Avoid being Enlisted Into the Zombie Army
When NetSafe and IBM set up an experiment last month to highlight the escalating issue of internet security it took 20 seconds to prove their point.
That was the time between connecting a fresh PC in Auckland to the Internet and receiving the first probe down the DSL line from another machine checking for potential security vulnerabilities.
That first suspicious probe was followed over the next month by a barrage of further malicious connection attempts: 4500 hit the PC’s firewall in 27 days.
When the firewall was turned off in the final few days of the experiment, the flood of dubious traffic more than doubled to more than 500 attacks a day as the internet’s automated underbelly sniffed around.
The aim of much of the relentless probing documented during the experiment was to identify any vulnerabilities on the new computer that would allow it to be hijacked as part of a zombie network used to attack other systems.
Remote controlled zombie machines are the criminal Internet’s foot solders, dutifully using their broadband connections to carry out remote controlled attacks without the knowledge of their owners.
Neither the frequency of the attacks launched on the test computer, or the mere 20-second delay before they started, were asurprise to NetSafe or IBM.
The aim of the experiment was to put some New Zealand-specific numbers around the issue of home and small business internet security and the findings has been released to mark International Computer Security Day.
“We wanted something that would really help people to understand the issue,” says Martin Cocker, executive director of NetSafe, a non-profit organisation chargedwith educating the public about safe and responsible technology use.
“From NetSafe’s perspective we’re really pleased with the outcome of the study,” Cocker adds.
“Obviously it’s not great that computers get hammered every few minutes, but that’s a fact of being on the Internet.”
The test computeravoided being enlisted into the zombie army because it had been armed with up-to-date security patches for Microsoft’s XP operating system, providing a sufficient degree of protection even when its firewall was switched off.
“What we are pleased with is that those basic security measures that IBM enacted during the experiment actually protected the computer, because that’s exactly the message we’retrying to give to consumers,” says Cocker.
“We’re saying if you put on a firewall and if you have all the [operating system, anti-virus and anti-spyware] updates your computer will be relatively well protected.”
John Martin, IBM NZ’sprincipal security specialist who ran the experiment, says home and small business computer users often turn off security protection for a variety of reasons: it can interfere with online gaming, slow down a machine’s performance, or users may get annoyed with anti-virus warning messages.
Martinsays the experiment confirmed the dangers of turning off a PC’s firewall even for a short time, given the relentless deluge of attacks.
Globally, the frequency of attacks is increasing. In New Zealand, the recent arrival of “unleashed”‘ high-speed, unlimited data, DSL access plans may be welcomeby users but it also provides greater opportunities for hackers to exploit zombie machines as more computers stay online for longer.
One of the curses of zombie networks is that they are responsible for generating a significant proportion of the world’s spam.
Bradley Anstis, Auckland-based director of product management for email security companyMarshal, says the growing sophistication of hacker attacks is analogous to fighting a war.
Whereas a few years ago security companies were fighting just an infantry division, they are now up against the entire army, he says.
NetSafe argues business will pay a huge price if security issues continue to plague theinternet. Cases of stolen credit card numbers and identity theft are driving consumers away from buying and banking online. This in turn means businesses remain lumbered with the cost of running traditional off-line transaction facilities such as bank branches.
Any small business with client information stored on a PC also runs the risk of exposureto crippling litigation if that information is stolen.
NetSafe’s experiment will hopefully shock many computer users enoughto encourage a more cautious approach to security.
But given that the effects of sloppy security do not hit all computer users equally, the society has to resort to preaching a “greater good”message which many will find easy to ignore.
“We certainly don’t want to scare people off the Internet,” says Cocker.
“But we do need people to do the right thing in terms of security for the sake of all the users on the Internet.”
This article was first published in the New Zealand Herald in 2006.