- Email: [email protected]
Hacker Insurance Now Part of the Business Risk Management Kit
Security Views/Dr. Bill Hancock
here except that they can write data to an alternate data stream”, said Russ Cooper, editor of Windows NT security watcher NTBugtraq.com, who moderated a discussion of the possible dangers posed by alternate data streams in 1997. That discussion concluded there was very little danger posed by the exploitation of the file streams system. “This is highly theoretical and not all that new”, said Cooper, who pointed out that to infect a computer, the virus would have to infect the main stream of the program. That would make it visible to current anti-virus programs.
ISS security consultant Chris Rouland said Trinity has new features that make it potentially more dangerous than other known DDoS strains. For example, he said he is unaware of any other DDoS tool that uses Internet relay chat (IRC) for its delivery system. IRC allows Net users to communicate in real time by joining channels hosted on one or more computers, using a password. Most significantly, Rouland said, Trinity poses a major new problem by making the attack commands available to anyone on IRC who has a password to access the hosting channel.
The virus, created by two writers using the names Benny/29A and Ratter, does little else except infect files and it doesn’t do that very well either, said Patrick Martin, product manager for Symantec Corp.’s antivirus research labs. Users should not worry about the virus attacking their computers. “This is a proof of concept”, he said. “This virus is not going anywhere. It is not in the wild.”
“In our copy of Trinity, it joins the IRC channel #b3eblebr0x using a special key”, ISS wrote in its advisory.“Once it’s in the channel, the agent will wait for commands. Commands can be sent to individual Trinity agents or sent to the channel, and all agents will process the command.” IRC offers several other advantages for delivering an attack of this kind, Rouland said, pointing to three major benefits: it affords a high degree of anonymity; it is difficult to detect; and it provides a strong, guaranteed delivery system.
Trinity v3, a DDoS Tool, Hits the Streets New attack software has been discovered that uses Internet relay chat to deliver crushing loads of traffic to victim computers and could put the launch button within reach of almost anyone. Internet Security Systems (ISS) recently issued an advisory concerning the tool, dubbed ‘Trinity v3’, which was discovered during an investigation of attacks on two educational institutions. ISS declined to name the victims. Trinity v3 joins Trinoo,TFN2K, Stacheldraht, Shaft and other programs made to launch ‘distributed-denial-ofservice’ (DDoS) attacks. In a DDoS attack, a programmer secretly embeds software (called ‘zombies’) into hundreds or thousands of computers. At a designated command or time, infected host computers send messages to a target computer. The volume of messages arriving over the Internet effectively knocks out the target server, making the website inaccessible to other Net surfers. DDoS attacks jumped to prominence earlier this year when variations of the attack were blamed for temporarily bringing down websites of major Internet companies, including Yahoo and Amazon.com.
574
Michael Hornin, a security consultant with the University of Washington, said he had not heard of Trinity v3. But he agreed that the technique of harnessing IRC could pose new problems for companies seeking to guard against DDoS attacks.“In the past year DDoS tools have really come into the limelight, and the people who write this kind of software are constantly looking for ways to make it better”, he said. “This is another example of that. Writing software that launches from IRC makes it vastly more powerful by making it available to anyone”, with the key. According to Rouland, more than 400 computer systems have been infected with the new Trinity v3 attack tool, turning them into potential drones for future attacks. “That’s enough to bring down almost any system”, he said.
Hacker Insurance Now Part of the Business Risk Management Kit Insurance firms are hoping for a boom in business as companies scramble to protect themselves against the
Computers & Security, Vol. 19, No. 7
rise in computer crime. Internet fraud, E-mail abuse, hacking and viruses are among the crimes set to rise over the next 20 years, according to research commissioned by the Association of British Insurers (ABI). According to the report “Future Crime Trends in the United Kingdom” which was prepared by independent research group Building Research Establishment, increasingly sophisticated hacking tools will make these crimes easier to commit, even for the unskilled. Of even greater concern, it predicts that specialist “hackers for hire” will pose an increasing threat to the security of corporate systems. Mary Francis, the ABI’s director general, said: “I hope the research will help organizations identify some of their vulnerable points, and encourage them to build as much protection as possible into their information systems.”… “Insurance products are continually developing to meet the demands of new technology, but, as ever, prevention is better than cure, and we must all do what we can now to prevent these crimes before they have a chance to start”, she added. A spokeswoman for the ABI said that the market for insurance against security breaches, that has until now been restricted to a few specialist brokers, is set to expand. “In order to be covered, firms will have to improve their security so the risk to be insured against is a genuine risk, rather than a likelihood”, she said.Because of the lack of experience in the industry, she said users should be clear of what is included or excluded in any insurance policy, and stressed the importance of defining their requirements carefully from the start. Security firms are beginning to team up with insurance brokers to offer policies that protect against loss of revenue and information arising from security breaches. For example, MIS Corporate Defence has announced it has teamed up with insurers J S Wurzler to provide companies with loss of revenue and virus attack insurance. The risk assessment is based on a security audit carried out by MIS that is then submitted to Wurzler for approval. The policy carries a premium based on the integrity of a company’s IT security infrastructure.
But Andrew Tanner-Smith, an industry analyst at Frost & Sullivan, said that setting up insurance cover for these eventualities is fraught with difficulties for users. “It’s very difficult for firms to put a value on the confidential information which is needed to establish the extent of insurance cover”, he said. “There is also a natural reluctance to disclose confidential information about security to any third party because it might affect the share price of firms.”
Wireless Crazed? No Security For You! Every business should be lucky enough to get a visit from a friendly hacker like Jeff Schmidt. On July 27, Schmidt tried out a brand-new wireless LAN card on his laptop at work. He didn’t expect anything to happen, because his organization’s wireless LAN wasn’t up and running yet. But to his surprise, he was able to connect without any trouble to the network of an office down the street. Oops! Rather than swipe passwords from the other office’s domain name server, Schmidt called the office to warn it. It shut down its wireless hub shortly thereafter, he says. Schmidt, a network engineer at the US Department of Agriculture in New Orleans, provided printouts of his communications with the other office, which he declined to name. “Imagine our surprise when their hub instantly returned my signal”, Schmidt says. “Since the other office was still using the factory defaults on its wireless hub, I connected just fine. No hacking, no planning — just plain, dumb chance.” Chance played a key role in Schmidt’s penetration of an outside network, but analysts say wireless LANs can be easily accessed by neighbors — friendly or not — and need strong protection.According to analysts, information technology managers can provide robust security by making sure wireless users are authenticated, preferably with a user name and password as well as a token. They also say encryption should be used end-to-end in a connection. Security can even be made strong enough to allow purchases or money transfers over the Web, banks and
575
here except that they can write data to an alternate data stream”, said Russ Cooper, editor of Windows NT security watcher NTBugtraq.com, who moderated a discussion of the possible dangers posed by alternate data streams in 1997. That discussion concluded there was very little danger posed by the exploitation of the file streams system. “This is highly theoretical and not all that new”, said Cooper, who pointed out that to infect a computer, the virus would have to infect the main stream of the program. That would make it visible to current anti-virus programs.
ISS security consultant Chris Rouland said Trinity has new features that make it potentially more dangerous than other known DDoS strains. For example, he said he is unaware of any other DDoS tool that uses Internet relay chat (IRC) for its delivery system. IRC allows Net users to communicate in real time by joining channels hosted on one or more computers, using a password. Most significantly, Rouland said, Trinity poses a major new problem by making the attack commands available to anyone on IRC who has a password to access the hosting channel.
The virus, created by two writers using the names Benny/29A and Ratter, does little else except infect files and it doesn’t do that very well either, said Patrick Martin, product manager for Symantec Corp.’s antivirus research labs. Users should not worry about the virus attacking their computers. “This is a proof of concept”, he said. “This virus is not going anywhere. It is not in the wild.”
“In our copy of Trinity, it joins the IRC channel #b3eblebr0x using a special key”, ISS wrote in its advisory.“Once it’s in the channel, the agent will wait for commands. Commands can be sent to individual Trinity agents or sent to the channel, and all agents will process the command.” IRC offers several other advantages for delivering an attack of this kind, Rouland said, pointing to three major benefits: it affords a high degree of anonymity; it is difficult to detect; and it provides a strong, guaranteed delivery system.
Trinity v3, a DDoS Tool, Hits the Streets New attack software has been discovered that uses Internet relay chat to deliver crushing loads of traffic to victim computers and could put the launch button within reach of almost anyone. Internet Security Systems (ISS) recently issued an advisory concerning the tool, dubbed ‘Trinity v3’, which was discovered during an investigation of attacks on two educational institutions. ISS declined to name the victims. Trinity v3 joins Trinoo,TFN2K, Stacheldraht, Shaft and other programs made to launch ‘distributed-denial-ofservice’ (DDoS) attacks. In a DDoS attack, a programmer secretly embeds software (called ‘zombies’) into hundreds or thousands of computers. At a designated command or time, infected host computers send messages to a target computer. The volume of messages arriving over the Internet effectively knocks out the target server, making the website inaccessible to other Net surfers. DDoS attacks jumped to prominence earlier this year when variations of the attack were blamed for temporarily bringing down websites of major Internet companies, including Yahoo and Amazon.com.
574
Michael Hornin, a security consultant with the University of Washington, said he had not heard of Trinity v3. But he agreed that the technique of harnessing IRC could pose new problems for companies seeking to guard against DDoS attacks.“In the past year DDoS tools have really come into the limelight, and the people who write this kind of software are constantly looking for ways to make it better”, he said. “This is another example of that. Writing software that launches from IRC makes it vastly more powerful by making it available to anyone”, with the key. According to Rouland, more than 400 computer systems have been infected with the new Trinity v3 attack tool, turning them into potential drones for future attacks. “That’s enough to bring down almost any system”, he said.
Hacker Insurance Now Part of the Business Risk Management Kit Insurance firms are hoping for a boom in business as companies scramble to protect themselves against the
Computers & Security, Vol. 19, No. 7
rise in computer crime. Internet fraud, E-mail abuse, hacking and viruses are among the crimes set to rise over the next 20 years, according to research commissioned by the Association of British Insurers (ABI). According to the report “Future Crime Trends in the United Kingdom” which was prepared by independent research group Building Research Establishment, increasingly sophisticated hacking tools will make these crimes easier to commit, even for the unskilled. Of even greater concern, it predicts that specialist “hackers for hire” will pose an increasing threat to the security of corporate systems. Mary Francis, the ABI’s director general, said: “I hope the research will help organizations identify some of their vulnerable points, and encourage them to build as much protection as possible into their information systems.”… “Insurance products are continually developing to meet the demands of new technology, but, as ever, prevention is better than cure, and we must all do what we can now to prevent these crimes before they have a chance to start”, she added. A spokeswoman for the ABI said that the market for insurance against security breaches, that has until now been restricted to a few specialist brokers, is set to expand. “In order to be covered, firms will have to improve their security so the risk to be insured against is a genuine risk, rather than a likelihood”, she said.Because of the lack of experience in the industry, she said users should be clear of what is included or excluded in any insurance policy, and stressed the importance of defining their requirements carefully from the start. Security firms are beginning to team up with insurance brokers to offer policies that protect against loss of revenue and information arising from security breaches. For example, MIS Corporate Defence has announced it has teamed up with insurers J S Wurzler to provide companies with loss of revenue and virus attack insurance. The risk assessment is based on a security audit carried out by MIS that is then submitted to Wurzler for approval. The policy carries a premium based on the integrity of a company’s IT security infrastructure.
But Andrew Tanner-Smith, an industry analyst at Frost & Sullivan, said that setting up insurance cover for these eventualities is fraught with difficulties for users. “It’s very difficult for firms to put a value on the confidential information which is needed to establish the extent of insurance cover”, he said. “There is also a natural reluctance to disclose confidential information about security to any third party because it might affect the share price of firms.”
Wireless Crazed? No Security For You! Every business should be lucky enough to get a visit from a friendly hacker like Jeff Schmidt. On July 27, Schmidt tried out a brand-new wireless LAN card on his laptop at work. He didn’t expect anything to happen, because his organization’s wireless LAN wasn’t up and running yet. But to his surprise, he was able to connect without any trouble to the network of an office down the street. Oops! Rather than swipe passwords from the other office’s domain name server, Schmidt called the office to warn it. It shut down its wireless hub shortly thereafter, he says. Schmidt, a network engineer at the US Department of Agriculture in New Orleans, provided printouts of his communications with the other office, which he declined to name. “Imagine our surprise when their hub instantly returned my signal”, Schmidt says. “Since the other office was still using the factory defaults on its wireless hub, I connected just fine. No hacking, no planning — just plain, dumb chance.” Chance played a key role in Schmidt’s penetration of an outside network, but analysts say wireless LANs can be easily accessed by neighbors — friendly or not — and need strong protection.According to analysts, information technology managers can provide robust security by making sure wireless users are authenticated, preferably with a user name and password as well as a token. They also say encryption should be used end-to-end in a connection. Security can even be made strong enough to allow purchases or money transfers over the Web, banks and
575