Computer Crime Research Center


Cyber crime

Date: November 15, 2005
By: BarkerJr

Internet security and crime affects everyone, whether they know it or not. Any person who uses the internet may be attacked at any moment and has most likely received unsolicited email. Those who do not use the internet could lose all their money by a hacker breaking into their bank's computers. It is important to understand how computers are broken into so one may be able to protect himself or herself. lists many meanings for "hacker." Two of the meanings have relevance to computers: one who illegally gains access to a computer system or one who is proficient at using a computer. As these two terms are confusing, it might be safer to use the term "cracker" for those that seek to enter others computers. A cracker is a person that cracks into computers to damage computer performance.

According to CNN, 50% of US citizens have used the Internet and an additional 18% of US citizens would like to use the Internet in the future. This figure means 68% of US citizens will be potentially on the Internet in the near future. This is a large percent of the US that are online. As more people are online the security hazards rise.

Every day more cities and towns offer high bandwidth, always on, Internet connections for home users. There are various types of high bandwidth (wideband) Internet connections, two are: DSL (including ADSL, SDSL, etc.), which connects through phone lines, and cable, which connects through cable TV wires. Computers on these types of connections are considered "gold mines" to crackers for many reasons, including: wideband connections and static IP addresses. With a wideband connection, the cracker can use the computer as an anonymous drone to attack other computers and get the computer's owner in trouble. With static IP addresses, the computer's unique number on the internet does not change each time the computer is on, therefore allowing the cracker to connect to the computer easier and share the IP address with his or her friends.

To use another person's computer to attack third party computers, the cracker must gain control of the computer to use as an attack drone. To gain access to that computer, the computer's owner must have either installed a program to allow remote control, like a socks proxy, or have been infected by a trojan virus. Most viruses delete data or damage the computer, but trojan viruses allow others to control the infected computer. According to Symantec, the current virus count is over 45,000 with 10-15 new viruses every day. This is quite a serious problem.

Some attacks effect companies more than individuals. Some crackers will break into a corporate server to retrieve confidential information to display publicly or sell to competitors. This is especially damaging if the information is not yet patented. Often, a disgruntled employee or an ex-employee performs this type of attack from the inside.

Sometimes a cracker will deface a website. Often the website or people involved with the website annoyed the cracker so he or she gets revenge by placing undesirable material, such as pornography, on the website in the place of images and text. Other times the cracker wants to get a point across. Recently, with the controversy about the program Napster, a cracker changed the front page of many sites to read about how good Napster was and that it should not be outlawed. These attacks will damage companies, but often can be fixed easily if the web designers keep regular backups.

Perhaps the most damaging attack is the DoS attack. Sending a flood of data to the victim computer so quickly that the victim computer either can't process the information fast enough or the victim computer's bandwidth gets completely used up so legitimate traffic and customers cannot reach the site performs DoS attacks. If the victim computer cannot process the data quickly enough, an operator of that computer or of the network the computer is on can often block, or filter, all incoming data from the cracker's computer. If the attack is causing all the bandwidth to be used up, the cracker's computer can be filtered out and the bandwidth usage is usually cut in half, causing much less damage.

When multiple computers attack one computer, the attack is called a DDoS attack. The DoS attack is relatively easy to block compared to the DDoS. Sometimes a single person controls all the computers via trojan virus. These attacks are especially hard to stop because they often come from hundreds or thousands of computers at once. The best way to prevent DDoS attacks is log everything. Once one has a log of the attackers, he or she can report them to their ISP and sometimes even the government.

In February, Yahoo!, Cable News Network, eBay, and E*Trade were attacked by DDoS attacks. It severely slowed down or shut down their sites at times for over two weeks. One person controlling thousands of trojan virus drone computers created these attacks. The attacker was caught and all the attack drones notified so they could fix their computers, but there are many thousands of attack drones still out there waiting for someone to control them.

Some crackers will use a company's free service just to annoy other customers and give the company a bad reputation. A good example of these attacks is unsolicited email, more commonly known as email spam. Unsolicited email is often sent advertising a product or website. Sometimes the website is not sending the spam, but someone who dislikes the website tries to give the website a bad reputation. Almost all spam email is sent with a false "From" header. Falsifying the "From" header is done for a few reasons: to keep their ISP from canceling their account and to prevent their email boxes from being flooded with bounced emails. Using an email address that belongs to someone else is illegal, but that law does not discourage many spammers from doing it. Some ways to identify email as spam include: the from email address is "From" someone you don't know or the subject contains random letters and numbers at the end and a lot of exclamation marks mixed in.

One might argue that we get junk postal mail every day and don't complain, but the key difference with spam is who pays for it. The sender must pay for postal mail, whereas the receiver pays for email. When a spammer falsifies his email address to be an invalid email address and sends an email to another invalid email address, the email is sent to the email server administrator. This causes much more time to be used by the server administrator and time is money.

Another frequently abused service is IRC. IRC is a text-based chat service. Three main ways to attack IRC are: "verbal" attacks, clone attacks, and flood attacks. Verbal attacks are people going onto IRC and verbally abusing people on the server. This attack is usually quite easy to stop by banning him from the specific IRC server. Clone attacks are where hundreds of people or robots connect via socks proxy or trojan virus to the same IRC server often overloading the server or causing clients with slower computers to lock up. These clone attacks are quite like DDoS attacks and almost as hard to stop them. Since these attacks lock up slower computers because their IRC client cannot process the information sent to it fast enough, many people run IRC robots. As IRC robots are usually basic C coded programs running on Linux, they can process data much faster than windows based graphical chat programs. IRC robots hardly ever lock up so they make ideal protectors to automatically ban any users they deem are flooding. The third type of attack is the flood attack. With flood attacks the attacker sends many random characters to the server also causing users with slower computers to lock up. Of course the worst attacks occur when the attacker combines two or more of these attacks together. Then one often has to sit back and let the attack run its course then send the logs to the attacker's ISP.

There are many ways people use to prevent attacks. The best way is to try not to annoy anyone. This way is not possible for most companies. Another way is to understand exactly what everything on the network is capable of and is currently doing. If one does not understand their software 100%, it should not be installed. Another popular way to prevent attacks is firewalls. Firewalls block certain types of data from getting to the servers. Many firewalls block certain ports on a computer, effectively stopping certain connections to the computer. Most firewalls block all closed ports. This means the server will not reply with a "Connection Refused" when a connection attempt is made to a closed port. This blocking is especially important because replying with "Connection Refused" not only uses valuable bandwidth, but it also requires computer resources to process and respond to it.

One must beware of pseudo protective software. Some programs advertise to catch snoopers and collect information about them so that you can report them. Many of these programs will let crackers know that the computer is on and a few will even log the webpages visited and send them to the manufacturers of the software. Whenever getting protective software, always be sure to get a recommendation for it first.

Cyber crime is only important to a few people, but it should be important to everyone. If everyone becomes aware of the dangers of being online, the dangers will slowly disappear. If everyone watches out for viruses, they will not spread nearly as far or fast as they currently do. If everyone makes sure his or her network is secure, there will not be any more attack drones and every cracker will be personally accountable for their actions.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2008-03-25 11:26:07 - what impact has modernisation on the types... raj
2008-03-25 11:18:20 - what are the are some of the ideas that... raj
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo