Where the Dangers Are
Date: July 18, 2005Source: The Wall Street Journal
By:
In recent months, hackers have carried out a flurry of increasingly sophisticated attacks, highlighting the vulnerability of key computer networks around the world.
Criminals penetrated the database of CardSystems Solutions Inc., nabbing up to 200,000 Visa, MasterCard, American Express and Discover card numbers and potentially exposing tens of millions more. Leading high-tech companies in Israel allegedly planted surveillance software on the computers of their business rivals. British security officials warned of a computer attack aimed at stealing sensitive information from banks, insurers and other parts of that country's "critical infrastructure."
Security experts fear things will only get worse. As technology gets more complex, more vulnerabilities are springing up in computer networks -- and more criminals, terrorists and mischief makers are rushing to exploit them.
"What people can do on computer networks and what they can find on them has increased tenfold from a few years ago," says Bill Hancock, chief security officer of Savvis Inc., a major Internet-service provider. Infiltrating those machines and using them for evil intent is easier than ever, he says.
Some of the threats are well known; home-computer users for years have battled viruses and spam and more recently have been barraged with spyware, adware and fraudsters "phishing" for sensitive information. Less visible is the constant probing of corporate networks by would-be intruders seeking trade secrets or competitive intelligence, and the data breaches caused by disgruntled or dishonest insiders.
Meanwhile, government authorities report that hackers are stepping up attempts to attack critical systems such as water, electricity, finance, transportation and communications. Last year, the Department of Homeland Security prepared a worst-case cyberdisaster scenario where criminals broke into financial-services facilities.
Twenty million credit cards were canceled, automated teller machines failed nationwide, payroll checks couldn't be delivered, and computer malfunctions caused a weeklong shutdown of pension and mutual-fund companies. "Citizens no longer trust any part of the U.S. financial system," the scenario concluded.
Here's a look at the threats the security experts worry about the most -- and what businesses and consumers can do to protect themselves.
TARGETED ATTACKS
The mass mailings of worms and viruses that clogged email in-boxes and corporate networks in recent years have given way to less visible but more dangerous attacks aimed at specific business and government targets.
In many cases, these invasions involve a Trojan -- malicious software that hides inside another, innocuous program. Once planted on a victim's computer system, the Trojan can, among other things, steal information at will and send it back to a criminal. Trojans that are customized for a specific target are particularly dangerous, since conventional antivirus programs are designed to spot and block previously identified threats.
"Because these things are one-off, the virus scanners do not recognize them at all," says Bryan Sartin, director of technology for Ubizen, a unit of Cybertrust Inc. of Herndon, Va.
Criminals use a variety of methods to get Trojans onto their targets' systems. Often, they trick employees at a targeted company into installing the software. In the Israeli case, law-enforcement officials discovered that the alleged perpetrators gave victims floppy disks containing seemingly legitimate business proposals. The disks contained Trojans that used "key logger" software to record what users typed, and then transmitted that data, along with documents and emails, to a computer in London.
Hackers also take advantage of security flaws in Web browsers. Last year, hackers invaded the computer system of a large bank using a known, but unpatched, vulnerability in Microsoft Corp.'s Internet Explorer, says Alfred Huger, senior director of engineering for computer-security firm Symantec Corp., Cupertino, Calif., who investigated the break-in. For 90 days, the criminals collected network and database passwords and intercepted secure communications, among other things. Mr. Huger says he doesn't know how much money was lost.
Security experts are increasingly concerned about break-ins that come via a company's partners and vendors. These smaller companies often have privileged access to their larger partner's computer systems, but may not be as well protected. Last year, John Pironti, a security consultant with Unisys Corp., of Bluebell, Pa., says he helped discover a powerful Trojan that had been planted in the computer network of a major financial institution. A hacker penetrated one of the bank's custom-software suppliers and discovered the "open pipe" to the financial-services provider's network.
The most effective method for protecting against such attacks is also the simplest -- disconnect databases containing sensitive information, such as credit-card data, from the Internet. "Systems like that should not have Internet access, period," says Ubizen's Mr. Sartin.
If that's not possible, all such systems should have "firewall" technology that monitors Internet connections and raises a red flag if it detects suspicious activity, such as high volumes of data sent at unusual times. Other tools can take a snapshot of legitimate system configurations and sound alarms when changes occur.
And, of course, all computers need to be kept up to date with security patches and antivirus software, and users need to be educated about opening unknown attachments or visiting suspicious Web sites.
BOTNETS
A single computer infected with a Trojan is bad enough. An army of infected computers is a weapon of mass digital destruction.
"Botnets," short for robot networks, are made up of home and business PCs that have been taken over by hackers and joined together to create remote-controlled networks. The hackers (sometimes called "bot herders") use the combined power of these machines to mount a variety of Internet attacks, right under the noses of the PCs' rightful owners. The size, and power, of such botnets is growing rapidly, as bot herders learn how to manage networks of tens of thousands of compromised "zombie" or "drone" PCs.
Here's how it works: Hackers or criminals slip Trojans carrying the bot software onto the PCs of unwitting targets. The infected computers are then programmed to listen for instructions, generally sent via instant-messaging channels.
Once assembled, the botnet can be used to send spam, launch phishing attacks or disrupt a Web site by flooding it with visits, a so-called denial-of-service attack. One popular tactic of organized cybercriminals: denial-of-service attacks against Internet gambling sites. The criminals then extort the sites for payment to halt the attack.
Home computers, which generally lack sophisticated network-monitoring tools, are most vulnerable to becoming unwitting conscripts. Early last year, Time Warner Cable began sending Matt McKay "spam ticket" citations and threatened to turn off his Internet service. The 32-year-old Charlotte, N.C., attorney wasn't moonlighting as a spammer. A hacker had hijacked his computer. "I was spamming people, and I didn't know it," he says.
The Federal Trade Commission in May urged Internet-service providers to more actively combat botnets, which the FTC estimated send as much as 80% of spam. The FTC suggested ISPs monitor their customers for suspicious emailing patterns, block Internet connections favored by bot herders and help consumers clean up infected machines.
BLACKOUTS
In last season's television thriller "24," terrorists used the Internet to penetrate control systems at dozens of U.S. nuclear power plants -- and cause one to melt down. Hollywood fantasy? Security experts warn that such an attack is not as far-fetched as it might seem.
The systems used to control the nation's water, power, transportation and communication systems are increasingly being connected to corporate networks that are in turn connected to the Internet. That makes it easier to control and maintain the systems remotely, but also makes the systems vulnerable to viruses, worms and other Net-based threats.
Cyberattacks that successfully penetrate such "supervisory control and data acquisition," or Scada, systems appear to be increasing. The British Columbia Institute of Technology and the PA Consulting Group in London, which documented a handful of such incidents through 2000, have reports of at least 80 successful attacks world-wide since 2001. "Some just snoop around, some do damage," says Eric Byres, who manages the research project.
In May, the General Accounting Office reported similar findings. Security consultants cited in the report said hackers are continuously probing the power grid for vulnerabilities; in some cases, intruders gained access to utilities' control systems and affected operations, though not causing serious damage.
The vulnerability of vital networks was highlighted by the Northeast blackout of 2003. Though not caused by a cyberattack, the incident was exacerbated by one: The "Blaster" worm, which had been released days earlier, clogged communications links and hurt operators' ability to stem the cascading blackout.
Security experts say such power-control systems are unlikely to be the primary target of terrorists, who arguably are more interested in...
NextOriginal article
Add comment
Email to a Friend
