June 2005 Archives
This is a helpful review on the rationale and methods for blog creation for business professionals and individuals.
New crop of thieves: Pharmers hit Net banking: New crop of thieves: Pharmers hit Net banking
Jane Larson
The Arizona Republic
Apr. 19, 2005 12:00 AM
It's the next Internet scam, and it could be the most menacing.
The reason: Even experienced Internet users can become victims and not know it.
The ploy is called pharming - a play off "phishing," the previous Internet fraud - and it involves highly skilled hackers who secretly redirect users' computers from financial sites to the scammers' fake ones, where they steal passwords and other personal information. Even the Web address looks the same.
Unlike phishing, where users click on links in e-mails and are taken to fake sites, pharming intercepts a user on his or her way to the bank or a credit-card firm. And it potentially can affect thousands of users at a time.
"With pharming, you don't have to do anything stupid to get on the hook," said Tom Leighton, chief scientist of Internet software firm Akamai Technologies Inc. in Cambridge, Mass. "You're just swimming along, and you get caught in the net."
Banks in Arizona are starting to see the problem, and large members are familiar with the scam, said Tanya Wheeless, president and chief executive of the Arizona Bankers Association. The Arizona Attorney General's Office said it heard of a case last month in which a Phoenix man lost $5,000 from his bank account after answering an online pop-up survey that purported to be from his bank.
It is just a matter of time before the scam becomes widespread, experts fear.
"If it didn't get worse, it would buck the trend of all known security problems," said David Jevans, a Silicon Valley executive who is chairman of the fraud-fighting Anti-Phishing Working Group.
The scam is so new that Internet security gurus have just started warning about it.
Akamai's Leighton told a technology conference in Phoenix in December that hackers are targeting small sections of the Internet and rerouting traffic to fake bank sites to capture users' passwords. The legitimate sites don't notice the drop in Web traffic because it is just a fraction of the total, he said.
An anti-phishing bill introduced in Congress last month would also apply to pharming. It calls for prison time and fines for those caught either phishing or pharming.
Security experts say pharmers have two main ways of operating: attacking either users' computers or the large servers that find Web sites for users.
The first way is to send virus-laden e-mails that install small software programs on users' computers. When a user tries to go to his bank's Web site, the program redirects the browser to the pharmers' fake site. It then asks a user to update information such as log-ins, PIN codes or driver's license numbers, said Chris Faulkner, chief executive officer of CI Host Inc., a Web-hosting firm in Bedford, Texas. Scammers use the information to steal identities.
Other viruses, called keyloggers, track a user's keystrokes on legitimate sites and can be used to steal passwords.
The pharmers' second method takes advantage of the fact that Web sites have verbal names but reside at numeric addresses on the Internet. When users type a Web site's name into their browsers, Domain Name System, or DNS, servers read the name, look up its numeric address and take users to the site.
Pharmers interfere with that process by changing the real site's numeric address to the fake site's numeric address.
The servers can belong to financial institutions, Web-hosting companies or Internet service providers. This tactic, called DNS poisoning, has been around for years, but it is only in the past six months that techies have seen it used for identity theft and dubbed it pharming.
"It's like the name sounds," said Rami Habal, senior product manager at Proofpoint Inc., a Cupertino, Calif.-based e-mail security software firm. "They're planting the seeds of malicious code and harvesting the identity information later."
What alarms the experts is that pharming can reroute thousands of Internet users at a time, making the impact potentially huge.
"With phishing, you're scamming one person at a time with e-mail," Faulkner said. "Pharming allows you to scam a large group at once. You're definitely hurting the masses."
Pharmers generally come from overseas, such as China, Russia and Eastern Europe, experts say. They fear many are tied to organized-crime rings that buy and sell identity information.
Pharmers tend to target online banking sites, experts say. Financial institutions in Australia and the United Kingdom, including the venerable Barclays bank and Lloyd's of London, reportedly have been hit, experts said.
Attacks so far have been limited, though there is no real way to know, said Jevans, of the Anti-Phishing Working Group.
Pharming isn't as big as phishing yet, in part because it takes more skill. Sending e-mails and copying a few Web pages are relatively easy, while pharmers must build viruses for each site they want to target or must hack into large servers that control the Internet.
"It has the potential to be more dangerous, but what it's done so far hasn't been much," said Hunter Bennett, director of operations for Tempe-based Ensynch, a data center and technology services company.
Brad Keller, an Atlanta online consultant for BITS, a consortium of the 100 largest U.S. financial institutions, said he is optimistic because relatively few hackers have the skills needed to pharm. Industries that improve the security of their servers can protect thousands of computer users at once, he added.
But he and Jevans worry about pharming viruses.
"I'm far more concerned about activity that causes individual users' machines to be altered," Keller said. "There, we have no way of knowing their machines have been attacked."
Web sites of large financial institutions have boosted protection of their servers against pharming, Keller and other experts say. But smaller banks and Internet service providers may not have done so yet, they warn.
Companies and big organizations can reduce the threat by keeping their software updated and patched. They also can install firewalls, filter for known scams, and watch for changes in IP addresses on their servers, the experts said.
Anti-pharming software is in the works, including products that will display security information and show users where a Web site is being hosted.
Unfortunately, pharmers seem to be a step ahead of the security-software world.
Hacker helps applicants breach security at top business schools - Computerworld
Think the unthinkable: imagine there was a breach in your business intelligence system allowing world-wide access to your most sensitive data.
Note that the MBA admissions ApplyYourself breach lasted only about 9 hours - yet look at the damage and scandal this brief breach has spawned.
As a BI professional, you've developed and published data providers that contain a trove of confidential and strategic data that competitors and hackers would love to have. Don't wait for the the embarrassment of an audit or a disastrous scandal to take responsible action.
- By acquiring a logon id, could a competitor learn about your sales to key accounts?
- It was an insider who published the ApplyYourself hacking instructions - how would you detect it if someone posted hacking information about your company to a web bulletin board - would you like to be notified first by the news media, or a key customer?
- Could an employee with hacking instructions acquire salary data? How would you know?
- What have you done to monitor possible breaches?
- Do you have a rapid response plan in effect that if there is a breach, it is immediately closed?
- How much damage could be done, and how quickly?
- Does your company have a technology insurance policy, and have you complied with its anti-hacking provisions?
- Has your ETL encrypted or masked account data, such as checking account numbers?
- Have you configured newsreaders to crawl the internet for suspicious breach search "strings" or taken other measures?
