Tuesday, December 5, 2006
I Don't Have Anything on My Computer Anyone Wants. I don't Need Security
This subject is probably a little more for the intermediate user. There is a misconception that hackers or web criminals only want data off of your machine. In fact that's not true at all. Hacker, criminals and terrorists all want your machine its self. Your PC if not secured, can be EASILY and HAPPILY used for the following;
- BOT installation, used by hackers for sending SPAM and sourcing DDoS attacks.
- Used by criminals as a "jump host". In this scenario criminals access your machine before attacking another location. This helps them cover their tracks in the case of a forensics investigation. In many cases they will use several jump hosts, at least one of which is in a foreign country that doesn't work well with US police investigators. Using this technique makes it almost impossible to catch cyber criminals.
- Keystoke logger installation. This allows attackers to see exactly what you type on your machine before it is encrypted. So if you go to a website and purchase something with a credit card, they have a copy of your username and password, credit card number, bill to and ship to addresses. etc.
At this moment in time my hot point is an article last week that terrorists plan to attack financial communities on the web. This task is enabled by people who believe they have nothing on their computer that anyone wants. The only way terrorists could possibly get enough bandwidth to launch devastating DDoS attacks against the banking system is to compromise thousands of computers with BOT's and then send a command for these computers to all launch an attack at the same time.
Any guesses whose machines they will use? You guessed it - the user who doesn’t believe they have anything a hacker wants!!!
To mitigate this and many other problems. Make sure you have at minimum of a personal firewall, current patches for your Operating System and up to date virus protection from a reputable vendor.
- BOT installation, used by hackers for sending SPAM and sourcing DDoS attacks.
- Used by criminals as a "jump host". In this scenario criminals access your machine before attacking another location. This helps them cover their tracks in the case of a forensics investigation. In many cases they will use several jump hosts, at least one of which is in a foreign country that doesn't work well with US police investigators. Using this technique makes it almost impossible to catch cyber criminals.
- Keystoke logger installation. This allows attackers to see exactly what you type on your machine before it is encrypted. So if you go to a website and purchase something with a credit card, they have a copy of your username and password, credit card number, bill to and ship to addresses. etc.
At this moment in time my hot point is an article last week that terrorists plan to attack financial communities on the web. This task is enabled by people who believe they have nothing on their computer that anyone wants. The only way terrorists could possibly get enough bandwidth to launch devastating DDoS attacks against the banking system is to compromise thousands of computers with BOT's and then send a command for these computers to all launch an attack at the same time.
Any guesses whose machines they will use? You guessed it - the user who doesn’t believe they have anything a hacker wants!!!
To mitigate this and many other problems. Make sure you have at minimum of a personal firewall, current patches for your Operating System and up to date virus protection from a reputable vendor.
Subscribe to:
Post Comments (Atom)
1 comment:
This is pretty good information. I've heard I need to have security even if don't have valuable stuff on my laptop. Now I know why. Thanks.
Post a Comment