SHT - Home PCs at risk from hackers

greenspun.com : LUSENET : Current News : One Thread

July 24, 2001

Home PCs Are at Risk for Use by Hackers

Net: Security group says vast number of computers with fast Web connections can be used for attacks.

By DAVE WILSON, Times Staff Writer

The nation's leading Internet security group issued an extraordinary warning Monday that vast numbers of home computers with high-speed Internet connections are being targeted by hackers who use them to launch potentially devastating online attacks.

The CERT Coordination Center at Carnegie Mellon University said the rapid growth of high-speed, always-on Internet connections has turned average computer users into the unwitting foot soldiers of malevolent hackers.

"Tens of thousands of home computers have been taken over, so this is clearly a major problem," said Eugene H. Spafford, professor of computer science at Purdue University and director of the Center for Education and Research in Information Assurance and Security, or CERIAS. "The situation now is that any 14-year-old with a grudge and a Web browser can shut down a Web site."

Loosely organized groups of hackers use automated programs that disguise themselves as innocuous e-mail attachments. Once opened, the programs deposit software that hibernates on the hard drive until called into action.

Most often, these programs launch what are called "distributed denial of service" attacks against corporate, educational or government Web sites. By flooding the sites with simultaneous requests, the programs can bring even well-protected sites such as Amazon.com or Yahoo to its knees.

Both sites were crippled temporarily by such attacks last year. Authorities cannot say with certainty who was responsible because the attacks are launched from hundreds--even thousands--of computers at once. But computer security experts worry that the explosion in high-speed home Internet connections--now roughly 8 million nationwide--makes it easier than ever for hackers to launch even more destructive attacks.

In addition, some programs can give hackers remote control over someone else's home PC, allowing them to see and manipulate everything on a hard drive without the owner's knowledge. Or, hard drives can be used as caches for illicit and illegal material that can be shared with other hackers.

CERT security experts pleaded for help Monday in educating computer users on the importance of practicing good computer hygiene. If not, Internet users could face dead Web sites, bouncing e-mail and a host of other problems as attacks overwhelm the system.

Although most Web sites and Internet service providers have tools and techniques to combat these assaults, such efforts are not always effective. And they can be extremely expensive, putting them out of reach of smaller operations that can be knocked out of cyberspace by a single powerful attack.

CERT normally offers e-mail alerts containing technical analyses of security threats and ways to combat them. It took the unusual step of asking its regular readers, most of whom are computer security specialists, to work with friends, family and neighbors to make personal computers more secure as a way of defusing the threat.

Distributed denial of service attacks depend on hackers having access to a large number of computers, said Marty Lindner, CERT's team leader of incident handling. Getting home computer users to scrub their systems clean of the infestation makes it harder for the hackers to successfully launch an attack.

"If you can reduce their ability to get their hands on a bunch of machines, you've done some good," he said.

Key to beefing up security on home machines is to install a firewall, which protects computers from unwelcome Internet visitors, and to run updated virus software regularly. High-speed connections are particularly vulnerable because they often remain connected to the Internet around the clock, making them ideal for hackers who want to awaken sleeping programs when no one is at the machine.

There are many types of attacking tools. CERT officials believe that 23,000 home computers host a tool called the W32/Leaves worm, for example, while another tool called Knight has been deposited on about 1,500 unwitting hosts.

Infection often takes place when a user opens what appears to be an innocuous attachment, something that appears to be a photograph, a movie, or a game. But a Trojan horse could be lurking in that file, a computer program that opens the door for infestation by any number of beasts, including the tools used by black-hat hackers to launch distributed denial of service attacks.

Corporate systems are usually administered by specialists who configure systems to minimize the risk of such infections.

"But home computers are normally managed by end users who have little knowledge about computer security," said Elias Levy, chief technology officer of SecurityFocus, a computer security company in San Mateo. Levy is a well-known "white hat" computer hacker who administers an authoritative mailing list on security problems, BUGTRAQ.

"Consumers use home computers as appliances, but they actually require routine service and maintenance, just like changing the oil in your car," Levy said.

Levy said CERT's message is important, but likely to be ineffective.

"Most people don't even know what CERT is," he said. "We can put the message out, and try to get it to as many people as possible, but it's unlikely they'll hear it. And even if they hear about it, the chances of them being knowledgeable enough to do something about it is negligible."

Spafford agreed, and said the problem does not bode well for the future of the Internet.

He drew an analogy with a neighborhood that ignored steadily worsening graffiti and eventually attracted more serious crimes as outsiders realized that no one was really going to do anything to protect the neighborhood.

"And what happens there is businesses close, people who can move away, and that neighborhood goes to hell," Spafford said. "And that's exactly what's going to happen with the Internet, if we can't figure out a way to stop this sort of thing."

-- Anonymous, July 24, 2001


Moderation questions? read the FAQ