Defacers hit phishers in war of the web

Vigilante defacers are turning the tables on phishing groups by taking down spoofed websites.

PayPal and Natwest phishing sites have been attacked by crews that replace the fake sites with messages condemning phishing and directing users to the appropriate authorities.

The development has been applauded by some industry experts.

"While phishing is undoubtedly an illegal activity, the legality of defacing phishing sites is also quite questionable," said Paul Mutton, services developer at internet monitoring provider Netcraft, speaking on the company's website. "But in cases observed by Netcraft so far it is reasonable to assume that only the fraudsters themselves have been disadvantaged."

That latest effort, by an individual known only as "sickophish", replaces a fake PayPal website with the words, "Warning – this is a scam site."

But some people have condemned the action, arguing that such vigilante activity can impede forensic inspection and hamper investigation into who has been setting up the scam sites.

"It is interesting to see such vigilantism, similar to that which from time to time appears against paedophile or terrorists websites," said Roberto Preatoni, founder of defacement tracking group Zone-H. "But taking those sites offline doesn't help at all, it would be much better on the contrary to help them to stay online. Destroying the organization is more effective than warning a few dozens of users, also considering that all phishers have to do is to set up a brand new server to replace the one vigilantes took over."

In April SC reported a huge rise in web defacement activity prompted a fiery debate between members of the computer security fraternity.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.