An article today on InfoWorld, entitled “Don’t be a phishing vigilante”, casts a bright light on Cyveillance (a firm which does consulting for banks, etc. on security).
The article indirectly slams PIRT, the CastleCops-founded group which does takedown of phishing sites.
While there have been some funny examples of people who have gone to great lengths to hoodwink phishers and other online fraudsters -- and some people have even turned the pursuit into a full-time hobby, new research shows that playing games with the cyber-thieves just might not be a good idea.
Note that “full-time hobby” points to Castlecops.
The idea that a group like PIRT is some type of “hobby” is more than false, it’s actually a bit heartbreaking when I think of the thousands of hours of volunteer work done by vetted security professionals at PIRT, who do takedowns everyday, and have saved millions of dollars for consumers. People like Gary Warner, who certainly has earned his chops as a security professional. Or Robin and Paul Laudanski, the founders of PIRT, who are both highly regarded Microsoft Security MVPs. While I'm no longer an active part of PIRT, I feel quite protective of the volunteers there -- who are amazing given the level of profesionalism of their work and the fact that it's all done out of a passion for helping people (for no monetary gain).
I agree that phishing termination (or even going to a phishing site) should only be done by people who know what they’re doing. There is a real danger going to these sites, because of exploits and malware. But to put a broad stroke on it only serves the for-profit vendor highlighted in this blog.
I have a lot of respect for Cyveillance, as well as the article’s authors, Victor Garza and Matt Hines. Hopefully, this is only a misunderstanding.
Feel free to post your comments on their blog.
Alex Eckelberry
