The Internet is used by billions of people daily, for everything from instant messaging to on-line banking. Millions of dollars are transferred everyday so you would expect high security for these kinds of transactions. On-line banking sites and stores abound with images of locks and words like “Secure & Safe”. But to the surprise of many, the Internet is very insecure.
This article is contributed by Steven Richards. Apart from a refreshing change, this also provides insights from someone who has witnessed, first hand, the exploits and insecurity of the network we use everyday without considering the vulnerabilities.
If you watch the news then you will occasionally notice the media running stories about “hackers”. Hackers are often portrayed negatively, and although some hack for malicious purposesThese are known as ‘black hat hackers’ or ‘crackers’., a lot are security experts and programmers who “hack” to make their software and networks more secure. Think of hackers as problem solvers, they will look at a problem such as discovering a company’s network vulnerability, they will test penetration and then fix the problem.
Government agencies such as the cia and fbi often hire known hackers for counter-attacks and for cyber defense. The us networks are attacked on a daily basis, most of these attacks originate from eastern European countries. The new battle-front is one we cannot see, with people behind the screen of a computer capable of attacking networks and infrastructure anywhere in the world, and it changes the way wars are now fought.
In 2008 it was suspected that during the Russian-Georgian conflict, the Russian government attacked Georgian web sites and other networks. In response Georgian hackers fought back and were able to regain control of their servers and network systems. Quite often you will see a team of hackers take down a website using a ‘ddosDistributed Denial of Service – a type of attack when the targeted system is over-saturated with illegitimate requests to disrupt its service.’ attack. This month, a team of Iranian hackers took down the Twitter service temporarily with a message about their cause. This is just one example of how a big network can be taken down. Battles and attacks on the Internet will surely continue as a way of destabilization or protest.
Watch Your ‘Wallets’
There are many simple hacks that an attacker equipped with a cheap netbook can use to hack into secured wireless networksThis includes cracking encryption passwords (wpa, wpa2, wep) and bypassing lists of allowed devices filtered by their hardware addresses., capturing and interpreting network traffic, and even cracking secured ssl traffic on local networks. In a matter of minutes, your Internet traffic – including passwords, credit card numbers, and other sensitive information – can be in someone else’s hands.
People like cafés and hotels with free WiFi. Hackers do too because people connect freely and check email etc. Limit use of sites that require loginsSocial networking sites, email, on-line shopping and especially banking. on public networks.
For secure sites requiring a login, make absolutely sure it is secured: The address bar on top has to read e.g. “https://securesite.com” and the name of the server needs to be correct and there must be the “s” in “https://”. If it is missing the “s”, the security for the site has been compromised.
Like in real life, most offers are too good to be true, so think twice when entering sensitive information. Also if you are looking for software or media be careful on sites you have not visited before as they may contain malicious content (‘malware’).
Keep all your computer software up-to-date. Software companies fix their products to be resilient to known exploits.
To see how easy this can be, check out the galleryYou can navigate between pictures by clicking the right or left half of the image.. It shows how to remove the encryption from secure traffic on a local network using a “Man in the Middle” (mitm) attack: There are often several points in the communication chain and the assumption is that everything is encrypted and only the end points have the keys to understand the messages. mitm works by placing an attacking device right in the middle of the trafficThis works by telling the local router (which is sending all communication where it is intended) that the attacker is the victim, and then telling the victim that the attacking device is the router. From there, it is a few simple steps to viewing the encrypted traffic in plain-text.. This attack has many variations.
To give you an idea what the users and people trying to secure the Internet are up against, one commonly used tool by hackers is a massive project containing hundreds of exploits and ‘payloads’ designed to compromise target computers and gain control over them. As of January 30, 2010 there were 497 exploits and 192 payloads in this tool alone. Many of these exploits target Windows-based machines but there are a good number of others that affect operating systems like Mac OSX, Linux, Unix, and more.
The hacking community is very large and often unseen; over the years it has grown to a collaboration project. Hackers help develop Linux distributions, secure networks, and write secure programs. The paradox is that without hackers, networks and on-line services would be extremely insecure. As new technologies are being developed, hacked, and improved we will see a whole new Internet, one where people’s perception of safety on the Internet will hopefully come true.