Written by
Rohas Nagpal
Asian School of Cyber Laws

Pooja, a hotmail user, received a supposedly official email from www.hotmail.com - warning her of the latest virus doing the rounds. The email contained a link to www.mcafe.com for further information, Pooja clicked on the link, downloaded what appeared to be a harmless text file, read it and later shut down the computer.

What she did not realize was that she had been infected by a Trojan, a software program that allowed other people to remotely access her computer. Her attacker could now view, copy and delete any files from her computer, upload files onto her computer or just play around with her CD ROM tray by making it open and close randomly.

The attacker in the real-life example above used email spoofing (enabled by websites like www.sendfakemail.com) and URL redirection (enabled by email services capable of reading HTML mail), to fool Pooja into infecting her own computer with a Trojan (available freely from sites like www.antionline.com and www.bo2k.com)

Hackers, viruses, logic bombs, email bombs, cancel bots, Trojans, web-jacking, IP spoofing, email spoofing, ping-of-death attacks, denial of service attacks and SYN attacks are just some of the evils spewed by the dark side of the internet. Underground search engines like www.astalavista.com (not altavista.com) provide links to thousands of websites offering an assortment of free hacking and bombing tools.

Wannabe crackers (hackers are supposed to be the good gyps who only break into other people’s systems to “analyze and study” them) can freely download Trojans such as NetBus and BO (Back Orifice), rename tem and send them as email attachments to unsuspecting people. All the “victim” has to do is click on the infected attachment. He computer is now “owned” by the cracker.

Web jacking is the act of cracking and changing a website’s admin passwords and then taking control of the website. The motive is usually money. In 1999, a US based children hobby website was “web-jacked”. The ransom demanded was US $ 5 million. To force the owners to pay up the money, the webjackers made some subtle but deadly changes to the website. One of the activities detailed in the website was titled “Have fun with gold fish”. The webjackers substituted the word “piranha”. 18 children were seriously injured while trying to feed the “cute little piranha fish” that they had bought after reading the article.

A logic bomb is a piece of malicious code that is programmed to perform a certain act when a certain event, known as a trigger, occurs. In 1998 a bank employee planted a “logic bomb” in his bank’s system. The Trojan was programmed to deduct 10 cents a week from all the bank accounts in that branch and deposit it into the account of the customer whose name was alphabetically the last. He then opened on account in the name of “Zygler” and merrily milked thousands of dollars every Saturday. The authorities realized that something was wrong when a new customer called “Zyzte” notified them that his account had been credited with a large sum the week before. Websites like www.antionline.com and www.blacksun.boxsk contain an arsenal of tutorials and free tools for wannabe crackers. To protect oneself from such attackers, knowledge of these tools is essential.

A small word of caution to those who may suddenly feel motivated to misuse any of the tools discussed above. The Indian law provides for a jail term of 3 years for hacking and fines of crores of rupees for passing on viruses.