Not Rocket Science

Dec. 21, 2004
The tools of electronic theft are easy to obtain.

The technical methods used to grab data stored in computer networks is surprisingly simple. Most of the software, freely available off the Web, is about as complex as filling out a purchase order. In his San Francisco office, Yobie Benjamin, director of Cambridge Technology Partners Enterprise Security Services Div., starts by doing a keyword search on the Internet for "mail bombs" and gets 141,791 matches. He picks a site and completes a form, which sends 25 e-mails to a co-worker whose machine shuts down and needs three reboots to restore. This attack could be used to turn off a firewall. During the confusion, the attacker could open a backdoor into the network. If the attack is launched against a commerce-based Web server, the downtime alone could be costly. Other methods used to penetrate information systems include:

  • Port scanners that look for open Internet and fax/modem ports.
  • "Nukers" that flood those same ports with data and render them defenseless to intrusion.
  • Ping-flooding, which shuts down the firewall server by flooding it with too many requests for information (pings).
  • IPspoofing, in which machines that direct traffic are tricked into thinking the attackers machine is another trusted machine on the network.
  • Sniffers, software that downloads passwords, then runs them against "dictionaries" of potential passwords.
  • Trojan Horses hidden in executable (".exe") code such as mail attachments. At DEFCON (an annual hacker conference) in July, a hacker group called Cult of the Dead Cow unveiled Back Orifice, a Trojan Horse that allows anyone sitting at a remote location to watch and control all machines connected to a network. Businesses should be particularly afraid of this one, says Benjamin. "There are versions [of Back Orifice] that now are packed with the e-mail buffer overflow flaws found in Microsoft, Netscape, and Eudora Mail products. With these, a victim would have no conceivable clue that his machine was attacked."
The easiest way to download the contents of a machine is to plug into the printer port, says Michael Anderson, president of the Gresham, Oreg.-based computer forensics and security training center for corporate technology specialists called New Technologies Inc. High-tech bugs, a la James Bond, also are finding their ways into corporate boardrooms and offices of CFOs. U.S. Customs, for example, is confiscating a number of listening devices tucked inside office supplies -- clocks, pens, billfolds, etc. Secret Service Special Agent Bob Weaver, who heads the New York Area Electronic Crimes Task Force, displayed hundreds of such gadgets on a conference table in Manhattan this year. "Things are only going to get worse. Technologies are changing so rapidly. ESIDS [Electronic Surreptitious Interception Devices] are getting smaller, better, and easier to use," says Customs special agent in charge Bill De Armond.

Popular Sponsored Recommendations

Modern Edge Computing Accelerates Smart Manufacturing Initiatives for Discrete Manufacturers

Oct. 22, 2023
Discover how Edge Computing platforms are a requisite for discrete manufacturers to solve production challenges, accelerate digitalization, and establish a reliable infrastructure...

Digitally Transforming Data and Processes With Product Lifecycle Management

Oct. 29, 2023
Manufacturers face increasing challenges in product development as they strive to consistently deliver improved results. Discover how industry leaders are improving time-to-market...

Gain a competitive edge with real-world lessons on private 5G networks

Nov. 16, 2023
The use of private networks in manufacturing applications is rapidly growing. In this paper, we present valuable insights and lessons learned from the field with the goal of enhancing...

Process Mining For Dummies

Nov. 19, 2023
Here it is. Everything you need to know about process mining in a single book, written in the easy-to-understand, hard-to-forget style that ‘For Dummies’ manages so effortlessly...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!