COMPUTER SYSTEMS LINKED TO INTERNET FACE NEW SECURITY THREAT
NEW YORK
Intruders have learned how to penetrate sophisticated barriers and ''hijack'' computer systems linked to the Internet, posing a vast new security threat on the global network, according to the government-financed Computer Emergency Response Team (CERT).
Millions of computers linked to the Internet are vulnerable to theft and eavesdropping by people who use the new technique, described in academic papers at least six years ago but used successfully only in recent weeks.
Intruders can gain ''root'' or top-level access to host computers, then copy or destroy documents or do other damage by masquerading as an authorized user, CERT said in an advisory distributed last week on the Internet.
''Once the attack is completed, it is difficult to detect,'' the team the Monday advisory said.
An unknown number of attacks already have been reported, says Tom Longstaff, manager of research and development at the CERT coordination center in Pittsburgh.
For many computer systems, ''Even when you bought a security package for the Internet there is no security'' from the new type of attack, he says.
That's because the attackers have learned how to defeat sophisticated hardware and software ''fire-wall'' defenses.
An estimated 20 million people use the Internet. In coming months the network is expected to continue growing rapidly as a medium for commerce, with expanded use of credit-card numbers and the introduction of ''digital cash'' -- all of which increases the security risk.
The new technique is called Internet protocol spoofing. The Internet breaks computer messages into digital data ''packets'' with addressing information -- the protocols -- used by network computers known as routers, which deliver the data.
Spoofing fools the router into believing a message is coming from a trusted source, potentially giving the intruder complete access to what was considered a well-guarded system.
Once inside the system, intruders can use a ''hijacking tool'' to take over connections from any user on the system, the CERT advisory said, adding that there is no way to prevent use of the ''hijacking tool'' once an intruder has gained access to a computer system.