Information Warfare: March 23, 2002

Archives

This may be an urban legend, but the details are real enough to make it very possible. The story is that a world wide black hat (the bad guys) hacker confederation is setting up a computing grid to crack passwords. Grid computing has been around since the late 1990s. A computer grid consists of many (sometimes millions) of computers using their down time (when the users are away) to solve mathematical problems. An example is the popular SETI project, which uses a grid to analyze signals from outer space for signs of intelligent life. More recent grids are doing drug research (like better cures for Anthrax poisoning or curing cancer.) The black hats are using their ability to put zombie programs in other people's PCs to set up a grid. Actually, the software any grid puts in a participants computer is kind of a zombie program. But real zombies are used for things like DDOS attacks (flooding a web site with garbage data in order to shut it down.) and using the hacked computer to store hacker material (usually stolen stuff like classified Department of Defense documents, credit card numbers or other items the thief doesn't want to get caught with.) Zombies also allow the hacker to control the hacked computer. The password cracking grid would make it easier for hackers to sneak into other people's computer. A "sniffer" program can catch encrypted passwords going to the target computer. A typical seven character encrypted password can be decrypted in one hour by a grid consisting of fewer than 200 computers. Longer passwords using more powerful encryption (like that used in banks or Department of Defense systems) might require a grid of thousands of computers working for over a hundred hours. Even the best protected current password systems could be cracked by a large grid in a month or two. So far, no password cracking zombies have showed, or at least no one has admitted to finding one. If this grid project does go forward, and it's quite feasible, a few zombies will be found when PC some users do a security sweep of their machines. At that point, the grid will be real, and the PC industry will have to rethink how it uses passwords. At this point, the anti-virus programs will scan for the grid zombies as new ones are discovered. This will make it more difficult to keep a really large grid operational. But there are many PCs with high speed (cable or DLS) connections that make excellent hosts for these zombies. Many of these PCs do not use anti-virus software and, since the grid zombies do not harm the PC they are on, the grids will remain operational. 

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close