Hacked: Who Else Is Using Your Computer?
by Darren Miller
Published on this site: April 25th, 2005 - See
more articles from this month...
Hacked: Who Else Is Using Your Computer?
A friend called me one day and asked if I would stop by to look
at his computer. He said it was running abnormally slow and he had
found something on his hard-drive he could not explain. I could
almost guess what it was he found. Have I been hacked?
You see, his computer had been hacked. Actually, in his case, his
computer had been tagged. Similar to the image you see here.
- Tag, You're It
The file transfer protocol, commonly referred to as "FTP",
has been around for many years. In the early days of the
Internet, it was one of the few ways to easily upload and
download files from one computer to another. Many commercial
operating systems come with an FTP server installed. In
other cases, the option for FTP services is selected by
a user when they are installing or updating their operating
system. If this service is not setup
properly, or you don't have an adequately configured software
or hardware firewall, it is an open invitation for a hacker
or intruder.
FTP Tagging - The most common purpose for someone
to compromise your FTP server is for the storage and distribution
of illegally obtained software and files. This could include
cracked software, stolen movies, audio files, and pornography.
Removing this type of contraband from your computer can
be difficult, particularly if you are using a Microsoft
Windows platform. Hackers use sophisticated scripts to create
a maze of directory structures to house their wares on your
computer. They may use a combination of names with spaces
in them, and in some cases use extended characters (characters
outside the normal alpha-numeric range). Deleting these
directories through normal means may be difficult, if not
impossible, for the average user. Many people wind up wiping
their system and re-installing it, and that is if they're
lucky enough to find out their system has been compromised.
The above is a perfect example of why the statement, "I'm
not worried about being hacked. What do I have that a hacker
would want?" is not a good position to take. The fact
is, you do have something they want, your computers resources.
Why should a hacker store tons of illegally obtained files
on their systems when they can use yours.
- The Good, The Bad, And The Ugly
The Good
When I was young I use to spend hours upon hours on the
Internet Relay Chat, also know as the IRC. The IRC is another
method of Internet communication, which has been around
for quite a long time. When I was a frequent user of the
IRC, it was just plain fun. You would meet all kinds of
people from all over the world. It was the instant messenger
of the time.
The Bad
Today, the IRC is a huge communications network. It is made
up of thousands of channels, and can be accessed by pretty
much any operating system platform. It is also a favorite
means of communication for hackers. They can discuss new
exploits, methods of compromise, and even send and receive
files. Many hacker groups use a cryptic language to communicate
with each other on the IRC channels. Unless you know the
language constructs they use, their conversations can look
like a bunch of nonsense.
There are many exploits, backdoors, and Trojans that effect,
or are contained in, the myriad of IRC clients on the Internet.
Making sure you choose one that's relatively safe to use
is not an easy task. As an example, take a look at this
list of IRC safety and security info at http://www.irchelp.org/irchelp/security/.
The Ugly
It's not just the exploits and security risks associated
with using the IRC, which need to concern you. If a hacker
is able to install an IRC relay agent on your computer,
it can become a conduit through which they communicate and
distribute information. In my line of work, I've identified
many systems with IRC backdoors or relay agents installed.
The only thing the end user typically experiences is a decrease
in system performance and Internet access.
- Just Open The Door And Let Them In Peer-to-Peer File
Sharing
If a total stranger were to knock on your door, and ask
to come in to just hang out for awhile, would you let them
in?; Most likely not. If you're using peer-to-peer file
sharing software to locate and download files on the Internet,
you're opening the door to destruction. Many of the file
sharing services and software available on the Internet
now tout themselves as being "safe" and "clean".
This is as far from the truth as you can get. If you're
a regular user of these services, the chance of your computer
being back-doored or hacked is significant.
If you have anti-virus software installed (and up-to-date),
you've undoubtedly received messages regarding viruses when
downloading files from peer-to-peer services. These are
not the only things you could be downloading. Many hackers
imbed root-kits in files and distribute them using peer-to-peer
file sharing. Root kits contain many types of tools used
by hackers to gain control over computers. If the installation
of the kit on your computer goes undetected and is successful,
it's only a matter of time before your computer is completely
compromised.
I can't tell you how many times I've found company employees
(and technical personnel) using peer-to-peer file sharing
services. Any organization that permits this is putting
itself at risk. And, the risk is much greater as compared
to a single home computer because of the number of potential
internal targets.
Conclusion
Of course, the above is just a few examples of different methods
and types of computer compromise. There are many ways your computer
can be hacked. Your best defense is a good offense along with education
and awareness. When you configure your computer make sure you enable
only the software and services that you need. Many programs have
known exploits and / or require additional steps be taken to adequately
secure them.
Don't make the assumption that you are not a target just because
you don't think you have anything of interest on your computer.
If our computer becomes unstable or dramatically decreases in performance,
don't assume it's just a quirk or that it's time to upgrade.
Make sure you have a software or hardware firewall in place to
protect you from the Internet. Your firewall should be configured
not to allow anonymous inbound access from the Internet. This is
the default configuration for most firewalls, but you should make
sure the one you are using is properly configured.
Make sure you have adequate virus and spyware protection, and your
pattern signatures are up-to-date. Many anti-virus applications
work on a subscription basis. It's not uncommon to find out your
subscription expired. If it is expired, your software may not protect
you from new and emerging threats.
And, do what ever you can to stay away from any type of Internet
peer-to-peer file sharing service. No matter how safe the developer
claims it is.
Darren Miller is an Information Security Consultant
with over sixteen years experience. He has written many technology
& security articles, some of which have been published
in nationally circulated magazines & periodicals. Darren
is a staff writer for www.defendingthenet.com and several
other e-zines. If you would like to contact Darren you can
e-mail him at mailto:[email protected]
or mailto:[email protected].
If you would like to know more about computer security please
visit us at http://www.defendingthenet.com.
If someone you know has sent you this article, please take
a moment to visit our site and register for the free newsletter
at http://www.defendingthenet.com/subscribe.htm
|
