Unprotected home computers vulnerable to hijack
By Susan Watts
BBC Newsnight Science editor
Protect your home computer or you could unwittingly help to launch a cyber attack, experts are warning.
They say the rise in such attacks risks undermining critical national infrastructure and the future of the global economy.
Thousands of vulnerable personal computers are being signed up without their owner's knowledge to form "botnets", or "bot armies", sometimes spread across numerous geographical locations in countries all round the globe, experts have told BBC Newsnight.
These botnets are being used to launch so-called Distributed denial of service, or DDoS, attacks, which crash a website by flooding it with requests for information, or to harvest personal data such as credit card details or passwords.
Recent revenge attacks by the Anonymous hacktivist group against companies who distanced themselves from Wikileaks are one high-profile example where websites were crashed.
'Greater good'
Now, governments are urging people to take personal responsibility for what they say could prove a much broader threat to our digital world.
Melissa Hathaway, former cyber tsar to US President George W Bush and a former advisor to President Barack Obama, told Newsnight:
"Botnets, or infected computers, whether in a citizen's personal computer or a corporate computer, are being used to launch these DDoS attacks against key industries and against governments, and so that would affect their ability to deliver essential services."
But on the day that the government has hailed the destruction of the last computers from the ID card database as a triumph of civil liberties, officials are clearly still working out how to sell us the idea that we should practice safe computing for a greater public good.
Multi-nation problem
Well-placed sources say that in a world in which we are utterly dependent on digital systems, they are anxious to limit any opportunity for disruption of critical national infrastructures like energy, water, food distribution and transport - all of which rely on computerised systems.
But the government does not want to be seen to be curtailing individual freedom. It feels a need for some form of cyber "Green Cross Code" - without having to legislate.
Experts say that botnet technology is becoming increasingly accessible
Julian Midwinter works for i2, a company which provides software to governments, intelligence agencies and commercial companies to help unravel the architecture of a botnet, where it is being controlled from, and by whom.
"The majority of these botnets are harvesting financial and personal information for those criminal organisations that run those networks for more traditional fraud, for example accessing your bank account.
"There was one recent one from Canada involving 100,000 computers linked across 75 countries - the distribution was all around the world."
'Botnets for hire'
He also flagged up problems with how accessible botnet technology is becoming:
"Historically you used to have to be a technical expert, be a proper hacker, and be really interested in computers. These days you can effectively go down to the local DIY store and buy a botnet kit that comes ready configured, you just need to install it with some very basic installers and very limited technical capability - set it up and off it goes."
Mr Midwinter told Newsnight about one group, calling itself the Iranian Cyber Army, which was recently found advertising a botnet-for-hire.
This, he said, is just one of many that are available online:
"They're on the darker fringes of the internet - in some countries it is easier to get to - in other countries they are harder to find.
"Some of them are very, very affordable… hundreds of pounds to get involved… some of them, depending on what you want to do, could be more expensive ."
Newsnight spoke to VeriSign, which runs the ".net" and ".com" domain names, and two of the internet's 13 so-called root name servers.
These are vital organs of the internet, without which you would not be able to send e-mails or link to websites.
Tobias Wann, of VeriSign Europe, told us his company's clients are having to deal with DDoS attacks in increasing number, and capacity.
He agrees that there is a need to foster personal responsibility on this issue:
"If you don't secure your computer and make it virus free there's a big risk your computer could be infected.
"An infected computer could be part of a botnet without you knowing or realising, so the more you protect your own assets the less the risk is that your computer is part of a botnet, the smaller the potential of botnets are, and the smaller any of the future attacks would be."
Watch Newsnight's Science editor Susan Watts' full report on emerging cyber threats on Thursday 10 February 2011 at 10.30pm on BBC Two, then afterwards on the BBC iPlayer and Newsnight website.
Credit: BBC (www.bbc.co.uk)
No comments:
Post a Comment