The technical methods used to grab data stored in computer networks is surprisingly simple. Most of the software, freely available off the Web, is about as complex as filling out a purchase order. In his San Francisco office, Yobie Benjamin, director of Cambridge Technology Partners Enterprise Security Services Div., starts by doing a keyword search on the Internet for "mail bombs" and gets 141,791 matches. He picks a site and completes a form, which sends 25 e-mails to a co-worker whose machine shuts down and needs three reboots to restore. This attack could be used to turn off a firewall. During the confusion, the attacker could open a backdoor into the network. If the attack is launched against a commerce-based Web server, the downtime alone could be costly. Other methods used to penetrate information systems include:
- Port scanners that look for open Internet and fax/modem ports.
- "Nukers" that flood those same ports with data and render them defenseless to intrusion.
- Ping-flooding, which shuts down the firewall server by flooding it with too many requests for information (pings).
- IPspoofing, in which machines that direct traffic are tricked into thinking the attackers machine is another trusted machine on the network.
- Sniffers, software that downloads passwords, then runs them against "dictionaries" of potential passwords.
- Trojan Horses hidden in executable (".exe") code such as mail attachments. At DEFCON (an annual hacker conference) in July, a hacker group called Cult of the Dead Cow unveiled Back Orifice, a Trojan Horse that allows anyone sitting at a remote location to watch and control all machines connected to a network. Businesses should be particularly afraid of this one, says Benjamin. "There are versions [of Back Orifice] that now are packed with the e-mail buffer overflow flaws found in Microsoft, Netscape, and Eudora Mail products. With these, a victim would have no conceivable clue that his machine was attacked."
