The white knight of phish-busting

Gary Warner corrals private citizens, law enforcement to take down phishing sites

Miskell said Warner has helped the FBI with investigations and taught staff about his antiphishing techniques.

"He could be a multimillionare by his skillsets... he's a very gifted speaker, he can talk to the techies, and then he can turn around and talk to the non-techies and everyone will understand."

Warner is now focusing on fighting cyber-crime full-time and on training a new generation of network forensics investigators. "You wouldn't believe the looks on their eyes the first time they got an e-mail back from a Webmaster saying, 'Thanks for letting me know. I just shut that down.'"

When he spoke with IDG News, it was five days after final exams at the University of Alabama at Birmingham and though it would have no effect on their marks, four students were still coming into the labs to help shut down phishers.

"That idea that as a private citizen, you can help, that's the kind of thing we're trying to inspire," he said.

The Future of Phish-busting

At the University, Warner is building up a 256-node supercomputer which could eventually become the largest collection of spam email on the planet, processing as many as 100 million email messages per day and providing researchers and law enforcement with valuable analysis data.

For Warner, the work isn't so much a job, as it is his moral responsibility as a computer scientist. "One of the things that really bothered me from the very beginning was people who were using my field to attack other people," he said. "The way I see it, this is our Internet. I'm going to stand at the end of my driveway and protect what's mine."

He says that his anti-phishing work hardly feels like work at all. "This is what I like to do," he said. "It's cheaper than golf, and you can do it when the weather's bad."

What You Can Do to Protect Yourself

"The best people that help law enforcement have no motive other than to catch the bad guy," said one law enforcement official who declined to be identified because he hadn't been authorized to speak with the press.

But even if you're not a cyber sleuth, if you get hit by a computer criminal there are some things you can do to help police catch the criminal. What you should do depends a little bit on the crime. If you're the victim of identity theft, it's worth filing a report with state and local police so that you have a record of the crime.

That comes in handy later, in case you need to prove that it was the thief, and not you, that incurred any subsequent charges. Another good place to stop is the Federal Trade Commission (FTC) site, which has a variety of tools to help identity theft victims get organized and set their credit back on track. And if things get really bad, the Social Security Administration can help you, too. This site has instructions on how to report social security fraud and get a new social security number.