Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Hackers Said Poised for Attack
- From: Paul Howell
- Date: Fri Jun 09 08:21:27 2000
At http://www.sjmercury.com/svtech/news/breaking/ap/docs/79777l.htm
Hackers Said Poised for Attack
Posted at 3:38 p.m. PDT Thursday, June 8, 2000
BY D. IAN HOPPER
Associated Press Writer
WASHINGTON (AP) -- Hackers have embedded a malicious program
disguised as a movie clip on 2,000 commercial and home computers,
positioning themselves to launch an attack designed to shut down Web sites,
security experts told the government in an alert Thursday.
The problem, detected by a security firm that does work for the Justice
Department, demonstrates the growing vulnerability that home computer users
face as they begin to purchase permanent, high-speed connections to the
Internet.
Without special software to protect them, Internet surfers using cable modem
and digital subscriber lines are easy prey.
Even computers at some large computer companies were penetrated by the
hackers, according to Network Security Technologies, which alerted the
government to the problem.
``Anybody who is directly connected to the Internet through cable modems or
DSL is extremely susceptible to these back-door programs. We have seen
many, many attacks coming on to those people's machines,'' said Vincent
Weafer, director of Symantec Corp.'s Anti-Virus Research Center in Cupertino,
Calif.
The hackers, who used the nicknames ``Serbian'' and ``Badman,'' tested their
network of infected computers Wednesday night and could launch an attack at
any time, NETSEC said.
NETSEC said it alerted the Justice Department on Thursday about its
discovery, and provided the government a list of 2,000 computers worldwide
that have been infected with the malicious program.
The security firm suspects the hackers are adding to their numbers daily and
could soon launch a major attack.
``They're gathering up their armies, and as that number increases, so will their
testosterone level,'' said Todd Waskelis, a vice president at NETSEC.
The Herndon, Va.-based company first learned of the hackers' plans when the
vandals tried to penetrate one of NETSEC's computers, and protective
software detected it.
NETSEC employees have since monitored an Internet chat room set up by the
hackers as the vandals identified victimized computers, discussed strategies
and boasted of their work.
``When he thinks all of those clients are sleeping, one of them is really active
and watching them,'' Waskelis explained.
The hackers planted a file that looks like a movie clip on home and commercial
computers across the world. The file essentially turns the infected computer into
a ``zombie'' machine that the hackers can control, NETSEC said.
When the fake movie clip is activated, the malicious program called ``Serbian
Badman Trojan'' runs without any visible clues to the user. The program sends
passwords, network details and other information to the hackers.
Armed with that information, the hackers can then use the infected computer as
a permanent gateway to access personal and corporate files or to launch
massive denial of service attacks on Web sites.
In such an attack, the zombie computers can be used to send thousands of
repetitive requests, clogging a Web site's computers until they seize up.
Hackers used a similar strategy during well-publicized attacks in February that
included CNN's news site, the Yahoo! Internet portal and book seller Amazon.
NETSEC officials said they uncovered computers across the world that were
penetrated by the hackers, including in Austria, Greece, Canada, Russia,
France and the United States.
A handful of machines belonged to computer companies, like New Media
Systems in Aurora, Colo. ``It was surprising that someone called us externally.
We can't be sure how it even got here,'' said Grant Stanion, a network
developer at New Media who tracked down the malicious program on one of
the company's computers after getting a call from NETSEC.
Most of the infected computers belonged to home users connected to
high-speed Internet providers, NETSEC said.
Home users are especially susceptible because they do not have up-to-date
antivirus software or firewall programs that block hacker attacks. Also, most
home users have fixed Internet addresses that are easily identified.
NETSEC, founded by two alumni of the National Security Agency and
Department of Defense, provides computer emergency services to the Justice
Department.
Their office suite, located in suburban Washington, resembles an electronic
fortress. Cameras line the hallways, and most of the company's employees
aren't authorized to access secured rooms.
One room, called the ``Attack Lab,'' resembles an abandoned office in a
university computer science department. Amid a musty smell and a few
scattered computers, firm engineers track computer vandals worldwide.
``We're all hackers, in the traditional sense of the word,'' Waskelis said. ``If we
find something like this, we want to pick it apart and see what it's doing.''
|
