- people on the move
Vigilance The Price of Freedom From Cyber Terror
GRAND RAPIDS — While the United States government is attempting to combat terrorism networks in our country, Tech Power Solutions is attempting to combat terrorism in our computer networks.
Cyber terrorism is making its way into the public consciousness, and businesses and individuals are looking for a way to protect their technology.
Mark Carter, vice president of Tech Power Solutions, recently gave a presentation at Sagestone Inc. regarding how businesses can go about protecting their networks.
Carter admitted that “terrorism” is a harsh word but said the FBI defines it as “unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian populations or any related segment to further political or social objectives.”
While many companies are trying to save their networks and use the Web to do business, hackers are using the Internet to steal or delete information, deface Web sites and shut down systems.
As the Internet continues to provide useful information on security, it also continues to provide information on how to get past that security, Carter said.
He said the important thing to keep in mind is that no one is immune. Hackers attempt to gain access for numerous reasons, he explained, from trying to exploit vulnerabilities for the purpose of gaining access to a company’s resources to merely gaining notoriety among fellow hackers.
He told of a test Web site that was devised to see how many times hackers would attempt to hack into an un-publicized Web site — and, he said, the results were amazing.
After 15 minutes on the first day, he said, hackers took over and took down the site.
A second site was taken over and taken down within 24 hours. When a third one was put up, it was hacked 157 times in the first month, and 11 months later the site had been hacked nearly 1,400 times.
“The thing was that every time the site was put up again, it was done a little bit differently,” said Carter. “And every time it was repaired it was put back together a little bit differently, so that means that the hackers had to attempt different methods, and there had to be numerous hackers attempting to take the site down. Those numbers should be alarming and show people that it doesn’t matter who you are or where you are, you can be hacked.”
Carter said there are two main viruses that businesses should be aware of. The first is the NIMDA virus — ADMIN spelled backwards.
This virus comes as an e-mail but needn’t be opened for the virus to detonate. “Many people have a preview pane on their screen and when they get an e-mail, a little message comes up saying that you have received an e-mail and who it is from,” Carter explained. “If that is up on your screen, delete it. When that e-mail comes up on the preview pane, you have just been infected.”
Once the NIMDA virus has been launched it turns the computer’s C drive into a network share drive, so anyone can access any information on that personal computer. Secondly, it places a guest account on the administration account, thereby turning the administration files into public, shared information. Thirdly, it creates a hidden file where it continuously writes text. By doing this it uses up memory and space; however, since it is hidden, when the user checks how much space is left on the hard drive, it appears to be much more than is actually there. The virus continues to write text until the computer is full and eventually shuts down.
In addition, the virus searches all of the computer’s htm and html files and duplicates them in Microsoft Outlook, then sends them to anyone who has ever been sent a message from that computer, or anyone who has sent a message to that computer. In essence, a company’s data could be floating through cyberspace.
Carter said although it didn’t take a rocket scientist to think this up because all the information is right there on the Internet, it is very well thought out and put together — and hard to get rid of.
The second virus Carter spoke of, which also has been very pervasive in the Grand Rapids area, is known as Sircam. This virus had a detonation date of Oct. 16 and on that day it started multiplying and sending itself out to everyone in the infected computer’s address book.
After 8,000 programs have been executed, it begins to multiply and send itself out again. Just like the NIMDA virus, Sircam creates a hidden text file and starts generating text until shutdown. It also randomly deletes large quantities of files, sometimes seeking out important areas such as financial documents, going to the heart of the Quicken program.
Also like the NIMDA virus, Sircam takes random files and e-mails them to contacts in the user’s address book. When the virus sends the file, which is also infected, the receiver may be tempted to open the e-mail because it is titled simply, “Hi, how are you?” In the body of the message it goes on to say, “I send you this message to get your advice. Thanks, Friend.” When the recipient of the e-mail clicks open the attachment, the computer is infected.
“One thing that is important to remember is that it isn’t all high school kids out there trying to hack into our systems,” Carter said.
“There are people out there that may use that information they get from your computer and exploit it.”
So how does a company, or any person, for that matter, protect itself?
One thing Carter suggests is that when buying a new computer, the user immediately should delete any useless programs or files. Many of them contain holes that allow hackers access into the system. “Only keep the files which are necessary for your program to run; other than that, they are not necessary,” Carter said.
While that method will eliminate some potential access, it is still necessary to keep up to date on security patches, firewalls and protection programs. “Your virus protection software isn’t going to work if it is out of date,” Carter said.
“Within the first 30 days that the information hits the Web, a hacker has determined a way to get through it; therefore, you need to be protected beforehand. Keep up to date on all new viruses and ways to protect your computer and your company’s information.”
There are various hardware protection programs and internal network monitoring programs that Carter said can be used to safeguard a company’s computers. Tech Power Solutions may be contacted for more information.