Like Darth Vader’s storm troopers in Star Wars, PC users with cable modem hookups are being drafted as Internet zombies for hack attacks on commercial Web sites.
The malicious hackers who plan such attacks call the unwitting PC pawns “zombies” because they’re unconscious accomplices. They seed the PCs in advance with small programs that the cybervandals remotely activate later, and they use the zombies to launch an attack on another system.
The volume of these distributed denial of service attacks is hard to measure, but they seem to be on the rise. They’re certainly drawing increased scrutiny by computer security consultants, Internet service providers, and big cable modem companies like [email protected] Inc. and AT&T Broadband Inc.
In two recent attacks, including one last weekend, nearly 500 Windows-powered PCs with broadband connections were used to shut down a security consultant’s Web site in Southern California.
“The huge majority [of computers used in the attack] are home.com and rr.com accounts,” both are broadband cable services, notes Steve Gibson, president of Gibson Research Corp., the targeted site. He was able to trace the location of some of the zombie-like PCs used in the assault to the Texas A&M University network. “These typically are [users] who are clueless about security. They want to be on the Internet, and they are home cable modem users.”
Gibson hopes his experience will illuminate the problem and the dangers inherent in using broadband connections in particular and the Internet in general.
“There is a serious, not just a hypothetical, risk, a consequence, that involves a responsibility with a connection to the Internet,” he says. “Yes, it is wonderful. Yes, there is really cool stuff out there, but there are also people without your best interest at heart.”
Simple Precautions, Dire Consequences
The crux of the problem–and the opportunity for malicious hackers–is that a cable broadband connection is “always on.” And your conduit out to the Internet can be a two-way road.
“What people don’t get is that when you’re connected to the Internet, the Internet is connected to you,” Gibson says. “It’s a reciprocal relationship.”
Denial of service attacks drew attention last year when hackers crippled prominent sites like [email protected], eBay Inc., and Yahoo Inc. Microsoft Corp. sustained denial of service attacks earlier this year. And even the Undernet that supports the Internet Relay Chat network experienced attacks just a few months ago.
Security experts recently expressed concern that many systems have recently become zombies with the sudden spread of a particular worm. They fear that a brief skirmish between Chinese and American hackers resulted in the seeding of many systems for a later distributed denial of service attack.
If they don’t take simple security precautions, cable modem users and PC owners with high-speed DSL connections can easily become unwitting accomplices to denial of service attacks by hackers who can also pilfer personal information like credit card and bank account details.
“I shudder to think that these people are doing their stock portfolios or electronic banking or buying things with credit cards on their computer over the Internet while their computer security has been completely compromised and are completely owned by these hackers,” Gibson says. “These people have something bad in their machines and they probably don’t even realize it.”
Make Your PC Inhospitable to Intruders
Many companies, including [email protected] and AT&T Broadband, provide the first precaution. They begin the cable modem installation process by disabling the file-sharing program that is on the Windows operating system of customer computers.
“The installation CDs that go out with our installation technicians automatically disables file and print sharing,” says Scott Russell, high-speed data product director at AT&T Broadband. “That puts up a wall so your neighbors can’t see into your computer.”
Installing a firewall is the next simple, and inexpensive, precaution.
Once a PC is compromised, however, Gibson says the only sure-fire cure for infection is to reformat the hard drive and reinstall Windows, an often time-consuming and frustrating experience.
Like AT&T, one of the first precautions that [email protected] takes in installing new service is to disable the Windows file-sharing program. Do-it-yourself installers get the same warning.
“We also have an information page on our member services section talking about security issues,” says Chris Kelly, chief privacy officer for [email protected] “We are working on the next generation of offerings that will include firewall product recommendations.”
For Web site operators, tools are available to spot and stop denial of service attacks. Also, AT&T Broadband and [email protected] say they monitor network traffic for suspicious activity.
“We scan the ports where most hacking activities or unauthorized access might take place,” [email protected]’s Kelly says. “We also do regular network monitoring to look for any suspicious activity. We are not perfect at it, but we are like a credit card company looking for some suspicious activity on the network.”
Cities Harbor Most (Vulnerable) PCs
Security issues borne of the proliferation of broadband connections are expected to grow, simply because the number of PCs with high-speed connections is increasing.
And certain jurisdictions are going to feel the heat. Nearly one in every ten broadband users lives in New York City, and 30 per cent are clumped in the top five U.S. metropolitan centers: New York, Los Angeles, San Francisco, Boston, and Seattle, according to Nielsen/NetRatings, the Internet audience measurement service.
Broadband access grew 134 per cent in the past year, according to Nielsen/NetRatings. Its researchers report that nearly 16 million users accessed the Internet from home last month via cable modem, DSL, ISDN, or LAN, compared with only 6.8 million in April 2000.
Gartner Group Inc. forecasts there will be 17.3 million residential broadband users in the United States next year, up from an estimated 11 million users in 2000. The total is expected to jump to 17.4 million in 2002, increase to 23.2 million in 2003, and then climb to nearly 29 million in 2004.