Should we stop faking phishing data?
In “Stop with the fake phish data,” Justin Mason quotes an anonymous friend complaining about people dumping crap into phishing sites:
Is there any way you can get the word out that dropping a couple hundred fake logins on a phishing site is NOT appreciated??
It creates havoc for those monitoring the drop since it’s an unbelieveable waste of time and resources to clean up the file. Also, for those drop files that ‘recycle’ after every 10 entries, valid data is lost.
It also creates havoc for those who get these files and try to notify victims. They waste time, too .. pulling legit info from amongst the trash.
First, I had no idea people were doing this. It seems like at least an interesting idea, and so I’d like to examine the assumptions that seem to underly the request by Justin’s anonymous friend (JAF).
Firstly, JAF (seems to) presume that his work is roughly equivalent to the phisher’s work, or more expensive. This seems likely true. If you’re a criminal, testing an account is easy: you try to steal from it. If you’re trying to stop them, you have more work to do.
I think a more interesting question is, what fraction of sites are getting hit? Are 10% of phishing sites experiencing this? 90%? I’m curious because it gives us insight into the overlap between the two sets of folks working against phishers. It’s a relatively easy statistical problem: If set 1 has overlap y with set 2, how large is the population being sampled? Ecologists do this all the time. (How can I spell ecologist with a ‘ph?’)
It seems like it’s an interesting possibility for measuring the size of the phishing site world.
Photo: “Fish” by Wistine.