Bits - Hackers Exploit an Evolving Web - NYTimes.com
By SAUL HANSELL
Published: August 24, 2009
The world’s savviest hackers are on to the “real-time Web” and using it to devilish effect. The real-time Web is the fire hose of information coming from services like Twitter. The latest generation of Trojans — nasty little programs that hacking gangs use to burrow onto your computer — sends a Twitter-like stream of updates about everything you do back to their controllers, many of whom, researchers say, are in Eastern Europe.
Trojans once just accumulated secret diaries of your Web surfing and periodically sent the results to the hacker.
By going real time, hackers can get around some of the roadblocks that companies have put in their way. Most significant, they are now undeterred by systems that create temporary passwords, such as RSA’s SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula.
If your computer is infected, the Trojan zaps your temporary password back to the waiting hacker, who immediately uses it to log onto your account. Sometimes the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can’t see.
“What everybody thought was a very secure identification method, these guys found a low-tech means to get around it,” said Joe Stewart, the director of malware research for SecureWorks, a software company. “They don’t break the encryption; they just log in at the same time you do.”
0 comments