Automated Tools Fight Security Wars
Source: Thomas Claburn - Posted by Joe Shakespeare   
Security Last year, a computer worm that conducts automated reconnaissance appeared; it uses the Google Inc. search engine to automatically find Web sites running vulnerable bulletin-board software and then defaces them. The financial-services industry noticed a spike last fall in phishing attempts to steal money from customers' accounts and put the blame on a new toolkit that made it easier to set up such scams.

Ticket scalpers, meanwhile, use software that deciphers the wavy words that need to be entered to make purchases on E-commerce sites, hoping to scarf up automatically masses of tickets they then can sell at outrageous rates. Spammers are bypassing similar image-recognition challenges, used by Internet service providers to prevent bulk registration of E-mail accounts, with scripts that trick Web surfers into solving picture puzzles for them. And 24 hours a day, bots search the Net for vulnerable systems.

Welcome to the machine wars, where zombie armies--computers compromised and subverted by hackers--churn out spam and malicious code in relentless raids on the PCs of home users and the commercial world's IT systems. Security vendors say it takes as little as six to 15 seconds for a software-driven attack to find and infect an unprotected PC connected to the Internet. "Automated tools that scan IP address blocks are relentless and never get tired," says Bill Hancock, VP and chief security officer at IT service provider Savvis Communications Inc., via E-mail.

The good guys are fighting back. One means is through better blocking of spam, the river on which many automated attacks travel. Another is turning the network itself into a security device. AT&T, the largest carrier of IP data nationally, each day analyzes 1.7 petabytes of information that passes through its IP backbone, looking for new attacks so it can teach its network to spot and combat them through proprietary algorithms without human intervention. "We're seeing a substantial need to automate the defense mechanisms that are in place," says Stanley Quintana, AT&T's director of security services. "Automating real-time mitigation is a way to deal with this. But the only way you can really have good real-time mitigation is to have good real-time intelligence."

Automated hacking has gotten so bad that a federally funded effort to track cyberspace attacks has quit counting. The CERT Coordination Center, part of Carnegie Mellon University's Software Engineering Institute, noted that 21,756 incidents--each of which can involve thousands of sites--were reported in 2000, 52,658 in 2001, 82,094 in 2002, and 137,529 in 2003. Last year, it stopped publishing the number. "Given the widespread use of automated attack tools, attacks against Internet-connected systems have become so commonplace that counts of the number of incidents reported provide little information with regard to assessing the scope and impact of attacks," the group said.

Read this full article at Thomas Claburn

Only registered users can write comments.
Please login or register.

Powered by AkoComment!