- Related Stories
-
Chess Club waits for next move
September 18, 1996 -
ISPs search for a cure
September 17, 1996 -
Hacker bombardment keeps site in check
September 16, 1996 -
Jury still out on hacking
August 18, 1996 -
The Net's most wanted
August 16, 1996 -
Hacker alert sounded
August 8, 1996 -
Web watchdogs sharpen teeth
July 30, 1996 -
Hacking cost businesses $800 million
June 6, 1996
But catching the online saboteur isn't easy. In fact, it may not even be possible.
Just ask Daniel Sleator, a computer science professor at Carnegie Mellon University and president of the Internet Chess Club. A little more than a week ago, someone decided to close down the subscription-based chess service by waging the latest tactic in hacking trends, a "denial of service" attack.
In this particular form of the assault, somebody somewhere programs a computer to continuously spew out phony authentication messages to the targeted server, keeping it constantly busy and locking out legitimate users. Experts say that new protocols have been designed to eliminate the problem, but they won't be available for at least a few years. (See illustration below)
Called a "SYN-flood attack" in computer-speak, this type of electronic assault is proving to be far more insidious than previous online threats. Not only is it simple to do, but the way to do it is now widely available from at least two publications on the Web.
|
|
Stephen Hansen, Stanford University computer security |
And tracking down the attacker is an equally troubling process.
In the case of the Internet Chess Club, it involves tracing the launched missive from the club's server, backwards. That wouldn't be so tough if the attack had taken a straight path from the originating machine to its target. But nothing on the Internet ever does that, and this is no exception.
Instead, Sleator's local provider, Imagiware, and Imagiware's provider, Netcom, have undertaken the unenviable task of tracking the attack back to its nefarious origins, provider by provider.
The only known way to do that is the painfully laborious procedure of going to the closest provider in the chain and asking its operators to track the previous provider that sent the data, and so on. It would be like requiring a police officer pursuing a stolen car to stop each time she crossed the border into a new city, contact the local force, and ask someone there to continue the chase to the next town in a kind of absurd investigative relay race.
"If you've got 30 routers between the attacker and the target, you can imagine that might take an awful lot of time," said an understated Hansen.
And then there's this unfortunate fact: "By the time you get back to him, he may have moved on to another site entirely," Hansen said. Or, he added, the offensive data is emanating from a hacked computer that has been programmed to send the authentication requests automatically.
That's just what Sleator imagines--finding a lone computer. "I have a vision that it's just a machine there, running a little program that's spewing out this stuff, and there's nobody there, and there's no way to find the person who started this new program," he said.
No chance for vengeance. No chance to press charges for the money the guy cost him in lost customer and technician hours trying to fix track the problem and devise ways to work around it.
Plus, the ploy is so simple that even the publisher of the hacking magazine, 2600, won't even call it hacking. "It's pretty much like running a script. It's going through a formula. Hacking is figuring it out," said Emmanuel Goldstein.
For example, the person responsible for the Chess Club attack, the one against New York service provider Panix, or others that have been violated in the last few weeks could easily have copied the program from 2600 or downloaded it from Phrack, a magazine devoted to hacking.
Both 2600 and Phrack defended their decision to publish the code, saying they were simply exposing a hole in the architecture of the Internet, making people aware of it so that they could patch it.
Hansen, however, doesn't buy it.
"People have known about this particular problem for years," he said. "I don't think we need to give handguns to every kid with a two-digit IQ in order to get the idea that it's a bad thing to give guns to kids with two-digit IQs."
Meanwhile, until there's a real solution, people like Sleator try to find ways to run their services while the attacks continue.
"Any organization that isn't very tightly firewalled off is potentially vulnerable," he warned. "And even those who are firewalled off-- they may have to worry as well."
 |
|
In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.
|
 |
|
In a "denial of service" attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely. |
I WILL PAY YOU IF YOU CAN HELP ME!!!!!!!!!
This person is bothering me on myspace. I added a code that HID my comments on my myspace, but this hacker comes in and deletes a lot of the comments (other people's comments) on my page EVERY DAY! I CHANGE my password and email everyday but to no avail.
So far, about 300 of the comments on my myspace have been deleted by this hacker! He even deleted a few of my FRIENDS!!!! Even my PICTURES got deleted!
I waited until he stopped but he deleted 20 of the comments on my myspace TODAY.
I think he's going to my home page and deleting the comments there because he obviously can't otherwise because I added a code that hid my comments. My profile is set private.
It's been about a YEAR since he's been bothering me!!!!!!!!!!!!!!!
I could shut down my myspace but i don't want to!
I want to know who's bothering me like this! He thinks that he's some computer genius who can get away with anything....
So I'm using my last card on you. I did everything that I could in regards to hiding stuff and changing passwords/email...EVEN THE MYSPACE CUSTOMER SERVICE people will NOT HELP ME!!!!!!! :(
U can tell that this is serious considering that i will pay anyone if s/he can help me catch this hacker and prevent this from happening!!!!
I want:
1) Someone to catch this hacker
2) Prevent this hacker or anyone from hacking in my myspace and not delete my friends, comments, or mess anything up on my site
3) If u have some helpful idea besides changing my password or just letting this slide, let me know! This is terribly aggravating! :(
Please help me as if you were my real older brother! I am paranoid because hes been bothering me for a long time and as a last resort, i am writing to you.
CAN YOU PLEASE HELP ME, PLEASE?????????
I will be waiting so please respond if u can help me! THIS IS NOT A GAME!!!!! THIS IS SERIOUS!!!!!
Thank you~
thanks
- by the_friar April 2, 2009 1:51 PM PDT
- try to make a password that tell a story like to three little pig when to the market take that and add
- Like this Reply to this comment
-
(3 Comments)T3lPwHen2TheMarkit
and the hacks will try to brute force it it with take forever
plus change your password recovery words thats how Id get in:)
and have difrent passwords for diffrent things web sites