New Technologies: An Invitation to Cybercrime?
By Deb Shinder
One of the greatest things about the IT business is the whirlwind pace at which newer, better, faster technologies are developed. Not satisfied with today’s Internet connectivity options? Longing for more portability? Just wait a few weeks or months -- new products and services are coming along every day to satisfy your secret (and not-so-secret) desires.
There is a dark side to all this progress, though. New technologies not only make life easier for IT professionals and end-user "citizens of the ‘Net" -- they also make it easier and more convenient for cybercriminals, who use computers and networks for a variety of illegal purposes, to do their dirty deeds. Technologies such as broadband and wireless computing have the potential to make the computer experience for businesses and individuals more productive, easier, faster and more fun. Unfortunately, the criminal element loves these new technologies, too. Convenience and performance often come with a price, and that price is sacrifice of security. This is especially true when technologies are new, security flaws have not yet been widely recognized and solutions have not yet been developed or made public.
Why do cybercriminals love broadband technologies such as xDSL, cable modem and satellite Internet services? These technologies have made it easier for hackers to invade those users’ computers and networks. Because individual computers attached to broadband networks such as cable modem or DSL behave more like computers attached to a network than like individual computers that use telephones to dial into the Internet, this has made it easier to exploit the technology to gain unauthorized access. As a consequence, broadband users need to be much more security conscious than dial-up Internet users.
The problems with broadband are based largely on the factors that make it so attractive to ‘Net users: high speed, 24/7 connectivity, and low cost. A network is vulnerable to an attack from outside only when it is connected to an outside network. When most users and companies were connecting to the Internet with analog modems, or perhaps dialup ISDN connections, their vulnerability to attack was limited because the system was available to outsiders only during a session. When you finished doing what you wanted to do on the ‘Net, you disconnected and your system "disappeared" from the Internet.
Additionally, most Internet Service Providers use the Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to dialup users. This means that your Internet-connected computer gets a new IP address each time you hang up and reconnect.
DSL and cable are referred to as "always-on" technologies. You don’t have to dialup a connection each time you want to get onto the Internet; instead, you stay connected 24 hours a day, 7 days a week. This makes it quicker and easier for you to access Internet resources. It also makes it easier for you to run a server, allowing other authorized users to access shared files on your system remotely. And because your IP address generally stays the same since you don’t disconnect, these authorized clients can find your server more easily from one communication session to the next.
The problem with 24/7 technologies is that they also make it easier for unauthorized folks to access your system, too. Your exposure is much greater because you’re "always open for business," giving a hacker more time to mount a brute force attack to guess your password, or figure out which TCP/UDP ports might be open and vulnerable. And because your IP address stays the same, it’s easier for them to return to your system next time they want to do a little virtual breaking and entering.
Another advantage of broadband is the increased connectivity speed. Unlike an analog modem that’s limited to 56Kbps (and practically speaking, less than that due to federal regulations and line considerations), DSL and cable companies offer high speed download speeds, and often higher upload speeds, as well. This means improved performance on your end – but if your service also offers a high upload speed, it also means an intruder will be able to snatch your files more quickly.
Luckily, in terms of security if not usability, most broadband services are asymmetric. That means that upload and download speeds are not created equal; typically for consumer accounts, the upstream transfer rate is limited to 128Kbps by cable companies, and anywhere from 128Kbps to 764Kbps by DSL providers.
The problems connected with the high speed 24/7 connectivity and high speed data rates associated with consumer broadband technologies also exist with traditional 24/7 high speed business solutions such as T-1. However, because most T-1 lines are connected to companies that employ IT professionals, it is more likely that there will be security measures in place to offset the security risk.
The problem with cable and DSL is that these technologies have brought high speed, always-on access to home and small office users who can’t afford the high cost of T-1. These less sophisticated users are also less likely to be aware of the security risk, or to have the technical expertise or budget to implement the proper level of security.
There are steps you can take to protect a broadband connection (including, for example, deploying ISA Server on your broadband-connected LAN), but many new users of these technologies aren't aware that there is a risk, much less knowledgeable about how to reduce it. That means its open season on broadband connections for cybercriminals who are looking for ways into others' systems and networks.
For a detailed discussion on the perils of broadband, wireless, mobile computing, and other new technologies, and how to address them, see Chapter 2 of Deb's new book, Scene of the Cybercrime (published by Syngress Media, due for release the first week in August). For more info about the book, see www.sceneofthecybercrime.com.