'Pharmers'
hit online bank users with fraud scam'
By
Jane Larson, The Arizona Republic- USA TODAY
It's
the next Internet scam, and it could be the most menacing.
The reason: Even experienced Internet users can
become victims and not know it.
The ploy is called pharming
— a play on "phishing," another type of Internet fraud — and it involves
highly skilled hackers who secretly redirect users' computers from financial sites
to the scammers' fake ones, where they steal passwords and other personal information.
Even the Web address looks the same.
Unlike phishing, where users click on links in e-mails
and are taken to fake sites, pharming intercepts a user on his
or her way to the bank or credit-card firm. And it potentially
can affect thousands of users at a time.
|
Criminals
'pharm' data online with little or no knowledge of consumers.
|
"With pharming, you don't have to do anything stupid
to get on the hook," said Tom Leighton, chief scientist of Internet
software firm Akamai Technologies in Cambridge, Mass. "You're
just swimming along, and you get caught in the net."
It is just
a matter of time before the scam becomes widespread, experts fear. "If
it didn't get worse, it would buck the trend of all known security problems,"
said David Jevans, a Silicon Valley executive who is chairman of the fraud-fighting
Anti-Phishing Working Group. The scam is so new that Internet
security gurus have just started warning about it. Akamai's
Leighton told a technology conference in December that hackers are targeting small
sections of the Internet and rerouting traffic to fake bank sites to capture users'
passwords. The legitimate sites don't notice the drop in Web traffic because it
is just a fraction of the total, he said. An anti-phishing
bill introduced in Congress last month would also apply to pharming. It calls
for prison time and fines for those caught either phishing or pharming. Security
experts say pharmers have two main ways of operating: attacking either users'
computers or the large servers that find Web sites for users. The
first way is to send virus-laden e-mails that install small software programs
on users' computers. When a user tries to go to his bank's Web site, the program
redirects the browser to the pharmers' fake site. It then asks a user to update
information such aslogons, PIN codes or driver's license numbers, said Chris Faulkner,
chief executive officer of CI Host Inc., a Web-hosting firm in Bedford, Texas.
Scammers use the information to steal identities. Other viruses,
called keyloggers, track a user's keystrokes on legitimate sites and can be used
to steal passwords. The pharmers' second method takes advantage
of the fact that Web sites have verbal names but reside at numeric addresses on
the Internet. When users type a Web site's name into their browsers, Domain Name
System, or DNS, servers read the name, look up its numeric address and take users
to the site. Pharmers interfere with that process by changing
the real site's numeric address to the fake site's numeric address. The
servers can belong to financial institutions, Web-hosting companies or Internet
service providers. This tactic, called DNS poisoning, has been around for years,
but it is only in the past six months that techies have seen it used for identity
theft and dubbed it pharming. "It's like the name sounds,"
said Rami Habal, senior product manager at Proofpoint Inc., a Cupertino, Calif.-based
e-mail security software firm. "They're planting the seeds of malicious code and
harvesting the identity information later." What alarms the
experts is that pharming can reroute thousands of Internet users at a time, making
the impact potentially huge. "With phishing, you're scamming
one person at a time with e-mail," Faulkner said. "Pharming allows you to scam
a large group at once. You're definitely hurting the masses." Pharmers
generally come from overseas, such as China, Russia and Eastern Europe, experts
say. They fear many are tied to organized-crime rings that buy and sell identity
information. Companies and big organizations can reduce the
threat by keeping their software updated and patched. They also can install firewalls,
filter for known scams, and watch for changes in Internet protocol addresses on
their servers, the experts said. Anti-pharming software is
in the works, including products that will display security information and show
users where a Web site is being hosted. | 
