Wednesday, March 4, 2009
Hijacked by hackers
Posted by Courtney E. Howard
It can happen to you. You could unwittingly be made a pawn in a cyber-attack, or worse: unknowingly become a cyber attacker. Most any computer -- whether a desktop/laptop PC or server -- can be hijacked by hackers. It could then be used as a weapon.
Saturday night, while I was enjoying the company of friends and some adult beverages, a call came in on a friend's cell. Now, it should be said that he is a brilliant, experienced systems and software engineer, and his partner is none too shabby either. Even so, one of their systems fell victim to hackers. In truth, it is likely more appropriate to call it a pawn, rather than a victim. You see, someone else's system was the real target (and subsequent victim).
No critical or classified information was compromised; rather, hackers took control of multiple systems, of which my friends was one, to perform a DDOS (distributed denial of service) attack on a system in the Pacific rim.
It was not as dramatic as I might make it sound, but it was an awakening. My friend was understandably tight-lipped, so I do not know the specifics around his electronics being hijacked; however, a quick check of the DDOS wiki gives me a general idea about how it happens.
Hackers can invade other people's computers (which I fondly refer to as OPCs). They find a vulnerability and secretly install a code, a script, or a program. The program can also come in through any number of methods, by e-mail, on a thumb drive, via poor password complexity, an even from a Website that can execute script.
The computer acts normally, until the hacker remotely activates the program, say. It then uses the computer/server's Internet connection to send a very large quantity of small packets of information -- tons of those, in fact -- to a target system/destination (or, more specifically, an IP).
The moral of the story? Keep an eye on your system and your information. Keep it all locked down. Keep your firewall on, and your operating system updated. IT personnel in charge of an entire organization’s systems and their information security (especially if that organization is part of or does any business with the Department of Defense) really have their work cut out for them. They have to keep tabs on virtually everyone and everything their colleagues do, and prevent them from surfing questionable Web sites, opening suspicious e-mail attachments, plugging thumb drives or MP3 players with flash memory into computer systems, and much, much more -- well, either that, or invest in a secure RTOS (real-time operating system), such as those you can read about in the pages of Military & Aerospace Electronics. Anyone think a secure RTOS can be compromised? Some believe nothing is safe in this digital age.