The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
49°F
Current Conditions
Few clouds
View complete weather report
Subscribe now

Fertile fields for pharming

Jane Larson The Arizona Republic

It’s the next Internet scam, and it could be the most menacing.

The reason: Even experienced Internet users can become victims and not know it.

The ploy is called pharming — a play on “phishing,” another type of Internet fraud — and it involves highly skilled hackers who secretly redirect users’ computers from financial sites to the scammers’ fake ones, where they steal passwords and other personal information. Even the Web address looks the same.

Unlike phishing, where users click on links in e-mails and are taken to fake sites, pharming intercepts a user on his or her way to the bank or credit-card firm’s Web site. And it potentially can affect thousands of users at a time.

“With pharming, you don’t have to do anything stupid to get on the hook,” said Tom Leighton, chief scientist of Internet software firm Akamai Technologies Inc. in Cambridge, Mass. “You’re just swimming along, and you get caught in the net.”

It is just a matter of time before the scam becomes widespread, experts fear.

“If it didn’t get worse, it would buck the trend of all known security problems,” said David Jevans, a Silicon Valley executive who is chairman of the fraud-fighting Anti-Phishing Working Group.

The scam is so new that Internet security gurus have just started warning about it.

Akamai’s Leighton told a technology conference in December that hackers are targeting small sections of the Internet and rerouting traffic to fake bank sites to capture users’ passwords. The legitimate sites don’t notice the drop in Web traffic because it is just a fraction of the total, he said.

An anti-phishing bill introduced in Congress last month would also apply to pharming. It calls for prison time and fines for those caught either phishing or pharming.

Security experts say pharmers have two main ways of operating: attacking either users’ computers or the large servers that find Web sites for users.

The first way is to send virus-laden e-mails that install small software programs on users’ computers. When a user tries to go to his bank’s Web site, the program redirects the browser to the pharmers’ fake site. It then asks a user to update information such as logons, PIN codes or driver’s license numbers, said Chris Faulkner, chief executive officer of CI Host Inc., a Web-hosting firm in Bedford, Texas. Scammers use the information to steal identities.

Other viruses, called keyloggers, track a user’s keystrokes on legitimate sites and can be used to steal passwords.

The pharmers’ second method takes advantage of the fact that Web sites have verbal names but reside at numeric addresses on the Internet. When users type a Web site’s name into their browsers, Domain Name System, or DNS, servers read the name, look up its numeric address and take users to the site.

Pharmers interfere with that process by changing the real site’s numeric address to the fake site’s numeric address.

The servers can belong to financial institutions, Web-hosting companies or Internet service providers. This tactic, called DNS poisoning, has been around for years, but it is only in the past six months that techies have seen it used for identity theft and dubbed it pharming.

“It’s like the name sounds,” said Rami Habal, senior product manager at Proofpoint Inc., a Cupertino, Calif.-based e-mail security software firm. “They’re planting the seeds of malicious code and harvesting the identity information later.”

What alarms the experts is that pharming can reroute thousands of Internet users at a time, making the impact potentially huge.