Netwar, Part I

So, all over the news you hear of phishing scams, trojans, worms, viruses, cyber war, and bears, oh MY!

What are the true realities of the internet? Are we destined to have a world of internet black outs, where-when twitter and farming will be disrupted? Not to mention banking systems, stock trading, orders and prescriptions...the internet has quickly become the medium for a new century, deftly displacing traditional markets.

Brick and mortar stores are under attack, the few major outlets that do carry music and movies offer a scant selection--voice over internet protocol is looming in the face of cell phone and telco solutions. Oh, and lets not forget Netflix, iTunes, Steam, and so many other wonderful digital distribution systems.

Google's Chrome is poised to become the first widely distributed internet-based "cloud device," where-when most of your applications will reside on someone else's server, using up their computing resources more than your own.

It's no secret companies wish to exploit the promises of cloud-based software more than stand-alone applications where they have to code different versions for several platforms, and then distribute them through several channels.

Switching it all over to software-as-a-service makes sense for companies in the long term, but it also adds another layer of dependency on the very technology that poses the greatest risk.

How can you create your spreadsheet if Excel is down?

In this article I will discuss a variety of topics that deal with the internet's foundations and how cyber attacks can use these in some instances in quite nefarious ways. It's a long, long ride. But you'll learn something, I hope .

To understand how the system can be exploited, we must first understand how it operates.

The video above shows how a packet of information travels through the internet. It describes the use of internet protocol, and a form of communication called packet-switching. So we have the IP protocol stack, the way information is packaged and transmitted, as well as a method for doing so.

Virtually every network resource has a location based on an addressing scheme within the IP protocol standard. You may have seen it before--your home router, for instance, is usually something like 192.168.1.1. You can today interface with this device in your browser, but enterprise grade and beyond are usually controlled through other manners.

Whether you're banking, playing a video game, streaming a video, or sending a print through a network, it's all done generally towards a certain model specification--the OSI model.

The network stack, the IP/TCP suite, only resides in "layer three" of that particular model.  Other protocols can exist and replace it, but most often it's quite convenient to keep everything on one protocol, therefore other types of communications are built on top of layer three instead of outright replacement.

By now, you may be overwhelmed by incredibly benign and possibly even boring information. The truth is, while the internet may seem magical, it's really easy to implement . Following the guidelines above, computers that were once hampered by having dissimilar methods of communicating now had one standard language.

Using an IP Address, data can be packaged and sent from one end of the world to the other, automatically taking the best route possible. But because an IP address and it's functionality is only one layer (and for good reason) there's also a unique 48-bit address burned into every device that is connected to the network called a MAC address, or Media Access Control address.

This, combined with the IP, is how the information ultimately arrives safely at each point of the destination.

The reason for this double addressing scheme is simple: IP addresses have over gone several revisions in the past to accommodate an ever growing demand. There are several classes and blocks of IP numbers one can officially license, so to avoid paying large amounts of fees and wasting numbers, every network is segmented and sub-networked.

So if you take your laptop from one hotel to another, while your IP address will change your MAC address will always stay the same. Unless, of course, you use a different way of connecting: buying a new ethernet, wireless, or cellular network card would affectively give you a new address. But one that the mailman doesn't have to worry about registering.

Good. On to exploitation.

There are several vectors of attacking the internet's resources, and because of this, I'm not going to cover everything here.

Let's discuss four of the most principle ways:

1. DoS, or Denial-of-Service Attack
2. Viruses, worms, trojans. (Or, malware)
3. Spoofing
4. Social Engineering

Much like all common network intrusions, Distributed Denial of Service Attacks at some level, are the product of an unsuspecting group of infected computers that have already been compromised by most generally a virus or worm. (More on those, later.)

In this type of attack a large collection of computers begin to "ping" one or more group of network resources. First the connection begins to slow, and if the attack continues the server will be brought to it's knees as it becomes overwhelmed with superfluous requests by hundreds, if not thousands of computers at once.

While all this does is slow the victim's network down, it can cause multitudes of errors and business set backs. Amazon can't place orders if it's site is too slow for it's customers.

Recovering from these attacks can simply be a matter of time or a matter of changing certain address locations. So, while the computers may be programmed to attack one IP address--another may be used to point to twitter.com, affectively disrupting the attack. But there's issues with this.

The internet is a network that does it's best to send information packets to the recipient by storing routing tables in the devices that do the delivery. When one IP address changes, it can take some time for routing tables--as well as several other applications--to recognize this.

And, in the end, besides blocking ports that the DoS attacks are sending their useless messages to, the trouble really doesn't come down to the network it's self. It's all about the computers who are infected and ruining the party.

Whilst the debate has raged through out the inner most circles of geekdom over which operating system is more secure, market penetration and certain realities point the finger squarely at Microsoft Windows and Mac OS X dominating on the consumer level.

Despite other choices, like Unix (traditionally expensive) and Linux (in it's infancy when Windows 3.1 was hot), which is regarded as more secure, Microsoft Windows became the dominating consumer level OS because of slick marketing tactics and a bevy of anti-competitive behavior.

Although, truly, no computer system is ever secure. But there are multitudes of prevention measures one can take to mitigate the risks.

In the early nineties as the computer industry shook out and further consolidated, the Microsoft Windows platform would soon replace ATARI, Commodore, and yes, even Mac OS. And, as the years passed--and a stable Windows NT (New Technology) product shipped, Windows increasingly became easier and more desirable to use within a networking environment.

The computers of old, with ancient operating systems or specialized designs were slowly fading due to the rise of Windows and commodity hardware parts.

From this angle, one may see that Microsoft Windows was a product to be reckoned with, ready to invade as many sectors as possible.

That's not quite the case.

We must remember that Microsoft didn't invent the world wide web, and really didn't bother with a web browser until someone had already claimed that space--and they certainly didn't invent networking technology.

In short , most operating systems by 1995 used by consumers had acquired over their evolution layers of cobbled together code to graft key concepts of networking onto the environment.

Computers were functional in networking, and the invention of Cisco's routers sure helped, (as well as several other technologies I probably shouldn't name drop) but the sudden surge of modems and ethernet cable gave rise to exploitive use. Once the domain of your average to highly skilled black hat hacker, skript kiddies were born in an AOL world.

Tools like Back Orifice and Netbus were common. But that was just child's play compared to the sophistication that would come in the form of ILOVEYOU , Code Red , and a host of others.

By 2000 worms were commonly propagating their selves through accessing your Windows contact lists and mailing out to people. As this technology gained stability savvy people realized by infecting scores of machines they could sell the botnets they had created as spamming machines.

And it's all because of one certain truth: MS-DOS -based Windows 9x and even Windows NT just weren't built in an era where a clear picture of the internet in Microsoft culture existed.

In 1995, during the launch of Windows 95 Bill Gates penned "The Internet Tidal Wave ," declaring here and now that Microsoft needs to shift gears abruptly and focus on key internet technologies if it was to ensure it's survival.

By 1998, and the release of a consumer Windows of the same name, Microsoft had made in roads onto the most important invention of the internet: the world wide web. The once dominating Netscape browser had begun to lose it's grip as every new computer coming out of most manufacturer's warehouses were shipped with some version of Windows for bulk licensing discounts.

Amid the flurry of re-inventing it's image as a network savvy one Microsoft made extensive efforts to make Windows user friendly and network-ready. They created an ISP--bought out WebTV--foretold the world of "netappliances," "SPOT watches," and other interesting fodder for the media to soak up.

And no one can argue--Internet Explorer took off at a rate unseen since...well, Netscape . The problem with Microsoft playing catch up is no one ever stops to ask "How much is too much, too fast? "

Microsoft had been so busy grafting networking technologies into it's already aging legacy (and it's legacy was long and glorious; backwards compatibilities) platform it didn't know where to start and where to end.

Internet Explorer, for instance, was very closely integrated into Windows. Unlike Mac or other OSes, instead of two separate applications to access the net and your hard drive contents Microsoft figured cut the middle man and make Explorer do both.

But if this piece of code is compromised--especially in a novice culture where no one has passwords--it's trivial to take over the system and do with it what you will.

Microsoft made missteps in integrating the internet into Windows and it's other applications as well. These errors could not be addressed quick enough, but even if Microsoft unwound IE from it's core it would still be a DOS-based system.

DOS was horrid; it was a single user system prone to crashing due to severe memory leaking. It was not designed in any way to be a "networked" system.

So again, as time plodded along, Windows NT took over. Phasing out the 9x line with arguably the worst release of Windows ever, Windows ME. (Well, at least before Vista.) The next time Windows would see it's self incarnated into a consumer level OS, it would be an eXPerience.

Within that time frame Microsoft had merged Windows NT and 9x into one line of operating systems. It was as if DOS had been eaten; now, the only way to run older apps, was to emulate DOS. And this didn't always work out.

A foundation was laid for a better, more stable, and more secure Windows. But it still contained more bugs and flaws than ever, because it had yet to learn from it's mistakes with integrating the architecture so closely together, unlike Unix and it's derivatives. So when they dumped the 9x MS-DOS thing, they had a whole new platform with less baggage to tweak and make secure.

They just wouldn't bother until it became blatantly obvious they had to do something.

But that day would come in 2002, and now they were tasked with taking Windows NT--a multi-user operating system with networking capabilities--cope with the fundamental realities of present day internet use.

So, in the mean time, hackers exploited the hell out of their code.

When hackers reverse engineer or discover crippling bugs in programming they have been often chided for releasing said information to the general public. But when said information does get through to the owner of the code--like Microsoft--generally these issues are dealt with as they arise and can be patched.

But the theory is the less word gets around of these bugs the less the chance they will be used in a nefarious capacity. What they, as well as many other software vendors, remarkably forget time after time is that this is the internet, dude . Failures don't go unnoticed anymore here than the real world.

Even today, this would account for what are known as "Zero Day " exploits. Errors either newly discovered or relatively kept secret are still popping up every day.

Bear in mind, though, the stuxnet worm's ultimate goal appears to be infecting a specific non-PC target, but uses PCs to help propagate it's self into said network.

Bottom line: If you're in the majority and using Windows and don't take antivirus seriously, you're not doing enough. And make sure to do updates as often as possible. Microsoft has since been issuing as many security fixes as it can for many of it's operating systems quite frequently; this goes into their effort to make their OS more secure.

Tired yet? Go ahead, take a rest...I'll wait.

Okay, ready?

While I won't go into much detail about methods of dealing with the matters discussed here (that's for Part II ) due to the rise of wireless networks it has now become rather easy to gain access to not only a home network, but a bunch of insecure machines just ripe for entry.

One way to steal sensitive information from someone on a network isn't by figuring out how to connect up and issue a correct password, but by rather , listening for one. You can do this by "spoofing " the address of your own wireless adapter.

Since the TCP/IP protocol stack assumes that ever MAC ID is 100% unique to each device, magically the traffic to and from the victim's MAC address becomes easily visible to a person with the right knowledge and software.

This is a gold mine, and a good reason to use the most secure encryption on your home routers with wireless built in. (Although there are many techniques to circumvent the most basic ones.)

While many websites use secure transmission techniques when sending sensitive information (and thus hard to decrypt on the fly) it's often trivial to listen to someone's IM conversation, for example. Even whole VOIP conversations . Wanted to know how the black hat world does it's espionage ? Here's part of the story.

Even with the most secure wireless network, any ethernet port will do. So any physical access to a network is a gateway to possible attack.

Finally, we come to a juicy core of an apple hanging off the tree of forbidden knowledge. Why the hell would anyone bother going through extensive links to hack into a system and gain information if it didn't need to make it quite that complex?

Social engineering is the most useful of hacker tools.

Yet, it involves nothing complex. It's how hacker Kevin Mitnick survived out on his own without being captured for so long; he would call up the authorities themselves and talk them into divulging information. It then became a case of he knew what they knew, and they didn't know.

With social engineering one could easily gain access to the right room, the right computer--or the right port--and do anything to the network, given enough time and talent. And a hacker doesn't even need to use social engineering on this level--all one must do is somehow get someone to grant them access to the system.

It's as simple as infecting a thumb drive, or sending a malicious e-mail.

You'll click on it, and install it, trusting the person on the other end as someone who is there to help you. Or more often, a social engineer loves to invent sobs stories. That's when that natural tendency to be nice kicks into turbo. We want to help someone so they don't get fired, or caught doing something we feel is innocuous anyway.

We're our own worst enemies.

And during these cyber wars---it's only more blatant. Beyond all this technology, man is still throwing sticks and stones.

The information presented here offers a glimpse between the headlines of hackers, card thieves---industrial espionage...all of the same old human tricks, taken to the information super highway. And that highway--while unique, awesome, and quite useful, is filled with potholes .

The focus on Windows here was not to bash it--it's merely there to prove as an example; ultimately, no operating system is secure. Especially if a social engineer is involved.

It's no wonder there's talk of an "Internet Kill Switch," but this is a fool's way out. Why shut down the internet--at any capacity --when we can just adapt to these potholes and perhaps build a whole new infrastructure?

But that, and more, is for the next article...