Thursday, April 30, 2026
News and Views from the Global South
TECHNOLOGY: Can Security Birds Catch Computer Worm?
Marty Logan
- No less an authority than the U.S. Department of Homeland Security launched the vital-sounding National Cyber Alert System to fight the problem, in late January.
This week, computer mammoth Microsoft released an entire compact disc filled with the latest security upgrades it has issued just since October to defend against the scourge – computer hacking, described by one expert as primarily the antics of hormone-crazed teenaged boys.
"We’ve got a pretty good idea of the profile – a lot of it is just young guys . they’re just not mature yet, and they do what young guys do – they cause trouble. It’s that simple," says Dorothy Dennings, a professor at the Naval Post-Graduate School in California.
Computer hacking, or attacking, was dramatically (and literally) "brought home" to millions of computer users worldwide via the Mydoom "worm" earlier this month.
A virus that burrowed into a user’s email software, copying every address inside and then shooting out the same malicious email to each one of those addresses, where it would repeat the deed, Mydoom has since been crowned the fastest-spreading virus ever.
Some experts are now predicting Mydoom "copycat" attacks, while others are warning the Internet is so unsafe that "the big one" that will disable the ‘Net’ is inevitable.
Yet other experts are just starting to address flaws in the programs that run the websites millions of people use daily to do business with companies, governments and myriad other institutions.
All of this to cool off teenaged boys?
Dennings acknowledges, "there are more sinister people out there but a lot of these nuisance things and viruses (are caused by young guys)".
She says the problem is the result of "privacy advocates" who refuse to give up the anonymity that the World Wide Web offers.
"The two big problems are viruses and spam. And both of those problems arise in part because we don’t have strong authentication on the Internet. People can act anonymously and use deceptive techniques in order to disguise who they are. That is exploited in all of these viruses," Dennings said in an interview.
"We could do a lot to make the Internet more secure but we’d have to (improve) authentication, and as long as there’s no accountability on the Internet, it’s really hard."
Dennings says it is "pie in the sky" for people to expect trouble-free Internet surfing when our day-to-day physical world is awash in vulnerabilities.
But the online threats outlined by tech writer John C. Dvorak last month are much more ominous than the equivalent of a real-world robbery or traffic accident.
Unlike the "nuisance" viruses we’ve seen to date, the "big attack", he wrote in ‘PC Magazine’, "will shut down the Internet completely and destroy all computers".
"A disaster like this might finally make the (computing) community take some action. We already know that users will always do dumb things to trigger problems."
"But the computing environment itself encourages this, in many ways," Dvorak added, listing such issues as home computers that are connected to the Net 24 hours a day seven days a week and "cookies" that bite onto your computer’s hard drive when it accesses corporate sites and are then able to remit data from those drives to the company computer.
Security expert Tom Keenan is predicting Mydoom copycat attacks, and says carrying out such an assault would be easy. "There are available on the Internet to anybody who takes the time to look for them, virus construction sets, which basically say, ‘who I want to attack’, ‘what I want to do to them’, and ‘when I want it to happen’."
"Somebody who sat back and said, ‘wow, Mydoom was pretty impressive. I think I’ll create my Mydoom’, probably would not have a very hard time doing a copycat attack," the professor from Canada’s University of Calgary told IPS.
The U.S. Department of Homeland Security announced its new system, where experts and non-experts can sign up for email alerts about the latest computer threats, days prior to the Mydoom attack.
Within a day the site had received more than one million hits, according to officials, and in less than a week it had 250,000 subscribers.
Currently available there is a summary of security items issued Feb. 4-17 by various companies and security watchers, which contains more than 300 entries.
The man in charge, Amit Yoran, said earlier this month that the relatively little damage done by Mydoom is a positive sign.
"A few years ago, we experienced significant outages in our businesses from Love Letter and Melissa and other viruses. Today, even with a more sophisticated threat, the reports of outages (like networks crashing, e-mail servers being shut down) is far below where it was a few years ago with those less-sophisticated viruses," he told ‘Newsweek’ magazine.
"The message here is that we have a lot of work to do but our overall preparedness is improving," added the director of Homeland Security’s National Cyber Security Division.
But Jeremiah Grossman says experts are just starting to understand the sort of attacks that hackers are waging against applications, the programs that let users communicate with the websites of corporations and other entities on the Net.
These are Denning’s "sinister" attackers. "The web hackers are after the cash, or credit card numbers", says Grossman – a co-founder and spokesperson for the Web Application Security Consortium (WASC), a group dedicated to standardising the approach to securing these applications and providing that information to those who need it.
Recent tests found that 90 percent or more of applications on the Internet were vulnerable to hackers, said Grossman in an interview with IPS. They include high-end jeweller Tiffany and computer maker Gateway, according to a recent ‘Wall Street Journal’ article.
Unlike email-based viruses like Mydoom, "there won’t be a virus aimed at the application layer; it’s one at a time. A web hacker will decide ‘that’s the site I want to go after’," predicted Grossman.
A few years ago it was estimated that corporations would be spending 20 billion dollars by 2003 on computer security. And it reportedly took Microsoft six months – and countless employee hours – to devise its latest security "patch".
While many experts and users point to the overwhelming spread of the company’s products – 90 percent of computers use its Windows operating system and Outlook Express email program for example – others say rival systems would become larger targets if they grew to compete with the U.S.-based firm.
Dennings says the problems, and solutions, to Internet and computer security will be complex. "It’s not just something that trivially could have been solved with the right design from the very beginning. People didn’t really anticipate everything that was going to be (created)".
Print
|
