Arun Marballi

Have you succumbed to the Obama-mania yet? Well, those cyber crooks are sure betting that you have - because even while the election results were still warm, there were numerous "come hither" spam messages propagating the cyber space promising everything from exclusive election video to behind-the-scene pictures of the winning campaign.

Many of these spam messages were vectors for pushing out a Trojan program seeking to compromise the security on your computer and enable unauthorized access. This was not an unexpected phenomenon however - because, as I have noted in my earlier columns, these folks from the dark side, prey on social engineering opportunities such as Obama-mania. In fact, it has been forecast that the ongoing presidential transition with its many rumors and unconfirmed reports, will embolden these opportunists with many additional Obama-related attack chances.

While the election and its aftermath provided social engineering opportunities to get at your computers, the two contending presidential campaigns did not go unscathed. There are reports indicating that computers belonging to both campaigns were hacked into by an "unknown" foreign entity.

According to Newsweek, an FBI agent informed Obama's campaign that the intrusion had resulted in numerous files being downloaded. It has been speculated that the foreign entity was either Russian or Chinese and that they were attempting to gain access to policy positions of the two candidates. According to the Financial Times, the White House was not spared either. Apparently, Chinese hackers have penetrated the White House network on numerous occasions and accessed official e-mail and files.

The Financial Times further adds that most of the time these accesses have been for short durations and have involved pulling large volumes of low-level information in an espionage technique dubbed as the "grains of sand" approach. It certainly looks like we have tumbled into an era of cyber-espionage!

While cyber-espionage seems to be replacing the good old cloak and dagger stuff of James Bond movies, an experiment by researchers at the University of California at San Diego showed that it was possible to use digital cameras with telephoto lenses to capture images of keys and create duplicate keys without physically possessing the original key - thereby gaining physical access, albeit not necessarily authorized, to places that would hitherto have been out of reach. So, think twice before leaving your keys in plain sight - they just might make a picture worth a thousand locks.

Even as keyless key duplication represents a use of computing power to gain unauthorized physical access, the discovery of a highly sophisticated and undetectable Trojan called Sinowal has revealed the inroads organized crime has made into the world of cyber-extortion. This Trojan, it appears, is extremely undetectable and does not rely on any overt action by the computer user.

In fact, it lays in wait on rogue websites for computers that have any vulnerable or unpatched software to come by visiting and on encountering such a machine, quietly and without any fanfare installs and hides itself on that computer's master boot record.

Once installed, it stays there hidden silently gathering financial and private information that is then, just as quietly, shipped off to its masters for harvesting. Once infected, the only remedy is to reformat the hard drive and reinstall the operating system and all the software - a very daunting task indeed! The full extent of this infestation is unknown, however, based on the password dump of one machine that was discovered to be infected, it is estimated that more than 300,000 Windows machines have been infected and over half a million financial accounts may have been compromised.

Again, since these numbers are extrapolations from data found on one machine, the actual incidence could easily be an order of magnitude higher. Keeping the computer software up-to-date should minimize the risk of this infection.

Most Web-based exploitations arise from some form of trickery orchestrated by the cyber-crime perpetrators. For instance, the technique called "clickjacking" involves the exploitation of an HTML feature that allows websites to embed content from other web pages. The embedded content could be invisible and the user could unknowingly be tricked into clicking on it.

For instance, it is possible for a "clickjacking" attack to turn on a user's web camera and microphone without their knowledge. How about that for empowering clandestine online voyeurism? Apparently, an upgrade to the web browser Firefox called NoScript stops "Clickjacking" attacks and to-date is the only method for avoiding this form of attack.

Perhaps, it may be time is hang up the gloves on the Internet Explorer web browser and give Firefox a try or at the very least disconnect the web-cam and microphone when you are not using it.

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home