 sj |
||
|
||
BS: 13-year-old hacker - a cautionary tale
|
|
|
Subject: 13-year-old hacker - a cautionary tale From: Mark Cohen Date: 03 Jul 01 - 07:36 PM I just received an email newsletter from Steve Gibson, who has produced a number of interesting web-security programs. It includes a description of an "attack" that closed down Steve's website several times last May. I understand very little of the details about bots and Zombies and IRC ports and raw sockets, but it reads as a fascinating detective story, with some sobering conclusions. Apparently this attack occurred when a 13-year-old in Wisconsin commandeered several hundred PC's across the country and got them all to send massive amounts of meaningless data to this particular website server, clogging its connections to the web and effectively shutting it down. The 13-year-old was angry because he had heard a rumor that Steve had "insulted" him and his friends in a discussion group. The software he used to disable the site was written by a "master hacker", and is freely available to anybody who would know how to use it. The more worrisome part is that, according to Steve Gibson, the new and upcoming Microsoft operating systems (Windows 2000 and XP) are configured so as to make it very easy for hackers to take over the machines that run them (the ones you and I might be buying in the next couple of years for our own humdrum use), and create major havoc on the Net. I should make it clear that I don't know Steve personally, and I have no way of independently verifying his statements, but from looking through his website he sounds like an intelligent and concerned person, not a wild-eyed nut. I'm only marginally above the baseline when it comes to computer literacy, but after reading this story--including transcripts of messages from the 13-year-old and from the one who created the malicious programs--I'm concerned. Perhaps some of you who can understand this stuff could offer some informed commentary. Here's the story. Aloha, Mark |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: SeanM Date: 03 Jul 01 - 07:56 PM It is true - it's all to easy for someone to hack a computer if the owner isn't paying attention. The proliferation of DSL and other 'always on' ISPs has made the problem that much more dangerous. I've been hacked - on a previous DSL based computer, we got sloppy and at some point or another wound up with a 'backdoor' virus, which gave anyone with the counterpart program unlimited useage of our computer. Fortunately, it appeared that the hacker in question only was interested in using our computer as a "zero day" source to distribute MP3 files, but he could very easily have set us up as a satellite to use for ANY number of nasty shenanigans. There are a number of programs that take advantage of MS security flaws. MS is FAMOUS for being about as secure as a sugar sponge in a rainstorm, and the new programs are likely to have the same problems. AOL is a similar risk. Even more fun, I recently found out that someone using "ICQSniffer" can apparently hack into your computer using your ICQ connection. Whee! M |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Mike Byers Date: 04 Jul 01 - 07:50 AM Steve Gibson is fairly well known as a fellow who knows quite a bit about computer security; he's developed a number of useful programs over the years and has a good reputation for knowing what he's talking about. My thought is that if he can be overcome by a DDOS (Distributed Denial Of Service) attack, then just about anyone is vulnerable. SeanM is right about the security flaws in MS software; this is in great part due to the complexity of programs such as Windows, Outlook Express, etc. And I'd also agree that AOL is not the best when it comes to security as they don't seem to respond very well when one of their customers has a problem. What can the average person do about this? Not a whole lot, really. If your're running Windows you should insure you're up-to-date with security updates and make the changes to bindings suggested on Steve Gibson's website. I like using local ISPs rather than big outfits like AOL because a local ISP is more likely to respond if you have a security problem. And do install anti-virus software and keep it up to date. As computers and software evolve I expect there will be improvements in security, but "hackers" will no doubt improve their routines, too. In the final analysis, the answer is to never keep any data you're concerned about on a machine that's connected to the internet or any other network. |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: GeorgeH Date: 04 Jul 01 - 09:34 AM Trouble is, DDOS is very hard for the intended victim, acting alone, to guard against. Suppose I announced my "physical" address on these pages and someone persuaded the rest of you to send me a hate letter (or even an empty envelope) every 5 minutes . . . There'd be so much garbage coming through my door I wouldn't stand a chance of finding the genuine mail amongst it . . (not that anyone writes to me anyway, you realise . . ) G. |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Mark Cohen Date: 04 Jul 01 - 02:39 PM Thanks, Mike. As I use my laptop both at home and at the office I don't have a lot of choice as to which machine I keep my data on. However, I DO have a choice as to whether to back it up, and your last point was a good wakeup call to me to plug in my Zip drive and use it...often. Here's another related question, that Steve's article brought up. Now that I've moved from my off-the-grid house with a cell phone to an apartment with a real telephone line, I've been thinking about getting DSL service. How much does that increase my vulnerability to a random "attack" by a virus, hacker, etc.? And what's the best way to protect myself? From what I've seen of Steve Gibson's work, I would imagine that something like his "ShieldsUp!" program would be necessary...are there any other precautions I should take? As my college roommate used to say, "Just because you're paranoid, it doesn't mean they're not really after you!" Aloha, Mark |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: 8_Pints Date: 04 Jul 01 - 05:17 PM Hi, I use ZoneAlarm form http://www.zonelabs.com/ to block unauthorised connections to my PC Ports. A free download version is available to non-commercial users. PCs will be more vulnerable, and attractive to the attackers, if connected through the high speed DSL or cable modem links. So this precaution, in addition to antivirus protection, is important. Bob vG |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: SeanM Date: 04 Jul 01 - 06:52 PM I'll second the previous post... Firewalls are GREAT. Keep them updated though, and set them so that nothing is allowed to access in or out without your permission. That's how we caught on that we'd been hacked. I'd become suspicious when I didn't recognize a file or two in our MP3 collection, even more so when I found hundreds of MP3 fragments in my main windows directory. The final realization came when I got paranoid and cut the firewall to max security. At a time when NOTHING that I'd started was supposed to be accessing online, I suddenly recieved messages that there were 3 programs sending and recieving data on the machine. It's VERY preferrable to have to manually authorize net access rather than have programs accessing in and out without your knowledge. It's a bit of a hassle to say "OK, I authorize Netscape to access the web THIS TIME ONLY", but I'd much rather that than find out some punk has been rummaging through my system. M |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Little Hawk Date: 04 Jul 01 - 08:05 PM I read the whole darn thing and tried to understand it, but finally gave up. I will never be into computers enough to get this kind of stuff straight in my head. However, it sounds like we are headed for some very big trouble on the Net if what he says about the new operating software is correct... - LH |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Don Firth Date: 04 Jul 01 - 10:16 PM When DOS roamed the earth, I was the office computer guru, but since I hung onto my 1986 XT Turbo and didn't update to a Pentium II until 1999, I managed to get well behind. Confronted with Windows and other forms of bloatware, I found I had descended to the ranks of fairly computer literate. These days there is a heck of a lot about computers I just don't know. I'm still using a dial-up connection (generally I'm a patient guy), but I do look with some lust on faster connections, probably cable, since it is readily available in my area. Budget constraints, however. . . . If one had cable or DSL, wouldn't it be possible to frustrate attempts to hack into one's computer by simply turning it off? Sure, you wouldn't be taking advantage of the always-on aspects, but you would have the faster downloads and such. O ye Esteemed Minions of Great Wisdom, what sayest thou? Don Firth |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: SeanM Date: 04 Jul 01 - 10:25 PM Don; IF hacking was limited to only a person directly attempting to compromise your system, that would be a great solution. It's still a great way to keep your computer from misbehaving while you're not there, as well as keeps down your power bill. However, a lot of hackers run 'bots' or other programs, that work regardless of their presence. In my (admittedly limited) knowledge, these programs 'ping' your computer by IP address - basically, send a call out to a list of addresses, and wait to see who responds back. Once a hacker (or a hacker program) has a response back, they know that your IP address is active and can begin attempting to attack it. A good firewall will alert you to being pinged. My old firewall used to garner 3-4 pings a day when I was online. An even better firewall will notify you and refuse to return the ping, thus showing your IP addy at that time as inactive. Heck. Just do it. Get the antivirus software, and get a firewall, and for the love of whatever you worship be careful online. M |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: katlaughing Date: 05 Jul 01 - 04:14 AM We've got the cable modem, so are online 24/7, with ICQ in invisible mode. Also have Zone Alarm, great program. I learned about it here and another one called InoculateIT, which I also use. It is also good to go to Tools, Internet Options, Security, Custom Settings, and tell your computer to always prompt you as ot whether to accept cookies or not. Thanks, Mark, kat
|
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: SeanM Date: 05 Jul 01 - 06:00 AM Kat - be REALLY careful with ICQ. I've been hearing increasing horror stories. Invisible mode is no guarantee - I've got mine on invis, and have been spammed a couple times, and have even had one guy who buzzed me out of the blue (I'm set to not accept messages from people not on my buddy list) and claimed he was just testing'a new toy he'd found'. Until they patch the holes and release a new version, it is probably safest to keep it off unless you're actively expecting to talk to someone... M |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: GUEST,Nick P. Date: 05 Jul 01 - 06:38 AM Wow!!!....MINDBOGGLING |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Willie-O Date: 05 Jul 01 - 08:38 AM I work as a help-desk tech for a large DSL service. Zonealarm ain't a bad idea, but it can also mess up your connection so you can't browse. So we spend a lot of time telling people to disable it in order to be able to use the DSL service. Not that it doesn't work well most of the time, but it'a a frequent source of problems as well. The bottom line is that there are millions of very novice users (I hear this a lot: "What's a browser? I lost my internet. All this stuff just came up. You know what it is?"and "This was supposed to be easy!") who are convinced that they have to have high-speed, (saw it on TV), just got their first computer out of the box, don't know the first thing about either computers or Internet protocols. And most of them have their connection set up as always-on with no firewall ("What's that? No I don't think I have one"). I'm not being critical of these people, everyone has to start sometime, but there is no doubt that this provides lots of potential resources for more big DDOS attacks. Be on your guard at your end, because millions of people aren't. Surf safe, eh.
|
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: MichaelM Date: 05 Jul 01 - 09:12 AM Sometimes the system seems set up for failure. An acquaintance who is the IT specialist for a banking division in Canada got the cable high-speed service. He set up the same firewalls that he uses at work. He got a call the next day from his service provider who asked if there was a problem with his service. Apparently they ping your computer regularly to ensure that you are only runnung one computer not a network. They couldn't ping successfully because of his firewall and demanded he remove it. He asked them if they were assuming full responsibility for his system's security against hackers and were willing to insure the integrity of his data and system. What a surprise; they said no! He said he was not removing his firewall, informed them of his IT credentials and asked if they wanted to become the laughing-stock of the on-line community. They chose to leave him alone. |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: GUEST,Student of the black horse Date: 05 Jul 01 - 09:38 AM Remember that in almost all cases you will first need to download or open a piece of code to become infected. Beware of iffy e-mails and downloading things from the net, that's how you can get caught in the first place. Cable modems and DSL are not really more vulnerable (other than the fact they tend to be online more) but just prefered as "Zombies" as they can handle more data and tend to be online more often (I guess it is a kind of stigma, even with hackers, to say that your army is broadband rather than dial-up).
|
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Mrrzy Date: 05 Jul 01 - 02:55 PM Does turning off the cable modem help? |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: 8_Pints Date: 05 Jul 01 - 03:41 PM Hi Student of the Black Horse, Ever heard of Telnet? Its why the INTERNET was invented. Bob vG |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: SeanM Date: 05 Jul 01 - 04:50 PM Other safety tips: If you MUST use Outlook or any of it's variants, IMMEDIATELY ensure that the 'autorun attachments' part of your emailbox is turned off. Also, if you can, disable the preview panel. BOTH of these are targets for virii, and you don't have to do ANYTHING but highlight the message in Outlook in order for the virus to launch. DO NOT accept 'open' or 'direct' connections with anyone over the internet, unless you know precisely who you are dealing with. Do NOT open ANY attachment whatsoever until it's been virus scanned. Just because you know the person sending it to you and just because you are expecting it does not mean that the person isn't infected and is just not aware of it. M |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: katlaughing Date: 05 Jul 01 - 04:53 PM Mrzzy, I would think so, as there would be no access available if it is off and thus not connected to your computer, at that time. SeanM, thanks very much. I do ocassionally get a spam from someones unknown on ICQ. I've even ahd it tell me someone I was chatting with was trying to tell me about a new bit of something they wanted to share. It looked iffy so I asked them and they'd not sent a thing. I don't chat on there near as much as I used to, so...off it goes except for when I know I want to chat with someone. I appreciate your warning. kat |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Burke Date: 05 Jul 01 - 07:32 PM GUEST,Student of the black horse, What you say is true of viruses, but not the IRC Bots/Zombies that this story is about. Any Windoze PC not behind a firewall seems vulnerable. Dial-up conneections are not as vulnerable because people usually dial-up only when they want to do internet things & because they are so slow the hackers don't need to bother. Machines on Internet Cable usually log-on to the internet when started up & provide the hackers lots of band-width. If you have no firewall, the hackers can get access to your machine without you're knowing & without you having downloaded anything special. |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Mark Cohen Date: 05 Jul 01 - 09:45 PM Thanks, everyone, this has been a very helpful discussion. I think there is another reason why the always-on connections are more vulnerable, though I may be wrong. With a dial-up, your machine's IP address (I think that stands for Internet Protocol--it's the way each individual machine is identified on the net) will change every time you log on. So a "bot" may find your machine one time, but by the time it's ready to do something nasty, "your" machine will probably not exist anymore, as it will have a different address. With the always-on connections, however, the address doesn't change, so the hackers and other nasty unscrupulous modifiers have a stable base of operations. If I'm incorrect, please let me know. I'm also interested in knowing how this all relates to cookies....and why they're called cookies in the first place! Enlightenment, anyone? Aloha, Mark |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Little Hawk Date: 05 Jul 01 - 09:59 PM Ummmm...what, in VERY simple layman's terms, is a "firewall"? What does it do? Where do you get one? How much does it cost? Are there some well-known brand names of firewalls? How often do they need to be updated? No jokes, Spaw, okay? Thanks, - LH |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Amos Date: 05 Jul 01 - 10:31 PM A firewall is a "layer" provided by specialized software. It functions as though it is sitting "between" the local-area network of a company and the internet. It is constructed to allow the administrator of the local network to limit what kind of traffic is allowed to pass through into the LAN, what (for example) IP numbers are allowed to be addressed, what kind of streams of data are allowed to come in and to where, and in some case which sources are allowed to send queries or data intot he local network. The term comes from the word used in both automonbile and steamship construction for the physical wall separating the engine area or the boiler area from other compartments (such as the driver's cockpit in a car, or perhaps holds or tanks in a ship). The firewall was often lined with asbestos sheeting to prevent the "hot area" from heating up the adjacent compartment. The analogy is that the uncontrolled internet is "hot" while the other side of the connection -- for example an office LAN -- has to stay controlled and "cool". IP stands for Internet Protocol, and an IP number is the xxx.ttt.zzz formed number which is assigned to any operating "node" on a network using the "TCP/IP" (Transfer Control Protocol/Internet Protocol) method of communication and networking. When you log on to the internet your machine usually has an IP number, and it is either a constant number every time you log on (static IP) or it is an IP number assigned for the purpose of that session only, then to expire and be reused somewhere else (dynamic IP). For a semi-technical explanation click on this link.Regards, Amos |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Little Hawk Date: 05 Jul 01 - 10:48 PM Thanks, Amos! As I am on a personal home computer, and not a company network, does it apply to me? - LH |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Amos Date: 05 Jul 01 - 10:58 PM It can apply to you if you -- for example -- have an "always on" internet connection (a static IP number and a cable modem of DSL or similar link that doesn't have to be "dialed up" to be activated. In that case your machine is just any other always-present server on the Internet, and its IP number could become the target of a hack, conceivably. And conceivably, one way to reduce that risk would be to find and install a firewall software package that would prevent hackers from accessing your machine directly. I guess it would depend on how serious you felt the risk was. Like any application, "firewall" software can be simple or highly complex, with the more complex costing more and providing more "features" presumably. If you have a dynamic IP number that only gets assigned to your machine when you start a session, then the risk is much lower that you would be seen as a possible target by a hacker. A hacker who gains access to your machine can then read from it any data he wants; and he can cause it to slavishly participate in a wide-area distirbuted "denial of service" attack as described above by sending it orders to flood a chosen target with "packets" -- strings of high/low voltage representing logical bits which are bundled together and usually make up larger messages when re-assembled. This is another reason I like recommending Macs to people. They are much harder to hack, because of their architecture, although with the advent of OS X they are just about as vulnerable as any UNIX server. That's about all I know in it, LH. If you need a detailed analysis, you need a hands-on geek. A |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Amos Date: 06 Jul 01 - 09:38 AM What, you fell asleep listening? A |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Little Hawk Date: 06 Jul 01 - 09:44 AM Nope. I went to sleep before you posted. Thanks! - LH |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: JohnInKansas Date: 24 Jul 01 - 08:34 PM Refresh: to go with Virus Threads John |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: Coyote Breath Date: 24 Jul 01 - 10:31 PM Thanks folks. I'm as unfamiliar with the internet and its many wierd ways as Little Hawk. A habit I got into when using my work computer (in violation of company rules) was to trash (through internet tools) all files I hadn't specifically saved and erase all history. I also am online ONLY when I dial up and while my ISP is kludgey that kludgieness is probably good. Yes? God, I'm too old for this stuff! |
|
Subject: RE: BS: 13-year-old hacker - a cautionary tale From: GUEST,.gargoyle Date: 25 Jul 01 - 03:19 AM A "DDOS" is a temporary minor inconvenience....it is NOT a major breach of security
Your "information" is "old news" and is best posted to a news-group on the subject....it is in-appropriate for a forum devoted to folk-music. |