Cyber Attacks as a Form of Warfare
Information Warfare
There is a new battle. It does not take place on a battlefield and it affects everyone even if they don’t own a computer. Information Warfare can take place over days, weeks, or years. You may not even know that you’re in battle. The other combatant may be an unknown third party, a business competitor, or someone within your organization. By the time you realize that you’ve been targeted, the attack can be so well coordinated that there is little you can do about it. Each year there is an estimated loss of over 45 billion dollars due to information warfare, identity theft, or corporate espionage.
There is a common misconception that anti-virus and spyware programs will protect against online attacks and identity theft. It can help prevent some attacks, but many sophisticated attacks against your computer or network have the ability to disable these programs and some can mimic a legitimate file in your system. Anti-virus is poorly equipped to deal with these types of attacks.
There are more than 3 million computers infected with unknown programs everyday. Some of these programs record what internet sites you visit and collect data before facilitating pop ups and tons of spam in your inbox. There are more complex programs that record everything from keystrokes to internet use and even grant administrative rights on your computer to outsiders. This allows them to browse your computer, install programs, and download personal information while you are away. Most people think a firewall can prevent this but, unfortunately, it isn’t the case. Many of these intrusions can lead to numerous and far-reaching follow-on attacks. Once the host finds out where the main server is located they can upload a virus or trojan to it. This will allow them to either destroy or gain full access to everything on the server. Most servers are well protected and can guard against this, but well trained intruders are using special programs to defeat these practices.
Once a server or a network is infected it can be used as a bot. A bot will report to an attacker when it has successfully penetrated a target and is ready to begin. It serves as personal paging system. One example is the corruption of ICQ by computer hackers. ICQ was a popular chat program in the 1990’s and was widely used by computer hackers because they were able to modify the ICQ built in paging system. They used this otherwise useful program to set up and establish bots that would page the hacker and report the IP address, hostname, and password of vulnerable servers and networks. Attackers used the information to log in at will. Later, CGI scripts that were located primarily on 3rd party webhosting accounts allowed attackers to share or even trade victims with each other. Once webhosting companies became aware of the problem, they began monitoring what files were uploaded to the site. Attackers simply moved on and began using Internet Relay Chat (IRC). They created bots enter chat rooms and begin trolling for victims. I have personally seen one room filled with over 5,000 bots.
Many employers use very strict policies to restrict access to third party sites and programs by their employees. These policies are largely ineffective because attackers are continuously updating and refining their methods. During an interview with a very “successful” computer hacker I learned that he had successfully infected a large company network. This access enabled him to log in to any computer on the network and do whatever he wanted without any red flags going off. I asked him how he managed to infiltrate the system and he said all it took was one email to a person at the company and some fishing attempts and he finally got them to open an email and download a simple picture that had a virus encoded into it. From this small opening, he infected the entire network.
Jedburgh Corporation’s information specialists have programs specifically designed to assist your organization’s information technology efforts or design turn-key solutions to protect your data and sensitive information. We have over 15 years in the computer security field and understand what information attackers seek, and where the information is headed if it is stolen. We are committed to ensuring that your intellectual property and personal information remain safeguarded. Contact info@jedburgh-usa.com to discuss your training needs.
Article written by Alex Berta, Technology/Identity Theft Specialist
There is a new battle. It does not take place on a battlefield and it affects everyone even if they don’t own a computer. Information Warfare can take place over days, weeks, or years. You may not even know that you’re in battle. The other combatant may be an unknown third party, a business competitor, or someone within your organization. By the time you realize that you’ve been targeted, the attack can be so well coordinated that there is little you can do about it. Each year there is an estimated loss of over 45 billion dollars due to information warfare, identity theft, or corporate espionage.
There is a common misconception that anti-virus and spyware programs will protect against online attacks and identity theft. It can help prevent some attacks, but many sophisticated attacks against your computer or network have the ability to disable these programs and some can mimic a legitimate file in your system. Anti-virus is poorly equipped to deal with these types of attacks.
There are more than 3 million computers infected with unknown programs everyday. Some of these programs record what internet sites you visit and collect data before facilitating pop ups and tons of spam in your inbox. There are more complex programs that record everything from keystrokes to internet use and even grant administrative rights on your computer to outsiders. This allows them to browse your computer, install programs, and download personal information while you are away. Most people think a firewall can prevent this but, unfortunately, it isn’t the case. Many of these intrusions can lead to numerous and far-reaching follow-on attacks. Once the host finds out where the main server is located they can upload a virus or trojan to it. This will allow them to either destroy or gain full access to everything on the server. Most servers are well protected and can guard against this, but well trained intruders are using special programs to defeat these practices.
Once a server or a network is infected it can be used as a bot. A bot will report to an attacker when it has successfully penetrated a target and is ready to begin. It serves as personal paging system. One example is the corruption of ICQ by computer hackers. ICQ was a popular chat program in the 1990’s and was widely used by computer hackers because they were able to modify the ICQ built in paging system. They used this otherwise useful program to set up and establish bots that would page the hacker and report the IP address, hostname, and password of vulnerable servers and networks. Attackers used the information to log in at will. Later, CGI scripts that were located primarily on 3rd party webhosting accounts allowed attackers to share or even trade victims with each other. Once webhosting companies became aware of the problem, they began monitoring what files were uploaded to the site. Attackers simply moved on and began using Internet Relay Chat (IRC). They created bots enter chat rooms and begin trolling for victims. I have personally seen one room filled with over 5,000 bots.
Many employers use very strict policies to restrict access to third party sites and programs by their employees. These policies are largely ineffective because attackers are continuously updating and refining their methods. During an interview with a very “successful” computer hacker I learned that he had successfully infected a large company network. This access enabled him to log in to any computer on the network and do whatever he wanted without any red flags going off. I asked him how he managed to infiltrate the system and he said all it took was one email to a person at the company and some fishing attempts and he finally got them to open an email and download a simple picture that had a virus encoded into it. From this small opening, he infected the entire network.
Jedburgh Corporation’s information specialists have programs specifically designed to assist your organization’s information technology efforts or design turn-key solutions to protect your data and sensitive information. We have over 15 years in the computer security field and understand what information attackers seek, and where the information is headed if it is stolen. We are committed to ensuring that your intellectual property and personal information remain safeguarded. Contact info@jedburgh-usa.com to discuss your training needs.
Article written by Alex Berta, Technology/Identity Theft Specialist
