Spadina Streetcar
Spadina Streetcar

The Internet’s genesis began with a paper entitled “Information Management: a Proposal” by Tim Berners Lee – an Oxford Graduate working for the European Organization for Nuclear Research (CERN).

The problem Berners Lee’s project was addressing is the need to file a large number of documents created by a large number of people. Furthermore, the high staff turnover results in documents being lost for all time. By using hypertext, a user may link a document to another document and search for content negating a need for a central index.

The proposal abstract reads:

Many of the discussions of the future at CERN and the LHC era end with the question – “Yes, but how will we ever keep track of such a large project”? This proposal provides an answer to such questions. Firstly, it discusses the problem of information access at CERN. Then, it introduces the idea of linked information systems, and compares them with less flexible ways of finding information.

Fast forward 27 years – wow how time flies!

I doubt if Berners Lees’ noble idea thought about hackers – the Internet’s low life morons who get their jollies by corrupting a small business web site or spam my blog’s comment section (I disabled the feature)   I’ve heard of two cases in the past week – My photographers site was hacked. The main page was redirected to a phishing site which attempted to obtain credit card information.

Craig’s List Hack

The second example was the following listing in Craig’s List.

Computer Hacker Needed

Someone is trying to hack my computer and I want to find out who it is. Someone has hacked my computer in the past and I want to find out who it is  Someone has deliberately tried to hurt my business with viruses and I want to find them

Can you help?

Security is a multi-faceted topic. It’s like a chess game where for every defensive move is countered with a new attack.

As for the Craig’s list entry, a network log will be required to identify the inbound network address that loaded the virus on the computer. A forensics investigation will be necessary to trace the IP address back to an Internet provider’s account at the point in time. TekSavvy for example provides this capability. Otherwise a private investigator will need to be engaged.

An Internet proxy server translates a users real Internet address into a new one.

If the hacker used a proxy server before hacking into the business owner’s computer, then it is unlikely the hacker will be identified. An audit of the systems vulnerabilities should be performed and a change the business’ hosting service provider be investigated.

Photographer Hack

Defacing my photographer’s web site is a more involved issue.

Let’s assume the photographer developed the site using the PHP, Apache Tomcat or Microsoft’s ASPX web site hosting system.

To change a page on a website, the file containing the web page needs to be changed.

All files should be installed in directories with special access rights ensuring site users may only read pages – not change or delete them. Adding or removing pages involves editing the web server’s index of web pages and associated page configuration files.

The right to deploy or alter web pages should only be granted to the system administrator.

In a nutshell, the page was replaced on the photographer’s site most likely by compromising the web site’s page installation system.   The hacker had either access to the web system’s administration system or the computer permitted remote access.

In either case, it is likely the administration system’s out of the box account may never changed from “Admin” with a password of “Admin” to a more secure set of credentials.

The photographer managed his own installation so I am guessing that there was a step missing from the configuration or security profile setup which allowed the hack to happen.

Counter Measures

Counter measures that web site owners can take include:

  1. Review all web pages to ensure that malware is not automatically attached when a button is clicked.
  2. Have the site send an eMail (if it performs this function) to a test account to ensure malware is not being attached.
  3. Regularly change the site administrator’s password.
  4. If you directly manage the web server via logging into Windows or Linux, conduct a server hardening exercise to limit exploits which grant the hacker unauthorized access.
  5. If you wrote the web server code, review the code for potential exploits such as SQL injection or entering 500 characters into a text box designed to accept 5.
  6. If your site is hosted, ask your hosting provider what steps are taken to counter:
    1. denial of service attacks
    2. virus protection
    3. malware detection
    4. administrative site access failure
    5. web site file security
    6. direct host access

Extra Reading

RCMP Technology Crime

Information Management:  A Proposal