Arizona Republic: New crop of thieves: Pharmers hit Net banking

[David Farber <dave () farber net>]

------ Forwarded Message
From: Bob Rosenberg <bob () bobrosenberg phoenix az us>
Date: Tue, 19 Apr 2005 14:22:43 -0700
To: <dave () farber net>
Subject: Arizona Republic: New crop of thieves: Pharmers hit Net banking

Dave

This item is from this morning's Arizona Republic:

New crop of thieves: Pharmers hit Net banking
Pharming is the next scam after phishing, and even experienced Internet
users
could become victims.


Cordially,

Bob Rosenberg
P.O. Box 33023
Phoenix, AZ  85067-3023
LandLine:  (602)274-3012
Mobile:  (602)206-2856
bob () bobrosenberg phoenix az us

**********************************************

PLEASE NOTE:  No trees were destroyed in the sending of this contaminant
free
message.  However, a significant number of electrons were somewhat
perturbed.

**********************************************

http://www.azcentral.com/arizonarepublic/news/articles/0419pharming19.html#


New crop of thieves: Pharmers hit Net banking

Jane Larson
The Arizona Republic
Apr. 19, 2005 12:00 AM

It's the next Internet scam, and it could be the most menacing.

The reason: Even experienced Internet users can become victims and not know
it.

The ploy is called pharming - a play off "phishing," the previous Internet
fraud
- and it involves highly skilled hackers who secretly redirect users'
computers
from financial sites to the scammers' fake ones, where they steal passwords
and
other personal information. Even the Web address looks the same.

Unlike phishing, where users click on links in e-mails and are taken to fake
sites, pharming intercepts a user on his or her way to the bank or a
credit-card firm. And it potentially can affect thousands of users at a
time.

"With pharming, you don't have to do anything stupid to get on the hook,"
said
Tom Leighton, chief scientist of Internet software firm Akamai Technologies
Inc. in Cambridge, Mass. "You're just swimming along, and you get caught in
the
net."

Banks in Arizona are starting to see the problem, and large members are
familiar
with the scam, said Tanya Wheeless, president and chief executive of the
Arizona
Bankers Association. The Arizona Attorney General's Office said it heard of
a
case last month in which a Phoenix man lost $5,000 from his bank account
after
answering an online pop-up survey that purported to be from his bank.

It is just a matter of time before the scam becomes widespread, experts
fear.

"If it didn't get worse, it would buck the trend of all known security
problems," said David Jevans, a Silicon Valley executive who is chairman of
the
fraud-fighting Anti-Phishing Working Group.

The scam is so new that Internet security gurus have just started warning
about
it.

Akamai's Leighton told a technology conference in Phoenix in December that
hackers are targeting small sections of the Internet and rerouting traffic
to
fake bank sites to capture users' passwords. The legitimate sites don't
notice
the drop in Web traffic because it is just a fraction of the total, he said.

An anti-phishing bill introduced in Congress last month would also apply to
pharming. It calls for prison time and fines for those caught either
phishing
or pharming.

Security experts say pharmers have two main ways of operating: attacking
either
users' computers or the large servers that find Web sites for users.

The first way is to send virus-laden e-mails that install small software
programs on users' computers. When a user tries to go to his bank's Web
site,
the program redirects the browser to the pharmers' fake site. It then asks a
user to update information such as log-ins, PIN codes or driver's license
numbers, said Chris Faulkner, chief executive officer of CI Host Inc., a
Web-hosting firm in Bedford, Texas. Scammers use the information to steal
identities.

Other viruses, called keyloggers, track a user's keystrokes on legitimate
sites
and can be used to steal passwords.

The pharmers' second method takes advantage of the fact that Web sites have
verbal names but reside at numeric addresses on the Internet. When users
type a
Web site's name into their browsers, Domain Name System, or DNS, servers
read
the name, look up its numeric address and take users to the site.

Pharmers interfere with that process by changing the real site's numeric
address
to the fake site's numeric address.

The servers can belong to financial institutions, Web-hosting companies or
Internet service providers. This tactic, called DNS poisoning, has been
around
for years, but it is only in the past six months that techies have seen it
used
for identity theft and dubbed it pharming.

"It's like the name sounds," said Rami Habal, senior product manager at
Proofpoint Inc., a Cupertino, Calif.-based e-mail security software firm.
"They're planting the seeds of malicious code and harvesting the identity
information later."

What alarms the experts is that pharming can reroute thousands of Internet
users
at a time, making the impact potentially huge.

"With phishing, you're scamming one person at a time with e-mail," Faulkner
said. "Pharming allows you to scam a large group at once. You're definitely
hurting the masses."

Pharmers generally come from overseas, such as China, Russia and Eastern
Europe,
experts say. They fear many are tied to organized-crime rings that buy and
sell
identity information.

Pharmers tend to target online banking sites, experts say. Financial
institutions in Australia and the United Kingdom, including the venerable
Barclays bank and Lloyd's of London, reportedly have been hit, experts said.

Attacks so far have been limited, though there is no real way to know, said
Jevans, of the Anti-Phishing Working Group.

Pharming isn't as big as phishing yet, in part because it takes more skill.
Sending e-mails and copying a few Web pages are relatively easy, while
pharmers
must build viruses for each site they want to target or must hack into large
servers that control the Internet.

"It has the potential to be more dangerous, but what it's done so far hasn't
been much," said Hunter Bennett, director of operations for Tempe-based
Ensynch, a data center and technology services company.

Brad Keller, an Atlanta online consultant for BITS, a consortium of the 100
largest U.S. financial institutions, said he is optimistic because
relatively
few hackers have the skills needed to pharm. Industries that improve the
security of their servers can protect thousands of computer users at once,
he
added.

But he and Jevans worry about pharming viruses.

"I'm far more concerned about activity that causes individual users'
machines to
be altered," Keller said. "There, we have no way of knowing their machines
have
been attacked."

Web sites of large financial institutions have boosted protection of their
servers against pharming, Keller and other experts say. But smaller banks
and
Internet service providers may not have done so yet, they warn.

Companies and big organizations can reduce the threat by keeping their
software
updated and patched. They also can install firewalls, filter for known
scams,
and watch for changes in IP addresses on their servers, the experts said.

Anti-pharming software is in the works, including products that will display
security information and show users where a Web site is being hosted.

Unfortunately, pharmers seem to be a step ahead of the security-software
world.



------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/