Department Of Homeland Security Report: Recommends Technologies To Defeat Online Identity Theft

Montreal & Menlo Park, CA - The Anti-Phishing Working Group and SRI International announced the availability of a new report mapping the spectrum of current and future technology solutions to combat Internet fraud, or "phishing" schemes. The report, "Online Identity Theft: Technology, Chokepoints and Countermeasures," was commissioned by the Department of Homeland Security Science and Technology Directorate, and managed and reviewed by SRI International.

Intended for technical practitioners, researchers and security executives, the report offers a comprehensive survey, developed by independent research organization Radix Labs, and analysis of counter-phishing technology. The report details technologies used by online identity thieves, or "phishers," and explores technologies that could dramatically reduce financial losses and consumer distrust.

"Discussions of counter-phishing strategies often turn into storytelling sessions, which are useful but not effectively prescriptive," said Peter Cassidy, Anti-Phishing Working Group secretary general. "With this report, researchers finally shine a flashlight into the engine room of e-commerce systems, give names to the gremlins, tell us where to find them and posit interventions that can take the components and protocols phishers exploit out of their grasp."

"Analysts estimate that online identity theft and fraud cost US banks and credit card issuers $1.2 billion in 2003, and this cost continues to steadily grow," said Patrick Lincoln, Ph.D., director of SRI International's Computer Science Laboratory. "This new report was commissioned to increase awareness of the problem, offer new information about technology solutions and stimulate innovation. We see many opportunities to prevent phishing through new security technologies and hope this report will encourage innovative approaches to solving the problem."

"Instead of looking at individual pieces of the problem, we constructed an information flow that applies to all types of phishing attacks," said Aaron Emigh of Radix Labs, author of the report. "The report identifies chokepoints, which are points in the flow where there is an opportunity to stop a phishing attack. It offers countermeasures that can be applied at each chokepoint, drawn from existing technologies, new products, and academic research."

SOURCE: The Anti-Phishing Working Group