Neil Schwartzman CAUCE.org
Paul Kincaid-Smith SendGrid
A community of researchers, law enforcement agencies and victims have banded together for mutual defence against a determined, persistent enemy. At stake is trust in email itself. In late 2007, a small group of criminals discovered that they could easily launch phishing attacks from compromised user accounts at colleges and universities. They progressed to more lucrative targets by spear phishing staff at Email Service Providers (ESPs) - companies that provide email delivery services to some of the world's largest brands, such as Walgreens, Honda, and McDonald's. These phishing attacks succeeded, and lists of tens of millions of end-user email addresses were stolen. The criminals then generated revenues by spamming millions of addresses - typically selling freeware like Adobe Reader or Skype, which installed more malware, perpetuating the cycle.
In reaction to these ongoing compromises, a group of concerned security researchers, victim email companies and law enforcement agencies formed an ad-hoc working group to investigate, thwart and implicate the Adober Gang. The results are remarkable.