• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• Smartbuy

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K.Raghavan

A nearly decade-long experience with cyber attacks tells me that there is no limit to hacker-ingenuity. Each day brings in news of some new form of intrusion that makes you wonder whether all the effort spent on securing our computers is of any avail at all. The renowned BusinessWeek from the US recently ran an unusually long story on how computers in sensitive spots in government are at the mercy of aggressors on the prowl in cyberspace. One particular instance of a viol ation of the Pentagon’s system chronicled by the weekly is especially striking for its originality.

Booz Allen Hamilton, a well known consultant firm that does work for the Defence, received a mail carrying a shopping-list, purportedly from the Pentagon. It contained a long menu of armaments, which India ostensibly wanted to procure. Booz Allen found the communication unusual. With suspicion aroused, the firm did a bit of investigation, and much to its horror found the mail to be fake. It was further found that this was the work of a total outsider, with no employee of either Pentagon or Booz Allen having had a hand in it.

Close scrutiny by experts revealed that beneath the list of weaponry allegedly sought by India, there was a hidden computer code, ‘Poison Ivy’ that was designed to suck out all the information stored in the Booz Allen computer system. It was further learnt that all that the recipient was expected to do, by the vicious originator of the mail, was only to click for opening the attachment, a natural step that all of us would do whenever we receive a mail carrying an attachment. This is despite advice to all of us not to open an attachment received from an address not known to us.

The difference is that in the instant case the mail in question had been received by Booz Allen from a known sender, viz., the Pentagon with whom the firm had routine dealings for quite a while.

If, in fact, the Booz Allen executive had clicked for the attachment, whatever he had in his machine would have been picked up by a remote computer of the offender. Can there be anything more disastrous to an organisation that has in its possession some really sensitive information that impinged on national security?

What is more interesting here is that the mail went all the way up to Korea before finding its way to the Booz Allen computer. Perhaps even more significant is the fact that clicking on the attachment to the spurious mail would have led the data on the Booz Allen system to be transferred to a Web site called cybersyndrome.3322.org registered through a nondescript company based in a town on the banks of the Yangtze River. The fake mail was first bounced by an Internet address in South Korea on to a Yahoo server in New York, which then relayed it to the Inbox of the Booz Allen senior executive.

Also relevant here is that a few software packages are available in the market that help a miscreant to disable security measures such as password protection on Microsoft Access Datafiles (MSFT), a programme that some government departments routinely employ for transferring large data files. In the view of cyber security experts quoted by BusinessWeek, very often, malware of the kind hidden in the fake mail sent to Booz Allen carries an additional feature, a Remote Administration Tool (RAT), that virtually takes over the victim machine and captures the latter’s screen shots and peruses files stored in the machine.

RAT hangs on behind browsers such as the Internet Explorer. When users go on to the Net, the master control of the intruding machine located at a chosen Internet address is alerted for stealing whatever data is required.

According to Businessweek, one such address is cybersyndrome.3322.org that is traced back to a domain-name-registration and e-mail Services Company in China called 3322.org. This firm is in the business of providing names for computers and servers “that act as the command and control centres” for more than 10,000 pieces of malicious code.

According to BusinessWeek, the owner of 3322.org disclaims any role in the misuse of the services offered by his company. The 37-year-old Peng Yong says that he does not know what his customers do and had no control over them. This is amusing to say the least, because a majority of the command computers used in this chain are located in China. Also worrying to many US cyber analysts is the recent trend of hackers in many parts of the world, especially in China, being well trained and having the support of their governments.

The alarm raised by BusinessWeek only partially squares with the warning issued by the latest Internet Security Threat Report released by Symantec Corporation a few weeks ago. According to this report, the Web is the principal conduit for all attacks in recent times.

Instead of direct attacks on networks, intruders now depend on tricking Web users getting infected by visiting even routinely accessed innocuous everyday Web sites. Home computers and social networking sites are a particular favourite of those who aim at distributing deadly malware. Attackers also look for site-specific vulnerabilities.

What is unfortunate is that many of the victim-sites had not received the benefit of patching by their administrators to guard against attacks. This is sheer indifference that encourages predators in cyberspace at a time when a majority of computer-users know how aggression and dishonesty on the Net have become systematised and incredibly professional.

The Symantec report is perceptive when it says the target these days is information, rather than a device such as the computer or any other device containing information. How to steal information without leaving a trace seems to be the order of the day. Needless to say, invariably, such theft is for making commercial gains. As Symantec says, the criminals here are “leveraging a maturing underground economy to buy, sell and trade stolen information.”

Interestingly the fundamental law of economics, namely, demand and supply, operates here. Information relating to credit cards issued by companies in the European Union costs more than that pertaining to cards from the US!

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Farming out

Copyright © 2008, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line