Under Siege in Dulles By New-Generation Hackers
By Leslie Walker
Washington Post
Thursday, August 4, 2005; D01
http://www.washingtonpost.com/wp-dyn/content/article/2005/08/04/AR2005080400429_pf.html
Sometime last year, the cat and mouse switched places on the Internet.
The hackers used to be the little guys, scampering around unleashing
viruses and furtive attacks against Web sites. It was a nuisance, but big
government and commercial sites generally could chase them away.
"We used to feel like the cat playing with the mouse," recalled Aristotle
Balogh, senior vice president at VeriSign Inc., a company that oversees
some of the Internet's critical functions. "Now we feel more like the
mouse, trying to be fast enough because the attackers are becoming much
more like the cat."
Balogh provided a gloomy account of the hacker wars two weeks ago when I
visited VeriSign's global network operations center in Dulles. VeriSign
considers 2004 "the turning point" in the conflict, Balogh explained,
because the bad guys exhibited such dramatic leaps in creativity,
sophistication and focus.
His assessment was underscored Tuesday when International Business Machines
Corp. released a report saying "criminal-driven security attacks" jumped 50
percent in the first half of this year compared with last year. IBM's
global security intelligence team detected more than 237 million security
attacks worldwide in the first six months, including 54 million against
governments, 36 million against manufacturers and 34 million against
financial services.
To keep criminal hackers at bay, VeriSign, keeper of the master Internet
address book, has been throwing mind-boggling amounts of money and
computing firepower at security.
Gone are the days when reporters like me routinely were allowed to inspect
the VeriSign computer housing the Internet's "A" root server, the top-level
address book for matching domain names such as Google.com with the numeric
addresses of the computers hosting them. Now the "A" root directory is
replicated on multiple computers around the world. And to be extra safe,
VeriSign keeps the main "A" root computer in an undisclosed location known
to only a few employees -- a list that does not include chief executive
Stratton Sclavos or other top officials.
"I don't know where it is, and I run the business," said Mark McLaughlin,
the VeriSign senior vice president who supervises the registry for .com and
.net domain names.
IBM's report also highlighted a sharp rise in "customized" attacks, those
targeting specific companies and individuals, rather than involving random
distribution of viruses, worms and malicious e-mail.
That confirmed a new expertise that Balogh said VeriSign first detected
during a particular attack last year, one it found alarming because the
attack changed every five to 10 minutes. "They did something, we mitigated
it; they did something different and we mitigated; and then they did
something different again," he said. "We played this cat and mouse game for
three hours. We had never seen that level of sophistication. They were
using tools to monitor the impact of what they were doing on the
infrastructure and then immediately changing the vector of attack. This was
an engineered attack."
New variations on old tricks have been appearing this year, some quite
clever. In January alone, IBM detected a tenfold increase in "spear
phishing," the latest flavor of "phishing" e-mails sent to entice people to
bogus Web sites where they unwittingly reveal personal information.
"Spear phishing" messages have a similar goal, but go to fewer than 100
employees inside one company and typically arrive under the guise of a
bogus company document.
Another emerging threat IBM cited is one in which hackers alter address
records stored on domain-name computers run by Internet service providers.
Web users trying to reach those sites are unwittingly redirected to bogus
sites, where they get a malicious file dropped on their computer that
steals personal data, often so hackers can sell it online.
"There has been a huge organizational shift in the way the miscreant
Internet underground works," said Jeremy Kelley, senior threat assessment
analyst for IBM. "It used to be virus writers who were huge annoyances. Now
the criminal element is heavily involved in the miscreant underground . . .
and it is all about profit-making."
VeriSign has an unusual vantage point on this escalating criminal activity,
not only because it operates some core Internet infrastructure. The
Mountain View, Calif., firm also runs security and networking services for
many large companies, along with a payment-processing service that handles
an estimated 37 percent of all e-commerce credit card transactions in North
America. Both give it an early look at hacking trends.
On the bright side, Balogh said changes to the Internet domain system are
underway that will make it harder for hackers to alter address records
stored by Internet service providers.
But he also cited several worrisome trends, including hackers increasingly
issuing blackmail demands for money to stop attacks on commercial Web
services. Another is an increase in "zero-day exploits," attacks taking
advantage of software vulnerabilities the same day they are publicized.
Perhaps scariest is the growing use of "zombie botnets," networks of
compromised home computers that criminals lease to one another for as
little as $300 an hour for as many as 10,000 infected machines.
"It keeps me up at night with all that's going on these days," Balogh said.
"The online world is turning into such a war zone."
VeriSign's network handles between 12 billion and 20 billion look-ups for
Internet addresses daily, a number that doubles every 12 to 18 months.
The company has added extra computing capacity and other precautions to
thwart hackers trying to disable the address system by overwhelming it with
bogus traffic requests known as "distributed denial of service" attacks.
The most famous was launched against the domain system in October 2002,
briefly bringing down more than half of the 13 master address directories,
excluding the two run by VeriSign. Balogh said a second, unpublicized
attack occurred later that night, which he would not describe but
characterized as "five times worse."
But it's getting harder to outrun the hackers. VeriSign thinks time cycles
are shortening between threats, including those its engineers regularly try
to imagine coming down the pike. What might those be?
"There are like a million cell phones with Internet access today,'' Balogh
said, citing one scenario he expects to unfold by 2009. "Just wait until
100 million have Internet access. . . . We know there is going to be a
distributed denial of service attack where you are going to have literally
50 million cell phones coming at you."
================================
George Antunes, Political Science Dept
University of Houston; Houston, TX 77204
Voice: 713-743-3923 Fax: 713-743-3927
antunes at uh dot edu
Reply with a "Thank you" if you liked this post.
_______________________________________________
MEDIANEWS mailing list
[email protected]
To unsubscribe send an email to:
[EMAIL PROTECTED]
