A friend called me one day and asked
if I would stop by to look at his computer. He said it was running
abnormally slow and he had found something on his hard-drive he
could not explain. I could almost guess what it was he found.
Have I been
hacked?
You see, his computer had been
hacked. Actually, in his case, his computer had been tagged. Similar
to the image you see here.
Tag, You're It!
The file transfer protocol, commonly
referred to as "FTP", has been around for many years. In the early days of
the Internet, it was one of the few ways to easily upload and download files
from one computer to another. Many commercial operating systems come
with an FTP server installed. In other cases, the option for
FTP services is selected by a user when they are installing or updating
their operating system. If this service is not setup properly, or you don't
have an adequately configured software or hardware firewall, it is an open
invitation for a hacker or intruder.
FTP Tagging - The most common purpose for someone to
compromise your FTP server is for the storage and distribution of illegally
obtained software and files. This could include cracked software,
stolen movies, audio files, and pornography. Removing
this type of contraband from your computer can be difficult, particularly if you are using a Microsoft Windows platform. Hackers
use sophisticated scripts to create a maze of directory structures to house
their wares on your computer. They may use a combination of names with
spaces in them, and in some cases use extended characters (characters
outside the normal alpha-numeric range). Deleting these directories through
normal means may be difficult, if not impossible, for the average user.
Many people wind up wiping their system and re-installing it, and that is
if they're lucky enough to find out their system has been compromised.
The above is a perfect example of why the
statement, "I'm not worried about being hacked. What do I have that a
hacker would want?" is not a good position to take. The fact is, you do have
something they want, your computers resources. Why should a hacker store
tons of illegally obtained files on their systems when they can use yours.
The Good, The Bad, And The Ugly
The Good
When I was young I use to spend hours upon
hours on the Internet Relay Chat, also know as the IRC. The IRC is another
method of Internet communication, which has been around for quite a long time.
When I was a frequent user of the IRC, it was just plain fun. You would meet all kinds
of people from all over the world. It was
the instant messenger of the time.
The Bad
Today, the IRC is a huge communications
network. It is made up of thousands of channels, and can be accessed by pretty
much any operating system platform. It is also a favorite means of
communication for hackers. They can discuss new exploits, methods of
compromise, and even send and receive files. Many hacker groups use a
cryptic language to communicate with each other on the IRC channels. Unless
you know the language constructs they use, their conversations can look like
a bunch of nonsense.
There are many exploits, backdoors, and
Trojans that effect, or are contained in, the myriad of IRC clients on the
Internet. Making sure you choose one that's relatively safe to use is not an
easy task. As an example, take a look at this list of IRC safety and
security info at
irchelp.org.
The Ugly
It's not just the exploits and security
risks associated with using the IRC, which need to concern you. If a
hacker is able to install an IRC relay agent on your computer, it can
become a conduit through which they communicate and distribute information. In my line of work, I've identified many systems with IRC
backdoors or relay agents installed. The only thing the end user
typically experiences is a decrease in system performance and Internet
access.
Just Open The Door And Let Them
In
Peer-to-Peer File
Sharing
If a total stranger were to knock on your
door, and ask to come in to just hang out for awhile, would you let them
in?; Most likely not. If you're using peer-to-peer file sharing software to
locate and download files on the Internet, you're opening the door to
destruction. Many of the file sharing services and software available on the
Internet now tout themselves as being "safe" and "clean". This is as far
from the truth as you can get. If you're a regular user of these services,
the chance of your computer being back-doored or hacked is significant.
If you have anti-virus software installed (and up-to-date), you've
undoubtedly received messages regarding viruses when downloading files from
peer-to-peer services. These are not the only things you could be
downloading. Many hackers imbed root-kits in files and distribute them using
peer-to-peer file sharing. Root kits contain many types of tools used by
hackers to gain control over computers. If the installation of the kit
on your computer goes undetected and is successful, it's only a matter of
time before your computer is completely compromised.
I can't tell you how many times I've found company employees (and
technical personnel) using peer-to-peer file sharing services. Any
organization that permits this is putting itself at risk. And, the
risk is much greater as compared to a single home computer because of the
number of potential internal targets.
Conclusion
Of course, the above is just a few examples
of different methods and types of computer compromise. There are many
ways your computer can be hacked. Your best defense is a good offense along
with education and awareness.
When you configure your computer make sure
you enable only the software and services that you need. Many programs
have known exploits and / or require additional steps be taken to adequately
secure them.
Don't make the assumption that you are not a
target just because you don't think you have anything of interest on your
computer.
If our computer becomes unstable or dramatically decreases in
performance, don't assume it's just a quirk or that it's time to upgrade.
Make sure you have a software or hardware
firewall in place to protect you from the Internet. Your firewall should be
configured not to allow anonymous inbound access from the Internet. This is
the default configuration for most firewalls, but you should make sure the
one you are using is properly configured .
Make sure you have adequate virus and
spyware protection, and your pattern signatures are up-to-date.
Many anti-virus applications work on a subscription basis. It's not uncommon
to find out your subscription expired. If it is expired, your software
may not protect you from new and emerging threats.
And, do what ever you can to stay away from
any type of Internet peer-to-peer file sharing service. No matter how
safe the developer claims it is.
If a total stranger were to knock on your
door, and ask to come in to just hang out for awhile, would you let them
in?; Most likely not. If you're using peer-to-peer file sharing software to
locate and download files on the Internet, you're opening the door to
destruction. Many of the file sharing services and software available on the
Internet now tout themselves as being "safe" and "clean". This is as far
from the truth as you can get. If you're a regular user of these services,
the chance of your computer being back-doored or hacked is significant.