Spear The Phishers–Not The Fish
To fight cybercrime on the Web, security experts have tried “good cop” tactics. They’ve worked to teach users to spot and avoid the “phishing” sites that spread malicious software and steal bank codes. They’ve tried tweaking Web browsers and search engines to make scam sites more apparent. But as the dark side of the Web continues to grow and evolve, they’re considering a harsher strategy: wiping crime sites off the Web altogether.
The Anti-Phishing Working Group (APWG), a consortium of cybersecurity firms and Web businesses, is pushing a new initiative to streamline the process of permanently deleting fraud sites from the Web. Working with the registries that control and distribute domain names, the APWG is crafting a system that would accredit security organizations to act as the Web’s watchdogs, identifying phishing sites. The flagged sites are then pulled from registries and so banished from the Internet, sometimes in just minutes.
But despite its good intentions, the APWG’s proposed crackdown is drawing controversy. Although the group had hoped to propose its initiative to the Internet’s administrative body, the International Corporation for Assigned Names and Numbers, which is meeting this week in India, some of the Web’s biggest players are nervous about what they see as a drastic measure. Shortening the time it takes to pull the plug on a site, some worry, could lead to innocent victims.
Read the rest here …