Viruses/Hackers

Introduction

Electronic communication networks and information systems are now an essential part of our daily lives and are fundamental to the success of the economy. Networks and information systems are converging and becoming increasingly interconnected. Despite the many and obvious benefits of this development, it has also brought with it the worrying threat of intentional attacks against information systems. These attacks can take a wide variety of forms including illegal access, spread of malicious code and denial of service attacks. It is possible to launch an attack from anywhere in the world, to anywhere in the world, at any time. New, unexpected forms of attacks could occur in the future. Threats against computer systems include:

Unauthorised access to information systems. This includes the notion of "hacking". Hacking is gaining unauthorised access to a computer or network of computers. It can be undertaken in a variety of ways from simply exploiting inside information to brute force attacks and password interception. It is often though not always with malicious intent to either copy, modify or destroy data. Intentional corruption of websites can be one of the aims of unauthorised access.
Disruption of information systems. Different ways exist to disrupt information systems through malicious attacks. One of the best known ways to deny or degrade the services offered by the Internet is a "denial of service" attack. In a way this attack is similar to fax machines being flooded with long and repeated messages. Denial of service attacks attempt to overload web servers or Internet Service Providers with automatically generated messages. Other types of attacks can include disrupting servers operating the domain name system and attacks directed at "routers". Attacks aimed at disrupting systems have been damaging for certain high profile websites like portals. Companies rely on the availability of their websites for their business and those companies that depend on it for "just in time" supply are particularly vulnerable.
Execution of malicious software that modifies or destroys data. The most well known type of malicious software is the virus. Infamous examples include the "I Love You" and "Melissa" viruses. About 11 % of European users have caught a virus on their home PC. There are other types of malicious software. Some damage the PC itself, whereas others use the PC to attack other networked components. Some programs often called 'logic bombs' can lie dormant until triggered by some event such as a specific date, at which point they can cause major damage by altering or deleting data. Other programs appear to be genuine, but when opened release a malicious attack often called 'Trojan Horses'. Another type is a program often called a worm that does not infect other programs as a virus, but instead creates copies of itself, which in turn create even more copies and eventually swamp the system.
Interception of communications. Malicious interception of communications compromises the confidentiality and integrity requirements of users. It is often called "sniffing".
Malicious misrepresentation. Information systems offer new opportunities for misrepresentation and fraud. The taking of someone else's identity on the Internet, and using this for malicious purposes, is often called "spoofing".

Wireless Networks

Wireless Networks are now becoming a major security risk. You can now have drive-by hacking so if there's a dodgy-looking car cruising slowly by your office, with an antenna taped to the roof, or a man pointing his laptop out the window. Curious to know what he's doing? He's reading your e-mail and your financial details from inside his car. Dozens of wireless computer networks around the world are sitting ducks for illegal hacking attacks in a new type of threat to data security as discovered by two wireless security experts, Peter Shipley and Frank Rieger. They cruised around London, Berlin and San Francisco in a set of experiments to show just how easy it is to get into other people's wireless networks.

Tapping into such networks in hospitals, companies and homes, Shipley and Rieger explained how once inside these networks, they could easily have opened data files or e-mails or intercepted traffic. It was the same as having an ethernet plug outside your building that would let everybody plug inside your network.

They armed themselves with a laptop, some customised software, a wireless card slotted into his machine and a $60 omni-directional antenna hooked up to the top of his car, they drove around London slipping into all sorts of wireless networks. they found more than 200 networks, of which more than 60 per cent were wide open, meaning that a cracker could easily break into them and extract data. The San Francisco area turned up even more exposed networks. In less than one week's worth of total cruising time, he'd counted 2,500 access points into people's individual wireless networks.

Just driving down the street is sufficient exposure to detect the LAN, inexperienced teenage crackers who rely on automatic programs could break into these networks "in about five to 10 minutes". However, you don't even need a car to hack: you can just do it from your window. In London, they simply pointed his antenna out the window of his apartment and suddenly he was tuned into the computer network of a large security company. The window had direct line-of-sight to the company's offices about a kilometre away. Where he had full access to their network pending documents in the financial department."

In Berlin, they abandoned the antenna and still found he could drift silently into and out of other people's computer networks while driving through neighbourhoods by just opening the window and waving the laptop around.

They could see networks popping up on screen. Hospitals, companies, homes - in Berlin, you find one to two each hour of driving around. After a short hunt, they had found five hospitals with easily cracked wireless networks.

Crime has taken on a new face for the Digital Age - and no one is safe. It is silent, invisible and can steal from you in the blink of an eye. It's name - Hacking. From homepages to networks, emails to surfing, you are immediately vulnerable to an attack and you won't know it until after it happens. You need to protect your systems and fight back by:

Finding security leaks and fix them
Doing regular virus scans
Recognizing viruses and eliminate them
Surfing the Internet anonymously and securely
Surfing the web without a trace
Encrypting emails
Preventing remote control access
Securing your confidential company information

Intrusion detection offers the promise of automatic detection and notification of break-ins or unauthorized use of computers. Better techniques for detecting abuse from within and without are becoming mandatory.