Pharming

Just like this dog herding sheep where he wants them to go... Not farming but PHARMING

In a separate Hub I discussed phishing which is basically sending out emails trying to trick people into divulging there user names and passwords. But there is an even more sinister way of directing you to a hackers web site. It is called Pharming. Pharming is done by either changing the hosts file on a victim's computer or by hacking into a DNS servers' software. IT is pretty high tech stuff, so without losing you in the details, DNS servers are responsible for converting IP addresses to names we can remember. Kinda like a phone book links a person to there phone number. For example... Every computer on the internet has and IP address, that is how you get from one site to another. The IP address for Yahoo is 87.248.113.14 - Instead of remembering that number, the DNS servers convert it to www.yahoo.com - If you typed that IP address into your browser window it would take you to Yahoo. So, if a hacker were to tap into a DNS server, they could redirect the yahoo site to 87.123.33.??? which could be a Yahoo clone asking you to confirm your password.

An illustration of phishing:

1...A person types the URL or the website they want to visit like www.mybank.com The computer sends the URL request to the Domain Name Servers. Domain Name Servers are large computers that translate domain addresses to IP addresses.

2...Hackers access the DNS servers and change the IP address for www.mybank.com

3...The DNS server looks up the users request for www.mybank.com and finds the new IP address that that the hacker changed it to

4...The DNS server directs the users browser to a copy cat web site that looks just like the real site.

5...The user is unaware that they are on a fraudulent site and enter in there confidential information such as username and password - All of which is harvested by the hackers.

This is a big worry for businesses hosting ecommerce and online banking websites. As technical as it is to pharm a site, it is even more problematic to fight it because standard anti-virus and spyware removal programs do not work. It takes much more sophisticated measures. The good news is that it does not pertain to secure websites (https://), only those that begin with http://.

Hacking into a DNS server is a lot of work. It is much easier for a hacker to attack your computer locally by finding loopholes in firewalls and changing your windows host files. The host file is a computer file that stores information about your network settings mapping hostnames to IP addresses much like a DNS server except that it is local to your computer. End users make much better targets because your average surfer has no idea about security so it is weak at best. In this case the hacker can redirect your favorites or cookies to anywhere they like.

If that's not bad enough, a hacker may find a way into your router and compromise the whole network. When a router is first configured, the ISP suggests a trusted DNS server to use for there network. System administrators can log into the router and pick a different DNS server if they like. Now guess what happens if a hacker can change this setting. Not only can they change this setting, they can reprogram the firmware making it very difficult for an administrator to detect because the login and settings will all look correct.

A little off topic but very important, in most all my articles here or elsewhere I preach the importance of learning your equipment and how it operates. With the popularity of wireless internet, routers, laptops, etc... The fore mentioned threats are real to anyone with a wireless router. Routers, and the fire wall they provide, are an excellent tool for keeping intruders out of your computer - but only if they are setup right. Not done right and it's an open invitation to your data. The antenna on them can see laptops around the neighborhood. Most folks don't take the time to setup any security or passwords on them leaving them open to any one sitting across the street with a laptop, inviting them in to monitor all your internet activity, sites visited, keys typed, and passwords stored.

So consider yourself warned.