After Sen. Leahy’s introduction of the Anti-Phishing Act of 2005 the term "pharming" started circulating the media outlets. What is pharming anyway?

According to ZDNet, this is simply a new name for an old concept - domain spoofing. Rather than spamming you with email requests, pharmers work quietly in
the background, ‘poisoning’ your local DNS server by redirecting your
Web request somewhere else. As far as your browser is concerned, you’re
connected to the right site. The danger here is that you no longer have
to click an email link to hand over your personal information to
identity thieves.

Many of our readers are aware that the DNS is responsible for translating the name, for example, eBay.com into its equivalent network (or IP) address so that users have to remember eBay.com instead of its cryptic address of 8 to 12 digits. The problem with this is that the network structure that is responsible for this translation is vulnerable. For example, if an attacker can modify the DNS server so that instead of sending an user to eBay’s IP address, the DNS sends the user to another machine run by a scammer where personal information can easily be connected.

Pharming is superior to phishing in many respects. A phish attack is vulnerable to detection very easily - a discrepancy between an emailed link and the address it purports to contain, a geographic location of the site based on the domain name, etc. Pharming, on the other hand, doesn’t give much chance to the users to compare the domain name and see a discrepancy - their browser will display *exactly* the same URL as they were hoping to get - no discrepancy, no suspicion. And if the site looks like expected - no user can know.

Pharming, or poisoning a DNS, can occur in many ways - an attack can be launched against an ISP’s DNS system and if successful, all users who use this DNS will get the fake IP address. Another way is for a trojan to spread into a victim’s computer and "poison" the local hosts file - the effect is the same - they type eBay.com and the browser shows "http://www.ebay.com" while the actual site is different.

Is this spammer going to stick to this ban? After a Florida man, Charles Frye, pleaded guilty to a charge of sending millions of spam messages, the judge sentenced him to one year in prison, followed by three years of suspended sentence with no access to computer for six months.

[Via SC Magazine, UK -]

Here’s why we don’t hear too often about failed identity thieves:

Finding identity theft suspects can be difficult for investigators.
Once they do make an arrest, matching the suspect to stolen checks can
also be a challenge. And then, the case is usually resolved with little
jail time.

A report about a California resident who was sentenced to six months in federal prison and three years of supervised release after she plead guilty to one count each of bank fraud and aggravated identity theft. She was
accused of trying to cash a Lodi woman’s paycheck by using the woman’s
driver’s license. Hardly a high-tech and cyber-related crime, yet, the underlying ideas are the same. The only problem in cybercrime is that the suspect is not so easy to catch and identity.

[Via Lodi News-Sentinel, CA -]

They had to do something, didn’t they?

"We apologize again to those consumers that may be affected by the fraudulent activity," said Smith [Chief Executive Derek Smith]

Of course, an apology is hardly enough to appease the the millions of US consumers who are afraid of receiving a letter in the mail bearing a ChoicePoint logo indicating that they are one of the 145,000 people with stolen information. ChoicePoint promised to stop selling information that contains social security  numbers and drivers’ license  numbers. I wonder what is the value of such a move? Is it just to appease the anger among some consumers? Or it is a genuine decision motivated by a care about consumers and concern about where our privacy is going?

It is hard to tell, but hopefully this first step will lead somewhere.

[Via News.com-]