What Is Drive-By Pharming?


I heard there is a new way for hackers to get into my home network called “farming” or something like that. Is this true?

- Julian


This question was answered on March 1, 2007. Much of the information contained herein may have changed since posting.

The bad guys are always looking for ways to infiltrate easy targets and residential customers are perceived as 'low hanging fruit' by those with malicious intent.

The primary reason that residential customers are such great targets, is that they rely on as much technology as a small business did 3 years ago, but they possess little or no IT expertise to manage the technology.

This additional technology is the gateway to your personal information, because most users don't know how to properly secure their home network or that it's even necessary in the first place.

Questions like yours are great, because it relates to virtually anyone that has a home network that uses a device referred to as a broadband router.

This device's primary function is to allow you to share your high-speed Internet connection with multiple computers in the house in a secure manner through the use of a firewall (which hides the computers from the greater Internet).

The problem with any security device is that it can create a false sense of security for those that don't really understand how to manage it.

In this case, the very device that is supposed to provide the security can be tricked into sending you to fake sites that are designed to steal your identity,

This new potential hacking procedure called 'Drive-By Pharming' is still just that; a potential, but it does point out a major flaw in most residential network's security configuration.

The attack is fairly complex, but the fix is pretty simple!

Here's how it works:

First, the bad guys setup a web page containing malicious code (usually hidden on a site that looks legit) that silently attempts to login to the visitor's home networking router If this attempt is successful, the code then attempts to change the DNS (Domain Name System) server settings in the router to point at a special DNS server on the Internet that is controlled by the hacker.

DNS servers are like the traffic cops of the Internet and your computer asks for directions from these servers every time you type in an address in your browser If your computer is sent to the bad traffic cop, the visit to your bank's website will look exactly like it should, but will actually be the hacker's identity theft site and you will have no way to know you are being tricked.

Routers from companies like Linksys, D-Link, Netgear and even Cisco have all been shown to be vulnerable to this scheme, but the good news is that protecting yourself from this attack is fairly simple.

This whole attack is predicated on the fact that most residential users don't change the default username and password on their broadband routers, which makes it a piece a cake to exploit lots of home networks.

As soon as you finish reading this column, grab your router's user manual and get the specifics on how to change the default username/password to something other than what it was setup with at the factory AND remember to do it again if you ever have to reset your router in the future.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!


Posted by Ken of Data Doctors on March 1, 2007