Invaders target home PCs for attack

[William Knowles <erehwon () KIZMIAZ DIS ORG>]

http://www.mercurycenter.com/svtech/news/indepth/docs/vul013100.htm

Posted at 10:16 p.m. PST Sunday, January 30, 2000
BY DAVID L. WILSON
AND JON HEALEY

Mercury News Staff Writers

An Internet connection isn't just an on-ramp for the Web. It also can
be a pathway into your home computer for hackers. And if your
connection is always on, your home is a likely target.

The target usually isn't you or your data; it's the computer.
Malevolent hackers are constantly searching for new computers from
which to launch attacks on others while hiding their identities.

``They want to make you look like the bad guy, and they want to make
it harder to find the real bad guy,'' said computer security expert
William J.  Orvis.

That risk is rising as consumers sign up in droves for home-oriented,
high-speed service from telephone and cable companies, then build home
networks linking a family's computers or launch amateur Web sites from
the living room. And if consumers aren't careful, they could
unwittingly open the door and lay out a welcome mat for hackers.

There is a relatively simple way to protect yourself: by installing an
electronic ``firewall'' between your data and the Internet, as
businesses routinely do. A number of business-oriented Internet
providers are starting to offer firewall services, but the companies
selling high-speed phone lines to consumers haven't followed suit.

Nobody knows how many home computers have been invaded by hackers, and
their owners wouldn't necessarily know it if they were. But people who
install hardware or software firewalls can see signs quickly of
hackers on the prowl.

Jerry Asher of Berkeley, who has a high-speed digital subscriber line
from Pacific Bell, said his firewall recently documented attacks from
hackers with Internet addresses in North Korea, Germany and Serbia.
The German hackers, for example, checked to see if Asher's computer
had three different types of software that could be used to
communicate with other computer networks, such as a corporate system.

``When DSL service is sold by Pac Bell, consumers are not made aware
of possible security problems, including attacks or intrusions, and
most consumers are not running firewalls,'' Asher said.

Darren Newell, a data security director for SBC Communications,
Pacific Bell's parent company, said the firm soon plans to use its Web
site to caution consumers about online security issues. But it doesn't
tell customers who sign up for $49-a-month home DSL lines about the
risks and how to avoid them.

Alan Jackson, whose company in England provides information
electronically to businesses, put up a firewall after hearing
customers talk about hacker attacks. In three days, he said, the
firewall stopped seven electronic break-in attempts.

Orvis, a physicist on loan to the Energy Department's Computer
Incident Advisory Capability at the Lawrence Livermore National
Laboratory, where the computers are under daily assault from would-be
intruders, said he's seen plenty of evidence that hackers break into
home computers and use them to mount attacks on others.

The consequences for an innocent user whose hacked machine is being
used to probe sensitive systems can be catastrophic.

``If we see an attack coming from somebody's home machine, we're going
to ask your ISP to disconnect you,'' Orvis said. Those who get caught
up in a serious security breach may find law enforcement authorities
seizing their equipment and examining it to try to track down the
hacker and develop evidence for a criminal prosecution.

The increased availability of technologies that encourage home users
to leave their connections on all the time -- such as cable modems and
DSL connections -- makes it even easier for black-hat hackers to break
into a system. A self-described hacker who identified himself as
``alkali'' in an electronic interview said he is always searching for
unsecured home systems with a high-speed connection, which he values
because he can move data much more rapidly.

``Cable modems changed my life,'' he wrote.

But Orvis argues that it's not the speed of the connection that makes
home users vulnerable but the length of time a user is connected.

``Hackers will beat on your machine when you're not there,'' he said.
``I've actually seen them do it to a machine with just a regular modem
connection that was running for hours at a time.''

Jim Southworth, chief technical officer for the San Jose-based
Internet service provider Concentric Network Corp., said a consumer's
basic Microsoft Windows machine isn't as attractive to hackers as a PC
running Unix or Linux software because it doesn't have as many tools
to mount further attacks on the Internet. If properly configured,
those machines are also relatively secure, Southworth and other
security experts agreed.

But hackers can get access to even a basic PC or Mac through a variety
of methods, such as e-mailing a program that inserts a hidden back
door or exploiting openings designed for file or printer sharing.

Computer users can minimize their risk by turning the machine off when
they aren't using it, turning off file- and print-sharing functions or
using firewall software.

Redwood City-based Excite@Home, which provides high-speed Internet
service over cable TV networks, already tells its installers to turn
off the sharing functions, said Jay Rolls, vice president of network
engineering.  But in response to consumer worries, the company plans
to announce today a suite of consumer-oriented Internet security
products with Network Associates Inc. subsidiary McAfee.com.

Internet security consultant John Navas of Dublin says the
``hysteria'' over security is ``way overdone.'' The only really
vulnerable users, he said, are ones whose computers run some kind of
service, such as hosting a Web site, or are set to share files across
the Internet.

Still, ``I do recommend that the average person obtain a low-cost
software firewall, install it and run it,'' Navas said. ``Not that I
think it's essential, absolutely necessary . . . but hey, you wear
seat belts.''


---------------------------------------------------
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
Mail for latest PGP key             erehwon () dis org
*=================================================*

ISN is sponsored by Security-Focus.COM