Drive-By Pharmers Harvest Personal Data

One year after a proof-of-concept hack for pharming wireless routers hit the Internet, network security company Symantec issued a warning that more attacks are on the way.

The new attack — which targets wireless routers — is similar to other pharming hacks in that it reroutes the domain name system (DNS) server used by any device that connects to the Internet.

In the instance that caught Symantec’s attention, an e-mail with a malicious link was sent out to hundreds of users. Those who clicked on it had their wireless router’s DNS remapped to the hacker’s DNS server, which then spoofed the Web site for a Mexican bank. Subsequently, any time that user tried to access that bank’s Web site, they would be redirected to this pharming site, thus exposing all of their personal data.

“At the time we described the attack concept, it was theoretical in the sense that we had not seen an example of it ‘in the wild,'” Zulfikar Ramzan, Symantec’s senior principal researcher in the advanced threat research group, wrote in his blog post. “That’s no longer the case.”

Same Problem, New Application

Spoofing DNS servers isn’t a new concept for malicious hackers.

The DNS acts as a “phone book” for any device connected to the Internet, which allows users to type in a URL instead of an IP address. If a pharmer can get into an end user’s system, they can reroute every Web page that person visits, said Eric Wolbrom, cofounder of Information Survival, a New York-based company that stores individuals’ personal information in a secure digital “deposit box” online.

Pharmers — who generally steer clear of the more secure bank or ISP DNS servers — attack users individually, looking for vulnerabilities. Once they have compromised a system, Wolbrom told TechNewsWorld, the pharmers will only spoof sites that would contain personal or financial information. Unless users are vigilant about checking their DNS server addresses, they would likely be unaware that their computer network had been compromised.

The easiest protection from router attacks, said Wolbrom, is to make sure that either your personal computer or your wireless router is connected to a familiar DNS server, such as OpenDNS, an open source network that offers an extra layer of protection against such pharming.

The problem is that some cable services require users to access specific DNS servers in order for the new, bundled media services — television, phone and cable — to work properly, Wolbrom said.

Wired – the Best Protection

Even if users protect their wireless home networks, public WiFi hotspots face the same issues.

It’s easy to get lulled into a false sense of security, said Paul Henry, vice president of technology with Secure Computing, an enterprise security software company based in San Jose. The only way to ensure personal information stays private is to conduct financial and other important transactions from a secure, wired landline in the home.

“The bottom line is that new hacking tools completely eliminate normal, common-sense defenses,” Henry told TechNewsWorld. “You have to make certain you have all the software patches, up-to-date antivirus software, and a firewall. And I don’t do my transactions in a coffee shop. I am home on a wired, relatively secure network.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels