Computer Crime Research Center


Where the Dangers Are

Date: July 18, 2005
Source: The Wall Street Journal
By: David Bank and Riva Richmond

... of terrorists, who arguably are more interested in spectacular physical attacks that generate casualties. But experts are increasingly concerned that attacks on critical systems could be used in conjunction with more-violent tactics to compound the damage -- for instance, by disabling emergency-response systems.

Some of the vulnerabilities of these control systems can be offset by rigorous compliance with standard cybersecurity practices. Congress is considering adding such requirements to the federal energy bill now pending. But many security experts say existing Scada systems are obsolete and need to be replaced by new sensors with multiple layers of security, including in the hardware, the network and the application.

Perhaps more important, says S. Shankar Sastry, a professor of electrical engineering at the University of California, Berkeley, are strategies for "graceful degradation," for example by installing several layers of defenses, to ensure that vital networks remain at least partly operational during and after a major attack. "We should expect in the future for attacks to succeed," Mr. Sastry says. "The question is: How do you keep the infrastructure from completely falling apart?"


Hackers can take down a corporate computer network. But could they crash the whole Internet? The same qualities of trust and openness that have made the Internet successful also make it vulnerable to major outages.

The experts' top worry: an arcane mechanism known as the "border gateway protocol." The protocol is used by the hundreds of networks that make up the Internet to advertise their routes so they can carry each other's traffic. By falsifying such announcements, hackers could intercept Internet traffic, modify it or simply make it vanish by directing it to bogus or nonexistent routes. And by directing a flood of traffic onto a route too small to handle it, a hacker could overload and crash at least parts of the global Internet.

"You can take out some portion of the Net for some amount of time," says Steven Bellovin, a longtime security expert at AT&T Labs and now professor of computer science at Columbia University. If a sophisticated adversary sent out fraudulent routing announcements from a dozen different points, "you could have a very serious situation," he says.

In the past decade, security specialists say, inadvertent glitches in the protocol have caused a half-dozen large network outages and many smaller ones. In December 1999, such a mistake took down AT&T's Worldnet Internet service for most of a day, leaving 1.8 million customers without Web access. An even larger outage occurred two years earlier, when a small Internet-service provider mistakenly advertised incorrect routes, causing a two-hour disruption for large parts of the Internet.

Now, security experts are seeing apparently intentional attacks exploiting the weaknesses in the protocol. In one case, the Web site of a large Internet-networking company vanished, meaning no traffic could reach it for several hours. In another, some Internet traffic went into a "black hole" along an advertised route that didn't really exist; email, Web requests and so on simply disappeared. Neither incident was considered serious, but they showed "the threat is real," says Craig Labovitz, director of engineering at Arbor Networks Inc., a network-security firm in Lexington, Mass.

Spammers are also starting to take advantage of the technique. By advertising fake Internet addresses for just long enough to launch their spam, then withdrawing the addresses, it's possible to erase any trail that law enforcement might follow. "Nobody can find it," Mr. Bellovin says. "It's not in the database. You can't map your way to it. It's just gone."

Because the Internet is used by nearly everybody but owned by no one, systemic vulnerabilities have proved difficult to correct. For starters, a change would require upgrades to thousands of routers. And there's no consensus on how to fix the border-gateway protocol.

Still, the Net has proved remarkably resilient against large-scale attacks. "We've been hearing these end-of-the-Internet stories for the last 10 years," Mr. Labovitz says. "But we haven't seen many of these mega-attacks." The most likely reason: Hackers, thieves and terrorists have come to depend on the Internet just like everybody else, and don't want it wrecked.


Internet-related fraud accounted for 53% of all consumer-fraud complaints made to the Federal Trade Commission last year. Among the biggest threats are those involving scammers who use elaborate ruses to pretend to be someone else.

In "phishing" scams, fraudsters send emails that appear to come from a trusted source, like Citibank or eBay. Click on a link in the email, and you're directed to a fake Web site, where you're asked to reveal account numbers, passwords and other private information. In some cases, phishing sites plant hidden programs, such as key loggers, on victims' computers. So even if a visitor doesn't enter any data into the phony site, the phisher can try to filch it later.

Then there's "pharming," where hackers attack the server computers where legitimate Web sites are housed. Type in the address of the legitimate site, and you are redirected to a look-alike. In a similar ruse, hackers use Trojans to manipulate the browser cache on a victim's computer, where copies of Web pages are stored so that they don't have to be reloaded from scratch with each visit. When you visit a site stored in your cache, you are directed to a fake site instead.

In "Evil Twin" attacks, hackers set up Wi-Fi hot spots that trick your computer into thinking it's accessing your home wireless network or a safe public network. While you use the network, attackers can monitor your moves and steal the information you enter into a Web site, if the site doesn't have the right safety measures.

To combat phishing, assume that any email asking for personal information is a fake, says Robert C. Chesnut, senior vice president of rules, trust and safety at eBay Inc. Consumers can also get help from new phishing-site blockers from service providers Time Warner Inc.'s America Online unit and EarthLink Inc.

As for pharming, some banks are beginning to look at ways to help consumers distinguish real sites from fake ones, such as letting consumers choose personalized images that appear on the site whenever they visit. To combat the variation on pharming that involves meddling with PCs, consumers should be sure to regularly sweep for Trojans with antivirus and antispyware programs available from companies such as Symantec, McAfee Inc. and Webroot Software Inc.

For Evil Twin attacks, wireless users should enter private information only into sites that protect data with encryption technology, which is signified by a little lock on the bottom of the page.


Many hackers who covertly take control of your computer are looking to draft it into a botnet. But there are a host of other ways to get hijacked. Aggressive marketers are using "adware" to hijack Web searches, display pop-up ads and drag surfers to unwanted Web sites. Adware's more insidious cousin, spyware, can capture users' keystrokes and follow their browsing activities. These programs often arrive bundled with free software or sneak onto users' computers when they visit dodgy Web sites.

Viruses, meanwhile, have become a tool for delivering malicious payloads and not just a form of causing mischief. Hackers are using them to install bots and Trojans that give them control of PCs, allowing them to send spam and steal private personal information silently.

After Mr. McKay, the Charlotte attorney, cleared up his botnet problem, the home page of his Web browser was hijacked by an adware program, forcing him to view a "flashy, gaudy" page featuring links to mortgage lenders and pornography. Only when his girlfriend refused to touch the computer did he cave. "I said, 'All right, this is embarrassing,' " he recalls. " 'I'm going to fix it.' "

Mr. McKay had to undergo a crash course in Internet security to get rid of the programs that hijacked his computer. He ran a battery of different security programs, killing anything that looked suspicious. But after a slew of software failed to clean out his machine, he turned to extracting the pests manually.

Security experts advise consumers to make sure they install and use firewall and up-to-date antivirus programs, combined with regular sweeps with a spyware-removal program. Increasingly, Internet-service providers are offering their embattled customers security tools. Many people are also switching to Apple Computer Inc.'s Macintosh machines and the Firefox Web browser, which have rarely been the target of malicious code.


In the future, security attacks will come out of thin air. Smartphones and some personal digital assistants boast always-on wireless connections and run more-sophisticated software than standard cellphones, making them susceptible to viruses, worms and data theft just like PCs.

The hackers' current pathway of choice: Bluetooth. This radio technology allows short-range wireless communication for sending messages, exchanging electronic business cards and using wireless headsets. But hackers can exploit flaws in Bluetooth to steal information from digital gadgets or spread viruses.

For now, mobile viruses have done little more than drain their victims' phone batteries and send off text messages using their account. But bigger threats may be coming. The invasions so far were merely "science projects" for hackers...
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-06-14 00:53:27 - Gabriel Christou Says: please visit so you... Gabriel Christou
2007-02-26 07:37:55 - The information I found here was rather... uomo
2007-02-26 02:47:21 - The information I found here was rather... uomo
2007-02-22 15:55:24 - Nice site you have!... dizionario
2007-02-22 10:23:02 - Nice site you have!... dizionario
2005-11-02 10:21:57 - Thank you for the information! Misho
2005-09-10 21:21:25 - Ref: to article excerpt "CRASHING THE... William Linden
Total 7 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo