Spotting the pharming websites

The great British broadcaster Alan Partridge once proposed an innovative programme idea for television called Monkey Tennis. Although more varied, less predictable and arguably better TV viewing than normal tennis, the idea was shelved over some pretty sketchy concerns that the monkeys would never be up to the job.

Compared to how long it would take primates to do little more than learn the rules of tennis, the hacking fraternity have rushed through their own 'Evolution of Man' faster than you can say Roger Federer.

As the motives behind hacking become increasingly entrepreneurial, so the tools and techniques employed are starting to reflect the sinister virtues of ruthless efficiency. Having originally emerged as primitives, hackers have become industrialized.

During hacking's early Neanderthal age, the method of attacking your victim was by hunting. The hunter selected its victim, silently preyed upon it and then disadvantaged it somehow by stealing its data or defacing its website. Rather like clubbing a squirrel to death it's time-consuming and inefficient, but effective and rewarding all the same.

Then came a more sophisticated and less strenuous approach – Phishing. Rather than hunt individual targets, the hacker increases his yield and decreases his effort by casting bait out into the unending abyss. Bites and catches are as inevitable as the victims are random. The ploy works as long as Internet users remain unaware of what the bait looks like, but even in a small pond of mainly knowledgeable prey the hacker can make a tidy profit.

Today we have Pharming – where hackers can well and truly live off the land and let unseen science do all the work. Unlike Phishing, where a spam email tricks users into visiting a spoofed website encouraging them to disclose their confidential data, Pharming attacks require no action from the user outside of their regular web surfing activities. Users requesting a bona fide website are unknowingly redirected to a spoofed website that they have no reason to suspect is illegitimate.

With pharming, the hacker does little more than sow the land with seeds and harvest the bounty. The more sophisticated the science, the greater the crop. Minimum risk, maximum output.

This evolutionary analogy works because the overriding environmental conditions of the natural world are as profound and unfathomable as those of the Internet world. Growing carrots and corn on an agricultural scale is a case of understanding Mother Nature and redirecting its course. For the hacker, Pharming is the result of overcoming the complexities of accepted Internet navigation protocols. Users and enterprises could be forgiven for knowing as much about DNS poisoning and key-logging spyware as they do about pesticides. The result? There is little certainty about what we're consuming anymore.

The Green movement has been very keen to spread awareness about the threat of agricultural pollution, deforestation, intensive battery farming and – evil of all evils – genetically modified (GM) crops. So does the emergence of GM give us a warning about the future of IT security threats?

It does in as much as it demonstrates the next causal step in the evolutionary cycle. Mother Nature has been understood and respected for long enough, now it's time to cheat the fundamental ecological rules of the world and create something new. In the Internet world – the pace of hacking development means that this kind of reality could be closer than one would imagine.

Back with the monkeys again, I recall someone eminent once suggesting that – given a million years and a replenishing supply of fresh bananas – a troop of simians could eventually type out the complete works of Shakespeare. Some would argue that they'd have evolved by then, or maybe that's where Darwin's theory falls down.

The acid test would be to train a monkey to hack. Now that would be interesting...

The author is regional director for Fortinet


1) It doesn't 'feel' quite right

The login process or information displayed will not look precisely the same as the legitimate site

2) It asks for more than is necessary

Pharming sites will most likely ask for additional information that is not normally required.

3) There is no SSL padlock on the browser.

Legitimate websites requesting confidential information will always encrypt the session with Secure Sockets Layer (SSL). Look for the 'padlock' icon on your browser and double click on the padlock to verify the SSL certificate.

4) There is no 's' for 'secure' in the address bar URL

On a safe site, the browser URL should contain the prefix https:// in the address bar. Pharmed sites do not normally have SSL certificates and will remain as https:// even when you are requested to submit confidential data

5) The browser alerts you to a SSL certificate problem

Spoofed SSL certificates should cause your browser to display a security alert message. Rather than ignore it, users should take the opportunity to check the certificate and take this as an obvious sign of a fraudulent website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.