Who is responsible for Phishing

By Trip Elix

One of the misspellings of the URL to a small market newspaper website can have dire consequences. It like so many others are all over the internet. The activity is called Phishing and has many forms resulting in a monetary loss. Phishing is the activity of tricking the user into believing it is interacting with a legitimate company. Often crooks on the internet steal passwords or login credentials. Some like this one attempt to employ the victim’s assistance by giving complete access to their computer.

The URL hartforcourant.com is one of those sites. It is a misspelled domain name. The domain owner is an Australian company who rents the domain to other companies. One of them is a criminal operation and generated a fake blue error message that was a common occurrence inphishing Windows XP and earlier operating systems. The message, however, is enhanced and complete with an audio message, proclaiming a virus is present on only a computer accessing the website. Access the same URL from a cell phone yielded a different result. A telephone number is flashed in an overlay panel on the screen to call Microsoft for help. It was something the company never really offered, a way to call for free support, for its former bug laden operating systems. Other variants of this same technique will encrypt the files on your computer and hold it for hostage.

Phishing and site misdirection have a long history on the internet. It was initially an invention made by the porn industry. In the early days if the internet it was common for the porn industry to buy misspelled URLs of sites to redirect the user to a porn site. It has grown however to mimic banking institutions, auction sites, and even Facebook. It has become such a pervasive issue that legitimate websites employ countermeasures to ensure customers that they are on the real site.  One common solution is for website operators to have an authentication image that the customer recognizes, to reinsure that the user is on the correct site.

The problems of misdirection and phishing sites are a plague that all Internet users suffer.

While pointing the finger at individual sites and crooks actions might seem appealing. The bigger issue has to do with American regulation. It allows and holds harmless the operators that sell the names that are fraudulent.  The naming system was instituted Network Solutions, Inc. and influenced by the American Department of Commerce. Today the private not for profit corporation ICANN is the global central naming authority.

The Naming Authority along with the sellers of domain names should start to be held responsible for criminal misspellings. After all the big players on the internet are well known, and are the target of thieves how much common sense do the naming authorities need? They can not state that software can not be built to detect and notify of flagrant misspelling of well-known brands on the internet.

Spam, the unwanted emails that fill all of our email mailboxes has its roots in the same system. Previously criminals would purchase misspelled domain names of banks and make deceitful emails that tricked users into surrendering their credentials.

The responsibility for all of these acts belongs to all of the operators involved. A fake site set up on a hijacked server belongs to both the criminal and the legitimate owner of the site. It equally belongs to the network provider. The undue influence of the big providers upon regulation has fostered not taking responsibility for criminal activity for too long. Imagine if the large providers were held responsible for communication on the networks.

The argument over net neutrality had its heritage, in recognizing network activity. Why is it then, that provider can monitor competitors to its services, but cannot seem to police its networks? It is common knowledge that companies are tracking our web usage. Google’s web browser Chrome blocks access to sites that are known to be bad. The network providers could simply copy the list from Google list. The criminal activity that police are forced to pursue, and cost us all tax money could simply be eliminated by carriers detecting, blocking and reporting criminal activity.  The result would be fewer crimes committed, not bad for simply taking responsibility.