SEMA News - August 2010
By Joe Dysart
Small Businesses Now in Hackers’ Crosshairs
A distributed denial of service (DDOS) attack brought down Advanced Clutch Technology’s website for two weeks, rendering it inoperable.
While hackers once delighted in bringing down gargantuan computer networks like those of the Pentagon and multinational corporations, the latest breed is more apt to harass and bully much smaller businesses—including those in the automotive specialty-equipment market. Scott Brickey, a data systems analyst for Advanced Clutch Technology, learned this cruel fact the hard way when ACT’s website was maliciously attacked for no discernible reason and immediately rendered inoperable. “They shut down our site for two weeks,” said Brickey, referring to the hacker or hackers he has come to know only through his network. “Our web server was getting 35,000 request every second crashing our site.”
Specifically, ACT fell victim to what is known as a distributed denial of service (DDOS) attack—a full-on assault against a website in which an army of “zombie” computers attempts to log onto a website simultaneously, forcing the system to overload and shut down. Hackers launch the attack by first seeding the Internet with stealth zombie programs that are unknowingly downloaded by hundreds or even thousands of PC users. The culprits then simultaneously activate those programs at a later date.
In fact, most PC users encounter these zombie programs every day amid the spam e-mails they get in the form of invitations to click a link to an unsolicited message, picture or video. Click the zombie link, and your PC becomes a conduit that hackers use to quickly download their zombie software. Once installed, these zombie programs lay dormant for weeks or even months on infected PCs until a DDOS hacker decides to “awaken” them all at once and send a command to attack a website or network. In many cases, hordes of zombie computers located throughout the world can be simultaneously awakened to seek and attack a victim business.
“Someone was really out to get us,” said Brickey, whose company employs 40 people. “We were told that the level of the attack was equal to what a company the size of Citibank would suffer.”
Brickey said that ACT leapt from one failed fix to the next for 10 days, watching helplessly as its business over the web ground to a halt. Ultimately, the company needed to seek a service provider that specializes in anti-DDOS attacks and now pays that firm $500 per month to defend its website.
“We do a lot of business off our website,” Brickey said. “It had to be restored quickly.”
Sadly, Brickey’s experience is not unusual. According to a 2008 Frost & Sullivan report titled “Welcome to the New Wave of Hacker Exploits,” hackers today are more likely to be organized crime syndicates that operate in rings like real businesses—complete with teams of software developers and testers that ensure they’re attacking businesses with a quality product that stays one step ahead of defenders. Moreover, the attacks these days are likely to be much more sophisticated and insidious than those of the pranksters of the past. “Today’s attacks are better designed and are focused on being stealthy and passing under the radar of existing network protections,” the report authors wrote.
The solution? Unfortunately, the hard truth is that most small businesses are technologically outclassed when it comes to the most sophisticated of the hacking outfits. But even the smallest of businesses can significantly ratchet up its defenses against such attacks with these tactics:
Hire a Specialist to Probe for Vulnerabilities: Many anti-DDOS service providers can be hired to simply probe your network for vulnerabilities well before an attack occurs. Considering the significant website and other system downtimes that can result from an especially ferocious attack, this simple test can be well worth the expense.
Consider an Ongoing Monitoring Service: If you do a lot of eCommerce over the web, it will probably pay to hire an outside firm to continually monitor your website and network for DDOS and other security breaches. Start by studying the soup-to-nuts services offered by major service providers such as Verisign and Radware, then try to find a local anti-DDOS firm that can provide a similar service at a rate you can afford.
Keep Your Operating System Up-to-Date: Microsoft and other software makers devote substantial resources to ferreting out and protecting against new security threats to their software packages. By regularly updating Windows, you’ll at least give your company a fighting chance against those looking to bring it to its knees. In addition, you’ll also want to keep all the other software on your PC updated. Besides playing cat and mouse with Microsoft, hackers also try to exploit security vulnerabilities in other commonly used software packages.
Companies such as Verisign offer soup-to-nuts anti-DDOS protection.
Scour Away Unnecessary Network Services: Given that hackers love to exploit weaknesses in networks, the fewer network services your company runs, the better. Decide, for example, if you really want FTP file exchange capability on your network. Also, if your company does not use other network-dependent programs for business, such as instant messaging, don’t allow employees to download and use such programs “for the fun of it.”
Double-Check Your Security Basics: Regularly take a look at your system firewall to ensure that it is operating at top efficiency and has the latest updates. Also be sure to establish a company security policy, and ensure that all employees are fully briefed on its details. Every employee needs to be drilled on basics, such as creating passwords that are tough to guess. (Many a system has been breached with a password like “1234.”) Plus, every system administrator needs to block former employee access to a network the moment he or she walks out the door with the last box of personal belongings.
Don’t Be a Zombie: The reason cyber criminals are able to launch worldwide attacks on the smallest of companies is because so many PCs around the world are unwitting zombies. Too many of us still click on suspicious links, unwittingly download zombie software that hides stealthily in the background and unwillingly become part of the problem.
One of the most effective defenses against zombie recruitment of PCs is an everyday Internet security program. I’ve tried three of the top titles—Norton Internet Security, McAffee and Kapersky—and am most satisfied with Norton’s product (). While every Internet security program will slow a PC’s performance a bit, my experience is that Norton’s impacts a PC’s speed the least of the three, while Kapersky seems to slow a machine the most. Moreover, Norton’s latest version of Internet Security represents a major overhaul of the product and offers cool features such as minute-by-minute updates against viruses, worms and programs designed to zombiefy your computer.
In addition to PC-based programs, your network administrator may also want to install Internet security programs to defend other facets of the system.
Report the Criminals: While hackers are notoriously tough to track down, reporting their activities is one way to at least keep them on the run. Lodge your complaint with The Internet Crime Complaint Center, which is a partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance.