Pharming is the exploitation of a vulnerability in Domain Name Service (DNS) server software that allows a hacker to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving Internet names into their real addresses, and are used anytime a user types the name of a website into his or her web browser and attempts to view a web page.
In January 2005, the Domain Name for a large New York ISP, Panix, was hijacked to point users to a site in Australia. In 2004 a German teenager hijacked the eBay.de Domain Name.
Hushmail, a provider of secure email services, was also attacked with pharming. In April of 2005 a hacker (the "pharmer") -- through inappropriate communications with the domain registrar -- was able to redirect users to a defaced webpage.
While defaced web pages may be a problem, pharming can be leveraged to commit far more sinister crimes. If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to commit a phishing-type crime such as stealing users' credit card numbers, PIN codes, or username-password combinations.
Traditional methods for combating pharming include: Server-side software to protect users from pharming and DNS protection.
Server-side software is typically used by enterprises to protect their customers and employees who use their web-based systems from pharming and phishing. Identity Cues is a good example of such software.
DNS protection mechanisms help ensure that a specific DNS server cannot be hacked and thereby become a facilitator of pharming attacks. While organizations should protect their DNS servers from tampering, the reality is that until every DNS server on the Internet is protected from hacking, pharming remains a serious risk, and that even those organizations who have protected their DNS servers need to implement additional protection to protect their users from being pharmed through the hacking of other DNS servers (e.g., at the users' Internet Service Providers).
Note: Spam filters typically do not provide users with protection against pharming, as pharming is not perpetrated through the spreading of spam emails.
Authorities Respond to Pharming (and Phishing)
In Match of 2005, United States Senator Patrick Leahy introduced the Anti-Phishing Act of 2005. The anti-phishing / anti-pharming bill proposes that criminals who utilize phishing and related hacker techniques such as pharming in order to defraud consumers be fined up to $250,000 and receive jail terms of up to five years.
Green Armor Solutions