It may be that the only form of safe Internet is disconnecting when the connection is not in use. In the days before DSL providers and fiber optic internet connections that were always on hackers had it a little harder. If a computer wasn’t connected it was safe. Now many people leave their computers on and connected to the Internet constantly. This can be a bad thing.
Recently, a series of attacks called “SQL Injection Attacks” have hit several million websites and the infection rate is rising. The speed and spread of the attack was of greater interest to security specialists than the results of the attack. What it does is redirect site users to a “scareware” site; a website that offers a free PC security software, but, in reality, is adware and malware laden.
Computer Malware
Often, several different cybercriminals will cooperate and load each other’s illegal code from the same package. While that is bad enough on its own, the scary part was that this infection spread to over 1 million websites in less than 24 hours, and no one is exactly sure how.
Not Your Grandpa’s Hacker
There was another very interesting event recently, the Epsilon email server breach. Epsilon provides email-marketing services to over 50 major companies such as JP Morgan & Chase, Kroger, TiVo, Target, and Citibank, among many others. The information stolen consisted of email addresses, names and some other personal data, but Epsilon stated no security lapse or system failure happened. The only real danger is that customers of these companies may get email that they expect and consider legitimate.
The interesting part is that nothing went wrong and they were simply hacked. Some time ago (weeks in Internet time, years in human time), another company was hacked, RSA, a security company providing two-factor authentication systems for banks and website security verification. The cybercriminals got away with critical aspects of the two-factor authentication system that would allow them to gain entry to any “secure” two-factor authentication systems.
Our image of hackers (crackers, technically) is the angry young man (or woman) with crazy good skills and an attitude problem. We used to call them “script kiddies.” That was then, but now we are dealing with offices, business conglomerates, and organizations that often collaborate for common gain. They hire programmers and provide benefits. They generate long-term income.
Most security experts will admit that there is no real way to secure the Internet. It, and the companies and individuals connected to it will get hacked. Advanced security software will protect individual systems from 90 percent of threats but that’s no longer a factor. The reason is that tens of thousands of “threats” are discovered every day. Cybercriminals use not just one but hundreds of methods to gain entry to whatever system they can. The more the merrier. Consumer anti-virus software only needs to miss one threat and they’re in.
Mass Market Malware
The reason that the threat has evolved is that while you may secure your personal system, your neighbor in Japan didn’t. Hackers and cybercriminals no longer rely upon their ability to hack a single system, but rather a percentage of the systems that they hit. If it is a simple consumer system, they use it to build a botnet; if it is a business computer, they look for financial data and connections to other systems. It is mostly automated, and suites of tools can be downloaded to make it easier to hack.
The ability to create vast networks of illegal resources such as bot-netted systems and back doors to corporate servers allows them to target higher value targets. Their tools and methods evolve quickly and we end up with protected laptops and hacked mortgage accounts or business email systems. We may have to accept that the Internet will never be “secure” in the purest sense. Our personal information may be an open book whether we like it or not. Microsoft’s recent involvement in the Ru-stock botnet take-down should be a wake-up call to everyone. There needs to be a reevaluation of what we consider secure.