Internet Security Resource Center

It used to be that if you knew what a router or what wireless was, you were a bit of a computer geek. But now most of us can speak with some authority about routers, switches, firewalls, and Ethernet cards, and an array of other things that previously seemed like a whole other world of computer jargon.

Manufacturers decided long ago to make installation of some of these devices easy and inexpensive, which opened up this whole new world to most of us. We soon learned that if we had multiple computers, we could create a network in our homes so they can all share the same Internet connection. Up to this point even having a single Internet connection was almost considered magic but actually sharing it between computers…a new revolution in technology was about to begin.

But what those of us at home didn’t get his training in how to use these products. We didn’t learn, for example, how to secure our networks and other devices from hackers. That never came as part of your broadband package did it?

But there is good news. There are many things the vendors did provide you with. Have you actually read the manual that came with your product? If not, you should be introduced to a common term used by computer professionals. It’s known as “RTFM” and while we will leave out the middle term for politeness sake. Many of us forget this basic step of reading the documents you got with your Internet equipment.

Ports

To secure your home computers the first thing you should do for your router is to change the password and if possible rename the account for the administrator. Anyone who bought the same model router as you will also have the same administrator account name and password – this is the last thing you want.

Open Port 80 which is the standard for HTTP and it’s needed for web browsing; by opening this port, you allow for specific IP address or ranges to go out. This one security setting ensures that only known computers can generate traffic in or out of your home computer.

You should be concerned with traffic going out from your home computer. Why? Honestly, if your computer is not properly secured, it can infect other computers, and you don’t want to spread viruses to others. And if you have a wireless network, you might not know who else is on your network.

So open Port 80 for all that incoming traffic. The only way to avoid this is to track the IP address of every site you visit. This is nearly impossible. If you use a desktop email program, like Outlook, for example, you will also need to open Port 25 for outgoing mail and Port 110 for incoming mail. Basically, the bottom line is you should close your network to everything by default and only open up when you truly need to open up and only to those who need access.

Wireless networks

If you set up a wireless network in your home, you have a bit more security work to do. By design, a wireless network can allow anyone in your neighborhood to access your network and use the Internet with your account. This is handy if your child needs Internet access to do homework upstairs while you work downstairs, but it also means that the neighbor down the street and the hacker around the corner can access your network. That’s not good.

So, read that manual again and figure out how to protect your wireless network. You will learn how to configure the passwords and about any other security features that are available with your particular router.

Though there are many benefits to having a router in your home and a wireless network, it does require a little more work on your part to make sure that your computer is safe. Do some work now so you don’t have to do it later. Trust us – if you do get hacked you’ll wonder why you didn’t do the work ahead of time.

Web browsing software is a wonderful thing. It takes all the HTML, scripts and other computer lingo online and translates it into the websites that you wind up surfing onto and losing track of work…and annoying your boss. Unfortunately your web browser can provide an open door to your computer to people who want to cause you misery in the form of Spyware, viruses and identity theft.

The first thing you can do to fight back is choosing a good browser. Internet Explorer is still the leader of the pack but Firefox has been slowly nibbling away at its lead and they’re now pretty much neck and neck in the race. Microsofts idea of making the browser part of the operating system backfired a little bit when online threats used vulnerabilities in Internet Explorer to riddle unprotected systems with viruses. So more people are choosing Firefox because it’s less of a target and is more secure overall – it doesn’t require almost daily security updates to keep it secure.

One huge step in making sure your browsers stay secure is education – knowing what users should and shouldn’t click on. Making people aware that ActiveX controls can be harmful and that not every security alert they see is genuine. If you’re in doubt about the source of a link or alert then don’t go clicking on any links or installing any plug-ins. One single click is enough to install multiple viruses that will mean having your system wiped – I have to do this for friends on an almost weekly basis.

Luckily enough web browsers (even Internet Explorer) are becoming far more clever. How? They’re able to spot and stop pop-ups and Spyware trying to infect your computer from “Attack Sites”. This isn’t a reason for stupidly browsing onto sites you know aren’t secure but it gives you an additional layer of security on your system that will alert you to the most common problems you could encounter.

Free toolbars are one of the quickest ways for your system to become infected with viruses and other nasty stuff like that. These toolbars are usually provided as free security software or as part of the installation of another piece of software you downloaded. If you’re not sure about the source of the toolbar don’t install it. Simple as that.

So just remember that your web browser is a two-way door. It allows you to look out onto the wonderful world of the Internet but the door can swing back towards you and give an uninvited guest a quick and easy way to access personal information on your computer.

If in doubt don’t download – easy really isn’t it?

Boost The Success of Your Site With Online Security

The internet is thriving and new websites are cropping up all the time. When it comes to e-commerce, it is an incredible resource for both consumers and business owners to find new opportunities that can widen horizons and enhance lives. With marketing options from social media to online reviews to internet ads, there are infinite possibilities for companies online. Whether it’s buying or selling, the people who get the most out of those opportunities and possibilities are the ones who wisely take advantage of them.

More than ever, people are figuring out how easy it can be shop online to find a family photographer, the hottest trends in fashion and even groceries. Internet shoppers can locate a product, read about it and buy it from the comfort of their own home, seven days a week, 24 hours a day. When a web site is put together correctly and with the correct security in place, internet shopping is an easy, very convenient and even safe way for consumers to make purchases.

Web site owners that are smart are aware that as internet continues to grow in popularity, consumers are becoming savvier about what sites to form relationships with and the ones to stay away from. Reputable websites and businesses make sure their Privacy Policies are available, in addition to material about the way orders are processed, and the way the information given while processing an order is taken care of. Knowledgeable internet shoppers steer clear of any site that has not put the proper online security in place. They gravitate toward websites that use a third party trust seal program that sets protocols for online security and privacy related practices.

More than using trust seals on the web site and making the Privacy Policy available, there are additional preventative measures that conscientious site owners can put into place in order to make certain consumer information stays secure and protected. Where online security is concerned, PCI scanning should be given major consideration as a part of the set up of a successful ecommerce site. In very basic terms, PCI (or Payment Card Industry) scanning is a promise that what comes into and goes out of a website is guarded against would be hackers and virus free. PCI scanning makes sure that all IP addresses related to a business site in addition to the customer transactions made on it are checked and examined for known vulnerabilities.

Spyware attacks have become common these days. Hence, in order to keep your computer safe from spyware you must install a spyware detector program that can easily detect and destroy spyware from your system.

One can easily prevent security attacks by using spyware detectors from our computers. Most of us use computer to perform various tasks. Enormous amount of information and other virtual data can be downloaded from internet. Internet is obviously, one of the most reliable sources of information, but it can also be hazardous sometimes. Your computer might also get affected by viruses that enter your computer through internet. These are infected files that multiply on itself to break down your computer system. The following part of the article will educate you on how to prevent these attacks by using spyware detectors.

There are different types of security attacks that can harm your computer system. Here are names of some security attacks types. The first security attack kind is normal virus attack, as explained above these files targets executable files to multiply itself. This is the most common types of security attack. Other types of such attacks can be named as Denial of Service or DoS, Trojan virus, Worms, and Logic Bombs. Hacker attacks are also a part of security attacks as these hackers break the security to access your personal and banking information.

One of the most effective and traditional methods for avoiding these attacks is antispyware. As you must be aware that spyware attacks are one of the most common security attacks, hence it is essential to have an antispyware installed and active in your computer system. Antispyware applications can prevent any type of spyware from entering you system. Likewise, you may also install anti-virus and firewall to avoid such scenarios. While you are accessing internet try and avoid clicks on irrelevant or suspicious advertisements or links. Also remember that you should not leak out or enter your personal and banking details on any new or doubtful web page. These are some basic steps that will help you in preventing security attacks by using spyware detectors.

Did a member of your family help launch a cyber attack that brought an entire nation to its knees? No, seriously, don’t laugh. In April 2007, communications in the Baltic state of Estonia were crippled through a coordinated attack that relied on the computers of millions of innocent users around the world, just like you and your kin. The strike was notable in fully demonstrating how cyber war had moved from idea to reality. And it all started with the movements of a single soldier.

The Bronze Soldier is a two-meter statue which formerly stood in a small square in Tallinn, the Estonian capital, above the burial site of Soviet soldiers lost in the Second World War. The memorial has long divided the population of the country, with native Estonians considering it a symbol of Soviet (and formerly Nazi) occupation and a large minority population (around 25% of the total) of ethnic Russian immigrants seeing it as an emblem of Soviet victory over the Nazis and Russian claims over Estonia. When the country’s newly appointed Ansip government initiated plans to relocate the statue and the remains as part of a 2007 electoral mandate, the move sparked the worst riots the country had ever seen – and a startling cyber attack from Russia.

On April 27, as two days of rioting shook the country and the Estonian embassy in Moscow found itself under siege, a massive distributed denial-of service (DDoS) attack overwhelmed most of Estonia’s internet infrastructure, bringing online activity almost to a standstill. The targets were not military websites but civilian sites belonging to organizations such as banks, newspapers, internet service providers (ISPs), and even home users. Much of the onslaught came from hackers using ISP addresses in Russia, but the most devastating element in the attack was a botnet which co-opted millions of previously virus infected computers around the globe to pummel the Estonian infrastructure.

Anatomy of a Cyber Attack

The botnet fooled Estonian network routers into continuously resending useless packets of information to one another, rapidly flooding the infrastructure used to conduct all online business in the country. The attack centered mainly on small websites which were easy to knock out, but nevertheless was devastatingly effective. Bank websites became unreachable, paralyzing most of Estonia’s financial activity. Press sites also came under attack, in an attempt to disable news sources. And ISPs were overwhelmed, blacking out internet access for significant portions of the population.

While the Estonian government was expecting there to be an online backlash to its decision to move the statue, it was completely unprepared for the scale of the cyber attack. Estonia’s defense minister went on record to declare the attack “a national security situation”, adding “it can effectively be compared to when your ports are shut to the sea.”(1)

Once it became clear that most of the country’s online business infrastructure was being affected, the Computer Emergency Response Team for Estonia (CERT-EE) issued a plea for help from IT security specialists worldwide and an ad-hoc digital rescue team was assembled, which included people from my own firm, Beyond Security. It took us a few days to get to the bottom of the threat and begin setting up frontline defenses, which mainly involved implementing BCP 38 network ingress filtering techniques across affected routers to prevent source address spoofing of internet traffic. The attack waned quickly once we started taking defensive measures. But in the days it took to fight off the attack, it is likely that the country lost billions of Euros in reduced productivity and business downtime.

Cyber War in the Middle East

The Estonian incident will go down in history as the first major (and hopefully biggest ever) example of full-blown cyber warfare. However, there is one place on earth where cyber war has become part of the day-to-day online landscape – and it is still ongoing.

In the Middle East, the Arab-Israeli conflict has a significant online element, with thousands of attacks and counter-attacks a year. This has been the situation since the collapse of peace talks in the region and was preceded by a spontaneous wide-scale cyber war between Arab and Israeli hackers in 1999 and 2000. Arab sympathizers from many nations are involved. A group of Moroccan hackers have been defacing Israeli web sites for the last six years or so, and recently Israel’s military radio station was infiltrated by an Iraqi hacker.

Unlike the blitzkrieg-like strike in Estonia, this protracted warfare is not intended to paralyze critical enemy functions but more to sap morale, drain resources and hamper the economy. The targets are typically low-hanging fruit in internet terms: small transactional, informational and even homespun web sites whose security can easily be compromised. Taking over and defacing these sites is a way of intimidating the opposition – creating a feeling of ‘if they are here, where else might they be?’ – and leads to significant loss of data, profits and trust for the site owners.

Cyber War Spreads

If the Estonia and Middle East examples were our only experiences of cyber warfare then it might be tempting to put them down to local factors and therefore not of concern to the wider security community. Sadly, however, these instances are simply part of a much larger trend towards causing disruption on digital communications platforms. In January this year, for example, two of Kyrgyzstan’s four ISPs were knocked out by a major DDoS hit whose authors remain unknown.(2) Although details are sketchy, the attack is said to have disabled as much as 80% of all internet traffic between the former Soviet Union republic and the west.

The strike appeared to have originated from Russian networks which are thought to have had links to criminal activity in the past, and probably the only thing preventing widespread disruption in this instance was the fact that Kyrgyzstan’s online services, unlike those in Estonia, are poor at the best of times. It was apparently not the first such attack in the country, either.(3) It is claimed there was a politically-motivated DDoS in the country’s 2005 presidential elections, allegedly attributed to a Kyrgyz journalist sympathizing with the opposition party.

China has also engaged in cyber warfare in recent years, albeit on a smaller scale. Hackers from within the country are said to have penetrated the laptop of the US defense secretary, sensitive French networks, US and German government computers, New Zealand networks and Taiwan’s police, defense, election and central bank computer systems.

In a similar fashion, in 2003 cyber pests hacked into the UK Labor Party’s official website and posted up a picture of US President George Bush carrying his dog – with the head of Tony Blair, the Prime Minister of the UK at the time, superimposed on it.(4) The incident drew attention to government sites’ lax approach to security although in this particular event it was reported that hackers had exploited the fact that monitoring equipment used by the site hosting company had not been working properly. And as long ago as 2001, animal rights activists were resorting to hacking as a way of protesting against the fur trade, defacing luxury brand Chanel’s website with images of slaughtered animals. (5)

The Case for the Defense

What do all these incidents mean for policy makers worldwide? Both the Estonian and Middle Eastern experiences show clearly that cyber war is a reality and the former, in particular, demonstrates its devastating potential. In fairness, Estonia was in some ways the perfect target for a cyber strike. Emerging from Russian sovereignty in the early 1990s with little legacy communications infrastructure, the nation was able to leapfrog the developments of western European countries and establish an economy firmly based on online services, such as banking, commerce and e-government. At the same time, the small size of the country – it is one of the least populous in the European Union – meant that most of its web sites were similarly minor and could be easily overwhelmed in the event of an attack. Last but not least, at the time of the Estonian incident, nothing on a similar scale had been experienced before.

It is safe to say that other nations will now not be caught out so easily. In fact, if anything, what happened in Estonia will have demonstrated to the rest of the world that cyber weapons can be highly effective, and so should be considered a priority for military and defense planning.

What might make cyber warfare the tactic of choice for a belligerent state? There are at least five good reasons. The first is that it is ‘clean’. It can knock out a target nation’s entire economy without damaging any of the underlying infrastructure.

The second is that it is an almost completely painless form of engagement for the aggressor: an attack can be launched at the press of a button without the need to commit a single soldier.

The third reason is cost-effectiveness. A 21,000-machine botnet can be acquired for ‘just a few thousand dollars’, a fraction of the cost of a conventional weapon, and yet can cause damage and disruption easily worth hundreds of times that.(6)

The fourth is that it is particularly difficult for national administrations to police and protect their online borders. A DDoS attack may be prevented simply by installing better firewalls around a web site (for example), but no nation currently has the power to tell its ISPs, telecommunications companies and other online businesses that they should do this, which leaves the country wide open to cyber strikes.

The last but by no means least reason is plausible deniability. In none of the cyber war attacks seen so far has it been possible to link the strike with a government authority, and in fact it would be almost impossible to do so. In the case of the Chinese hack attacks, for instance, the authorities have provided a defense which amounts to saying: ‘There are probably a billion hackers on our soil and if it was us we would have to be stupid to do it from a Chinese IP address.’

A similar logic potentially provides absolution to the Russian administration in the case of Estonia: if it is so cheap and easy to get a botnet to mount a DDoS attack, why would the Russians bother mounting hack attacks from their own ISPs? And in the Kyrgyz attack, although the source of the DDoS clearly points to a Russian hand, the motives for Russia’s involvement remain hazy, leading to a suggestion that it may have been caused by Kyrgyzstan’s own incumbent party, acting with hired cyber criminals from Russia.

Tactics For Protection

With all these advantages, it is unlikely that any military power worth its salt is by this stage still ignoring the potential of cyber warfare. In fact, since the Estonia incident it is even possible that the incidence of cyber warfare has increased, and we are simply not aware of the fact because the defensive capabilities of the sparring nations have increased. After all, another important lesson from Estonia is that it is possible to mount a defense against cyber attacks. There is no single solution, no silver bullet, but a range of measures can be taken to deal with the kinds of DDoS issues faced by Estonia and the kinds of hacker attacks still going on in the Middle East.

For DDoS strike avoidance, there are four types of defense:

o Blocking SYN floods, which are caused when the attacker (for example) spoofs the return address of a client machine so that a server receiving a connection message from it is left hanging when it attempts to acknowledge receipt.

o Implementing BCP 38 network ingress filtering techniques to guard against forged information packets, as employed successfully in Estonia.

o Zombie Zappers, which are free, open source tools that can tell a device (or ‘zombie’) which is flooding a system to stop doing so.

o Low-bandwidth web sites, which prevent primitive DDoS attacks simply by not having enough capacity to help propagate the flood.

For hacker attacks such as those seen in the Middle East, meanwhile, there are

three main types of defense:

o Scanning for known vulnerabilities in the system.

o Checking for web application holes.

o Testing the entire network to detect the weakest link and plug any potential entry points.

A Doomsday Scenario?

All the above are useful defensive tactics, but what about strategic actions? First and foremost, the Estonian experience showed that it is important for the local CERT to have priority in the event of an attack, in order to ensure that things can return to normal as soon as possible.

Authorities can also as far as possible check national infrastructures for DoS and DDoS weaknesses,, and finally, national CERTs can scan all the networks they are responsible for – something the Belgian CERT has already started doing. Given the openness of the internet and the differing challenges and interests of those operating on it, these measures will of course only provide partial protection. But it is hoped they would be enough to prevent another Estonia incident. Or would they?

There is, unfortunately, another type of cyber war strike which we have yet to see and which could be several times more devastating that what happened in Estonia. Rather than trying to hack into web sites just to deface them – a time-consuming effort with relatively little payback – this tactic would involve placing ‘time bombs’ in the web systems concerned. These could be set to lay dormant until triggered by a specific time and date or a particular event, such as a given headline in the national news feed. They would then activate and shut down their host web site, either using an internal DoS or some other mechanism.

The code bombs could lay dormant for long enough for a malicious agency to crack and infect most or all of the major web sites of a country. And in today’s networked world, this is no longer about simply causing inconvenience. Think of the number of essential services, from telephone networks to healthcare systems, which now rely on internet platforms. Knocking all these out in one go could have a truly overwhelming impact on a nation’s defensive capabilities, without the need for an aggressor to send a single soldier into combat.

The means to create such an attack definitely exist. So do the means to defeat it. What has happened in Estonia and the Middle East shows we now need to consider cyber warfare as a very real threat. What could happen if we fail to guard against it really does not bear thinking about.

References

1. Mark Landler and John Markoff: ‘Digital fears emerge after data siege

in Estonia’. New York Times, 29 May 2007.

2. Danny Bradbury: ‘The fog of cyberwar’. The Guardian, 5 February 2009.

3. Ibid.

4. ‘Labour website hacked’. BBC News, 16 June 2003.

5. ‘The fur flies’. Wired, 23 January 2001.

6. Spencer Kelly: ‘Buying a botnet’. BBC

World News, 12 March 2009.

Privacy has become an important concern for many internet users. Whenever you use web browser, all information about the user are transferred via insecure internet connection. Most of the times, your information will not be encrypted, allowing hackers to interrupt the connection and get your personal information. When your identity is stolen, anything undesirable may happen. The problem here is that you don’t know who stole your private information and there is no means to find 1the culprit. Online shopping is now popular enabling the users to buy anything from the comfort of their home. Though the financial transactions are secured, you cannot stop your personal information to be sent to the server.

Threat to privacy

Whenever you open a website in a web browser, your private information including your ip address and geographic location are sent to the web server. All user interactions and user information are logged in the web server. Thousands if not millions of people are monitoring network connections to get unauthorized access to various computers on the network. The server logs are readable making your private information public. Knowing your ip address and other personal information will let them hack your computer without your knowledge. When you enter your credit card number and other personal details in a webpage, you are risking your privacy. Apart from stealing your identity, hackers may misuse your information in several ways.

Need for proxy services

Secure surfing is possible with the use of proxy web services which allow you to surf the internet without revealing your identity. When you use proxies, your geographic location will not be sent to the server preventing hackers from attacking your computer. Good proxy websites help you stay away from spyware and other malicious programs. Apart from ensuring security, proxy websites speed up browsing by caching requested pages. Rather than fetching the pages from the server, proxies fetch the pages from the cache decreasing the fetching time.

Types of proxies

Transparent proxies help you surf the internet faster but none of your information is protected. If you are looking for secure browsing, then these transparent proxies will not serve the purpose. Anonymous proxies allow you to browse the internet without disclosing your ip address and personal information. However, the servers can understand that you are browsing from a proxy website. You can find a list of many anonymous proxies which provide free services. High anonymous proxies provide the exact security you expect. None of your system information will be sent to the web server and nobody can guess that you are surfing with the help of proxy services. Faster and more secure internet access is possible when you use high anonymous proxies.

If you want to hide your ip address and let the servers know that you are using proxies, then free services can be used. But if you are more concerned about your privacy and you want nobody else to guess that you are using proxy services, then you have to go for paid high anonymous services provided by proxy websites.

During the Black Hat 2007 Conference, a quick display of hacker technology demonstrated just how secure -or not- Wi-Fi hotspots are. In the middle of a conference presentation, session identifiers and cookies were captured from the internet browser of a random user accessing an unsecured wireless signal. The result? The helpless audience member could only look on as his Gmail inbox was suddenly presented for all to see.

Though this was eye-opening for many, it shouldn’t be. Wireless networks have been unsecure for years; in 2006 the University of Cambridge surveyed 2,500 access points of Wi-Fi networks around the University and found 46% were unencrypted (1). An overall estimate puts that number even higher – around 95% (2).

The reason behind the high rate of unsecured hot spots is simple: “People just really don’t care about Wi-Fi security” (1). The general public doesn’t view unsecure networks as a problem. People commonly offer to share their connection with friends and neighbors, and log on to public hotspots. Despite the past apathy regarding unsecured hotspots, there is clearly a reason to be concerned. Connecting to an unsecured network is an invitation for hackers to easily snoop through people’s inbox and cookies, putting an unsuspecting user at risk for data and identity theft.

Convenience of public Wi-Fi hotspots mistakenly puts security on the back burner. Few are willing to sacrifice checking their email in the library or a coffee shop due to the potential threat of a hacker. But increasingly, hackers are creating fake access points that appear to be real, easily deceiving wireless internet users.

“If you’re connecting to a hacker’s fake Access Point and everything you send and receive is transmitted in clear text with no encryption…Anyone who doubts that this is a problem should ask themselves if they would post their email account passwords … at the bottom of this blog or go in to an airport and yell out their user account names and passwords as loud as they can. If the answer is no then they should be concerned with Hotspot security” (3).

Projected Use
Current Wi-Fi stats state that wireless internet use will only increase. Wireless users are expected to grow by over 970 million users in the next three years, bringing the number of Americans with wireless subscriptions up to 87% (4). By 2010 wireless internet use will double that of cell phone use (5).

These astounding figures should create some unease. The high number of unsecure connections increases the potential for data and identity theft, as well as the loss of control of sensitive information.

Though the new attitude towards Wi-Fi has recently shifted towards concern, the low use of encryption is still a problem. Many wireless network products have included built-in security features that offer added protection or encryption, but customers struggle with the setup, and the features go unused.

Setting up your own network
When setting up Wi-Fi at home, follow these guidelines to increase the security of the network:

• Change the default name of your access point (that it does not read Linksys, or Netgear, for example) that does not disclose your name, company, or location
• Make sure your Wi-Fi Protected Access (WPA) is enabled or turned on, and check often for security upgrades
• Change the default router password
• Disable remote access via the router

Use MAC authentication to validate only a specific list of users allowed to access your network

Browse at your own risk

If you connect to a public access point, there are fewer options. Simply put, unsecured Wi-Fi use is a major threat. By connecting to an unsecured wireless network, you are a sitting target for any interested hacker. Information passed through unsecured web pages is accessible. Is it worth sacrificing all the information within your inbox just to check your email?

Although there are problems created by unsecured wireless networks, options are available to protect emailed documents. It’s possible to create secure, encrypted documents that are invulnerable to hackers, when accessed over a wireless network. If you plan to work on an unsecured access point, using extra security on sensitive files will assist in guarding against the vulnerabilities created by using a hotspot.

End Notes:

1). Espiner, Tom. “Does Wi-Fi security matter?” CNET News. June 27, 2007. http://news.com.com/2100-1029_3-6088741.html

2). Acohido, Byron. “Public Wi-Fi use raises hacking risk.” USA Today. August 10, 2007. http://www.usatoday.com/tech/wireless/2007-08-06-wifi-hot-spots_N.htm

The modern day internet as we know it, is no longer a text based system used for sharing files among universities as it used to be many years ago. In today’s internet there are all types of multimedia, graphics, animation and so forth. People are now able to hold databases online, conduct blogs, forums, chat, and use many other forms of communication. As technology advances in favor of more potent and efficient means of transferring data and as the internet becomes more elaborate, so do the hackers.

Common day non-technical people now have to deal with constantly upgrading, patching, and employing anti-virus software in order to protect themselves from attacks and vulnerabilities. The issue I will be addressing has to do with website security, specifically website defacement. Website defacement might not get as much publicity as the other forms of attacks on the web, but that is not to say it is not as prevalent. Here I will address three facets of web defacement; the vulnerabilities that allow a hacker inside your website, how the hacker defaces the website, and how to prevent website defacement.

An important and often overlooked aspect of web design is web security, securing your website is an extremely important step in maintaining data integrity and availability of resources. Availability issues are raised along side security issues because if the hacker fails to deface your site, he might then proceed to attack it with a DOS (Denial of Service) attack, thus rendering the site inaccessible. Some of the vulnerabilities websites have are simple to patch or prevent. For example, when coding html do not try to hide your passwords in the html code. This sounds like a reasonable first step to protecting your website, but many web developers out of laziness do this. Also, don’t try to hide anything within your comments or documentation that might reveal too much in the way of your schema or design of elements such as a database.

CSS as in cross-site scripting is another vulnerability in websites. The most common form of this style of attack is done in message boards and forms. It essentially exploits improper validation of forms and malicious code not being detected in message boards (Sharma, 2004).

Error handling can also cause unwanted consequences on a website. If a web application does not know how to handle certain errors, hackers can then exploit these errors to their advantage.

All of the above mentioned vulnerabilities can be taken advantage of by hackers, but how? Hackers can gain access through a variety of methods. For the first vulnerability mentioned; passwords embedded in the site’s HTML code. The method to hack this vulnerability or find them is rather simple. Hackers perform a tightly written query in a search engine such as Google, including the specific parameters they are looking for. Hackers know that the search engine parses through the HTML of a website and in the process points them to potential victims. Search engine company’s can not do much about this since restricting the parsing of HTML would also restrict the vast majority of the legitimate searching that goes on.

Cross-site scripting is a little bit harder for the hacker to perform. In this scenario the hacker writes a malicious script, in any of the scripting languages, such as, JavaScript, VB script, and others. The hacker then goes to a site with a message board and in the message board he will put a script as a link along side a seemingly normal message. Users of the board might then click on it and then be affected. Another form of this is done by pasting a script into a form field and causing certain errors which then gives the hacker a back door to get in by.

Web sites that handle errors incorrectly are also at risk. One form of hack is to cause errors which then give the hacker an opportunity to get inside and do what he wants to do such as web defacement. When a hacker finds a site that has inappropriate error handling, the hacker seizes the opportunity and causes continual errors until he finds a door in.

Web site defacement is usually regarded as internet graffiti. However, many times there is a political statement to be made. To make matters worse, hackers usually target sites that will get them the publicity they are seeking. For example, this site belonging to

Figure 1 Hong Kong official government website.

the Hong Kong official government was hacked by Chinese hackers making a political statement by embarrassing the prime minister and his wife. This is a perfect example of why web defacement should be paid attention to more closely and be protected against. To protect a website against such attacks there are various methods. First, do not write any code, passwords, or schemas within the HTML of your website that will give hackers clues searching for victims something they can work with. Secondly, create proper and strict form validation, allowing too many value types can open a backdoor for the hacker. Lastly, beware of the security in your message boards. Script kiddies are known to use widely available malware and code to get in through message boards.

Another more expensive and perhaps viable option is buying software designed specifically to protect your website. For example, http://www.catbird.com offers software specifically made to ensure content integrity on your site. The way it works is rather simple, but powerful; every two minutes it checks the pre-approved content authorized by you against any changes made and will promptly warn you. No price is mentioned for this software. Another Web application designed to protect sites is WebAgain by Lockstep. Here is what Jim Rapoza of eweek had to say;

“WebAgain is a simple application that sits as a kind of staging server where site authors send their content. The tool uses FTP or a network share to send new content to any Web server and to check if pages have been changed on the site. Checks can be made as often as required.”

For the price of $995 this software not only checks multiple sites for content change or malware being added but it will also reinstate the site to its original state if defaced.

In recent years there has been a sharp increase in web defacements; the catalyst for this is unknown. One event in particular that did spur many website defacements was the Iraq war, specifically at the onset of the war. Below there is a graph obtained from http://www.f-secure.com, a website focused on security and cataloging many of the defaced sites. This graph in particular lists week 10-12 of the Iraq war.

Figure 2 Website defacement during weeks 10-12 of the Iraq war.

Website defacement is an extremely important topic that should warrant as much focus on security as any other area of information Technology. If a hacker is able to deface a website, this essentially means that a serious breach has occurred. Many defacers do it as a form of internet graffiti, but once inside your website a lot of information can get stolen, such as credit card numbers and other personal information.

There is also a seriously more sinister side to web vulnerabilities, cyber war or cyber attacks from terrorist organizations. “Al Qaeda spent more time mapping our vulnerabilities in cyberspace than previously thought” Confirmed Roger Cressey, The chief of staff of the White House critical infrastructure protection board (Trendle, 2003). Highly skilled programmers in groups like Al Qaeda or others in organizations pose a serious threat to websites and the data in them.

Web defacement once considered a joke or a prank pulled off by kids is now considered a major threat to websites. It used to only embarrass the company who had gotten defaced. However we are now seeing it evolve into more sinister and dangerous intentions. Personal information such as credit card numbers or other forms of identity can be picked off by savvy hackers who manage to break into a website. For these reasons, web defacements warrants serious considerations from security experts and should be a top priority for any website owner.

References:

Rapoza, J. (2002, February). A more useful WebAgain app. Eweek, 19(7), p48 Retrieved September 15, 2004 from the Science Direct Database

Sharma, A. K. 2004, February 03 Prevent a cross-site scripting attack. Retrieved September 12, 2004 from http://www-106.ibm.com/developerworks/library/wa-secxss/

Trendle, G. (2003, June). Cyber Threat! Middle East. Issue 335, p38. Retrieved September 12, 2004 from the Science Direct Database

Graphics

Do you have kids at home and you want to limit their access to the Internet? Or do you run an office and you want to limit your employees’ access to the Internet to prevent them from doing activities that are not related to their work? If you answer yes to either, then what you need is security software.

Security software is useful in both your home and your office. With security software, you can monitor your kids’ online activities such as games, chat and Internet surfing. If you suspect that your children are trying to access porn and adult sites, or are chatting with a total stranger, you can prevent them from being exposed to these and from divulging any information to online predators.

You can also install this software in your office to keep track of what your employees do on the Internet during working hours. Surfing network-related sites, chatting, playing online games and downloading MP3S and online movies can consume more than 30% of your bandwidth, which is a waste since these are not at all connected to the business.

Not only that — these activities can lower production and productivity. What’s worse is that they could be intentionally or unintentionally revealing confidential company information to the outside world. If your office has security software, you monitor all these and put an end to network-related activities.

With the increasing number of Internet users, whether children or employees, security software has become more in demand. There are different packages that you can choose from. You just have to check features and benefits to see what best suit your needs.

If you have been reading the news lately and picking up on all the commotion around hack attacks on some of the big guns like Google, Yahoo and Adobe you may be experiencing a twinge of anxiety over the security for your own business. You may have believed your network was invincible so this news could leave you feeling shaky. You have good reason to feel this way – according to an article in the Sydney Morning Herald the number of hackers tampering with private financial information belonging to Australian business is on the rise. Obviously using the internet and intranet for business has become a viable solution to accomplishing company objectives, but on the downside the criminal faction sees just as much opportunity.

Australia is a Frequent Target for Cyber Crime

Symantec, a data security firm reported that Australian and New Zealand businesses suffer 75% more security breaches than the global average with 89% of the companies polled in the last 12 months admitting at least one intrusion. Hackers are not necessarily going after the major companies where they can make off with large sums of money. Like any other thief, they go where the risk is low and they can get in and out of a system quickly and without detection. The fact is you don’t have to be at any particular level of business profitability to be targeted. Smaller companies tend to use less comprehensive IT security making them more susceptible. In general, hackers are interested in easy money.

Google and Other Large Corporations are Not Exempt

The threat does not always revolve around banking information or sensitive intellectual property. As Google discovered in December 2009, issues such as human rights are at stake in cyber attacks. The advertising and search giant was appalled that a highly organized effort dubbed “Aurora” was being made to hack into the Gmail accounts of Chinese human right activists. They managed to infiltrate only two accounts and were not able to see the account holders’ actual correspondence. The action put Google in the position where it felt it necessary to warn the Chinese human rights community of the attack and to prepare to withdraw business ties with China. Officials at Google did not directly accuse the Chinese government of being the perpetrators but they decided to review doing business with the country based its attempts to limit free speech on the internet. Google stated concern for the safety of the Chinese citizens and the potential for them to be interrogated and imprisoned.

There were at least 20 other large internet, media, finance and technology companies included in the attack: Yahoo, Adobe, Symantec, Dow Chemical and Northrop Grumman to name a few. It was accomplished through a technique called “spear phishing.” This resembles an attack against 100 IT companies in July 2009 where company employees were targeted with infected email attachments.

Small and Midsize Businesses have Minimal Defense

Most businesses are totally defenseless against these sophisticated attacks. They use instant messages and emails that seem innocent at first because the senders appear to be friends and trusted colleagues. The messages are fine-tuned to evade the anti-virus programs designed for these applications. Evidently the best practices for IT security that have successfully held attackers at bay for many years are no longer sufficient. There is an innovative caliber of attacks circulating around the globe using custom malware written specifically for individual companies. The hackers don’t seem to mind if it takes longer to get around the antivirus software in use by the large corporations. They continue painstakingly to tweak their malware until it is effective. Smaller companies that don’t have the budget for a large scale security have not stood a chance. The hackers have the ability to commandeer only one employee’s laptop and make it a gateway for total administrative access to the company’s entire network.

The security firm, iSec Partners that investigated the attack on Google and ensuing corporations recommend we make fundamental changes to the way we protect our networks. They say we have simply not been prepared for the level of sophistication demonstrated by the new cyber criminals.

Hacker Stories in the Australian News

Internet news sites report the direct effects of cyber hacking on Australia. Today Online posted a news article about a hacker called “Ghostbuster” that has been targeting Melbourne businesses as a response to violence against Indians. The person behind the attacks has been sending threatening emails stating Australian servers will be hacked until racism against Indian nationals is ended. The action came in the wake of the murder of a 21-year-old Punjabi student in January 2010. Several Melbourne businesses were victimized when their entire networks were thrown into chaos.

In the technology section of The Age is a report describing the effects on government websites by hackers associated with the group “Anonymous”, known for its attacks on Scientology. This is the same group that temporarily blasted pornography across Prime Minister Kevin Rudd’s website. On the morning of February 10, 2010 a number of government sites were down. The attack was in opposition to the government’s plans for internet censorship. Communications Minister Stephen Conroy was not happy with the fact that Australian citizens could not obtain needed services online and felt it was irresponsible on the part of the hackers.

In the Sydney Morning Herald one journalist mentions the statistics that there are now more mobile devices in the country than Australians. It is not unusual for an individual to own two or three. The rising use of wireless broadband provides accessibility and convenience for subscribers but it also expands the territory for cyber criminals. Currently there are more barriers to cyber hacking wireless devices than terrestrial networks, such as the cost of making a phone call. However with the advances in mobile device technology to the point where it can replace the need for owning a laptop computer the potential for being targeted by hackers exists. The actual devices may be secure but the Wi-Fi network, often free and faster for users in public places is a temptation for cyber criminals. You may believe you have connected to a site operated by an airport, hotel or coffee shop, but there is no way of knowing for sure who controls the IP address that now has access to everything in your computer or mobile device. It is not that difficult for hackers to present a fake website you feel you can trust that they can use to steal from your network at any time in the future.

Millions of dollars are stolen everyday from individuals and businesses that use the internet. We are warned frequently about viruses, worms and phishing scam but somehow we get caught anyway. The situation is getting worse as hackers become better adept at breaking down the unique systems designed to keep them out. If you are still experiencing discomfort about the vulnerability of your network it will pay off to attend to your gut feeling.