Crooks and the Internet—Computing and security in the Internet age

Here I made a copy of an article published in the Sacramento Bee.

Obviously I already knew most of what is written here, except the amount of spam/scam emails that one ISP can support: the top max. registered now is 1 billion in 12 hours. And I suppose that this ISP is not responsible for anything which happened, is it?!

This is the obvious problem on the Internet today: no one wants to do anything about whatever. Well... one company is doing a huge whole lot more than the others in regard to scam: At least from what I heard they will not only block arriving emails but they also stop emails leaving if they suspect they are improper.

Some other companies do things to block arriving emails, but as I mentioned on some other pages, what we really need is for large email companies (i.e. Yahoo!, hotmail, Google, etc.) to take one step toward deleting the scam emails without even giving it to people. There is a privacy problem in that, but I think it is a lot worse to let some people read some of these emails when you know that some of them will respond and lose money. It could be that we need a law or two to change in that regard, but hey! so what?! Do you rather have 2100 emails a week in your mailbox like me???

Okay, in case you don't notice it, there is also another problem... They mention the "commercial Internet" and I suppose we weren't really ready to have a commercial Internet, at least not yet. I've seen a show in England which shown a guy who entered a brand new web site in 15 min. Obviously the system had state of the art MS-Windows Servers which you can enter no problem, even when you have the best firewall ever (unless you really lock everything out, but then you don't need a server!) Okay... so, dead easy to penetrate a MS-Windows system and thus if you do not use that crap, you're safe. NOOOOOOOOOOOOOOOOO! Think again!!! You aren't safe. The problem is at your Insurer, your broker, your banker. Do they use MS-Windows? Yes! Do they have Internet Explorer installed? Yes! Do you think your data is safe?! Clearly: NO.

So it's not because you are using Linux with a very strong firewall that you are safe. It's a totally free exchange of data all over the place. Data that you have no control over. (You may want to read this other article.)

See original on Page A1 and Page A14. Note: These pages have a good quality scanned image and are quite slow to load!



Crooks build theft system via Internet

Victim's own PCs secretly tapped to assist spam, fraud, data theft.

By John Markoff

In their persistent quest to breach the Internet's defenses, the bad guys are honing their weapons and increasing their firepower.

With growing sophistication, they are taking advantage of programs that secretly install themselves on thousands or even millions of personal computers, band these computers together into an unwitting army of zombies, and use the collective power of the dragooned network to commit Internet crime.

These Systems, called botnet, are being blamed for the huge spike in spam that bedeviled the Internet in recent months, as well as fraud and data theft.

Security researchers have been concerned about botnets for some time because they automate and amplify the effects of viruses and other malicious programs.

What is new is the vastly escalating scale of the problem—and the precision with which some of the programs can scan computers for specific information, like corporate and personal data, to drain money from online bank accounts and stock brokerages.

"It's the perfect crime, both low-risk and high-profit," said Gadi Evron, a computer security researcher for an Israeli-based firm, Beyond Security, who coordinates an international volunteer effort to fight botnets. "The war to make the Internet safe was lost long ago, and we need to figure out what to do now."

Although there is a wide range of estimates of the overall infection rate, the scale and the power of the botnet programs have clearly become immense.

David Dagon, a Georgia Institute of Technology researcher who is a co-founder of Damballa, a startup company focusing on controlling botnets, said the programs are on about 11 percent of the more than 650 million computers attached to the Internet.

Plagues of viruses and other malicious programs have periodically swept through the Internet since 1988, when 60,000 computers were online. Each time, computer security managers and users have cleaned up the damage and patched holes in systems.

In recent years, however, such attacks have forced increasingly stringent security responses. And the emergence of botnets has alarmed not just computer security experts, but also specialists who created the early Internet infrastructure.

"It represents a threat, but it's one that is hard to explain," said David Farber, a Carnegie Mellon computer scientist who was an Internet pioneer. "It's an insidious threat, and what worries me is that the scope of the problem is still not clear to most people."

Referring to Windows computers, he added, "The popular machines are so easy to penetrate, and that's scary."

So far botnets have predominantly infected Windows-based computers, although there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems.

The programs are often created by small groups of code writers and distributed in a variety of ways, including e-mail attachments and downloads by users who do not know they are getting something malicious. They can even be present in pirated software sold on online auction sites. Once installed on Internet-connected PCs, they can be controlled using a widely available communications system called Internet Relay Char, or IRC.

ShadowServer, a voluntary organization of computer security experts that monitors botnet activity, is tracking more than 400,000 infected machines and about 1,450 separate IRC control systems, which are called Command & Control servers.

The financial danger can be seen in a technical report presented last summer by a security researcher who analyzed the information contained in a 200-megabyte file that he had intercepted. The file had been generated by a botnet that was systematically harvesting stolen information and then hiding it in a secret location where the data could be retrieved by the botnet master.

The data in the file had been collected during a 30-day period, according to Rick Esson, chief executive of Support Intelligence, a San Francisco-based company that sells information on computer security threats to corporations and federal agencies. The data came from 793 infected computers and it generated 54,926 log-in credentials and 281 credit-card numbers. The stolen information affected 1,239 companies, he said, including 35 stock brokerages, 86 bank accounts, 174 e-commerce accounts and 245 e-mail accounts.

Information collected by Wesson's company is now able to identify more than 250,000 new botnet infections daily, he said.

"We are losing this war badly," he said. "Even the vendors understand that we are losing the war."

According to the annual intelligence report of MessageLabs, a New York-based computer security firm, more than 80 percent of all spam now originates from botnets. Last month, for the first time ever, a single Internet service provider generated more than 1 billion spam e-mail messages in a 24-hour period, according to a ranking system maintained by Trend Micro, the computer security firm. That indicated that machines of the service providers customers had been woven into a giant network, with a single control point using them to pump out spam.

The author of the program, who is active on Internet technical discussion groups and claims to live in Zimbabwe, has found a way to hide the infecting agent in such a way that it leaves none of the traditional digital fingerprints that have been used to detect such programs.

Moreover, although rustock is currently being used for distributing spam, it is a more general tool that can be used with many other forms of illegal Internet activity.

Computer security experts warn that botnet programs are evolving faster than security firms can respond and have come to represent a fundamental threat to the viability of the commercial Internet. The problem is becoming compounded, they say, because many Internet service providers are either ignoring or minimizing the problem.

"It's a huge scientific, policy, and ultimately social crisis, and no one is taking any responsibility for addressing it," said K.C. Claffy, a veteran Internet researcher at the San Diego Supercomputer Center Claffy, a veteran Internet researcher at the San Diego Supercomputer Center.

Some botnet-installed programs have been identifier that exploit features of the Windows operating sytsem, like the ability to recognize recently viewed documents. Botnet authors assume that any personal document that a computer owner has used recently will also be of interest to a data thief, Dagon said.