prhackers
Web Technology with "E-Commerce"
Warning to Everyone about Home Hackers
New high-speed modems put home computers at risk
Quotes from (US News Online) 10/4/99
Catherine Palmer wasn't sure if her computer had a virus or if she was just losing
her mind. Every time she went online, the Long Beach, Calif., resident noticed
something odd. The CD-ROM drive of her computer would open and shut without
prompting. Once, a software voice recorder popped up on its own and captured a
conversation Palmer was having with her husband. But when she walked in from grocery
shopping one day and saw her financial files scrolling across the screen as if an
invisible hand were operating her mouse, she realized she was being hacked. The
Palmers' landlord was harassed about loans they had never taken out, and their
credit cards were inexplicably maxed out. And though this has been going on for more
than two years, and the Palmers have filed complaints with the local police
department and America Online (her former service provider), Palmer says her hacker
remains at large. "I can't go online anymore," she says. "I now feel
helpless at the
hands of this person."
Cracking, or hacking with the intent to steal or deface, is so feared in the
corporate world that companies are spending about $1.8 billion this year on computer
network security products and services. Cracking of home computers had been rare,
but with the advent of high-speed Internet connections and home networks, it's of
growing concern. "What most people don't realize is that it's just as easy for
someone to connect to your computer as it is for you to connect out," says John
Morency, executive vice president of Sage Research, a technology consulting firm
based in Natick, Mass. It is going to get worse, he says. "If you have a high-speed
connection, it's fairly simple for someone to find out if they can connect to your
machine and then look for any applications they can exploit." Any machine connected
to the Internet is potentially vulnerable, but the best targets are those with
high-speed, "always on" connections, such as cable modems or digital subscriber
lines. Systems with high-speed connections are typically targeted because they are
the simplest to track down. That's because whenever you log on, your Internet
service provider assigns your system an IP, or Internet protocol, address, which
identifies your computer to the network. With dial-up connections, your IP address
changes every time you go online; typically, "always on" addresses are fixed.
The
longer that address is "active," or online, the better the chance an outsider
can
find you and prowl around.
Under siege. Cable companies and phone companies that install these high-speed
connections won't share their attack logs. But Fremont, Calif., customer of one of
the country's largest cable-modem service providers, Excite@Home, sent U.S. News a
log of attacks on his computer showing 538 attempts over a two-month period- an
average of almost nine every day. The threat is even more severe on inadequately
protected cable systems, as every computer in a neighborhood is connected via the
same network. Consumers running home networks, Web server software, or
remote-control software on their PCs are also at risk.
The kind of Gaslight creepiness Palmer experienced is unusual because it was
directed at her personally. Usually, attackers don't care who you are; they're just
looking for an unprotected system they can
use as a launching pad to break into larger networks (such as those of the FBI or
banks) or to ransack your machine for credit card data, passwords, or Social
Security numbers.
Even relatively inexperienced crackers don't have much trouble breaking into home
systems. The tools that make it possible to detect (or "ping," in tech lingo) IP
addresses and weaknesses in those systems are known as "vulnerability scanners."
They are not only easily downloaded from hacker sites but are given away by
well-respected companies to prospective corporate customers for a tryout before
buying. Network Associates, for example, offers its CyberCop Scanner as a free
download for 30 days.
People who use those kinds of ready-made tools are called "script kiddies."
"They're
not respected by hackers," says Michael Hudack, a 16-year-old former hacker and
editor of Aviary-mag.com. Hudack claims script kiddies are usually young vandals who
want to break into a system and deface it or steal personal information. But, he
says, "if they're any good, they'll use your machine as a jumping-off point to hop
into at least 12 more to cover their tracks before they hack into an important
government or corporate system. " A cracker will typically try to gain control of
consumer systems by installing remote-control software, which is legitimately used
in office networks to install, delete, and manage software on workers' computers.
With one copy on his machine and one on yours, the cracker can control all the files
and applications on your home system as if it were his own. The most popular of
these programs with crackers is Back Orifice, because it allows them to log on to a
system undetected.
Trapdoors. While it's unlikely the average consumer would install Back Orifice on
his home system, one may inadvertently do so by falling into a trap laid by wily
crackers, a technique known as remote access Trojan horses, or RATs for short (box,
Page 53). "Someone pretending to be a representative of Microsoft or the service
provider will send out an E-mail urging you to download what they claim is a
critical software update, when in fact, it's Back Orifice in disguise," says Jay
Rolls, director of network engineering for Excite@Home.
"When the consumer installs it, they've just made themselves open for attack."
Cable
providers also recommend turning off the file-sharing features on home networks as a
precaution, but, of course, doing so defeats the point of having a home network. And
consumers who want to install remote access software for their own use should use a
package with strong security, such as LapLink 2000 ($170). The best protection for
consumers may be to install consumer firewall software, which detects and prevents
attacks. In U.S. News's tests, the best of these proved to be Network Ice's BlackICE
Defender, which is a $40 download from the company's Web site (www.networkice.com).
Symantec is also planning to ship a consumer firewall application called Norton
Internet Security 2000 by month's end. Even dial-up users, who are open to attack if
they stay online for long periods of time, should use firewall software.
"I've noticed people trying to break into my system once or twice a day on
average,"
says Chip Rouse, regional manager for the Omaha-based consultant firm Management
Communication Services. This was also the case with Harry Saal, a networking
consultant in Palo Alto, Calif., who downloaded the software to monitor his
cable-modem-enabled home computer. "Once a day, or at least every other day, someone
or multiple people are attempting to get into this computer," he says. What's more,
Saal says his provider, a local independent company called ISP Channel, "never went
out of its way to let me know of these potential security flaws, and I think they've
underestimated the risks." And with the risks so great, who should be responsible
for protecting your home system from attacks: you or your service provider?
Who pays? "I believe if you are offering services that consumers expect to conform
to certain standards of security and confidentiality, you have a responsibility to
uphold those expectations," says Deirdre Mulligan, staff counsel specializing in
consumer privacy at the Center for Democracy and Technology, a Washington, D.C.,
think tank. Indeed, home PC cracking is compelling major cable providers, including
Excite@Home and Time Warner Cable Group, to consider offering consumer firewall
software to their customers, though none has committed to a product, price, or time.
Meanwhile, users may find that not all hackers have nefarious intentions. That was
Toronto real-estate appraiser Michael Roman's conclusion. Several weeks ago, Roman
returned from a three-day conference to find that his home network had been hacked.
But the marauders had not been stealing financial or credit card data;
instead, they wanted his MP3 files. What were they-hard-core techno tracks,
underground industrial? "No," says Roman, "just easy-listening tunes, like
Cat
Stevens and Neil Diamond."
The top hacks
Remote access Trojan horse probe (RAT). Crackers check to see if you've unwittingly
installed remote-control software, such as Back Orifice. If so, they can then take
over your PC. Advice: Never run a program sent to you via E-mail. Or install
firewall software (sent to you via E-mail).
Nuke (also known as "blue bomb" and "blue screen of death"). As a
prank during a
chat or online game session, kids send data that crashes Windows 95 (usually with no
long-term damage). Macintosh OS or Win 98 are protected, but pre-Win 95 and NT users
can download fixes at www.winfiles.com/bugs/oob.html.
Firewall software
also works.
File-and-print-sharing hack. Activating the "file and print sharing" feature
lets
everyone on your home network share files, drives, and printers, including hackers.
If file sharing isn't a must, turn it off (find
instructions at http://v-wave.com /powernews/jan/
REMEDY.HTM). If it is, a firewall
is essential.