When hackers hack hackers
Security firm Imperva reports a free phishing kit called "Login Spoofer 2010" that turns perpetrators into victims, is currently being touted in hacker forums. "Hackers" who have clicked through the foolproof user interface and used the program's wizard to set up their own online phishing page for PayPal, Gmail, Skype, etc. are too quick to rub their hands because, although the phishing page does busily collect valid access credentials, the page creators only get to see a fraction of the data.
In reality, the programmers of the phishing kit siphon off the collected login data behind the scenes. Forwarding only a few data sets to the operators of the phishing page to keep them happy and make them believe that the phishing kit is working as expected, the creators of the kit don't need to worry about obtaining web space or promoting their phishing pages. The English language software was apparently developed in Algeria, and the developers specifically offer quick-start instructions in Arabic.