Pharming

From ICANNWiki
Jump to: navigation, search

Pharming utilizes "unauthorized changes to DNS entries which result in users being redirected to a spoofed, malicious website rather than the legitimate site they were attempting to reach."[1] Like phishing, pharming is often used to steal private financial or personal information.[2]

Public Perception

The practice of pharming is much less well known than that of phishing, and there seems to be some confusion on what is considered pharming vs. phishing. However, the concept of pharming is viewed by the public very negatively and is also associated with criminal intent.

Outcome

This practice results in identity theft, theft, fraud, and sometimes computer hacking.

Historical Use

The goal of pharming is to gain access to personal information, and this goal can be accomplished in multiple ways. Pharming can use malicious code to change a computer's host files in order to direct the user to a fake website that looks like the site they were trying to reach.[2][3] It can also attack the DNS server directly through DNS hijacking or DNS cache poisoning, which allows pharmers to send users to websites they control.[2][3]

  • DNS hijacking or DNS cache poisoning is viewed as a large security threat because the website's URL looks exactly like it is supposed to, which can trick the user into thinking they are on the real site.[3][4] Pharming that uses DNS hijacking also will not be detectable with anti-malware software "because nothing need be technically wrong with the end users' computers."[3] Additionally, in this kind of attack, many computers and networks can be sent to the pharmer's fake site through the compromised DNS server.[3] For more information on DNS hijacking and cache poisoning, see the Additional Resources section.

ICANN Policy

ICANN has no direct policy addressing pharming, but it does recognize the importance of implementing security measures to protect the DNS from hijacking or manipulation. [5]

  • The use of DNSSEC or DNS Security Extensions may help guard the DNS from attacks and artificial manipulation, like those used in pharming.[6] The goal of DNSSEC is to limit an "attacker's ability to redirect users using the DNS."[6] In order to do this, DNSSEC employs a digital signing system so that each DNS record or entry in the root zone can be verified as genuine.[6][7] This system would allow people to identify pharmed or poisoned records.

Legislation

There is no legislation directly addressing pharming; however, as it can be very similar to phishing, it can fall under some state anti-phishing laws. For example, in Utah phishing, pharming, and other Internet frauds are addressed in one bill.[8] Also, because pharming concerns the theft of sensitive personal or financial information, it can be viewed before the law as fraud, identity theft, or in the case of a spoof website, trademark infringement.

Additional Resources

Related Articles

References

  1. Pharming by Tony Bradley, About.com
  2. 2.0 2.1 2.2 ‘Pharming’ scams, Scam Watch (Commonwealth of Australia)
  3. 3.0 3.1 3.2 3.3 3.4 Definition: Pharming, Search Security (TechTarget)
  4. How DNS cache poisoning works by Bob Halley (October 20, 2008), NetworkWorld.com
  5. DNSSEC – What Is It and Why Is It Important?, Internet Corporation for Assigned Names and Numbers (ICANN)
  6. 6.0 6.1 6.2 DNSSEC, Internet Corporation for Assigned Names and Numbers (ICANN)
  7. Meet the Security and Stability Advisory Committee (SSAC), Internet Corporation for Assigned Names and Numbers (ICANN)
  8. Phishing, Pharming and Other Internet Fraud: Should States Follow Utah's Approach? (May 3, 2010), Miller Canfield