Information Warfare: Payback Is A Bitch

Archives

June 21, 2010: Crime, and warfare, over the Internet is getting more dangerous for the attackers. Internet security experts are now doing to hackers what hackers have been doing for years; finding flaws in their software and exploiting it. This makes it possible to counterattack and, more importantly, identify, locate and arrest criminal hackers. For military ones, you could obtain GPS coordinates, enabling you to send a "cease and desist" message in the form of smart bombs. Or simply apply some more effective diplomatic pressure.

For years, security experts have been taking apart the hacker software secretly placed on PCs. Often, this is sloppy code, and over the past few years, the "white hat" (security company hackers) have been developing ways to exploit those flaws to more quickly shut down the bad guys, or even find them.

The most popular hacker tool; zombie computers and botnets, use special programs to infect computers, and enable the botnet owner to control these captured machines. The most visible use of a botnet is DDOS attacks. In plain English, that means buying access to hundreds, or thousands, of home and business PCs that have had special software secretly installed. This allows whoever installed the software that turned these PCs into zombies, to do whatever they want with these machines. The most common thing done is to have those PCs, when hooked up to the Internet, to send as many emails, or other electronic messages, as they can, to  specified websites or email addresses. When this is done to a single website, with lots of zombies (a botnet), the flood of messages becomes a DDOS (Distributed Denial of Service) attack that shuts the target down. This happens because so much junk is coming in from the botnet, that no one else can get in. But as flaws in the zombie and botnet control software is found, it is being exploited to shut down botnets and catch the guys running them.

But there are even more dangerous cyberwar weapons out there, which have also been found to have exploitable flaws. These are worm and virus programs modified to take advantage of largely unknown Internet vulnerabilities, that allow the user access to many business, government and military computers. This sort of thing is called, "using high value exploits" (flaws in code that are not yet widely known). These exploits are a lot more expensive, and require more skill to use. Currently, a major source of exploits are hackers for hire. These are skilled hackers, who know they are working on the wrong side of the law, and know how to do the job, take the money, and run. This situation has developed because organized crime has discovered the Internet, and the relatively easy money to be made via Internet extortion and theft. Some of these hackers also sell flaws in hacker software. No honor among thieves and all that.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close