8 Seconds to Infection - Jacques' Hack Attack April 7th 2005 We're always telling you how important anti-virus and firewall software is for securing your home PC - the Internet is a dangerous place for unprotected PCs. Spencer Kelly met up with a reformed ex-hacker, who gave him a demonstration of just how much damage a worm or virus can do to your home computer. Click Here to watch the video report (requires Windows Media Player). Jacques Erasmus makes his living advising on computer security, helping to write software to repel hackers. His extensive experience comes from a less honourable past - as a hobby, he used to be a hacker himself. But he says that unlike him, today's hackers don't just do it for fun: Jacques Erasmus: "The new breed of hackers are driven by money, that's their main motivation, extorting businesses and other institutions. A few years ago it was just guys doing it out of fun." So how do these people, who presumably have day jobs related to computers, get together and decide to form a group of hackers? Jacques Erasmus: "I think they mostly hang out in chat rooms and forums on the 'net, discuss hacking computer security and from these groups they'll find people that they think are suitable, with the right skill set, and they'll form a team, a crew." Jacques wanted to show me just how risky it is to connect an unprotected PC to the 'net. We set up a poor Windows XP machine with no firewall or anti-virus software - connecting it to the Internet would be like throwing it into a lion pen with raw meat strapped to its hard drive. How long would it be before we were hit by something nasty on the net? Hours, minutes? As it turned out - eight seconds! We were hit by Sasser, one of the fastest spreading worms on the 'net, and it wastes no time at all in taking over your PC. Within seconds of infection, our PC started downloading some strange programs, or payloads, from mysterious Internet addresses. These payloads are the programs that can take control of your machine and turn it into a remote controlled bot. Our machine then started scanning random Internet addresses, looking for other vulnerable PCs to infect. Then Internet Explorer started downloading spyware. Within 5 minutes our PC was running so many malicious programs, that the CPU was running flat-out at 100% - and we weren't even touching it. Perhaps the most sinister thing about an infected PC, is that it can become part of a 'botnet' - a network of seemingly innocent but infected machines whose combined processing power can be hired out to organized crime. These botnets can comprise hundreds or thousands of zombie PCs, all awaiting instructions. One of the most common instructions would be to launch a concerted attack on a popular website - a DDOS (distributed denial of service attack), where major websites are flooded with repeated bogus requests from hundreds of zombie PCs. Overwhelmed by the traffic, the site goes down. Several large websites, including Google, have already fallen victim to DDOS attacks. Jacques Erasmus: "First is the extortion, where they'll phone a high profile website that has lots of visitors and makes money, and they'll say to them 'give us £100,000 or we'll take down your website for X amount of hours'." If the targeted website then fails to pay the money it is DDOSed to death. Another function of a remote-controlled PC is to report back all the keystrokes typed on its keyboard. This is thought to be how hackers recently obtained passwords to the systems of the Sumitomo Mitsui bank in London, and began electronically stealing funds. In this case, police foiled the scam and made an arrest. But following the money trail often proves difficult. Jacques Erasmus: "I've heard that these guys all set up Latvian bank accounts, which are pretty much untraceable. Latvia is the new Switzerland. If you found a hole in software that millions of people use, and is very high profile, you can sell that to the highest bidder for perhaps one or two million dollars." Of course, if you've been a victim of hacking, it's no laughing matter - it certainly wasn't for our PC, which crashed completely in under 30 minutes. It's interesting to note that although we were only hit by three worms in twenty-five minutes, the damage each of them did was enormous. All of it could have been prevented with anti-virus software and a firewall.