Control and Diversity: Hackers & the privacy issue.
Less than two weeks before the start of the first run of this module the US software giant Microsoft admitted that a back door key to the contents of emails sent via their "Hotmail" system had been posted on several sites in the US & UK as long ago as the previous June. This key allowed complete access to the supposedly confidential mail of hundreds of thousands of users.
The potential for simple embarrassment is enough but many users are now using their InterNet connections to buy goods and services -by passing credit card details by email. Even if we accept that most hackers are not intent on committing fraud, the potential threat was enough to provoke MS into closing Hotmail for two days for reprogramming.
More recently Identity theft has become an issue, as have "worm viruses" and "trojans". This is a problem that arises largely as a result of software corporations and other commerical organisations setting in place methods to gather information about those who access their web pages by the MS IE browser, which along with the Windows operating system sends data without the end users knowledge or consent.
"Spyware" is already in common usage in the business environment where it's widepread application has been to monitor, and hence control, the activities of employess to a level of minute detail.
The following is an indication of the use by hackers of such covert or "back door " infomation gathering.
""Tuesday 28 September 1999 0:30am Security experts warn of massive hack attack
"Covert monitoring software on sale commercially in the US could give hackers an easy route to stealing user information and passwords, according to European security specialist, Peapod.
Investigator 2.0, developed by software firm WinWhatWhere, is designed to allow companies to monitor staff, checking up on illegal activity or time wasting. It records keystrokes and password information, emailing them back to the administrator without the user's knowledge.
The software has already caused a storm in the US from rights groups angry that it allows spying on users. But according to Phil Ryan, product marketing manager at Peapod, the privacy issues "pale into insignificance next to the security implications".
Ryan claims the application is easy to exploit, providing hackers with a robust base for Trojan Horse attacks. Peapod has already discovered one well-known Slovenian hacker site offering a malicious version of the software.
Ryan explained: "Most other Trojan Horses, like BackOrifice, create a permanent connection so it is easier to detect. This code just sends out messages periodically like any normal PC would."Graham Cluely, senior technical consultant at Sophos Anti-Virus, played down the threat.
"A hacker still needs to force the user to install it on their machine - Trojan Horses don't seem to be a very significant threat in the real world," he claimed. But Tom Scholtz, senior programme director at the Meta Group, admitted Trojan Horses are still potentially a problem. "We are learning the hard way - it depends how the code is sent. Lots of these tools can be used and abused. It is up to the organisational policy of the company to protect it." Peapod contacted most major anti-virus and intrusion detection vendors late last week to alert them to the dangers of Investigator 2.0, but by Monday only two had replied. "They should think hard about building extra safeguards," said Ryan. "Anti-virus vendors should be hot on the heels of this." (see http:// www.silcon.com)
The hackers point however was to illustrate the inherent inadequacies of the systems and the dubious morality of collecting data in this way. Hacking is a political activity in almost all cases rather than a criminal one.
The point being made is to attack the existence and use of Investigator 2.0 to monitor employees in a way that the most ruthless Victorian Mill owners would have envied.
The potential for unscrupulous software manufacturers to include such Trojan Horse or "spyware" programmes hidden in operating or application software is potentially the end of free and unfettered access to the web. Even those who pioneered the web are now rightly wary the misuse of confidential data by others, including the corporate sector and (other?) crooks.
|
|