Hackers gone wild
- 24 January, 2008 12:16
It's a truism that sites get hacked every, and some may even deserve it. But we're no longer talking about individual hacks by disgruntled geeks. We're looking at massive, well-organized plans to take over vast portions of the Net. Case in point: The SQL Injection exploit that infected more 70,000 sites -- including some parts of CA's site -- according to researchers at Grisoft.
It gets worse. In a presentation to the security wonks at a SANS conference, CIA analyst Tom Donahue revealed that hackers accessed the power grid in several foreign nations via the Net and tried to extort money from the local governments in return for not turning off the lights. Think about that the next time you experience a rolling blackout.
But the real elephant in the server closet is the Storm worm, which celebrated its first birthday last week and continues to spread across the Net via holiday-themed e-mails. According to Sophos, poison pen Valentines e-mail accounted for 8 percent of all e-mail traffic last week.
We know that millions of machines have been infected with the Storm bot, and every so often they receive instructions, but mostly they've been strangely quiet.
A security wonk of my acquaintance (who asked to remain anonymous) has an interesting theory on what these millions of zombie machines might be used for: the evil equivalent to SETI. But instead of parsing interstellar radio signals for signs of intelligent life, these millions of zombies could be put to other distributed computing tasks, like cracking complex passwords. Heck, the bad guys could merely rent their grid out to anyone with a Dr. Evil-ish scheme for world domination. Call it Storm Cloud Computing.
Of course, there's not just one Storm network. There may be dozens. One was recently employed in phishing attacks on Barclay's and Halifax banks, another used to spew out pump-and-dump spam last year.
My anonymous security wonk also tells me that most of the malware action has moved from Russia to China -- or at least, Chinese subnets. Apparently Russian locals have started to crack down, so the bad guys jumped borders to friendlier environs. It seems World War III may be fought online. Strap on your virtual kevlar, because it's about to get ugly.