Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - ?There is nothing on my computer that a hacker would be interested in? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

?There is nothing on my computer that a hacker would be interested in?

Published: 2007-11-20
Last Updated: 2007-11-20 22:34:40 UTC
by Kevin Liston (Version: 1)
1 comment(s)

“There is nothing on my computer that a hacker would be interested in.”

How often do you hear that statement as a key point in someone’s defense strategy? It is something I’ve often heard in social outings and family gatherings.

I try to use it as an opportunity for security awareness. First rephrase the statement to by: “There is nothing on my computer that a criminal would be interested in.” This takes the conversation away from the contentious “what does the word, hacker, mean” question/debate. If you focus on protecting yourself form criminals, you stand a pretty good chance against hackers/crackers as well (should you feel there is such a distinction or not.)

What makes up an abstract computer system on the Internet?

  • CPU
  • Memory
  • Hard Drive
  • Internet access/IP address
  • User data

So what would a criminal be interested in on this average computer?

CPU: botnets often use their slave machines to send email, proxy web traffic, and launch denial of service attacks. These all use slices of CPU on the machine to do work that they would otherwise not have the resources to do.

Memory: User’s browsing habits, username/password credentials, and other sensitive user data is captured out of memory.

Hard Drive: I have seen bot-nets that perform no other service than act as a giant library to store pirated films and audio.

Internet access/IP address: every new IP that isn’t already on a blacklist is of interest to spammers. Criminals can host malicious websites on a machine to avoid other blacklists. Criminals can proxy their traffic through a machine hide their true location and avoid some companies’ firewalls blocking known-bad IPs.

What about User Data?

Everyone knows that criminals are interested in your banking and paypal credentials. They are also after your eBay passwords so they can sell stolen goods in your name. They are after your facebook, and myspace credentials so they can post links to malicious websites (look at Dancho Danchev's post today for an example.) They’re after your email address. Even by itself a working email address is worth money. Take a person’s address book and you get their social network that can be used to launch targeted email attacks. Your email address is often used as your account name on a number of web services. It’s arguable that you can correlate more about a person based on their email address than their Social Security Number anymore.

Executive Summary

So you may think there is nothing of interest on your machine, but there are certainly things of value on your system. Criminals know how to “make it up in volume.”

Keywords:
1 comment(s)
Diary Archives