Sony, Google, RSA and now Citigroup are just some of the prominent victims of cyber attacks as defenses at large organizations prove porous and attackers elude detection
By Larry Greenemeier | June 11, 2011 |19
PHISH AND CHIPS: Cyber attackers are known to break into poorly secured computers and use those hijacked systems as proxies through which they can launch and route attacks worldwide. Image: COURTESY OF ERWO1 VIA ISTOCKPHOTO.COM
Cyber attacks may not be a new phenomenon but the recent successes scored against high-profile targets including CitiGroup, Google, RSA and government contractors such as Lockheed Martin underscore the targets' current failure to block security threats enabled by the Internet. Malicious hackers use the very same technology that enables online banking, entertainment and myriad other communication services to attack these very applications, steal user data, and then cover their own tracks.
One common practice that attackers employ to evade detection is to break into poorly secured computers and use those hijacked systems as proxies through which they can launch and route attacks worldwide. Although such attacks are an international problem, there is no international response, which frustrates local law enforcement seeking cooperation from countries where these proxy servers typically reside.
Address unknown
Every day seems to bring news of some new cyber attack. "We're seeing more reports on invasive attacks on a much more regular basis," says Chris Bronk, an information technology policy research fellow at Rice University's James A. Baker III Institute for Public Policy and a former U.S. State Department diplomat.
The hardest problem in finding the source of these attacks is attribution. Each data packet sent over the Internet contains information about its source and its destination. "The source field can be changed [spoofed] by an attacker to make it seem like it's coming from someplace it's not," says Sami Saydjari, president of the cyber-security consultancy Cyber Defense Agency and a former program manager of information assurance at the Defense Advanced Projects Agency (DARPA).
"If your network is under attack and you're trying to find out who's doing it, purely technical means are insufficient for that," says David Nicol, director of the Information Trust Institute at the University of Illinois, Urbana–Champaign. "The way that we assemble complicated networks of computers until recently hasn't been done at all with security in mind except in a cursory way, and that's the fundamental problem."
By way of example, Nicol points out that he uses a virtual private network that connects to a proxy server before connecting him to the Internet. This enables him to encrypt data he sends over the network and protect the identity of his own Internet protocol (IP) address. "I do this to thwart information harvesting that commercial Web sites usually have," he adds. "I've got nothing to hide but that doesn't mean I want information about me harvested and sold."
Unfortunately, such tactics are also employed for malicious purposes. Cyber attackers use viruses, worms and other malware to take control of Internet servers or even personal computers, creating a network of "zombie" computers (also called botnets) under their control that they can use to launch their attacks. As a result, an attack may appear to come from a particular server or computer, but this does not mean the attack originated at that device, Nicol says, adding that often a string of proxies located in different countries are used in an attack, "greatly complicating the legal process of trying to piece it all together."
Ref:.blogs.scientificamerican.com
Popular Posts!
-
Chinese buyer pays CNY 180,000 for endangered fish By Mark Godfrey-June 30, 2016 See video- https://www.facebook.com/wunna.htun.94/videos/74...
-
By Stuart Deed | Monday, 03 December 2012 An artist’s impression of the finished Meeyahta development in downtown Yangon. (Y...
-
Dependants' Protection Scheme The Dependants’ Protection Scheme (DPS) is a term insurance that provides insured members and th...
-
AMANDA MACIAS MILITARY & DEFENSE JUL. 11, 2014, 6:47 AM There’s only one true way to compare military strength, and t...
-
Top 10 Plants That Will Kill You! Ok, I know I wasn’t supposed to do any more plant lists, but I couldn’t help myself. By killer p...
-
Myanmar Embassy Singapore Posted on: October 19, 2013 | Shwe Myanmar Address: N0: 15, ST Martin’s Drive, Singapore 257996...
-
Levi’s 501 Shrink-To-Fit (STF) Denim – The Ultimate Guide AUG 15, 2013 | | by Alexander Ramos If I can summarize Shrink-To-Fit (STF) in ...
LEVIS JEAN SHOP!
Wednesday, December 21, 2011
Subscribe to:
Post Comments (Atom)
My Blog List
ONLINE SOFTWARE!
- Sophos Anti-Virus for Mac Home Edition version 8
- Adobe PhotpshopCS6 for MAC
- Adobe for for Macintosh!
- Antivirus for Mac - Complete Virus Protection
- Audio, Video, Business and More Software for Mac OS X!
- Avira Free Antivirus for Mac!
- ClamXav The Free Anti-Virus Solution for Mac OS X
- Download free software from Softonic!
- Freemacware!
- Mac Keeper Security Software!
- Opensourcemac!
- avast! Free Antivirus for Mac!
No comments:
Post a Comment