The technical methods used to grab data stored in computer networks is surprisingly simple. Most of the software, freely available off the Web, is about as complex as filling out a purchase order. In his San Francisco office, Yobie Benjamin, director of Cambridge Technology Partners Enterprise Security Services Div., starts by doing a keyword search on the Internet for "mail bombs" and gets 141,791 matches. He picks a site and completes a form, which sends 25 e-mails to a co-worker whose machine shuts down and needs three reboots to restore. This attack could be used to turn off a firewall. During the confusion, the attacker could open a backdoor into the network. If the attack is launched against a commerce-based Web server, the downtime alone could be costly. Other methods used to penetrate information systems include:
- Port scanners that look for open Internet and fax/modem ports.
- "Nukers" that flood those same ports with data and render them defenseless to intrusion.
- Ping-flooding, which shuts down the firewall server by flooding it with too many requests for information (pings).
- IPspoofing, in which machines that direct traffic are tricked into thinking the attackers machine is another trusted machine on the network.
- Sniffers, software that downloads passwords, then runs them against "dictionaries" of potential passwords.
- Trojan Horses hidden in executable (".exe") code such as mail attachments. At DEFCON (an annual hacker conference) in July, a hacker group called Cult of the Dead Cow unveiled Back Orifice, a Trojan Horse that allows anyone sitting at a remote location to watch and control all machines connected to a network. Businesses should be particularly afraid of this one, says Benjamin. "There are versions [of Back Orifice] that now are packed with the e-mail buffer overflow flaws found in Microsoft, Netscape, and Eudora Mail products. With these, a victim would have no conceivable clue that his machine was attacked."
The easiest way to download the contents of a machine is to plug into the printer port, says Michael Anderson, president of the Gresham, Oreg.-based computer forensics and security training center for corporate technology specialists called New Technologies Inc. High-tech bugs, a la James Bond, also are finding their ways into corporate boardrooms and offices of CFOs. U.S. Customs, for example, is confiscating a number of listening devices tucked inside office supplies -- clocks, pens, billfolds, etc. Secret Service Special Agent Bob Weaver, who heads the New York Area Electronic Crimes Task Force, displayed hundreds of such gadgets on a conference table in Manhattan this year. "Things are only going to get worse. Technologies are changing so rapidly. ESIDS [Electronic Surreptitious Interception Devices] are getting smaller, better, and easier to use," says Customs special agent in charge Bill De Armond.