City University researchers have devised a means to speed up the detection of websites designed to steal personal data from Internet purchasers.

The developers said on Wednesday that the device, which is able to make out a phishing website within seconds, will serve as an effective tool to help corporations to shield themselves from cyber-criminals trying to steal their client's identities.

The device, dubbed SiteWatcher, is the first of its kind to automate a process to detect and differentiate fake sites from their bona fide templates.

"Nobody else in the world can claim they can detect phishing targets using only computers," said Liu Wenyin, assistant professor of the university's Department of Computer Science, who and his team of five PhD students invented the device.

Manual checking, previously the only reliable way, was limited by human factor, with a well trained sleuth able to handle only about a hundred different sites a day.

With SiteWatcher, a single computer can check 10,000 sites an hour or faster and do it continuously, 24 hours a day, Liu said.

SiteWatcher, which is set to replace armies of information technology workers in the war against fake websites, is not limited by language either. It is able to detect fraudulent websites in any written script.

The device, built on Liu's expertise in developing graphic recognition softwares, has earned Liu the Fellow Award from the International Association for Pattern Recognition.

Liu said phishing attacks, mounted by cyber-criminals who duplicate authentic websites to trick unwitting users into entering personal information, were on the rise.

The frequency of these attacks has risen from about 2,000 to 3,000 a month worldwide in 2001 to 20,000 to 30,000 a month in 2010.

"Phishing is very cheap compared to trojans or viruses for stealing personal information. Just copy a website and then change links to redirect users to fake sites," he said.

Liu said the team is offering free trials to large local banks, while the Commercial Crimes Bureau of the police had expressed interest in it.

The team is pursuing Interpol to adopt the technology, he said.

SiteWatcher also compiles phishing attacks and informs the owners of targeted website when there are concerted attacks on their websites.

That will leave the owners time to take preventative or remedial measures to protect their customers, Liu said.

"This is much better than having a customer calling in to tell them they've just been scammed," he said.

Although the device allow corporations to better shape up the phishing threats they faced, taking down fake websites was more problematic, as many were stored on servers outside of the reach of local and international law enforcement, Liu said.

Roy Ko, a manager of Hong Kong Computer Emergency Response Team, noted phishing attacks were rising steadily over the past three years.

The organization recorded 298 phishing attacks in the city in 2010, up from 232 in 2008, though not comparable to the peak in 2007, where 745 attacks were recorded.

China Daily

(HK Edition 03/10/2011 page1)