Lyna has tutored undergraduate Information Management Systems and Database Development. She has a Bachelor's degree in Electrical Engineering and a Masters degree in Information Technology.
What is a Pharming Attack?
Over the years, humanity has technologically advanced from one level to the next. This is also true in the world of cyber crime. As the techniques cyber criminals use to carry out their treacherous acts are discovered and exposed, they advance to new techniques. Pharming attacks are a typical example. Pharming is a more advanced technique than phishing, but still geared toward stealing a victim's personal information.
What is Pharming?
Phishing lures victims through fictitious emails to get them to visit bogus sites and reveal their sensitive information. Pharming is actually a type of phishing but with the absence of 'the lure'. It involves a hacker infiltrating a computer system and installing malicious code that causes website traffic from the system to be redirected to bogus sites developed by the hacker. This is done without the victim's knowledge or consent.
Many websites require the user's personal information. Private and personal information entered into these bogus sites is then captured by the hacker. As such, customers of banks, financial, and online payment services with any form of monetary exchange are the most highly targeted.
Pharming attacks are two-fold. They deceive the computer system in use, as well as the victim using it. It deceives the computer system by changing the correct IP address information stored on the computer into different numbers that direct the traffic of the user to undesirable websites. In the case of the victims, because they type in the correct URLs to legitimate websites as opposed to clicking a link in a suspicious email, they are confident that the web pages presented to them are authentic.
How Does Pharming Work?
One of the techniques used in carrying out a pharming attack is the corruption of the DNS services on the computer system by malicious code known as DNS cache poisoning.
A Simple Example
We all know how important a contact list is on our cell phones. The contact list allows us to save our friends' numbers for easy future reference. We look up the friend's name and click the call command. The cell phone uses the number and the associated network technology to reach your friend's phone. A connection is established and your friend is soon at the other end of the line.
Let's say you want to call your friend Jacob. He is in your contact list. But, suppose your buddy plays a prank on you. He accesses the contact list on your cell phone and changes Jacob's number to that of the local undertaker (infiltrates and corrupts your phone book) while maintaining the same name of the contact. You pick up your phone with confidence to call Jacob. Your friend's prank has in effect redirected your calls intended for Jacob to the funeral home. So, whenever you call Jacob the phone dials the number saved in the contact list for him, but it is actually the undertaker. Your contact list has been corrupted!
Processing a URL Request
A URL inputted into a computer browser is similar to a cell number dialed on a cell phone. A computer system connected to the internet keeps a DNS cache (directory of web pages and the IP addresses visited by the user), which stores IP addresses for easier future reference. In the same way that our cell phones communicate with each other via telephone numbers, computer networks communicate with websites via IP addresses.
When a user types a URL into the browser such as 'gotmeawebsite.com' the following sequence of events occurs for the web page 'gotmeawebsite.com' to be displayed. The user's request triggered by the typed URL goes to the connected router which connects the computer system to the internet. The router checks with its stored DNS server for the requested IP address corresponding to the host name 'gotmeawebsite.com.' The DNS server finds the IP address in its cache (database or directory) and is able to search for the website the user requests. With the correct information, the request is honored. The user's browser then loads the appropriate web page for the user.
A hacker infiltrates the user's network and corrupts the DNS cache of the DNS server using malicious code. He or she changes the IP addresses of the stored domain names (gotmeawebsite.com) into IP addresses of bogus sites. This action is known as DNS poisoning. The user unsuspectingly makes a conscious effect to type the correct URL for 'gotmeawebsite.com.' Usually, the bogus sites to which the user's requests are redirected are clones of the real websites. They look incredibly similar. If the user is sufficiently deceived at this point, he or she will enter their personal information onto a bogus website, which captures their data. The hacker, armed with the victim's personal information, can then impersonate the victim on the authentic website.
Phishing lures victims through fictitious emails to get them to visit bogus sites and reveal their sensitive information. Pharming is a type of phishing that hackers use to steal personal and sensitive information from victims on the internet. Malicious code is injected into the user's computer system. This is known as DNS cache poisoning. The DNS system, which used to resolve domain names into IP addresses, is corrupted. Saved IP addresses of authentic websites are changed to those of bogus websites. The user's URL requests are thereby redirected to the bogus websites designed solely to capture sensitive information inputted by the user. The attackers then use the information to impersonate the victims on websites, especially banking, financial, and online payment service sites.
To unlock this lesson you must be a Study.com Member.
Create your account
Register to view this lesson
Unlock Your Education
See for yourself why 30 million people use Study.com
Become a Study.com member and start learning now.Become a Member
Already a member? Log InBack