Tim has a post and wonders why the criminals are so blatant when it should be easy to track them down.
I think the answer is simple — nobody feels that they’re responsible.
We live in Canada, the phishing attempt was about a US company, and the phishing script is running on a Thai web site. That’s a minimum of three police forces that would need to agree a) that it’s a problem, b) that it’s a problem they should do something about, c) that it’s a problem they can do something about and d) that it’s a problem they should work together to solve. Point a) sounds trivial, but depends on the precise laws in three countries (as an interesting aside, in the dim recesses of my memory I remember reading somewhere that for some years it was not illegal to counterfeit currencies in Australia as long as you didn’t counterfeit the Australian currency). Point b) depends on whether the various police forces think it’s a worse problem than many others they have to solve. And I would think that ripping rich-world people off for some money is way below people trafficking (to give just one example) in terms of international police priorities.
Of course, the Thai government could decide that such phishing attempts occurring on Thai web sites were disturbing potential investors in Thailand and do something about it on their own, much as I gather the Nigerian government is taking steps to clean up the Nigerian spam problem. That does assume the problem is perceived as being big enough to be worth solving. In this case, you never know. thaiedresearch.org is registered to the “Office of the Education Council” which sounds at least semi-official; do they know about the phishing script? If they know, do they care?
