I'd like to reinforce Waqas and Peter's comments here.
I've been in IT security R&D for 20 years and can say that the crims
use whatever protocol will get the job done, I've also been using the
Jabber protocol since 1999 and have seen IM used by the bad guys well
before it became main stream.
But i'd have to disagree with Winifried about phishing being "one of
the darkest activities on the internet", in fact it's rather grey.
David.
http://www.linkedin.com/in/dbanes
On 27/09/2009, at 6:59 AM, Peter Saint-Andre wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/26/09 7:40 AM, Winfried Tilanus wrote:
Hi,
Up to now jabber was used for legitimate applications like
microblogging, psychological counselling or battlefield information
systems. But is was inevitable we would witness the day jabber
would be
used for one of the darkest activities on the internet, phishing:
http://software.silicon.com/security/0,39024655,39527467,00.htm
The original blog posts referenced in that article is here:
http://www.rsa.com/blog/blog_entry.aspx?id=1525
http://www.rsa.com/blog/blog_entry.aspx?id=1515
Let us look at the attack.
The phishing incident happens via a fraudulent website that looks like
your bank.
Hold it. Now that the unsuspecting user has visited a fraudulent
website, anything is possible! The criminals could use XMPP, SMTP,
HTTP,
IRC, or whatever they want at that point.
The "problem" here is that XMPP is a distributed technology. Anyone
can
download and run their own XMPP server. What they do with that
server is
up to them. We -- and by "we" I mean the XMPP Standards Foundation,
the
IETF's XMPP WG, the developers of a particular XMPP server
implementation, and the general XMPP community -- have no control over
how XMPP technologies are deployed. In this case, some people have
gotten creative about using XMPP instead of SMTP or IRC or some other
technology in order to gather and deliver, in close to real time
information, that is of interest to them. It just happens that the
information these people are interested in relates to criminal
activities in which they are engaged.
Now, if these people had decided to use one of the public XMPP
services
(such as, say, the jabber.org IM service, of which I am the primary
admin), then those who are interested in combatting this kind of crime
might be able to contact the admins of said services and find out some
identifiying data about those who are connecting (e.g., IP addresses).
But since these people are in fact deploying their own infrastructure,
it is outside of "our" control.
There is nothing particular to XMPP in these attacks, other than the
fact that the criminals are using a chat interface and then sending
information through an XMPP server that they have installed on their
own
machines. These attacks are not being perpetrated against Jabber
users,
but against regular older Internet users via fraudulent websites, with
XMPP as an information transport.
There is nothing we can do about this kind of attack.
However, we might want to look more seriously at XEP-0165 so that we
can
help prevent similar attacks over the real XMPP network.
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkq+gKAACgkQNL8k5A2w/vwMMgCfXdKXFraXEkgxYP8TfyU69wwG
ZooAniTm7AdS7uvJLFM6f+ZCCzyQxKlf
=13VE
-----END PGP SIGNATURE-----
--------------------------------------------------------------------------------------------------------
Email Filtering by Cleartext a Carbon Minimised company - www.cleartext.com
--------------------------------------------------------------------------------------------------------
