High speed means higher risk

15/10/2002 - 22:00


Save articles for future reference.

SPEED is the primary attraction of broadband services to the business community. ADSL, ISDN and cable allow subscribers to move large amounts of data in a fraction of the time required by analogue dial-up connections.

SPEED is the primary attraction of broadband services to the business community. ADSL, ISDN and cable allow subscribers to move large amounts of data in a fraction of the time required by analogue dial-up connections.

These high-speed services allow organisations to save time and increase productivity, however, they also provide hackers with an ideal means of unauthorised entry.

“Broadband performance is a double-edged sword,” said Craig Valli, a network security researcher with the School of Computer and Information Science at Edith Cowan University.

“It’s good for business, but it’s also good for the hacker. This is because attacks taking minutes over an analogue dial-up connection can be carried out in seconds using broadband.”

This is a key point Mr Valli will make when presenting a paper entitled With Speed Cometh the Hacker to the 3rd Australian Information Warfare & Security Conference, to take place in Perth in November. The paper in part states: “Based on the assumption that ADSL is 30-50 times faster than a conventional 56K modem, this means an attack that took five minutes to commission previously could now take place in as little as six to 10 seconds with ADSL.”

According to Mr Valli, broadband links provide hackers with the ability to access, compromise and withdraw from targeted computer systems within a very small time frame. This allows them to either go undetected or do considerable harm before a response is initiated by the targeted organisation.

Further, with most broadband services linking clients to the Internet 24 hours a day seven days a week, hackers can time their attacks to coincide with periods when their activities are likely to go unnoticed.

“Many SMEs simply don’t realise that when they connect to broadband they are providing would be attackers with a 24/7, high-speed conduit into their systems,” Mr Valli said.

“If adequate defences are not used, enterprises subscribing to broadband become extremely vulnerable to viral infection, trojan implantation, DDOS attacks and various forms of data theft.”

He said companies falling victim to these attacks became open to potential litigation, financial loss and public embarrassment.

DDOS, which stands for Distributed Denial of Service, is a form of attack particularly suited to broadband connected systems. Mr Valli said that, in a DDOS attack, a hacker gained control of a broadband connected computer system and then used that system to launch attacks against other computer networks.

If these attacks are traced, the unwitting owner of the hacker-controlled system appeared to be the culprit. This can lead to the innocent party being the subject of an embarrassing ‘please explain’, having their broadband service terminated and even being subject to litigation.

Mr Valli said many organisations would be surprised to learn that network attacks come from various sources, not all of which are technically skilled, hard-core hackers. He pointed out that a range of software tools were easily obtainable from the Internet, allowing individuals with only fundamental computing knowledge to gain un-authorised access to computer systems.

These individuals might be disgruntled employees, persons who oppose a company’s activities or just computer enthusiasts gaining unauthorised access for the sake of it, Mr valli said.

To underline the ease with which even semi-skilled persons could compromise vulnerable computer systems, Mr Valli gave an astonishing demonstration. Using a software application freely available on the web, Mr Valli entered the address of a particular computer within the SCIS network security lab. Within a matter of seconds, the software located and probed the target PC, gained entry through an open port and identified several system vulnerabilities available for exploitation.

At this point, the demonstration ended. However, had this been a genuine incursion on an organisation, rather than a controlled lab demonstration, the targeted system would have been totally at the mercy of the attacker.

Companies using broadband also need to be aware that, in addition to external attacks, various broadband-related problems can also occur from within the organisation.

According to Mr Valli, the most prevalent of these problems is the use of broadband links by staff for non work-related purposes.

“The downloading of movies and MP3 music files using a company’s broadband link is a very common problem,” Mr Valli said. “In one organisation I studied, 13 users were responsible for 50 per cent of broadband traffic over a six-month period. This amounted to a massive 70 gigabytes (70,000 megabytes) of traffic, the majority of which was not work related.”

The downloading of such material by employees puts an organisation at risk in a variety of ways. The presence of pornographic material on company computers, for example, can lead to acute embarrassment and in some cases litigation. MP3 files, which are still the subject of copy-right disputes worldwide, may result in financial penalties being applied to those organisations possessing them on their systems. Further, broadband services are almost al-ways charged according to usage, often by the megabyte.

Therefore, inappropriate use can cost a company thousands or even tens of thousands of dollars every year.

When asked to outline a ‘worst case scenario’ for a business connected to broadband in the absence of adequate defenses, Mr Valli said: “That’s simple. You come into work on Monday to find your mission-critical data has been permanently erased by an attacker at some point over the weekend.

“It’s then you also realise that you don’t have a recent back-up of your data and the only up-to-date copy is probably in the hands of the hacker, who may be busily selling it to a competitor or leaking it to the media.”

And for those thinking it will never happen to them, Mr Valli’s conference paper provides a chilling insight into the frequency and magnitude of hacking activity targeted against business enterprises.

The paper describes how in one company being studied there had been more than 60,000 suspicious network access attempts detected and logged over the course of a six-month period. This is a staggering number and should bring home to any business connected to the Internet, especially those with 24/7 broadband connections, that the hackers are out there and they’re constantly looking for a way in.


Subscription Options