I need resources / links information to convince a friend that his small computer network might be of interest to hackers?
January 11, 2009 9:41 AM   Subscribe

Hackers may or may not be interested in his data, but they'd love to use his resources as part of a botnet.

You might dig through thedailywtf.com for the stories that start with "our company was too small to worry about security."
posted by fantabulous timewaster at 9:55 AM on January 11

It's not likely that a hacker would target his system specifically, or be personally interested in his business data.

However, any computer connected to the internet is under constant bombardment by bots trying to break in. If successful, these bots will do any number of nasty things, such as:

- Turn computers into zombies to produce spam or carry out denial of service attacks
- Scan the hard drives for personal info, such as SSN or credit card numbers
- Install backdoors so that the computer is later accessible to hackers

At the very minimum, everyone (including your friend) should take the following steps:

- Firewall/NAT configured to conceal unused ports from the outside world
- Operating systems kept up-to-date with latest security patches
- Any externally visible services, like web servers, should always be the latest version, and security patches should be installed promptly
- Strong passwords

Additionally, if your friend has sensitive customer data (like credit card or social security numbers), these things should be encrypted. In fact, whole disk encryption for all computers isn't a bad idea.
posted by qxntpqbbbqxl at 9:59 AM on January 11

We run an FTP server. It gets constant brute-force attacks trying to guess the password associated with the "administrator" account. Since there is no administrator account username these attacks will never succeed. The source of these attacks probably has no idea who we are, or even that our IP address is associated with a business. They don't care. As qxntpqbbbqxl says, the attacks are not going to target your particular business or data. They are however going to try to break in to anything responding to various scans for services. When/if they break into one of these services, they will further examine or use the resources available to the business, either to store their own files, or to run more attacks from your friend's business, or to send out spam, etc.
posted by odinsdream at 10:06 AM on January 11

Your friend is working under the assumption that hacking requires active attention on the part of a human being, who would want to spend his or her time 'productively,' ie, working on Big Fish. The reality is that 99.999% of computer attacks are totally automated, and couldn't care less who you are.
posted by Tomorrowful at 10:11 AM on January 11

Another vote for: It's not (always) data the crackers are after.

Last year a server I share with a few friends (for web hosting) was cracked. They were after our resources (for file-hosting, scriptz running, etc) not our web site data.
posted by stungeye at 11:12 AM on January 11

I always thought this study was pretty sobering. It showed that showed simply plugging a new computer to the internet would have it compromised within 20 minutes.

The article is from 2004, but there's a constantly updated Survival Time graph at ISC that shows the average time between attacks on computer attached to the Internet. It's usually every five minutes or less.

Or perhaps your friend would respond to some of the graphs at Shadowserver Foundation that show the extent of botnets and would find comfort that all of these people also thought they weren't targets for hacking are now because of their ignorance the source of spam and scams and provide the backbone of a vast criminal network.

However: If he's got a firewall, an encrypted network, keeping his computers patched, and is actually running the virus scanner with updates then they're not really in that much danger. Maybe running him though some phishing quizzes if you think they're the kind of person who's vulernable to social hacking, but I wouldn't worry about it.
posted by Ookseer at 11:18 AM on January 11

Hacking is almost completely automated. None of the companies I have ever worked for would be considered "big fish" except maybe one, but they all show the same activity when you analyze the internet traffic with snort or any other IDS: Lots of automated attacks from bots.

Wireless encryption and antivirus are all good but he needs to verify his servers are patched. 99% of malicious traffic Ive detected is aimed at exploiting known patched vulnerabilities. Hackers are just looking for the server that wasnt patched. Mind you, this doesnt mean just patching the OS, but every application that runs on the server. Especially email/smtp.

On top of that, he needs to do this periodically and make sure his passwords are changed and that they are strong passwords. He should also remove admin rights from his users on the PCs and have the PCs set to autoupdate. That right there probably takes care of 99% of the security problems out there. At the very least he wont be low hanging fruit anymore.
posted by damn dirty ape at 7:17 AM on January 12

« Older Can anyone tell me how to make...   |   Partition trouble: I'm trying ... Newer »