Forget seedy chat rooms and porn sites. The true danger of the
Internet is the access it gives hackers to your system, network, and
personal information. There have been several security breaks and hacker
attacks of note since the beginning of the year.
Microsoft recently posted an alert that your system can be hacked via
a hole in Internet Explorer. Red Hat's popular version of Linux suffered
three worm attacks: Ramen in January, Lion in March, and Adore in April.
Add that to the recent AnnaKournikova and NakedWife e-mail viruses and
you get the picture: Hackers are not just the stuff of bad Saturday
afternoon movies.
Hacker attacks are more common that you may imagine. The Computer
Security Institute (CSI) recently released the results of its sixth
annual Computer Crime and Security survey, conducted in conjunction with
the San Francisco FBI's Computer Intrusion Squad. Based on responses
from 538 computer security professionals in government, medical, and
financial areas, as well as universities and a number of U.S.
corporations, 85 percent experienced computer security breaches within
the last year, and 64 percent admitted to financial losses from such
breaches.
Of those acknowledging attacks, 58 percent reported ten or more
incidents. Tellingly, only 36 percent reported these attacks to law
enforcement, but at least that's an increase over the 25 percent that
reported attacks the previous year.
Internet Explorer Exploited
Microsoft announced last week a hole in Internet Explorer 5.01 and 5.5
that could let a hacker run code on your computer, alter and delete
data, or reformat your hard drive. Although Outlook and Outlook Express
handle most e-mail, they rely on IE to process HTML mail. IE doesn't
know how to handle certain types of HTML mail attachments, though, and
rather than alert the user, the browser just launches such attachments.
Hackers exploit this by sending e-mail of this unusual type. The File
Downloads option, which is enabled by default, provides the entree: You
can install a simple patch that fixes the table of MIME (Multipurpose
Internet Mail Extensions) types and actions, which in turn stops e-mail
from automatically launching executable attachments.
Even the Linux world is now under attack. "It was rare to find
worms within the Linux world because there were so many different
operating systems and things like that," says Lance Spitzner,
founder of the HoneyNet Project, a security group. "But the
popularity of versions such as Red Hat has changed that."
Red Hat Worms
For example, Ramen takes advantage of several well-known flaws in the
default installation of Red Hat 6.2 and 7.0 to replace certain Web pages
with it's own "Ramen Crew-Hackers looooooooooooooooove
noodles" home page. Interestingly, the Ramen worm fixed the
security opening through which it came, thereby protecting itself from
other hackers using the same methodology. Patches are available to fix
the hole exploited by Ramen.
Lion was discovered in March and is thought to be a mutation of
Ramen. Lion is more sinister, though: It steals passwords to send to a
third party to crack, and it makes "back doors" through which
the hacker can get administration-level access to a network.
"The Ramen worm was actually a nice worm, as worms go. It didn't
do any damage and it would fix the security hole that it broke in on.
The Lion worm is more a vicious version, because it steals private
confidential information. It's the progression of viciousness that is
disturbing," said Spitzner. The Adore worm, or the Red worm, is
also thought to be a variant of the Ramen worm. Like the Lion worm, it
opens back doors and steals sensitive data.
(And just so you know: a virus is an infected file. It spreads when
the infected file is forwarded or transferred. A worm infects a whole
hard drive or system. Worms require e-mail to spread from system to
system.)
Who Wants to Be Hacked? HoneyNets The IE hole and the Linux
worms highlight a more global issue, says Spitzner. "They are the
vulnerability du jour. The reality is that default installations of
software programs are wide open. Now, that's changing. Vendors are
trying to shift things and lock them down. But we need to get aware.
People are connecting to the Internet faster than we can make them
aware."
Enter the HoneyNet Project, a group of 30 security professionals and
reformed "blackhats" (hackers) who spend their own time
learning the tools, tactics, and motives of the blackhat community. The
year-old project has two aims: to raise awareness and to teach and
inform. In order to learn how hackers think and work, the project
designs honeynets--that is, networks designed to be hacked. Any traffic,
inbound or outbound, is "controlled, captured, contained and
analyzed to learn the tools, tactics and motives" of the hackers.
The HoneyNet project has numbers on how fast and how many times a
system gets hacked. "A Red Hat Linux system, default installation,
has a three day life expectancy on the Internet. Our last one was hacked
in three hours. A Windows 98 box with a DSL connection and a shared C
drive was hacked within 24 hours-and four times in four days," says
Spitzner.
So is the situation hopeless? Spitzner doesn't think so. "Our
research focuses on default settings. If a user takes the right steps, a
default configuration can be secure. The bad guys are looking for people
who have not secured default installations." Patching the system
and disabling or removing services you do not need, are the two biggest
things you can do, according to Spitzner, who recommends you do both.
"If it is not running nor installed, the bad guys can't hack
it."