from yesterday's NYTIMES.
...a way to protect against being hacked...-ng-
February 17, 2000
STATE OF THE ART
How Not to Be a Zombie in the Hacker Wars
By PETER H. LEWIS
In the 1977 film "Telefon," dozens of otherwise ordinary Good Guy citizens were secretly hypnotized
and brainwashed by the Bad Guys. They lived and worked among their fellow Good Guys for
months or years. Then one day, a simple telephone call from the Bad Guys triggered these
pre-programmed Good Guys to stop whatever they were doing and, like zombies, to start attacking
military bases and assassinating their own leaders.
Stuart Goldenberg
--------------------------------------------------------------------------------
It is a brilliant science fiction concept, so brilliant, in fact, that it has been copied by computer
hackers in the recent wave of attacks against well-known Internet commerce companies like Yahoo,
Amazon.com, eBay, Buy.com, E-Trade and CNN.com.
Hundreds, maybe thousands, of Good Guy computers were secretly programmed by the Bad Guys to
use their Internet connections to attack prominent Web sites like Amazon. Instead of a telephone
call, the trigger was the sending of a packet or two of information over the Internet, along the lines of
"attack Yahoo today from 2 p.m. to 4 p.m."
The targeted sites were knocked off line for a few hours, long enough to make the point that hackers
still rule the Internet. Hackers ruled the Net long before Amazon sold its first book, and the recent
attacks served notice that they can shut down parts of the Internet any time they choose. While
Amazon and other electronic commercial sites were the targets this time, next time it could be the
eastern United States, a big bank, an Internet Service Provider or the Internal Revenue Service.
Common wisdom has it that ordinary computer users are unlikely to be attacked by hackers, when
there are so many high-profile targets on the Internet. Why, after all, should a hacker bother with my
pathetic little Quicken files when so many big companies store thousands of their customers' credit
card files in vulnerable databases?
But as last week's attacks made clear, the fashion among hackers appears to be attacking the little
guys and secretly using their computers as launching points for bigger, coordinated attacks on the
big companies.
The good news is that there are software tools available, some of them free, to reduce the likelihood
that Bad Guy hackers will break into your home computer, infect it and turn it into a "Telefon"-like
zombie.
Cable modem and D.S.L. connections are particularly vulnerable, in part because they are persistent
connections, keeping the computer online for hours or days at a time. That makes them sitting ducks
and greatly increases the odds that a hacker trolling for open connections will find your computer.
Dial-up connections to the Internet typically last only a few minutes or hours, which means that a
hacker would have to be very lucky to scan your computer when it was online. But because the
scanning tools used by hackers work so quickly, even dial-up systems are at risk.
Short of turning off your cable or D.S.L. machine, here is how hackers work and how to protect
yourself:
The "Telefon"-type attack, which is technically known as the distributed denial of service attack,
begins with a Bad Guy hacker using one of several commonly available (in the hacker underground,
at least) automated scanning tools that sweep across the Internet looking for connected machines
that have some sort of vulnerability. Vulnerabilities include things like an open connection port used
for tasks like sharing files or printers on a network, serving Web pages to customers or even for
browsing Web pages.
It is the digital equivalent of a burglar walking through a neighborhood jiggling doorknobs to see
which ones are unlocked, except that the scanning tools allow a hacker to jiggle tens of thousands
of doorknobs an hour.
A harmless but scary way to get an idea of what the hacker sees when he (or she) scans your
computer is to visit Steve Gibson's excellent ShieldsUP! Web site (www.grc.com). Visitors can ask
Mr. Gibson's scanners to probe their machines for open ports and other security leaks, like the name
of the computer user, the name of the computer itself and the name of the network connection.
Once the scanner program finds a vulnerable computer, the hacker can insert a malicious program
onto the victim's hard disk (or copy unprotected files from the hard disk, but that may not be as
interesting unless you have files with names like "Passwords to the F.B.I. Computer Network" or
"My Swiss Bank Accounts"). The detection and insertion process takes just a few seconds, if there
are no annoying safeguards like antivirus programs or password protection schemes, which,
although not foolproof, provide additional safeguards.
The malicious program is instructed to hide in the computer and lie dormant until a future date,
which can be months away, long enough so the intruder's trail goes stale.
In the recent attacks, the zombies were mostly running the Solaris operating system, but they just as
easily could have been Windows, Macintosh, Linux or other Unix machines. The vulnerabilities are
essentially the same.
When the trigger call arrives from the Bad Guys, as it apparently did last week, hundreds of
compromised computers simultaneously start their attacks against one or more target sites. The
target site computers are suddenly overwhelmed by a torrent of bogus requests for information and
are typically forced to shut down. Imagine a million people telephoning your house from pay phones
for a couple of hours, and you get the idea.
Many Web sites can detect and block a denial of service assault from a lone computer, but when
hundreds of distributed computers gang up on them in a surprise attack, there is no effective
defense, at least not at this time.
Even if the system administrators can trace the attacks, what they find is merely another victim -- the
zombie computer, not the evil master.
--------------------------------------------------------------------------------
The digital equivalent of a burglar walking through a neighborhood jiggling doorknobs to see which
ones are unlocked.
--------------------------------------------------------------------------------
There are steps a computer user can take to discourage hackers and still enjoy the many benefits of
using the Internet.
First, make sure your antivirus program is up to date. It cannot stop hackers from breaking into your
computer, but it can detect the most common Trojan Horse programs that the hackers may try to
install on your system.
Then, go back to Steve Gibson's ShieldsUP! Web page and, after non-invasively testing your own
security settings, read his excellent tutorial on computer security. It tells how to disable the standard
Windows settings that enable two or more Windows machines to share files and network resources.
They aren't needed unless you run a network in your home.
File and Printer Sharing opens a port on your machine that is especially popular among hackers. But
there are more than 65,000 ports on your machine, and guarding them all calls for a software firewall.
A software firewall inspects all the Internet traffic coming into your computer and blocks
unauthorized packets of information. There are several that are designed for home computer users,
and, given the scariness of these new hacker attacks, more will be arriving soon.
These programs include two that I've tested, BlackIce Defender ($40 from Network Ice,
www.networkice.com ), and Norton Internet Security 2000 ($55 from Symantec, www.symantec.com ).
But my favorite is a free program called ZoneAlarm 2.0, which can be downloaded as a 1.5 megabyte
file from www.zonelabs.com . It was introduced just a few weeks ago, but it appears to be the easiest
and most comprehensive personal firewall and computer security program for Windows PC users.
ZoneAlarm allows even nontechnical users to lock down possible security vulnerabilities, and it
pops up an alert when someone tries to scan your system. The program alerted me to probe attempts
within minutes after I installed it.
Equally important, ZoneAlarm also monitors the programs on your computer to see which ones --
legitimately or not -- are trying to send information back out to the Internet.
Along with an antivirus program, personal firewall software may soon become required safety
equipment on your personal computer. |
