The Internet is used by billions of people daily, for everything from instant messaging to on-line banking. Millions of dollars are transferred everyday so you would expect high security for these kinds of transactions. On-line banking sites and stores abound with images of locks and words like “Secure & Safe”. But to the surprise of many, the Internet is very insecure.
This article is contributed by Steven Richards. Apart from a refreshing change, this also provides insights from someone who has witnessed, first hand, the exploits and insecurity of the network we use everyday without considering the vulnerabilities.
If you watch the news then you will occasionally notice the media running stories about “hackers”. Hackers are often portrayed negatively, and although some hack for malicious purposes (These are known as ‘black hat hackers’ or ‘crackers’.), a lot are security experts and programmers who “hack” to make their software and networks more secure. Think of hackers as problem solvers, they will look at a problem such as discovering a company’s network vulnerability, they will test penetration and then fix the problem.
Government agencies such as the cia and fbi often hire known hackers for counter-attacks and for cyber defense. The us networks are attacked on a daily basis, most of these attacks originate from eastern European countries. The new battle-front is one we cannot see, with people behind the screen of a computer capable of attacking networks and infrastructure anywhere in the world, and it changes the way wars are now fought.
In 2008 it was suspected that during the Russian-Georgian conflict, the Russian government attacked Georgian web sites and other networks. In response Georgian hackers fought back and were able to regain control of their servers and network systems. Quite often you will see a team of hackers take down a website using a ‘ddos (Distributed Denial of Service – a type of attack when the targeted system is over-saturated with illegitimate requests to disrupt its service.)’ attack. This month, a team of Iranian hackers took down the Twitter service temporarily with a message about their cause. This is just one example of how a big network can be taken down. Battles and attacks on the Internet will surely continue as a way of destabilization or protest.
Watch Your ‘Wallets’
There are many simple hacks that an attacker equipped with a cheap netbook can use to hack into secured wireless networks (This includes cracking encryption passwords (wpa, wpa2, wep) and bypassing lists of allowed devices filtered by their hardware addresses.), capturing and interpreting network traffic, and even cracking secured ssl traffic on local networks. In a matter of minutes, your Internet traffic – including passwords, credit card numbers, and other sensitive information – can be in someone else’s hands.
To see how easy this can be, check out the galleryYou can navigate between pictures by clicking the right or left half of the image.. It shows how to remove the encryption from secure traffic on a local network using a “Man in the Middle” (mitm) attack: There are often several points in the communication chain and the assumption is that everything is encrypted and only the end points have the keys to understand the messages. mitm works by placing an attacking device right in the middle of the traffic (This works by telling the local router (which is sending all communication where it is intended) that the attacker is the victim, and then telling the victim that the attacking device is the router. From there, it is a few simple steps to viewing the encrypted traffic in plain-text.). This attack has many variations.
To give you an idea what the users and people trying to secure the Internet are up against, one commonly used tool by hackers is a massive project containing hundreds of exploits and ‘payloads’ designed to compromise target computers and gain control over them. As of January 30, 2010 there were 497 exploits and 192 payloads in this tool alone. Many of these exploits target Windows-based machines but there are a good number of others that affect operating systems like Mac OSX, Linux, Unix, and more.
The hacking community is very large and often unseen; over the years it has grown to a collaboration project. Hackers help develop Linux distributions, secure networks, and write secure programs. The paradox is that without hackers, networks and on-line services would be extremely insecure. As new technologies are being developed, hacked, and improved we will see a whole new Internet, one where people’s perception of safety on the Internet will hopefully come true.