Pharming & Pharming Attacks

46 Computer Science Topics

We’ve created 46 modules covering every Computer Science topic needed for GCSE level. These are transferable across AQA, CIE, Edexcel, CIE & Internationally. Suitable for teachers or home educators alike.

Whether you’re a brand new Computer Science teacher, or you’ve been teaching ICT for years, our resources will save you hours and hours of lesson preparation every single week.

View the resources →

What is a Pharming Attack?

Over the years, human technology has steadily progressed from one level to the next.  As well as being true in general, this is unfortunately also true in the world of cybercrime.  As the techniques cyber criminals use to execute their deceitful acts are exposed and regulated, they advance to new techniques.  Pharming attacks are a typical example of this phenomenon.  Pharming is a more advanced technique than phishing, but both techniques are geared toward stealing a victim’s personal information.

What is Pharming?

Phishing entices victims to disclose information by sending them fabricated emails, designed to get the reader to visit fraudulent websites.  Pharming is a type of phishing without the enticement element involved.  A typical pharming attack may proceed as follows: a hacker infiltrates a computer system and installs malicious code that causes website traffic from the system to be transmitted to fake sites created by the hacker.  This is done without the victim’s knowledge or permission, which is what makes it so difficult to detect.

Many websites make (legitimate) use of the user’s personal information, and fake websites are no different (although they use the information illegitimately).  Private and personal information inputted to these false sites is recorded by the hacker.  As such, customers of banks, financial, and online payment services with any form of monetary exchange are the kinds of enterprise most highly singled out by would-be pharmers.

Pharming attacks are two-fold: they cheat the computer system in use, as well as the victim using it.  They cheats the computer system by changing the correct IP address into different numbers which direct the traffic of the user to unwanted websites.  In the case of the victims, because they type in the correct URLs to genuine websites as opposed to clicking a link in a doubtful email, they feel assured that the web pages presented to them are authentic.

How Does Pharming Work?

One of the techniques used in executing a pharming attack is the alteration of the DNS services on the computer system by a type of malicious code known as DNS cache poisoning.

A simple example would be on a contact list in a mobile phone. Contact lists are vitally important to us, as they allow us to store a friend’s number for easy reference.  Using them is simple: we look up a friend’s name, and then click call.  The mobile phone uses the number and the associated network technology to reach a friend’s phone, a connection is created, and before you know it your friend is on the other end of the line.

Suppose, for example, a buddy played a trick on you, and changed a contact list on your mobile phone.  Instead of a friend’s number which you have recorded in your phone as John, your pal changed it to Mary instead, without you being aware of this change.  When you try to call John, you inadvertently call Mary instead. This is, generally speaking, how pharming attacks mess with their victim’s information.

Domain Name System (DNS) poisoning is an aggressive pharming ploy, whereby the domain name system table in a server is altered.  With this poisoning in operation, a user who thinks he is  accessing an authentic website is actually directed toward a fake site.  In this method of pharming, individual personal computer host files need not be tampered, which makes it even harder to detect.  Instead, the problem happens in the DNS server, which manages thousands (or even millions) of internet users’ requests for URLs.  Victims end up at the fake site without any visible signs of inconsistency, and are helpless to protect themselves because they can’t even tell that there’s anything to protect themselves from.  Spyware removal programs cannot tackle this type of pharming because nothing is technically wrong with the end users’ computers.

Once confidential information such as a credit card number, bank account number, or password has been entered at a fraudulent website, criminals are in progression the information, which they can use to carry out identity theft crimes.

While pharming is not as frequent as phishing scams are, it can impact many people at once, particularly if a large DNS server is poisoned.  If you open a certain website and it seems to be significantly different than what you anticipated, you may just be a target of pharming.  Restart your computer to retune your DNS entries, run an antivirus program, then try connecting to the website again.  If the website still looks strange after restarting, contact your ISP and inform them that their DNS server may have been pharmed.