Anxiety Mounts Over Possible Internet Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Anxiety Mounts Over Possible Internet Attack

Government and industry experts are increasingly concerned about brewing hacker activity.

WASHINGTON (AP) - Government and industry experts are increasingly concerned about brewing hacker activity they consider a precursor to a broad Internet attack that will target a serious flaw in Windows software from Microsoft Corp. (MSFT).

Experts are advising computer users with renewed urgency to apply a free repairing patch that Microsoft has offered on its Web site since July 16, when it acknowledged that the flaw affected nearly all versions of its flagship Windows operating system software.

The Homeland Security Department cautioned Wednesday that hackers in recent days have successfully tested new tools to seize control of such vulnerable computers over the Internet, stealing data, deleting files or eavesdropping on e-mails. The government also said it had detected an "Internet-wide increase in scanning" for victim computers.

Security companies guarding government and corporate networks have identified sporadic break-in attempts worldwide using such tools and monitored hackers in discussion groups and chat rooms exchanging tips about how to improve the effectiveness of their programs.

Applying Microsoft's repairing patch takes a few moments for home users but is a more daunting challenge for large corporations with tens of thousands of Windows computers - leading to a race against hackers for frazzled computer administrators.

"People are definitely aggressively trying to patch this," said Ken Dunham, an analyst at iDefense Inc., an online security company. "But a large rollout may need to take some time."

Researchers' biggest fears--that hackers will quickly unleash automated "worm" software that attacks large numbers of computers within minutes--have so far been unrealized. Although a major hacker convention, known as "DefCon," takes place this week in Las Vegas, experts said an attack could be launched within days, weeks or months.

"Everybody is predicting a widespread event, going from zero to 60 very quickly," said Dan Ingevaldson, an engineering director for Atlanta-based Internet Security Systems Inc. (ISSX). He estimated the likelihood of a major Internet attack as "closer to imminent than probable."

Depending on the hackers' designs, attack tools could be engineered to disrupt Internet traffic by clogging data pipelines, deleting important files or stealing sensitive documents. Experts cautioned that a particularly clever hacker could leave little trace of an attack.

Oliver Friedrichs, the senior manager for security response at Symantec Corp. (SYMC), predicted that widespread attacks won't occur soon because hackers still need to resolve important glitches in their own attack tools.

"It is a little early," Friedrichs said. "The exploit needs to be perfected. The effort applied to the exploit is certainly increased, but we're not sure if that's indicative of when we might see a widespread threat. People certainly need to be aware of this."

FBI spokesman Bill Murray said bureau investigators were studying several hacker tools designed so far and were highly concerned about a wide-scale Internet attack. "We implore the private sector--both business and home users--to visit the Microsoft Web site and install the patches and mitigations necessary to prevent this from creating a negative effect on the Internet as a whole," Murray said.

The Microsoft flaw affects Windows technology used to share data files across computer networks. It involves a category of vulnerabilities known as "buffer overflows," which can trick software into accepting dangerous commands. Four Polish researchers who call themselves the "Last Stage of Delirium Research Group" discovered the Windows problem and reported details to Microsoft.

"We know it's possible to write a worm for it. We don't know whether a worm will be written for it," said Steve Lipner, a senior Microsoft security executive. "It's certainly one [flaw] that we look at and say, 'Gee, we'd really like everybody to put that patch on.'"

Citing the flaw, Internet Security Systems previously raised its alert level to its second notch, reflecting "increased vigilance." The company operates an early warning network for the technology industry, the Information Technology Information Sharing and Analysis Center.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll