kids encyclopedia robot

Pharming facts for kids

Kids Encyclopedia Facts

Pharming is a tricky type of cyberattack. It tries to send you to a fake website instead of the real one you wanted to visit. Imagine you type in your favorite online game's address, but pharming sends you to a copycat site that looks exactly the same! This can happen in two main ways:

  • A bad program might change a special file on your computer called the "hosts file." This file tells your computer which internet address goes with which website. If it's changed, your computer gets tricked.
  • Attackers might mess with a DNS server. DNS servers are like the internet's phone book. They turn website names (like `example.com`) into computer addresses (IP addresses). If a DNS server is "poisoned" or tricked, it gives out the wrong address, sending you to a fake site.

Pharming is different from phishing, which is when someone tries to trick you into giving them your username and password, often through fake emails. Pharming is more sneaky because it can happen without you even clicking on a bad link. Both pharming and phishing are used by criminals to steal information, like your identity or money.

How Pharming Attacks Work

Pharming attacks often target places that are easier to trick.

Tricking Your Computer's Hosts File

Your computer has a small file called the hosts file. It's like a mini-address book just for your computer. If this file gets changed by a bad program, it can tell your computer to go to a fake website even when you type the correct address. For example, if you type in your bank's website, the changed hosts file might send you to a fake bank site instead. This is a common way for malware to work. Personal computers, like desktops and laptops, are often targets because they might not have as much security as big company servers.

Tricking Your Home Router

A more worrying way pharming can happen is if your home wireless router gets attacked. Your router is the device that connects all your home devices to the internet. It usually tells your devices which DNS server to use. If a hacker changes your router's settings, it can send all the devices in your home to fake websites.

Routers can be tricked in a couple of ways:

  • Changing settings: A hacker might change the router's settings to use a bad DNS server that they control. Then, all your internet requests go through their server, which can send you to fake sites.
  • Changing the router's software: Routers have special internal software called firmware. A hacker could replace this software with a bad version. This bad firmware could secretly redirect your internet traffic without you knowing. It might even make the router's settings page look normal, so you don't realize anything is wrong.

Many home routers are easy targets because:

  • They often use default passwords that are easy to guess.
  • People don't always change these passwords.
  • Some routers don't make it hard for someone to guess passwords by trying many times.

Once a hacker gets into your router, they can change its settings or even its software. This makes it very hard to find the problem because the attack happens before your internet traffic even leaves your home network.

Real-Life Pharming Examples

  • Panix ISP Attack (2005): On January 15, 2005, the website address for a large internet company in New York, Panix, was hijacked. It pointed to a website in Australia instead of the real one. The problem was fixed two days later. An investigation showed that the company managing the website address made a mistake.
  • Financial Company Attack (2007): In February 2007, a pharming attack hit at least 50 financial companies in the U.S., Europe, and Asia. The attackers made fake websites that looked just like the real ones. When victims visited a specific website, a bad program called a Trojan horse was secretly downloaded to their computers. This program then collected their login information for the financial companies. This attack lasted for three days.
  • Mexican Bank Attack (2008): In January 2008, a security company reported a pharming incident against a Mexican bank. A customer's home router DNS settings were changed after they opened an email that looked like it was from a real greeting-card company.

How to Protect Yourself from Pharming

Protecting yourself from pharming is important, especially since regular Antivirus software might not stop it.

Using Secure Websites

The best way to protect yourself is to always make sure you are using secure web connections, especially for important sites like banks or online shopping. Look for "HTTPS" at the beginning of the website address (instead of just "HTTP"). You should also see a padlock symbol in your web browser's address bar. This means your connection is encrypted and more secure.

Also, check the website's public key certificate. This is like an ID card for the website. Make sure it's from a trusted source and hasn't expired. If you see a warning about a certificate, be very careful!

Protecting Your Router

For home users, one of the most important steps is to change the default password on your wireless router. Routers often come with easy-to-guess passwords. Change it to something strong and unique that would be very hard for someone to guess. This makes it much harder for hackers to get into your router and change its settings.

Other Defenses

  • Server-side software: Big companies use special software on their own servers to protect their customers from pharming and phishing.
  • Browser add-ins: Some web browser tools can help protect you from phishing attacks.
  • DNS protection: There are ways to help make sure that DNS servers are not hacked, which prevents them from being used in pharming attacks.

See also

kids search engine
Pharming Facts for Kids. Kiddle Encyclopedia.