Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    The Year of the Killer Hackers

    By
    Scott Berinato
    -
    December 18, 2000
    Share
    Facebook
    Twitter
    Linkedin

      Year 2000 is ending as it began, with a DDoS attack threatening a large part of the Internet and failing security efforts fueling IT fears.

      The latest distributed denial-of-service attempt was broken up last week in Denmark, where hackers took control of at least 50 zombie servers and were preparing an assault on that countrys systems. Authorities arrested a 17-year-old suspected of being connected to the attempt, which was broken up by the Danish section of the Computer Emergency Response Team, according to a report in the Danish newspaper Ingeniøren.

      Its only one of an alarming number of news reports last week that demonstrate that the fight for online security and privacy has woefully regressed in every area except one—awareness. Other bad news from last week:

      • Creditcards.com was hacked, and 55,000 card numbers were held hostage for $100,000. When the extortion attempt failed, the hacker posted the card numbers on the Web. The company has since put up a Web site where merchants and customers can check for fraudulent transactions.

      • At the University of Washington Medical Center, thousands of medical records for heart patients, which included names and Social Security numbers, were accessed. Officials first denied, then confirmed the hack.

      • Experts from @stake Inc., in Cambridge, Mass., warned that America Online Inc.s AOL Instant Messenger is harboring serious security flaws.

      More significant, most experts concur that things will only get worse next year.

      “The scariest part to me is theres not enough qualified security talent out there,” said a security administrator at a major Midwestern mortgage bank. “Thats why were losing ground. I built my infrastructure and many of the programs methodically. But I regularly do security audits, and its getting to the point they cant even address our security because they dont understand it.”

      The situation is worse than most people think, said Chris Rouland, director of Internet Security Systems Inc.s X-Force security advisory team, in Atlanta. “There are a high level of DDoS agents out there right now, on the order of tens of thousands of servers in zombie configuration,” said Rouland, who also said he sees at least one data hostage situation per month. “Ive had high-level talks with the government. I can tell you theres concern.”

      Indeed, the FBI has been vocal on the data security front, taking efforts to warn corporations, universities and consumers of higher levels of hack attempts and virus launches around the holidays. Hackers thrive this time of year because they can prey on the large number of e-mail greeting attachments—usually accompanied by higher levels of seasonal trust and goodwill—to launch viruses and because of the high level of online shopping.

      “Social engineering is still the weakest part of the equation,” said Stacey Lum, CEO of security vendor InfoExpress Inc., in Mountain View, Calif.

      But with the shopping season nearing its end, the only real attack so far has come from Navidad, a virus that in two months time became the seventh most prevalently reported virus on anti-virus vendor Sophos plc.s list of top viruses for the year.

      “Hackers are smart,” said Graham Cluley, senior technology officer at Sophos, in London. “If you say to users watch out for this time of year, the hackers will wait until right after this time of year. Users should be equally paranoid all the time.”

      And, all experts agreed, users should prepare for an even knottier year coming, as hackers are getting more sophisticated, both technologically and socially.

      “It has surprised me how savvy some of the hacks have been,” said ISS Rouland. “They know economics, shutting down a Web site on the day of an IPO [initial public offering] and targeting Christmas for credit card hacks.”

      Others said the schemes being used by hackers lately have shown a step up in sophistication. One security expert said some of the new attacks move far beyond the simple e-mail attachments that dominated this year. He cited the Bymer worm, which, similar to Trinity Version 3, is an automated attack worm that scans for certain types of servers with vulnerabilities and implants itself on the weak systems, increasing the efficiencies of hacking.

      Other worms, such as the years most prevalent virus, Kakworm, and the recently discovered Forgotten.A, up the clever quotient by launching when an e-mail is opened, not the attachment.

      Experts also worry about chat clients in the coming year. They provide nearly total anonymity, they can quickly and anonymously send rogue files to other chat clients or chat servers and the companies that run them, and the networks are always available.

      Another headache for next year, ironically, will be encryption. Virtual private networks for broadband users and increased acceptance of encrypted e-mail mean sentries at the gateways wont see malicious code and will let the encrypted bits waltz in or out the front door.

      “Theres no easy answer to this,” said Sophos Cluley. “If something like ILoveYou happened in a world where encrypted e-mail was accepted, it could have been … catastrophic.”

      What can enterprise administrators do? This latest round of malcontentment could be enough to stir up paranoia and despondency among IT managers, but @stakes Weld Pond preached calm and vigilance in the face of what looks like impending chaos.

      “Awareness is way up. Thats good, especially with privacy. Users are getting cynical,” said Pond, the companys R&D manager. “You know car manufacturers are required to recall products when they fail. Not so in software or the Internet yet. So you have to challenge your vendors. Assume security in their products is bad and ask them what theyre doing about it. Be disciplined in your practices. Dont act without thinking.”

      Avatar
      Scott Berinato

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×