Home » Data Protection » Network Security

After Phishing? Pharming!

Security experts are concerned about pharming, a technically sophisticated DNS-based attack

Some security managers and industry analysts are concerned that pharming incidents could cause serious damage if ignored. They say the growing popularity of online banking and electronic bill payment means there's ever-greater potential for the theft of sensitive customer information. And even if your company feels secure, weak links elsewhere can endanger the chain of commerce. "As a health-care provider," says Chris Ray, former director of information security at HealthSouth, "we deal with insurance companies, payers and many outside business partners. If one of these entities became a victim of pharming, and that reveals log-on information to their site where our patient information is stored, we would have concerns about that."

The Anti-Phishing Working Group (which includes financial services firms, law enforcement officials, technology vendors and ISPs) is tracking instances of pharming, says Chairman Dave Jevans. Members are discussing what users and vendors need to do, including adopting standards such as DNSSEC, the security extensions for DNS under development by the Internet Engineering Task Force.

Degree of Difficulty

Jevans says he's aware of several unreported pharming attacks since December 2004. One involved malware or "crimeware" modifying the host files on users' operating systems and directing them to bogus bank websites. Another involved DNS poisoning by hackers. The Anti-Phishing Working Group learned of these incidents through member complaints about websites not working correctly, as well as a notification from a financial institution. But it's difficult to say if pharming attacks are rising, Jevans says, because not muchâ¬if anyâ¬research has been published. Still, "everything we have seen in the areas of hacking and online fraud and identity theft is going upward," he says. "There's increasing technical sophistication, so the chances of [pharming] getting worse are likely.

"But," Jevans adds, "the thing about pharming is it's technically difficult to do."

To execute a phishing attack, a hacker needs to be able to create a plausible URL, a decent webpage and an e-mail message. This is not hard. Pharming, on the other hand, requires knowledge of how to manipulate DNS caches or gain access to someone's computer files or servers to change settings. This technical difficulty makes pharming less of a threat than phishing, says Shawn Eldridge, chairman of the Trusted Electronic Communications Forum (TECF, a consortium looking at ways companies can protect consumers from scams such as phishing, spoofing and identity fraud). "Not only is there a proficiency level required, but something like DNS poisoning is difficult to pull off," Eldridge says. "There have been a couple of instances, but they've been fairly minor."