Recently, I installed a new personal firewall system called BlackICE Defender ($39.95 from Network ICE) on my computers. It represents a new generation of software that I highly recommend for anyone who now has a constant connection to the Web via a cable modem or a DSL line.
Why? Well, here's what BlackICE told me was happening to my DSL-connected PC in the first 24 hours I had the software loaded: five Telnet port probes to see if I had an attackable Telnet server running; three SOCKS port probes to see if I had a SOCKS server available; two Netbus probes to see if I had been infected with the Netbus Trojan Horse (which would allow my system to be exploited remotely); and finally, one Smurf attack, which would use my system along with many others to ping a target server to death. The suspected Smurf attack came from an @Home user. I have his IP address (although this could be spoofed) and other information on him, too, if the @Home folks are interested in hearing more. (This is a test to see if they care--I suspect they don't).
If anyone thinks that this Wild West of networking is a healthy environment for e-commerce, think again. Huge Web sites are brought down by denial-of-service attacks every day. It's a mess, and no operating system is immune. Most of the attacks are generated with software that's readily available on various hacker sites such as WarForge and CyberArmy. This is where teenagers go to grab a quick attack package to harass people who won't date them. I'd advise the computer-using public to become familiar with the thinking behind such sites and see for themselves the kinds of tricks the sites promote.
Note, however, that only a few hackers are good enough to cover their tracks completely, and many attacks can eventually be traced to the originator. But who's bothering to track them all down when millions of attacks or probes looking for weakness take place every day?
Law enforcement has an interesting dilemma. Should it make an example out of a few hackers picked out of the crowd? Or should it leave the small fry alone and concentrate on nabbing more serious hackers? Making an example out of a few punks can have two effects: It can cut down on the number of casual attacks, but it may also improve the hiding skills of more serious hackers. The presence of law enforcement patrols ups the ante.
And if law enforcement doesn't step in to stop the little guys, there are two results as well: One is the capture of hackers, of course, but the other is the encouragement of sites such as CyberArmy and WarForge to flourish and to make low-end hacking seem like an acceptable hobby. It's obvious that the second, lax approach, is in effect today.
They key to stopping all this hacking is a massive worldwide sting. In fact, I suspect one is underway already, although I have no evidence of it. It's just a sense I have. There are too many cops on the Internet for all these hackers to be ignored forever. There's no reason that law enforcement at the highest level--say the FBI--can't develop (or maybe already has developed) attack software that reports the attacker directly to FBI headquarters or, more likely, some hidden IP address someplace. Few if any low-end hackers are monitoring IP packets so closely that they know what's really going on. They just grab some malicious code and run it. I'd be very careful and suspicious if I were into this scene. The guys who were recently busted for trying to run off with 13-year-olds were caught by agents posing as teenage girls in a chat room. To think that law enforcement isn't getting online in many underground ways is folly. The money machine called e-commerce is going to force the issue.
Just as various kiddie porn rings have been infiltrated and massive roundups of perverts have made the nightly news, you can be certain that low-end hackers will start to be rounded up. The bigger problem for law enforcement will be how to punish them, since most will be juveniles! I'm sure their parents won't appreciate the legal bills. Maybe that will put a stop to it once and for all.