First lets be clear:  These guys are NOT hackers. They are not. At very best they [...]]]> Regarding the recent news of the e-mail phishing scam on Gmail, Yahoo! and Hotmail (and presumably others) my blood has been absolutely boiling over the horribly inaccurate, sensationalistic comments that are being published in all sorts of reputable newpapers!

First lets be clear:  These guys are NOT hackers. They are not. At very best they are clever people who realized that you can get people that are less clever to tell you things they shouldn’t. This is not new to e-mail, Facebook, corporate logins… In fact people take advantage of less clever people all the time. 3card monte in some form has existed for centuries and continues to fool people! Yesterday and today a fake Amber Alert message has been circulating the web, thousands have been fooled into propagating a false message. Tricking people is not the same as hacking. mafiaboy is a hacker. Kevin Mitnik was a hacker (although he was never malicious and wrongfully imprisoned).

The people who did this have done nothing wrong (I assume the lawyers for the above companies will disagree)… They asked for people’s passwords and the people gave them to them, I can do that right now: Please send me your passwords… In fact post them directly below this entry so that everyone can see them…. Sure they set up a fancy phishing site and sure they claimed to be someone they aren’t, but that is immoral, not malicious. Now, the people that use those passwords for malicious purposes are the ones breaking the law. Just as it is illegal for me to open your (snail) mail. (and yes, I concede these people could be one and the same, but it is important to distinguish that, which the media is not)

The problem, and I know I have beaten this to death, is that people seem to think technology is something new, and it isn’t. It is an adaptation of something. All technology is is an advancement of a previous incarnation of something else. Cell phones are an advancement of cordless phones, which are an advancement from corded phones, where were an enhancement on dial phones, which were an advancement on  the original switchhook phones, and the cycle goes back to the first person to every tie a string between two cups. The concept and basic requirement is the same in all of these cases: I have information and I want to share it with someone who isn’t within sound wave receiving distance of my voice.

And finally, the calls for “increased security” and “more education” at these companies is absolutely preposterous.  There is NO level of security or education that can prevent a person divulging personal information. How hard is it to understand “Don’t tell people your password.”? And yes, these guys used a sophisticated website to garner this information, but how is Google to prevent people from writing a webpage that looks like theirs? I mean I could mock up a Gmail page and have it be identical to it. How do you teach the mass public to make sure the website they are typing personal data into is legit? Well forward this Blog URL to 15 people and you will find out, because if you don’t you will have bad sex for the rest of your life! I mean after dozens of friends sending me hundreds of those over the past 10 years I am sure they all learned that that is a scam…

Contrary to popular belief, people do not learn from their mistakes.