Consulting » Internet security – Invisible Enemies.

Internet security - Invisible Enemies.

The latest techniques enable hackers to enter your systems and change data without leaving a trace.

Andy Clark is making some adjustments to a spreadsheet on his ?computer screen. Not his spreadsheet, mind you. Using a “Trojan” program ?which took his colleague just eight evenings to write, he’s hacked into a ?rival company’s computer and used email to download the spreadsheet to his ?PC. The FD at Clark’s rival doesn’t know it’s happened.

The spreadsheet shows the financials for a key project the rival plans to ?undertake. The figures look good. Too good for Clark’s liking. He makes ?some small alterations across the columns. Nothing too large that will ?draw attention to itself. But, cumulatively, the changes ripple through ?the spreadsheet and, hey presto, the project looks a lot less profitable ?than it did. It is not, perhaps, something the rival will want to pursue ?after all.

Clark is pleased with his sabotage so he emails the doctored spreadsheet ?back to the rival company. It replaces the copy held in the company’s ?files. Now all he has to do is withdraw the Trojan program from the ?rival’s computer. Even if the spreadsheet changes are detected – and Clark ?is convinced he’s been clever enough so they won’t be – nobody will ever ?know how they happened.

Clark could have made himself rich this way. Five years ago, he and ?colleague Vince Callaghan discovered that background features in advanced ?messaging systems could place a powerful weapon in the hands of hackers. ?Now their prediction is coming true, and Clark has just given a ?demonstration of the new class of hacks. He calls them Banratty attacks, ?and says they are so insidious that victims often don’t realise they’ve ?been hacked.

Clark is now operations director for Entegrity Solutions, which provides ?software security. He is convinced that growing numbers of companies are ?suffering from Banratty attacks. A book* co-written by Bill Boni, director ?of Motorola information protection, supports this. It identifies 23 ?countries conducting economic espionage and notes that France has a School ?of Economic Warfare. Its curriculum includes “information ?destabilisation”.

Hacking is no longer an activity just for nerds with nothing useful to do. ?It’s now a critical part of the emerging black art of information warfare. ?What’s worrying is that the tools the economic warriors have devised are ?out-running the security patches the IT industry is developing to defend ?itself and its clients.

What’s opened the door to widespread hacking is the pervasive spread of ?email. Everybody’s got it and it’s a simple technology with inherently low ?levels of security. The vast bulk of hacking attacks now come through this ?route. The first Raymond Ashton, of IT software and services supplier ?Geac, knew about the problem with his email was when he was shown a stream ?of emails he’d sent to staff and suppliers bad mouthing his company. Then ?he was told he was suspended pending further consideration of his ?case.

Ashton (not his real name) protested his innocence. He hadn’t sent the ?emails, he insisted. Geac launched an investigation with the help of Peter ?Yapp, manager of consultancy services at Vogon International, a forensic ?computer specialist.

“We found that the emails to staff had been sent over the company’s ?intranet and to suppliers over the internet,” recalls Yapp. “But when we ?looked closely at the IP addresses, it was clear that somebody had ?hijacked Ashton’s email identity.” With the help of a court order, Yapp’s ?team claim they tracked the trail of IP addresses back to an email account ?held by a former Geac employee, who may now be prosecuted. However, the ?investigation has cost Geac a four-figure sum.

During April 2001, 27% of all reported virus attacks were traced back to ?Magistr, an email infection devised by a hacker calling himself Judge’s ?Disemboweller and apparently based in Malmo, Sweden. Unlike “I love you” ?and “AnnaKournikova”, two of last year’s most destructive viruses, Magistr ?has been particularly difficult to spot because the email title and text ?are randomly generated.

“We suspect it’s still out there in large numbers,” warns Graham Cluley, ?senior technical consultant at Sophos Anti-Virus. “One way to spot it is ?to look for an email title that seems to be gibberish. Somewhere in the ?email text will be the phrase ‘Ars, Ars, I’ve got you.'” He explains that ?Magistr is a good example of the disturbing skills of advanced ?hackers.

“It’s polymorphic which means it can mutate its appearance on each ?infection,” he says. It’s also extremely destructive because it can wreck ?the bios chip, which is needed to start a computer’s operating system.

Magistr can worm its way into address books and mail boxes looking for ?email addresses, and then forward itself on to them using its own program ?rather than the email software that’s installed on the PC. This means any ?security system installed to stop rogue emails being sent is simply ?bypassed.

David Duke, a computer security expert cleared to “top secret” level by ?the MoD, says a new age of computer hacking is emerging. “The old age ?consisted of a very few dedicated individuals that all understood ?computers to the nth degree. New age hackers simply access all their ?techniques from point-and-click programs. It means private individuals can ?break into systems much more easily,” he says.

Duke, who is founder and technical director of Cryptic Software, is ?concerned that some of the new tools that have emerged in the past few ?weeks can penetrate firewalls – the security software designed to stop ?illicit communications entering a computer system – without the firewall ?knowing. He is also worried that more viruses are being wrapped inside web ?pages. “Just the process of browsing a website could infect your PC,” he ?says. “The virus opens a back door in your system so the hacker can go in ?and look at the files on your hard disk.”

All this is bad news for the FD. Because of advances the hackers are ?making, it’s a pretty safe bet that most companies’ IT security ?arrangements are as leaky as a colander, and e-security is expensive. ?Duke’s company has developed security software that he claims is able to ?detect 38 million types of threat. It works by constantly inspecting the ?contents of computer disks. And Clark’s Entegrity now has software that ?can ward off most Banratty attacks. The bad news is that it involves ?installing software on every desktop at a typical cost of #150,000 for an ?enterprise.

No one knows the cost of breaches in email security. It’s embarrassing for ?a company to admit it has been penetrated, so most keep quiet when it ?happens. But the “I love you” virus, which masqueraded as a love letter, ?was said to have caused #3bn worth of damage to organisations around the ?world. And yet Clark believes few companies – even among the FTSE 250 – ?are alive to the dangers of hacking from determined information ?warriors.

* Netspionage: The Global Threat to Information by William Boni and Gerald ?L Kovacich, published by Butterworth-Heinemann (#25).


1. Save documents in Rich Text Format (RTF) instead of .doc files. This ?option can be set as the default so staff don’t need to bother about it ?each time they save.

2. Reject unsolicited spreadsheets, documents and anything unusual. Tell staff not to run them.

3. Treat unexpected emails with suspicion, even from people you know.

Check by phone before opening them.

7. Ensure staff follow the procedure of checking with IT specialists ?before opening any suspicious file.

4. Reject emails with a double file extension. For example, ?AnnaKournikova.jpg.vbs.

Normally, there’s no need for two extensions.

5. Tell staff not to download documents or executables from the ?internet.

Increasingly, they’re used to spread viruses.

6. Remember that jpg, gif and MP3 files can be used to disguise viruses ?even though they can’t be infected.

8. Inform the IT department immediately you think you’ve been infected ?with a virus.

9. Be aware that some emailed virus warnings can be hoaxes or even viruses ?themselves. Ask advice from the IT department before opening them and ?don’t forward them to others.

10. Adopt the same vigilance if working from a home PC – the same dangers ?apply.

Adapted from Sophos Anti-Virus guidelines for users.

Was this article helpful?

Leave a Reply

Subscribe to get your daily business insights