Share | |

Attack Of the Killer Zombies

With cyber attacks increasing in frequency and sophistication, many businesses are turning to specialized security firms.

Kaeo Tam, chief knowledge officer at Revacomm, a local Web solutions company, is a casualty of an Internet war. Last May, hackers infiltrated his company’s computer network and defaced its Web server with anti-American slogans and obscenities. As far as Tam can tell, cyber graffiti was the only damage done to Revacomm’s network.

But he isn’t positive, and he’s not resting easy.

“We aren’t sure exactly what they did. I’ve advised everyone to operate under the assumption that all your e-mail is being read and all your files can be accessed,” Tam says. “We believe that they may have cracked our password scheme. This could be pretty bad.”

Tam believes that his attackers could have been from China because the breach occurred in early May when hackers from that country declared war on American computer networks in the wake of the spy plane incident at Hainan Island. There also is the fact that Revacomm has been doing significant work in China. But he cautions that the attack could have also been perpetrated by someone posing as a Chinese hacker. Actually, it could have come from anywhere around the world, maybe even from down the hall. That is the nature of the Internet.

Tam and Revacomm are certainly not alone. In an Internet world that once reveled in the wonder of unlimited access and connectivity, many, especially those who run e-businesses, are very, very wary. According to a survey conducted by the Computer Security Institute and the FBI, computer hacking and other security breaches caused nearly $378 million in losses in 2000, up 42 percent from the previous year.

According to Chris Trainer, western regional e-business practice leader for Marsh USA Inc., a leading risk analysis and insurance firm, the wake-up call for New Economy businesses came in February of 2000 when Yahoo,, and eBay among others were felled by distributed denial-of-service (DDOS) attacks, launched from hundreds, if not thousands of accomplice computers.

These “zombie” computers, unbeknownst to their owners, have a virus planted in them and are used as a platform for cyber attacks. DDOS attacks are akin to what happens when callers jam the telephone lines of a radio station trying for free concert tickets. Only these attacks can be endless, and the calls are false. But the result is the same: Lines are jammed and in the case of a computer network, servers are frozen.

“For people who have e-businesses and have just one avenue to their consumers, this can be catastrophic,” Trainer says. “But it is not only people in e-business who are at risk. As more and more people start switching to systems based on the Web, everyone will have this exposure.”

But it doesn’t stop there. Direct DDOS attacks are devastating to any business (Yahoo lost between $200,000 and $500,000 in lost revenues of advertising and sales during the three hours it was under attack.), but they also are inflicting a sort of collateral damage that easily could destroy a small business. Because many of these attacks are so elusive and the actual perpetrator is often hard to find, companies, which have suffered damage, often go after the people and their companies who helped spread the virus. Trainer says that several companies have been successfully sued for lax security on their computer network and unknowingly becoming a zombie.

“The biggest concern in all of this for small business is liability,” Trainer says. “Anyone with e-mail can spread a virus and be sued for it. That is scary. If I passed along a virus that caused tangible damage to someone’s data or media and I didn’t have proper viral controls, then I could be in big trouble.”

Because both the frequency and sophistication of cyber attacks has increased, many companies have outsourced their security needs. And that’s exactly what Tam and Revacomm did, calling on local security firm Secure Technology Hawaii, which installs safeguards in company networks.

“We’ve been really busy this year. We’re busy enough keeping up with the maintenance of our own network,” Tam says. “We have the expertise to put some of these safeguards in but we just don’t have the time. And besides, we are Web developers and should be spending our time developing.”

“We’ve seen a substantial increase in the amount of attacks over the past six months,” says Mike Walder, president of Secure Technology Hawaii. “Now we are seeing attacks on second-level, lower-profile targets. There is a lot more stuff happening now.”

Walder attributes the more random nature of today’s intrusions to the easy availability to hacking tools. Today, it doesn’t take a computer genius to bring a network to its knees. In fact, some of today’s hackers have little or no knowledge of how the attack they are orchestrating really works. That means much mayhem and mischief on the Internet and plenty of business for Walder. His 7-year-old and 9-person company has grown 25 to 30 percent in gross revenues every year, counting some of the biggest and smallest companies in the state as clients. And that growth rate is by design. Walder says if his company grew along with the demand for his services, Secure Technology Hawaii would be a lot larger than it is today. Because of the nature of the business, he is not at liberty to discuss the number or names of the companies that he services. “It may seem like a lot of cloak-and-dagger stuff but in many cases, we are under formal non-disclosure agreements with our customers, and we treat their information accordingly. In my opinion, almost every network, almost every user has been probed at one time or another, whether they know it or not,” Walder says. “It is happening everywhere, and it is happening all the time.”

For Tam and Revacomm it is a harsh and somewhat disappointing reality. “We used to be a very open and trusting company but now that we have a higher profile, we’ve become a convenient target,” Tam says. “You know the Internet has always been such an open and welcoming forum but now …”

Hawaii Business magazine invites you to comment on our articles and the issues they raise. Comments are moderated for offensive language, commercial messages and off-topic posts and may be deleted. Some comments may be chosen for inclusion in the magazine on the Feedback page.

Add your comment:


Don't Miss an Issue!
Hawaii Business,August