Hackers Firesheep & Latent Evil

In America there is a saying “guns don’t kill people.” Some people add “people with guns kill people.”

This does put a handy slogan on a view about moral responsibility. On the face of it, the sayings are accurate: while a gun can be used to kill a person, guns are not themselves moral agents.

As such, a gun or any weapon, bears no moral responsibility for any deaths that it might be used to bring about.

Today, we will be looking at applying this argument to the use of hacking program, in particular, one called Firesheep, not to be confused with the user-friendly browser Firefox or the emulator Sheepshaver.

Firesheep was written by Eric Butler and brings easy to use 'hacking' functionality to the Firefox web browser. The 'add-on' allows users to view information in internet cookies at sites such as Twitter, Facebook. Flickr, Tumblr and Yelp.

Fortunately, Firesheep is limited in what it can do. It can allow a user to get usernames and session number IDs but it cannot be used to get passwords. In effect, it allows users to view information e.g. a person’s Facebook or Amazon account, but does not let users do anything that would require a password.

It is also limited to hacking on the same network. However, this means that if you are reading this blog on a public wi-fi, then someone with Firesheep could be reading through your darkest Facebook secrets. It is very popular for the 'man-in-the-middle' interceptions used in cafes and public sites. So remember that the creepy fellow sitting two tables down, may also be reading your pages and Tweets too.

The creator, Eric Butler makes it very clear that he sees himself as a white hat: he is hacking to expose vulnerabilities so that they will be fixed. Interestingly, he does directly address the moral issue at hand: “The attack that Firesheep demonstrates is easy to do using tools that have been available for years. Criminals already knew this, and I reject the notion that something like Firesheep turns otherwise innocent people evil.” (Discuss!)

Firefox's response to the topic of Firesheep and hacking on their browser

On the face of it, Butler may be correct. Firesheep, like other tools, is not some sort of cursed weapon that can possess the mind of potential victims and compel them to do evil, unlike television and other media. Clearly, the same is true of other potential harmful pieces of technology, such as guns and junk food.

Therefore, Butler and the other folks who make such tools openly available, are not directly accountable for what people do with the tools. Using the same argument as arms dealers, saying, “I just provide the weapons, the customer does the actual killing.”

Clearly, Butler has no malign intent in creating and releasing Firesheep. Rather, he seems to be like Dr. Gatling, he is hoping (albeit naively) that his creation will do good, rather than generating further evil.

There is another, deeper concern. Namely that providing the tools that makes misdeeds easier makes a person accountable to a degree. While the person who invents or distributes such tools or weapons does not make people evil or make them do misdeeds, the person does make such misdeeds easier.

Check out what Network World are saying about the Firefox and Firesheep threat

Therefore, the person providing the tool does play an indirect causal role in the misdeeds, especially if the tool or weapon serves as a “but for” cause e.g. if someone would have been unable to track down the whereabouts of, and start stalking, their Ex girl friend, without using Firesheep. The assumption is that the Ex would not have been stalked but for intervention of Firesheep. Therefore, making misdeeds easier does appear to bring with it a degree of moral accountability.

Butler answers this sort of criticism by stating that other tools already exist to do just what Firesheep does. Firesheep is just a better known and easier to use tool. So, to use an analogy, Butler is not inventing the gun, he is merely making the gun easier to use.

“Firesheep doesn’t hack. People hack with Firesheep.” You decide!

The Great Firewall of China blocks EU trade into China

China's internet "firewall" is a trade barrier and needs to be tackled within the framework of the World Trade Organisation, Neelie Kroes, vice-president of the European Commission, told reporters in Shanghai today.

Dutch-born Kroes, who is also in charge of Europe's digital agenda, said the firewall was a trade barrier as long as it blocked communication for Internet users, preventing the free flow of information.

"It is one of those issues that needs to be tackled within the WTO," said Kroes, who served as European Commissioner for competition until 2009.

Kroes spoke at the China headquarters of video-sharing company Tudou, a rival of Google's internationally popular video-sharing platform YouTube that is blocked in China.

Chinese law requires internet companies to block or remove objectionable content, including pornography and any information deemed sensitive by the ruling Communist Party.

Social media platforms popular overseas, including Facebook, YouTube, Twitter and Flickr, are all blocked in China for fear they will provide a platform to organise or share illicit information.

"I am pushing wherever I can just to get European enterprises a level playing field in China and the other way around. It should be reciprocal," she said, adding that the amount of disruption from the firewall varied for each business.

The US has also explored taking China's internet restrictions to the WTO. In the past, the WTO has upheld China's right to censor printed and audiovisual content.

DDoS Attacks Are Back and Bigger Than Before

DDoS Attacks Are Back and Bigger Than Before

Distributed denial-of-service (DDoS) attacks are certainly nothing new. Companies have suffered the scourge since the beginning of the digital age. But DDoS seems to be finding its way back into headlines in the past six months, in thanks to some high-profile targets and, experts say, two important changes in the nature of the attacks.

The targets are basically the same -- private companies and government websites. The motive is typically something like extortion or to disrupt the operations of a competing company or an unpopular government. But the ferocity and depth of the attacks have snowballed, thanks in large part to the proliferation of botnets and a shift from targeting ISP connections to aiming legitimate-looking requests at servers themselves.

In fact, said Andy Ellis, CSO of Cambridge, Mass.-based Akamai Technologies (AKAM), the botnets launching many of today's DDoS attacks are so vast that those controlling them probably lost track of how many hijacked machines they control a long time ago. (Listen to the full interview with Ellis in The Long, Strange Evolution of DDoS Attacks.)

Ellis has been watching the trend from a pretty good vantage point. Many people use Akamai services without even realizing it. The company runs a global platform with thousands of servers customers rely on to do business online. The company currently handles tens of billions of daily Web interactions for such companies as Audi, NBC, and Fujitsu, and organizations like the U.S. Department of Defense and NASDAQ. There's rarely a moment -- if at all -- when an Akamai customer IS NOT under the DDoS gun.

"We see a lot less of the fire-and-forget malware-based attacks designed to bog down the machines that were infected," Ellis said, referring to old-school worm attacks like Blaster, Mydoom and Code Red. "Now the malware is used to hijack machines for botnets and the botnets themselves are used as the weapon."

In the last year, Akamai has seen some of the largest DDoS attacks in recent memory, which Ellis described as "huge attacks of more than 120 gigabytes per second." If you are on the receiving end of that much punch, Ellis said, "It's not a pleasant place to be."

Nine very scarey things about Botnets

In a shrinking universe, the Botnet world is expanding.

Let me warn you that this article will paint a scarey picture of botnets taking over all PCs, both the ones on corporate networks as well as the ones at home.

I am sure you have long wondered just how widespread the botnet problem is. What you will learn is enough to make you want to return to the days of stand-alone computing. The reality is worse than most people suspect.

Here is a list of nine known things about botnets that will scare you but perhaps this article will help you to increase your effort to keep your PCs off the illicit botnets.

1. The process of developing software that creates and controls botnets has reached a professional level. Forget the amateur script kiddies that are out for kicks; developers are in it to make a lot of money. The techniques they use to create malware or command and control software are as sophisticated as those used by any commercial software company.

What's more, this underground development community is very cooperative, like a quasi-legitimate open source community. Software is shrink-wrapped, packaged and sold or passed around. The developers add their "personal touches" to create many variants of the malware. Finjan reports that the Golden Cash network operated by cybercriminals provides an exploit toolkit as well as an attack toolkit to distribute malware.

2. Once a PC is captured by a botnet, the use of that PC can be bought and sold many times e.g. the Golden Cash network is a vast botnet exchange. Cyberthieves purchase malware-infected PCs from anyone in the underground market, and then like bond traders, they bundle them and resell them to criminals who want to rent the use of a botnet. This provides a great incentive for criminals to create even larger botnets.

3. Botnets use multiple automated propagation vectors to spread, including spam, worms, viruses and drive-by download attacks e.g. legitimate Web sites are often compromised with HTML tags that force a victim's browser to download JavaScript code from a server that's controlled by the attacker.

That code can launch a number of exploits against the unsuspecting PC. If any of the exploits is successful, the PC can become the next zombie on the botnet, making it easier than ever for the attacker to collect new nodes on his illicit network.

4. The malware that turns the PC into a bot can hide as a rootkit, making it exceptionally hard to detect and eradicate the malware. The Torpig botnet, as an example, implants Mebroot on the victim PC. Mebroot is a rootkit that replaces the system's Master Boot Record. Therefore, the PC is under the attacker's control even before the operating system loads.

5. Once installed, the malware can attack and nullify the very software that is supposed to prevent or at least detect the malware infection. Intel researchers report that botnet developers have begun to target the antivirus, local firewall and intrusion prevention/detection software and services.

The researchers identified at least two ways that a botnet blocked the security software from getting updates:

• A botnet changed the local DNS settings of the affected system to disable the antivirus software from reaching its update site.
• A botnet was actively detecting connection attempts to the update site and blocking them.

6. Botnet malware code is often polymorphic; that is, it changes with every new infection. This means that signature-based antivirus software is useless against it. What's more, the Intel researchers have discovered the use of techniques such as code obfuscation, encryption and encoding that further hide the true nature of the code, making it hard for antivirus software to detect it.

7. Botnets can be reprogrammed, allowing their missions to change. One day the botnet can be sending out spam, and the next day it can be told to collect credit card information from the infected PCs.

8. It used to be that bots generated a lot of "noise," making it easier to spot a compromised PC on a network. These days, some bots transmit little traffic, helping them to fly under the radar of log management systems. What's more, botnet traffic can masquerade as legitimate network traffic, making it hard to detect.

9. Legitimate applications such as Web browsers or office productivity tools can be compromised as part of the botnet's malware infection. For instance, the Torpig botnet injects malevolent DLLs into browsers, popular applications, e-mail clients, instant messengers and system programs. After the injection, Torpig can peruse and steal any data that is handled by these applications, including logon IDs and passwords.

If you were under the impression that botnets are no big deal, it's time to realise that they are a big threat and that they are to legitimate businesses and organisations. Now all you have to do is find ways to detect botnet infestations on your network.

Surf the Internet Freely and Safely: Care of Symantec

Everything you wanted to know about safety and security on the Internet but were afraid to ask!

Symantec have created a really friendly easy to use web page that provides basic information and advice on Internet and Credit card security, etc.