phishers use to trick users into divulging confidential data, such as bank and credit card account information.
  
  Read More at InformationWeek

• 
  Paisley does Dallas: Privacy - [Cached Version]
  Published on: 7/1/2005    Last Visited: 9/3/2006  

  "Phishing economies are self-organized merchants and consumers governed only by the laws of supply and demand," said Christopher Abad, a research scientist with Cloudmark, a San Francisco-based spam filtering service provider.

• 
  Phishing Economics 101 Reveals Collectors And Cashers... - [Cached Version]
  Published on: 7/30/2005    Last Visited: 7/30/2005  

  "Phishing economies are self-organized merchants and consumers governed only by the laws of supply and demand," said Christopher Abad, a research scientist with Cloudmark, a San Francisco-based spam filtering service provider.
  
  Abad probed the inner workings of phishers by analyzing hundreds of thousands of messages collected from 13 key phishing-related chat rooms and several thousand compromised computers used to run bots as well as host the bogus Web sites that phishers use to trick users into divulging confidential data, such as bank and credit card account information.
  
  Phishers rely on the same chat infrastructure that spawned large numbers of denial-of-service (DoS) attacks years earlier, said Abad, because it was familiar to those inclined to phish for profit and they knew they could harness its power with automated bot programs to handle chores.
  
  While chat is the way that phishers communicate and cooperate, bring newcomers into the fold, and sell the information they acquire, it's not possible to stop the thieves there, said Abad.
  ...
  "They're two entirely separate groups," Abad said."One is the consumer of the other."
  
  Those who reap the harvest, so to speak, of phishing and other identity thievery, buy information in bulk, sometimes for as little as 50 cents per record, other times for as much as $100, then encode magnetic cards that can be used to pull money out of bank or credit card accounts at ATMs.
  
  "That's a very direct path toward getting money," said Abad, "and much less time-consuming than, say, targeting PayPal or eBay."
  
  "Cashers," as Abad labels them, take a split of the money they pull out -- as much as 70 percent -- then send the remainder to the credential supplier, the phisher who obtained the account information.The money is often wired over Western Union, said Abad, to the phisher, because it's available internationally and there's "relative anonymity for the pick-up party."
  ...
  "Banks were able to correct their problem with phishers," said Abad, "but now clearly the phishers are going after other vectors and targets."Money transfer services are also a developing target for phishers, he added.
  
  "The ubiquity of the technology necessary to phish -- from chat rooms and mass mailing of e-mail to compromised host machines -- means that it's impossible to stamp out," said Abad.
  
  The only solution, he thinks, is for everyone to have a solid anti-spam defense in place.
  
  "We're stopping basically everything ,that's spam," said Abad."We're stopping about everything that we can.

• 
  Phishing economics reveals collectors and cashers -... - [Cached Version]
  Published on: 8/1/2005    Last Visited: 9/3/2005  

  "Phishing economies are self-organised merchants and consumers governed only by the laws of supply and demand," said Christopher Abad, a research scientist with Cloudmark, a US-based spam filtering service provider.
  
  Abad probed the inner workings of phishers by analysing hundreds of thousands of messages collected from 13 key phishing-related chat rooms and several thousand compromised computers used to run bots as well as host the bogus websites that phishers use to trick users into divulging confidential data, such as bank and credit card account information.
  
  Phishers rely on the same chat infrastructure that spawned large numbers of denial-of-service (DoS) attacks years earlier, said Abad, because it was familiar to those inclined to phish for profit and they knew they could harness its power with automated bot programs to handle chores.
  
  While chat is the way that phishers communicate and cooperate, bring newcomers into the fold, and sell the information they acquire, it's not possible to stop the thieves there, said Abad.
  ...
  "They're two entirely separate groups," Abad said."One is the consumer of the other".
  
  Those who reap the harvest, so to speak, of phishing and other identity thievery, buy information in bulk, sometimes for as little as 50 US cents per record, other times for as much as US$100, then encode magnetic cards that can be used to pull money out of bank or credit card accounts at ATMs.
  
  "That's a very direct path toward getting money," said Abad, "and much less time-consuming than, say, targeting PayPal or eBay."
  
  "Cashers," as Abad labels them, take a split of the money they pull out -- as much as 70 percent -- then send the remainder to the credential supplier, the phisher who obtained the account information.The money is often wired over Western Union, said Abad, to the phisher, because it's available internationally and there's "relative anonymity for the pick-up party."
  ...
  "Banks were able to correct their problem with phishers," said Abad, "but now clearly the phishers are going after other vectors and targets."Money transfer services are also a developing target for phishers, he added.
  
  "The ubiquity of the technology necessary to phish -- from chat rooms and mass mailing of email to compromised host machines -- means that it's impossible to stamp out," said Abad.
  
  The only solution, he thinks, is for everyone to have a solid anti-spam defence in place.
  
  "We're stopping basically everything [that's spam]," said Abad."We're stopping about everything that we can.

• 
  Portals: How webs of scammers pull off Internet fraud - [Cached Version]
  Published on: 6/20/2005    Last Visited: 6/21/2005  

  The person talking to C-Power is Christopher Abad, a San Francisco researcher who has spent much of the last six months stalking the phisher underground. (Phishing involves those scam emails that try to lure you into turning over credit-card information to a Web site that, while designed to look like, say, eBay, actually belongs to a phisher.)
  
  Mr. Abad works for Cloudmark, a San Francisco company whose products combat phishing and other forms of spam.One day late last year, Mr. Abad was on the Internet Relay Channel, or IRC, a global online chat system that is best known as the lair of various digital bad guys.
  
  He noticed a chat room entitled "Washington Mutual," after a bank that has been a favorite of phishing scams. (Mr. Abad would discover why soon enough.) One thing led to another, and Mr. Abad found himself spending hours a day online, chatting with phishers and charting out their world.
  
  The typical phisher, he discovered, isn't a movie-style villain but a Romanian teenager, albeit one who belongs to a social and economic infrastructure that is both remarkably sophisticated and utterly ragtag.
  
  If, in the early days, phishing scams were one-person operations, they have since become so complicated that, just as with medicine or law, the labor has become specialized.
  
  Phishers with different skills will trade with each other in IRC chat rooms, says Mr. Abad.
  ...
  Cashers, says Mr. Abad, usually take a cut of the proceeds and then wire the rest back to the phisher.
  ...
  It turns out, says Mr. Abad, that phishers have a reputation-monitoring system much like eBay's.
  ...
  Mr. Abad says it was widely known in the phishing underground that a flaw in the communications between the bank's ATM machines and its mainframe computers made it especially easy to manufacture fake Washington Mutual ATM cards.The bank fixed the problem a few months ago, Mr. Abad says, and the incidence of Washington Mutual-related phishing quickly plummeted. (A Washington Mutual spokesman confirms the account, but notes that the same vulnerability existed at some other banks as well.)
  
  Mr. Abad himself is just 23 years old, but he has spent much of the past 10 years hanging out in IRC chat rooms, encountering all manner of hackers and other colorful characters.One thing that's different about phishers, he says, is how little they like to gab.
  
  "Real hackers will engage in conversation," he says.

• 
  Protect Your PC .org - Phishing News Page - All the... - [Cached Version]
  Published on: 6/1/2005    Last Visited: 12/7/2005  

  The person talking to C-Power is Christopher Abad, a San Francisco researcher who has spent much of the last six months stalking the phisher underground. (Phishing involves those scam emails that try to lure you into turning over credit-card information to a Web site that, while designed to look like, say, eBay, actually belongs to a phisher.)
  
  Mr. Abad works for Cloudmark, a San Francisco company whose products combat phishing and other forms of spam.One day late last year, Mr. Abad was on the Internet Relay Channel, or IRC, a global online chat system that is best known as the lair of various digital bad guys......

Page:  1 2