Broadband Security - Learning About Security Breach Methods
Broadband Security for Home and Small Office Computers
Introduction
This article is written to outline the security risks of using computers connected to the Internet by high speed broadband connection.
It describes methods and techniques that are used by criminals, hackers and fraudsters to compromise home and small office computers that use permanent broadband connections.
Go to contents
Contents
- Introduction
- Objective
- New for Broadband?
- Motives for Breaching Broadband Security
- How Worried Should I Be?
- Doesn't my Internet Service Provider (ISP) Take Care of My Broadband Security?
- Jargon!
- Fact versus Fiction
- The Risks
- External
- Subnet Scanning
- Port Scanning
- Packet Sniffing (Eaves Dropping)
- E-Mail Eaves Dropping
- Denial Of Service (DOS)
- “Phishing”
- Wireless
- Internal
- Trojans
- Viruses
- E-Mail (Script & Application) attachments
- “Pharming”
- Rogue Diallers
- Key Loggers
- Spyware
- Conclusion
Objective
By the end of this article, you should be able to understand the motives, methods and techniques used by criminals, hackers and fraudsters to breach computer systems connected to the Internet by broadband connections.
Having read this article, you might like to continue to part 2 of this series (Solutions for Protecting Your Broadband Connection & Computer) and learn how to beef up your broadband security.
topNew for Broadband?
Most of the risks that we discuss here are not new. It's simply that, now that our computers are connected to the internet for most of the time that they are switched on, we run higher risks than we used to on older dial up connections that were only connected to the Internet for short periods.
With broadband connections now being the main way in which people use the Internet, it's important that we understand the implications of the modern digital criminal on broadband security.
topMotives for Breaching Broadband Security
Why would anyone be interested in the data on a computer?
Simple answer: - "easy pickings". Computers are now integral into the way in which we live in the 21st century. Our homes and offices contain one or more computer that is / are usually connected to the Internet by an "Always on" broadband connection. We store personal information (such as bank account security details) on computers. A criminal with access to this information can successfully impersonate their victims and therefore engage in online fraud.
We use our computers and broadband connections to shop, bank, book holidays and buy products and services online. With so much commerce now happening on the Internet, our computers make an attractive new target for criminals.
Computer fraud is attractive to criminals as it can be relatively simple and inexpensive for them. Also, criminals who perpetrate online crime can do so from anywhere in the world and aim to remain anonymous.
They understand that the law in many countries is not equipped to deal with online fraud and that law enforcement agencies tend to lag behind with modern technology and their ability to identify and prosecute individuals can be limited.
For these reasons, computer fraud can be an attractive proposition to the new generation of criminals.
topHow Worried Should I Be?
It is not the intent of this article to frighten individuals. However, it must be noted that computer based crime is increasing year on year. The direct and indirect consequences of computer / data breaches have very real economic impacts on businesses and individuals and are already affecting all of us whether we like it or not. That is to say, even if we are totally secure in our digital / computer world, we all end up paying extra for goods & services from companies that are affected by digital fraud whether that be from direct losses incurred as a result of a breach or by extra infrastructure expenditure required to secure business IT systems.
In my experience as a technical writer and senior IT consultant, I have witnessed, first hand, a number of serious computer security breaches in the business environment. In the most severe case, a mission critical IT infrastructure at the head offices of a leading UK based retailer was compromised for several hours from an internal attack. The source of the attack was from a virus infected laptop being connected to the network. The loss of systems no doubt had direct financial consequences for the retailer due to loss of its ability to do business during the down time associated with fixing the breach. Had it not been for excellent disaster recovery procedures put in place by the company, the results could have been far worse.
Whilst no computer system can ever be considered to be totally secure, with good awareness and the right tools, a user can protect themselves against the significant threats posed by going online with broadband connections in today's environment.
Broadband Security is, in my opinion, fundamental to everyone being able to safely use and enjoy the modern digital age.
topDoesn't my Internet Service Provider (ISP) Take Care of My Broadband Security?
The short answer is “no”. ISPs do occasionally offer protection from Spam (email) and can block certain IP ports but they cannot shield you completely from attempted intrusion.
The responsibility for your computers security lies with you. No-one "upstream" on the Internet can take care of your computer & file security for you. The security of your broadband connection and your computer systems is ultimately up to you.
topJargon!
In all things computer (particularly broadband & Internet), there's unfortunately no way of escaping it. We're using several technical terms but are also giving a brief understanding of what the term means the first time that it's used in the article.
topFact versus Fiction
Are “Broadband” connections safe? This is not a simple question to answer. If I had to give a brief answer, it would be “it depends”!
It depends on a number of complex factors but the key ones are these:
- Willingness to accept that there are risks
- Willingness to research & learn about the risks
- Taking steps to implement hardware, software and best practices to reduce the risks
- Continue with the keeping up to date with security threats and ensuring that the measures put in place (above) are kept up to date
The Risks
There are two points of attack on a computer system:-
- External
- Intrusion attempts come via the Internet whilst you are connected. A remote computer will find your computer and begin "probing" for weaknesses that will expose your computer data files. If successful, the remote computer will have access to your computer files & operating system. How serious this is depends on what information you have stored on your computer. Personal letters, bank information, security passwords etc may, if you have these stored on hard disk, could all be potentially visible to this type of attack.
- Internal
- Intrusion attempts use the normal function of the Internet to penetrate your system. For example, a malicious hacker could e-mail you with an innocent looking message which, when you open it installs a program to your computer. Once installed, this program has access to your files and security information. It then sends information back to the hacker (or "dials-home") about your computer & files.
External
For someone wanting to gain access your information, there are several ways of doing it but it generally follows a pattern. If someone is randomly looking for "victims" they will follow the following sequence:
- Look for a working "Subnet"
- Scan the Subnet for live computers
- Target one (or several) live computers and begin probing for weaknesses to gain access
- Having found the weakness, place or remove files on the "victims'" computer
More details and explanations of these steps follow.
topSubnet Scanning
The Internet is made up of lots of smaller networks that use TCP/IP to talk to each other. Each individual network is called a "Subnet". Connecting all these "subnets" together is what gives us the Internet.
A good analogy of a "Subnet" is the telephone system. Take a look at your telephone number. It's made up of two key parts:- An area code and your local telephone number. A "Subnet" would be the equivalent of all telephone numbers in a given area code (which could be lots!).
A hacker can use a piece of software (easily available from various "Hackers" Internet sites) to quickly look for working "subnets". A "subnet" could, for example, be a block of network addresses that an Internet Service Provider (ISP) has put aside for its broadband customers to use.
Having found a working "subnet", the hacker then needs to look for individual computers. Again, easy to do from software. Simply ask the software to probe each valid network address in the "Subnet" to give a list of active individual computers connected to the Internet.
topPort Scanning
| Port | Service |
|---|---|
| 21 | ftp |
| 25 | smtp |
| 80 | http |
| 110 | pop3 |
| 443 | ssl |
| 1433 | MS SQL Server |
Having found your computer from Subnet Scanning, the hacker inspects each port of your IP address. An IP address is what uniquely identifies your computer on the Internet. A port is either "open" or "closed" and is used for various "services" to talk to each other. For example, a web browser (e.g. Internet Explorer) uses port 80 to talk to a web server /site (e.g. www.microsoft.com). If your computer runs a database, for example SQL Server, this uses port 1433. By probing port 1433, the hacker knows if you are running SQL Server and can pinpoint their attack accordingly.
topPacket Sniffing (Eaves Dropping)
In the diagram, we can see that information travels between your computer and remote Internet web server by a number of routers. A router is a device that joins smaller networks (i.e. subnets, which we've already discussed) together to form The Internet. A malicious hacker could have access to one or more of these routers. In having access to a router, a hacker can use a software tool called a "Sniffer" to keep an eye out for "interesting" data going into and out of the router. Such data could be, for example, your credit card number.
topE-Mail Eaves Dropping
When you send e-mail, it does not get delivered directly to the recipients in-box. It "spools" on any number of computers around the world as an electronic version of "pass-the-parcel" is played. Anyone with access to these intermediate computers can potentially read your e-mail. It's not a very good idea to send sensitive information by standard e-mail. There are ways of encrypting e-mails but this is outside the scope of this article.
topDenial Of Service (DOS)
This is a targeted attack at your computer's internet connection or perhaps directly at some of the web sites that you frequently use. It is designed to swamp network connections with requests thus preventing you using your broadband connection or favorite website.
top“Phishing”
Phishing is a relatively new form of scam. It involves trying to convince unsuspecting users to enter their bank security details into a bogus website designed to look very similar to "official" websites. Once these details have been captured, the criminal is then free to login to bank accounts and help themselves to money.
The process goes like this:
- A Criminal sends mass emails formatted to look like an official request from a bank. The emails often contain the banks business logo. The email invites users to "confirm" their bank security details by visiting a website address (see next point)
- The email includes a (fraudulent) website link. The website usually looks very similar to the official banks' website
- Once a user is on the fraudulent website, they are encouraged to enter their personal security details. If a user enters these details, it's payday for the criminals. They then use these details to access the users bank account and steal money
;)
Phishing emails are easily spotted. Look for some key points:
- Many phishing emails are composed using poor grammar and demonstrate a limited grasp of the English language.
- The emails are usually HTML format and consist of large chunks of image maps. If your mouse pointer is always showing a "hand" icon inviting you to click anywhere in the email body, then the email is most likely fake.
- The text is alarmist. It threatens account closure / suspension unless you do something.
“Wireless”
Wireless technology has exploded in popularity over the last few years as businesses and homes look to use broadband connections on computers without the hassle of being tied into networking cables or telephone cables.
Unfortunately, wireless technology opens up a whole additional area that criminals can take advantage of unsecured data. There are a few key areas that can be exploited in a wireless network infrastructure:
- Eaves dropping (or sniffing) packets of data that are transmitted through the air-waves. In an unsecured wireless connection, it is possible for a criminal to see enough data to re-assemble meaningful information (e.g. a bank account number). This could be done as simply as sitting in a parked car outside a home or business with the appropriate equipment (a "radio" and a laptop is all that is required)
- A more benign form of intrusion is the unauthorised use of a wireless connection to access another network. For example, it is possible to connect to the Internet using your neighbours’ broadband connection if they have not taken steps to secure their wireless router.
As wireless technology is such a vast area, we will be exploring this area as a dedicated subject in future articles.
topInternal
This is almost always accomplished by convincing users to install malicious programs (sometimes called “Malware”) on their computer systems. The method of entry for these programs can be from emails, disks and downloaded "free" system tools or by direct external attack on vulnerable operating system services.
topTrojans
This is not a new method of attack. Computer "viruses" have been using this method for many years before widely adopted broadband Internet connections. Such "viruses" would infect your computer and usually provide no visible evidence that they existed. However, in the background, these "viruses" (or small programs) would be scanning your computer for information and sending it back to the hacker over a network. It's not a total surprise that, with the local networks widening scope to the Internet, that this method would be extended to infiltrating computers connected to the Internet by broadband. Most "Trojans" infiltrate a computer system as a direct result of either installing dubious downloaded software from the Internet or, with more popularity recently, by opening e-mail attachments.
topViruses
A virus is a small program written to do various things to a computer. The action a virus takes depends on the motives of it's author but can range from playful messages or tunes popping up to, more seriously, a complete wipe (format) of your hard disk. Most people already understand the threat of viruses and take precautions by running Anti Virus software.
topE-Mail (Script & Application) attachments
E-Mail historically started out as being plain text sent to/from recipients connected by a network.
As Internet technology improved, we firstly had the ability to attach files to e-mail and then, recently, the ability to format e-mails in the language of a Web Browser (i.e. HTML).
The most popular way in which a hacker can use e-mail to place a "Trojan" in your computer is by sending infected attachments containing malicious programs or scripts. When you try to "open" (by double clicking) the attachment (Note: Sometimes even previewing an email is enough to infect your computer), it instantly runs and installs itself on you computer. At this point, your computer has been breached. Simply turning it off & on will not remove the Trojan. The Hacker now has full access to the parts of your computer and the code can "Dial-Home" unchallenged. You can spot potentially dangerous attachments by how the file name ends. If it ends in ".exe", ".js", ".vbs", ".dll" or ".ocx" it is a program and can be run as malicious code.
top“Pharming”
Pharming is a relatively new scam. It involves re-directing users to bogus websites where, like the latter stages of a phishing attack, users are encouraged to enter personal / account information into a bogus website.
Pharming, however, is quite sinister in how this is accomplished. A Pharming attack consists of an internal attack on your computer whereby a program or process is installed that deliberately re-directs legitimate requests. For example, if I were infected with a Pharming virus, then when I type "www.my-legitimate-bank.com" into my web browser, this could be intercepted and re-directed to "www.criminal-bogus-website.com" without my knowledge. No doubt the bogus website would look very similar to my legitimate bank and I would type in my security details totally unaware that I had been conned.
topRogue Diallers
Remember that dial up modem? Well, chances are that, if you think in a similar way to me, you've kept yours as a "backup" option should your broadband fail or perhaps as a dedicated FAX device for your computer.
The bad news is that, you've guessed it, the modem can be used as a tool for a scam by criminals.
It works like this:-
It is very easy for a criminal company to set up a premium rate number. These numbers can rack up huge telephone charges in a short amount of time. The amount of money that we are talking about here can be hundreds and thousands of dollars / pounds in a single month! Obviously, no-one in their right mind is going to use these numbers so the criminals have found a way for your computer to do the work for them without your knowledge or consent.
So called "Rogue Diallers" are installed on a computer usually without a users consent. They are sometimes installed with other malware downloaded from pornographic (for example) websites.
Once installed, the "Rogue Diallers" program alters a computers settings so that the "preferred" way of connecting to the internet is via a modem which in turn dials a premium rate telephone number.
topKey Loggers
Key loggers are programs that, once installed, record key presses on a computer keyboard. These key presses are then transmitted (again, without the users knowledge or consent) over the internet to a criminals system whereby they can capture and use sensitive information such as bank account details or credit card numbers.
topSpyware
"Spyware" is a vast subject worthy of an entire article but mentioned briefly here for completeness. Its importance has steadily increased over recent years.
The term "Spyware" can include a number of different methods of intrusion including viruses, trojans, key loggers and even down to the humble cookie. Currently, the definition of what is and is not "Spyware" is somewhat blurred. For example, various well known computer hardware manufacturers have been accused of using "spyware" products as part of their after sales support software.
topConclusion
We've shown you a lot of ways in which intrusion attempts happen and the motives or their perpetrators.
By now, you should be appreciating the need for taking some time when implementing computer and broadband security measures.
In our next part (Solutions for Protecting Your Broadband Connection & Computer), we go on to discuss ways in which you can protect your home or small office computer(s) from intrusion attempts.
top