July 8, 1999
High-Speed Lines Leave Door Ajar for Hackers
Constant Connections Through Cable or D.S.L. Mean New Security
Headaches for Home Users
By IAN AUSTEN
bout two weeks after Frank Keeney was first connected to cable
modem service in Pasadena, Calif., he discovered that along with the
delights of a 24-hour connection and high-speed Internet access came
the potential for big trouble.
"I went to log in and found
that someone had
compromised my computer,"
he recalled. "When you log
into a Linux system, it will
normally show a short
message stating the last time
logged in and from where.
Since I had not logged in for a
week or so, I knew there was
trouble. I checked to see if
someone else was online and,
sure enough, he was on at the
same time.
"I tried to kill his log-in
session, but it was too late. He
had already issued the
command to erase every file on the computer. I watched while he erased
everything on my hard drive."
Keeney's experience is not isolated, several computer security experts said.
The shift from dial-up Internet connections to cable modems and D.S.L.
(digital subscriber lines -- fast, constant links to the Net that use telephone
lines) are making home computer users vulnerable to the types of attacks
from hackers that in the past were almost exclusively a worry for
corporations.
"Most people aren't thinking at this level yet," said Christopher W. Klaus,
chief technology officer for Internet Security Systems, an Atlanta-based
maker of complex security analysis software used by large corporations.
"Service providers are looking at trying to put as many people on the
Internet as possible. The more security isn't brought up as an issue, the
greater the problems."
Cable modems and D.S.L. lines are presenting two new problems for
ordinary residential users.
The biggest source of trouble comes simply because these lines mean that
users are constantly connected to the Net, so their computers are always
potential targets of hackers..
The second problem has to do with the types of connections used by faster
lines. Communications between computers on the Internet rely on a series of
numbers known as I.P., or Internet protocol, addresses. For dial-up users,
those addresses are constantly shifting, making them their computers elusive
targets.
While it can be a nuisance to dial in to reach the Net every time you want to
check your e-mail, the practice automatically provides its own measure of
security.
Unfortunately the protection afforded by the dial-up shell game largely or
completely vanishes with cable modems or D.S.L. lines. Because their
customers don't flit on and off the Net, many high speed service operators
give them fixed I.P. addresses.
While they may not be publicizing their
new services' security problems with
the vigor they bring to boasting about
the more desirable features, cable
modem and D.S.L. providers
acknowledge that their residential
customers are facing new kinds of
security woes -- even if personal
computers, of course, are less likely to
be the targets of hackers than are
corporate or government systems.
"Where we are today, from a consumer standpoint, is where companies were
back in the late 80's, when firewalls weren't a big issue," said Kevin
McElearney, vice president of network support services at Road Runner, a
cable modem partnership that includes Time Warner Entertainment, the
Mediaone Group, Microsoft, Compaq and Advance/Newhouse. Residential
customers using high-speed services, he said, "are in an environment where
they have to realize that there are security issues."
"Your risk is increased the longer you leave any computer connected," he
said.
"We're learning together in this new world of always being online in the
home," said Jeff Waldhuter, director of technology and engineering at Bell
Atlantic Science and Technology Center, the research branch of the
telephone company and D.S.L. service provider. "Now that we're getting on
with these connections, we're learning that we have to add more security.
We're growing up. These networks are going to be vulnerable."
The move to the always-connected world seems to have come at a somewhat
inopportune time.
Internet Security Systems has been tracking a "dramatic increase" in the use
of a hacking technique known variously as probing, sniffing or scanning,
Klaus said. Probing software automatically scans computers connected to the
Internet and evaluates the level of their security protection, looking for weak
systems vulnerable to easy attack.
"It's not uncommon to have someone twist the doorknob of your home
computer," McElearney said.
For probers, a typical home computer running Apple's Mac OS or Windows
95 or 98 without the maker's latest security updates or additional security
software is the closest thing to an unlocked door they are likely to find.
After his hard drive disaster, Keeney installed
security software on his computer in Pasedena that
tracks and records break-in attempts by probing
software. He has found that unwanted visitors test
his computer's security about twice a day. "Most
computers on cable modems will be probed," he said. "If weaknesses are
found, someone will exploit them."
Unlike people who create and spread viruses or worms, probers don't need
the computer's owner to advance their cause inadvertently by, say, opening a
tainted e-mail attachment. For them, an insecure system offers seemingly
endless potential. Keeney's hard drive crash is an extreme example of what
hackers can do once inside a computer. But others can cause just as much
harm even though they come and go without leaving an immediate trace.
Among other things, Sullivan said, once hackers gain entry they can extract
credit card numbers from stored files, read e-mail, copy files, send e-mail
over your name -- "in short, just about anything," he added.
Most cable and D.S.L. modems also make it easier for hackers to go after
specific computers.
In dial-up systems, the addresses belong to the service provider's modems,
rather than to its customers. When customers dial in for a connection, each
one gets an I.P. address of the modem reached for that session; each modem
is associated with a finite number of I.P. addresses. The next time the
computer may well connect with another modem and get another address,
particularly if the customer has a large service provider operating huge
banks of modems. "To some extent that's security through obscurity,"
McElearney said.
For cable-modem and D.S.L. customers, not only are their addresses fixed,
they are also often easy to learn. The addresses appear in the headers (which
usually aren't displayed) that travel with every e-mail message or newsgroup
posting customers send.
Many service providers have begun to respond to the problem. Some,
including Road Runner, are introducing a system that regularly rotates their
customers' I.P. addresses. Addresses based on this system, however, may not
change for several days and will still appear in the headers.
Klaus is also distressed about one unintended side effect of the steep decline
in computer prices. Inexpensive PC's increasingly mean that some families
now own several computers, all of which can be serviced by a single
high-speed line. To take advantage of that, some people are setting up
mini-networks in their homes, with one computer acting as the go-between
to the Internet for all the others.
The proxy server software that makes that possible, however, often has very
flawed security measures, Klaus said. To obscure their identities,
sophisticated hackers will first log into a home network software before
launching an attack against their ultimate target. Junk-mail spammers can
resort to the same trick. In either case, the result can be highly embarrassing
for the unsuspecting home network owner, who will appear to be the
originator of the hacking or spam.
Right now, there is not a straightforward answer to the question of how to
guarantee security while enjoying high-speed Internet connections. For
Larry Rogers, who tracks Internet security problems at Carnegie Mellon
University's CERT Coordination Center, part of the solution is simply hard
work.
"People with these connections need to play systems administrator," he said.
"It's a matter of vigilance."
That vigilance can include something as simple as having Windows users
make sure that Network Neighborhood -- a file-sharing system -- is turned
off. Rogers also suggested steps like regularly downloading software
security patches from Microsoft's Web site or modifying arcane portions of
the operating system. Not surprisingly, these are just the kind of
housekeeping tasks that many users somehow never get around to.
Some software companies are offering their help. In May, Sybergen
Networks (www.sygate.com), which mostly makes corporate security
protection software, introduced a $29.95 software package for home users
called Syshield. Similar products include Conseal Private Desktop by Signal
9 Solutions (www.signal9.com).
Such software generally blocks the computer from receiving some types of
data, limiting the paths in for hacker.
Syshield can also be set up to in effect disconnect the computer from the
Internet late at night.
The ultimate protection is that now used by Keeney, who has become a
computer-security consultant since his 1997 attack. He has copied, on a much
smaller scale, the system used by most corporations.
All his Internet business now runs on a network with a single computer
operating as a firewall and using the Linux software system. Because it is
difficult for hackers to get past the firewall computer in such set-ups, that
computer acts as a sacrificial lamb of sorts. Keeney freely admits, however,
that most home users are unlikely to adopt such a complex setup.
If the speculation in the industry is correct, they may never have to. Many
believe that "security appliances" -- extremely stripped-down computers
with security software that sit between another computer and its Internet
connection -- may eventually hit the consumer market. Such systems for
business users are already available.
Of course, another answer would simply be to put up with the slow speeds
and petty annoyances of a dial-in modem. But for anyone but the more basic
e-mail user, Klaus does not think that is a great idea.
"There are too many benefits that outweigh the security risks, provided you
take precautions," he said. To prove his point, Klaus added that he was now
shopping for cable modem service for his home.
nytimes.com |
