Digital Vigilantes: The White Knight of Phish-Busting

Part One of a Three-Part Series

Until just a few months ago, Gary Warner did not have the kind of day job you'd expect from an anti-phishing crusader. He didn't work for a security vendor or a bank, o

Gary Warner, UAB Director of Research in Computer Forensics (Photo credit: UAB staff photo)
r any kind of company you'd expect to care about phishing.

Warner's career as a cyber-sleuth began on Halloween 2000. That's when his company's Web site was defaced by a hacker named Pimpshiz as part of a pro-Napster Internet graffiti campaign.

"My boss came to me and said, 'Find out who did this and put them in jail,'" said Warner, who was at the time an IT staffer with Energen, a Birmingham, Alabama oil and gas company.

It was an eye-opening experience. "I called the police and they were like, 'What do you want us to do?'" he said.

Months later, when Pimpshiz struck servers at NASA, Warner reached out, calling staff there and saying "Hey, we know who this guy is. Here's his name and address."

Since then, Warner has quietly become one of the most-respected authorities on phishing in the U.S. -- the kind of guy that federal agents and banking IT staff call when they want to know how to catch the bad guys and shut down their credit-card-stealing Web sites.

With Warner's help, authorities eventually arrested Pimpshiz, whose real name is Robert Lyttle, in connection with the hacks.

Fishing for Phishers

Warner said that the Pimpshiz case was formative, underlining how hard it is for law enforcement to catch the bad guys on the Internet.

"The experience showed me that it's not that they don't care," Warner said. "Their hands are tied by the legal process."

Soon, Warner found himself spending dozens of hours each week compiling data on spammers and phishing attacks. "I would sit for a couple of hours every morning and find all the new phishing sites that I could," he said.

He'd take screenshots of the sites, email the Webmasters who were hosting them and ask them for Web logs, and eventually he started making connections -- he'd connect one phishing group with several different attacks -- and learn who he needed to call to get Web sites removed, no matter where in the world they were hosted.

He'd get calls from IT staff at small credit unions asking for help taking down fraudulent sites, every day, all day long.

It was cutting in on his work. Late last year, he decided to make a change. "I went to my boss and told him that I'm going to look for a way to do this full time."

Subscribe to the Security Watch Newsletter

Comments