President's
MessagePresident's
Message
|
Rich Skrenta was a ninth-grade student in Pittsburgh in 1982 when he started playing around with the operating system on his Apple II computer. He inserted some extra code in an unused space on track 2 around sector 8 of the OS, and then placed an ID in the disk’s table of contents that activated the code every time a catalog command was made. The tiny program would keep track of boots, and every fifth time the computer was turned on it would play subtle tricks. Then, on each 50th boot, it would display a message: It will get on all your disks It will stick to you like glue A thousand clonesAt the same time, Joe Dellinger, a student at Texas A+M University, was experimenting with a similar string of code to see how fast it could replicate on his disks. The virus escaped and began smearing the graphics displayed on pirated games copied to other disks. A revised version of the virus was quickly assembled which reversed the effects of the first. Like his near-namesake who had a preference for robbing banks, Dellinger probably created viruses because that’s where the payload is. Global wormingFrom these innocent beginnings, computer viruses have multiplied, along with their code, to the point where their combined cost has drained more resources from the economy than all the bank robberies ever conceived or pulled off. A survey in 1990 by ICSA Labs, a leading computer security firm, said companies with 500 or more PCs suffered an average of 525 infections, with about two servers down for about 21 hours each. Fixing these attacks consumed an average of 344 person days and about $120,000 in costs. ICSA estimates the average company spends $100,000 to $1,000,000 annually to deal with virus disasters. The CERT Coordination Center at Carnegie Mellon University, which tracks IT issues for the federal government, reports that computer security incidents rose from 9,859 in 1999 to 21,756 in 2000 and 34,754 for just the first 9 months of 2001. It was added that about 80 percent of actual incidents are reported. Code warsAccording to McAfee Associates, about 10-15 new viruses are discovered in the wild each day. Although older viruses are becoming extinct due to changes in operating systems, newer worms and Trojan horses are easier to create, spread much faster and carry more destructive payload. The General Accounting Office warns that "a potential hacker can literally download tools from the Internet and ‘point and click’ to start a hack." The potential for disaster has increased as hackers have become more professional and more directed. The Defense Intelligence Agency reports that at least 20 countries are known to be developing information warfare strategies targeting the United States, and terrorist groups are actively seeking ways to disrupt Internet commerce through denial of service and other types of attack. A sort of digital cold war is even going on in the background between rival groups of hacktivists, and a coalition of antiterrorist hackers dubbed Yihat (Young Intelligent Hackers Against Terrorism), has asked for official recognition from Western governments to help track down and interrupt illegal money transfers. It’s a jungle in thereThe mounting threat of viruses and hacker attacks has produced a growing awareness and alarm among computer users, but as yet too little active response. Only a few years ago, the president of another user group wrote in his monthly column that computer viruses were largely a hoax perpetrated by the purveyors of security software. According to InterSurvey, 92 percent of Americans were aware of the Love Bug virus after the weekend it appeared in 2000, but only 12 percent reported that they were directly affected by the bug. Still, surveys are finding a growing sense of vulnerability among an increasingly Web-wise public. A 2001 poll conducted by Electronic Data Systems reported that two-thirds of Americans feel threatened by or are concerned about cyber crime. An Internet Tracking Survey by Princeton Survey Research Associates in May-June 2000 found that 54 percent of respondents were concerned that they might get a computer virus when they download information, and a McAfee poll a year later found that 86 percent thought the threat of virus attack had increased over the past year. Chinese polls show more than half of that nation’s PC users had experienced a virus or Trojan attack, primarily from pirated compact disks or floppies. But alarm does not always breed caution. In a February 2001 survey, by Bruskin Research, 41 percent of respondents said they do not personally back up their data, and 69 percent of home users and 46 percent of work users backed up once a month or even less often. The workplace is often the most fertile breeding ground for virus attacks, which arrive by e-mail or even from Web servers, and then hitch a ride via huge banks of e-mail addresses for business contacts. Corporate IT departments are typically slow to adopt new more secure versions of Internet software or the latest security patches. ICSA found that less than half of companies have any protection at their servers and gateways to filter e-mail attachments or contents of messages. And government IT security is even worse. The GAO, which routinely hacks into government agencies to test their defenses, reported to Congress that two-thirds of federal agencies failed the test. In some cases, computers were not protected by passwords, or lists of passwords were stored in plain sight. Like safe sex, safe computing is a habit that must be actively promoted at all levels of use. At a time when destructive viruses or worms can spread world-wide in minutes, one’s identity can be stolen and exploited, and companies can be humbled and put out of business by denial of service, the potential for havoc is enormous. How do we protect ourselves? Find out at the next DACS General Meeting on March 5, for some sage advice from our resident security guru, Jeff Setaro. –Allan Ostergren |
