IU researchers warn broadband Internet users of potential identity theft

Symantec Corp. and IU researchers have teamed up to combat online identity theft, which affects 2.5 million wireless Internet users who have broadband routers.\n“It’s a newly obvious problem, because so many people have the common broadband router, and those are the people at risk,” graduate student Sid Stamm said.\nIU researchers Stamm and his adviser Markus Jakobsson collaborated with Symantec representative Zulfikar Ramzan to detect a quick fix for the problem.\nSymantec, a computer software security company, released an announcement in December regarding “drive-by pharming” and “phishing.”\nDrive-by pharming is a hacker’s attack that redirects Internet users to bogus Web sites, which often resemble banks’ Web sites or such popular sites as MySpace and PayPal, to steal personal information, Stamm said.\nPhishing occurs when an Internet user opens an e-mail or receives a text or instant message that instructs him or her to click on a link. The typical phishing message often asks the user to type in personal information on the linked Web site under the guise that the user’s identification has been compromised and must be confirmed, Stamm said.\n“Phishing is like being tricked by a con artist to give him your money,” Jakobsson said in an e-mail.\nThe researchers urge people to change their broadband routers’ passwords from the default passwords. By doing this, it is harder for hackers to detect Internet users’ passwords, Stamm said.\nStamm said the warnings for people to change their passwords aren’t meant to scare them. They are simply to protect the alarming number of people who are at risk, he said.\nThe unique thing about this attack on routers is that it happens without much notice from the user. Often the attack takes control of main domain pages that users visit such as Google or www.iub.edu.\n“People who click on the e-mail are the bait,” Stamm said, “while those sending out the evil message are the fish looking for the bite.”