Why Hackers Want You !!

by William Van Winkle, LiveSecurity Contributing Editor

You’re not the Pentagon. Or Microsoft. Or NASA, Wells Fargo, AOL Time Warner, or Daimler Chrysler. You’re not even headquarters for a burger franchise.

No, you’re just part of a small- or medium-sized enterprise (SME), perhaps even a home-based business with enough employees to count on one hand. There are a gajillion companies in the world larger and more affluent than yours, so they’d be more logical targets for a hacker, right? After all, what does your network have that any e-punk would want?


Think about it. Who’s easier to attack? Some multinational conglomerate with an IS budget bigger than the GNP of Lithuania? Or the average SME, which might have one (or fewer) people in charge of network security (and thirty-seven other daily responsibilities).

In October 2000, the Gartner Group reported that one in two small companies will be hacked by 2003. Worse, up to 60 percent of companies won’t realize their security has been breached until the damage becomes obvious. How bad is obvious? In December of 1999, the FBI estimated that the average cost of a network security breach was $142,000. Cahners In-Stat Group put the tab for a downed Internet-based business at $125,000 per hour.

What You Got, Babe, They Want It

But again — why would hackers bother with your little network? Here are some reasons.

Hacking isn’t personal. The Internet is not a school yard. No one is going to push your network around because you wear ugly glasses or momma packs your lunch with chocolate cake every day. Typically, you’ll be a random victim, the poor kid who happened to be on the wrong playground toy at the wrong time.

The first step in a hack attack is to test for vulnerability. This is usually done with a “scanner,” a commonly available application that queries thousands of arbitrary Internet addresses, hunting for any network with open ports through which a hacker can easily enter. Imagine a burglar sneaking down your street at 3:00 AM, trying every front door, looking for one that’s unlocked. If you get robbed, it’s not personal. You just made it easy — you didn’t lock your door.

Hackers want your computing power. Once inside your network, the hacker has free reign, but odds are he didn’t come looking for credit card numbers, trade secrets, or incriminating pictures from last year’s besotted Christmas bash. Instead, the hacker can make use of much more plentiful, ubiquitous resources.

First among these are your CPU cycles, the processing horsepower in each computer on your network. With 15 PCs and a high-speed Net connection, Corporate Health Systems came to WatchGuard Technologies for help after persistent hacks had enslaved the company’s network for one purpose: to help the hacker win an encryption-cracking contest.

“We noticed that we had some issues with network performance, and couldn’t quite get a handle on it because things were running fine,” says George Vanderweit, Corporate Health Systems vice president of operations. “Then all of a sudden things went to pot. It got so bad you could hardly move your cursor. We would delete all traces of the code the hackers were placing in our machines, come in the next day, and the programs would be back again.”

Installing a WatchGuard Firebox appliance instantly solved Corporate Health Systems’ hacking problem. Just the same, being roped unknowingly into such “distributed computing” applications poses a serious risk to any company, in part because most such attacks keep a low enough profile as to be unnoticeable.

Hackers want your connection bandwidth. Just as your CPU bandwidth can be commandeered for illicit processing tasks, your Internet connection bandwidth can be hijacked and used to damage other businesses. Distributed denial of service (DDoS) attacks involve numerous computers bombarding an Internet server with data, overloading it and causing the server to stall or crash. Hackers don’t want their exploits to point back at their own machines, so they enslave other computers, turning them into “zombies,” forcing them to attack in concert.

In February of 2000, the infamous DDoS attack that crippled Yahoo!, CNN, eBay, and other major sites was conducted by a teen-aged hacker who employed dozens of zombies, many of which belonged to unknowing small and home-based businesses. Even more dangerous than having your network enslaved for criminal activity (do be sure to offer the nice FBI agents some tea or soda pop when they visit) is the peril to your business. Many sites will respond to a DDoS attack by sensing the IP address of the attacker, then bouncing all that data back at the source, in effect forcing you to crash your own network. Sensing the activity spike, your ISP is likely to suspend your Net connection first and ask questions later.

Hackers want your (or your computer’s) identity. Hackers can abuse your identity in several ways. A hacker might use your machine as a relay, a bouncing-off point from which to probe for weaknesses in other networks: Some network admin notices unauthorized activity in the accounting files, works with the police to trace the intrusion back to your PC, and the hacker waltzes away with a smile. Similarly, the hacker would much rather have you do his port scanning than his own machine. You might also be one in a chain of relays.

If a hacker can learn your name and e-mail address — not a particularly hard feat — he’s at liberty to change his mail, news, and chat settings to impersonate you. He might send death threats to an ex-boss under your name. He might raid your contacts list, then pretend to be you while asking vendors for information about your order history, including the account numbers used to pay invoices. If the masked hacker slanders your competitors in a newsgroup, you could be faced with trying to clear yourself in court.

Hackers will hack you just for the practice. Or you may become a guinea pig. Hackers stake their reputations on “owning,” or seizing control of, prestigious companies’ servers. But even established hackers begin as novices, and learning the ropes of deception and destruction inside your company’s humble network is as good a place to start as any.

Dodging the Hack:
Conventional wisdom says there’s no such thing as a hack-proof site or company. Still, for the vast majority of impersonal attacks, you can take precautions to stay off the casual hacker’s radar.

Firewall protection is considered essential for any company regardless of network size, and most experts agree that hardware-based firewall appliances are both safer and ultimately more cost-effective than pure software solutions. And there are other factors, as well. Keeping employees informed about safe security practices, having an outside auditor examine your security precautions, maintaining strong anti-virus applications, and much more are all necessary components of a solid security plan.

If you have few security measures in place, you should address the issue proactively. Even if nobody hates your company, that doesn’t mean you’re safe. Hack attempts can be impersonal. However, getting hacked when you should have known better does say quite a bit specifically about you.

Tags: , , , , , ,

Comments are closed.

%d bloggers like this: