Internet security worries on rise
As war rages in Iraq, computer technicians are waging a battle of their own in cyberspace.
The real-world conflict has stoked some high-profile vandalism online as Internet-savvy activists disrupt Web sites to post their views on war. Among the targets: a U.S. Navy Web site, the al-Jazeera English language site and even the N.C. secretary of state's site -- twice.
Most attacks have been harmless, the cyberspace equivalent of graffiti on buildings, as hackers hijack Web sites to post their rants. It looks unattractive but doesn't destroy data or spread viruses.
The N.C. Secretary of State's site, for example, was hijacked late March 23 by a hacker who expressed a pro-war position. Two days later, it suffered another attack from someone with an antiwar bent. No information was stolen or erased.
"It's something that's happening more and happening as a result of world events," said Gregory B. Newby, assistant professor in the School of Information and Library Science at UNC-Chapel Hill. "Defacing a Web site ... is usually not that difficult" and isn't alarming.
But hacking isn't always innocuous. More serious system breaches continue to occur as criminals seek to steal credit card numbers and spread viruses that can cripple networks.
And any attack, harmless or not, raises questions about the security of computer systems even after companies and governments have spent billions beefing up their networks in recent years.
According to the CERT Coordination Center, a federally funded organization at Carnegie Mellon University that tracks online crime, more than 82,000 hacking incidents occurred last year, a 56 percent increase from 2001. It can't say exactly why incidents, which can involve many sites, are rising. It might simply be linked to the growth of Web users and online traffic.
Some recent cases show how serious the threat can be. Hackers broke into a Georgia Tech University computer system between Feb. 4 and March 14 that had data, including credit-card numbers, on 57,000 patrons of the Ferst Center for the Arts, a venue for concerts, recitals and lectures.
At Athens Drive High School in Raleigh, at least one student hacked into a database in March to change the grades of 20 students.
Security experts say these and other episodes prove that money can't buy total protection. Hacking is an evolving problem that requires constant diligence and focus.
"There's no such thing as perfect security," said Douglas S. Reeves, professor of computer science at N.C. State University. "There's no defense that can't be penetrated with enough effort."
Many attacks are facilitated by software bugs. Computer operating systems often have flaws awaiting discovery by a crafty criminals. Once found, glitches often are published on the Web, prompting a wave of disruptions.
Some hackers rely on something called "social engineering." They send a virus in an e-mail instructing recipients to open it for a joke or surprise. When they do, it infects their computer and sends itself to other machines.
High-speed Internet, or broadband, and wireless connections also have made it easier for hackers. With broadband, the connection is always on, meaning without proper protections in place, a skilled hacker can tap into a victim's machine. Computer programs allow hackers to scan for open connections almost constantly.
Wireless networks are also gaining popularity among home users trying to make the most of high-speed connections. But the gear often has minimal security, and could help hackers enter the system.
"Unfortunately, there's an army of kids with too many IQ points and too much time," said Donald W. McArthur, who focuses on Internet crime as a special agent for the FBI in Raleigh.
That could be disconcerting to U.S. consumers who are using the Web to shop, bank and pay bills.
Most companies have learned to handle transactions securely, so it's less likely, for instance, that a hacker would swipe your bank account number as it zips between your home computer and a database, Reeves said.
The biggest threat is to those databases that store volumes of information about consumers. If they are hacked, a consumer could be affected whether or not he has ever conducted an online transaction. Many businesses now store data in electronic files.
The key to preventing attacks, say experts, is constant vigilance and common-sense precautions. Consumers should install basic protections, such as firewall software that can prevent criminals from gaining access to computers.
That's especially important as more people log into corporate networks from home. Without taking precautions at home, they could help criminals enter corporate systems, experts say.
Businesses must stay on top of software patches used to plug known glitches and make sure they're investing in needed equipment. Although money can't buy foolproof protection, it can help make systems more secure.
After the N.C. secretary of state's Web site was attacked twice last month, for instance, it invested in software that automatically refreshes the site when it has been altered, helping prevent cyberspace graffiti.
"It's a continual process," said Ian Hameroff, security strategist for Computer Associates, an Islandia, N.Y., software company that helps businesses manage data. "It's important that we all chip in and make sure we don't treat this in a lackadaisical manner."
Cybercrime News Archive