Page last updated at 17:46 GMT, Thursday, 10 February 2011

Unprotected home computers vulnerable to hijack

Watch Susan's investigation in full

By Susan Watts
BBC Newsnight Science editor

Protect your home computer or you could unwittingly help to launch a cyber attack, experts are warning.

They say the rise in such attacks risks undermining critical national infrastructure and the future of the global economy.

Cyber expert: 'It is your responsibility to protect your computer from hijack'

Thousands of vulnerable personal computers are being signed up without their owner's knowledge to form "botnets", or "bot armies", sometimes spread across numerous geographical locations in countries all round the globe, experts have told BBC Newsnight.

These botnets are being used to launch so-called Distributed denial of service, or DDoS, attacks, which crash a website by flooding it with requests for information, or to harvest personal data such as credit card details or passwords.

Recent revenge attacks by the Anonymous hacktivist group against companies who distanced themselves from Wikileaks are one high-profile example where websites were crashed.

'Greater good'

Now, governments are urging people to take personal responsibility for what they say could prove a much broader threat to our digital world.

Botnets, or infected computers, whether in a citizen's personal computer or a corporate computer, are being used to launch these DDoS attacks against key industries and against governments
Melissa Hathaway, former White House cyber tsar

Melissa Hathaway, former cyber tsar to US President George W Bush and a former advisor to President Barack Obama, told Newsnight:

"Botnets, or infected computers, whether in a citizen's personal computer or a corporate computer, are being used to launch these DDoS attacks against key industries and against governments, and so that would affect their ability to deliver essential services."

But on the day that the government has hailed the destruction of the last computers from the ID card database as a triumph of civil liberties, officials are clearly still working out how to sell us the idea that we should practice safe computing for a greater public good.

Multi-nation problem

Well-placed sources say that in a world in which we are utterly dependent on digital systems, they are anxious to limit any opportunity for disruption of critical national infrastructures like energy, water, food distribution and transport - all of which rely on computerised systems.

But the government does not want to be seen to be curtailing individual freedom. It feels a need for some form of cyber "Green Cross Code" - without having to legislate.

Woman using laptop
Experts say that botnet technology is becoming increasingly accessible

Julian Midwinter works for i2, a company which provides software to governments, intelligence agencies and commercial companies to help unravel the architecture of a botnet, where it is being controlled from, and by whom.

"The majority of these botnets are harvesting financial and personal information for those criminal organisations that run those networks for more traditional fraud, for example accessing your bank account.

"There was one recent one from Canada involving 100,000 computers linked across 75 countries - the distribution was all around the world."

'Botnets for hire'

He also flagged up problems with how accessible botnet technology is becoming:

"Historically you used to have to be a technical expert, be a proper hacker, and be really interested in computers. These days you can effectively go down to the local DIY store and buy a botnet kit that comes ready configured, you just need to install it with some very basic installers and very limited technical capability - set it up and off it goes."

An infected computer could be part of a botnet without you knowing or realising, so the more you protect your own assets the less the risk is that your computer is part of a botnet, the smaller the potential of botnets are, and the smaller any of the future attacks would be
Tobias Wann, VeriSign Europe

Mr Midwinter told Newsnight about one group, calling itself the Iranian Cyber Army, which was recently found advertising a botnet-for-hire.

This, he said, is just one of many that are available online:

"They're on the darker fringes of the internet - in some countries it is easier to get to - in other countries they are harder to find.

"Some of them are very, very affordable… hundreds of pounds to get involved… some of them, depending on what you want to do, could be more expensive ."

Newsnight spoke to VeriSign, which runs the ".net" and ".com" domain names, and two of the internet's 13 so-called root name servers.

These are vital organs of the internet, without which you would not be able to send e-mails or link to websites.

Tobias Wann, of VeriSign Europe, told us his company's clients are having to deal with DDoS attacks in increasing number, and capacity.

He agrees that there is a need to foster personal responsibility on this issue:

"If you don't secure your computer and make it virus free there's a big risk your computer could be infected.

"An infected computer could be part of a botnet without you knowing or realising, so the more you protect your own assets the less the risk is that your computer is part of a botnet, the smaller the potential of botnets are, and the smaller any of the future attacks would be."



FEATURES AND ANALYSIS
Paul Conroy Homs 'another Srebrenica'
Journalist Paul Conroy on Homs bombardment and his escape

Hip replacement X-ray Hip implants concerns
Problems with metal-on-metal hip implants 'ignored'

General Dhao Gaddafi's last days
General Mansour Dhao on last days in Sirte and bid to flee

Pit bull terrier Kennel costs
3.7m police bill for kennelling of suspected dangerous dogs

Egyptian women Blighted lives
Female genital mutilation still rife in Egypt despite ban

VIDEO
Italian Senator Lucio Malan Italian senator: 'We were not informed of Nigeria rescue bid'

For sale signs Why are mortgage rates rising and will more lenders follow?

Newsnight's Tim Whelwell on the tail of an 'election bus' in Russia Evidence of voters 'bussed in' to boost Russian vote

David Miliband David Miliband on Vladimir Putin's 'cold' political style

The streets of Sirte Mark Urban on the 'bitter ironies' of Sirte destruction

ANALYSIS

SEE ALSO
'Anonymous' defends web attacks
28 Jan 11 |  Technology
Cyber-sabotage tops security fear
30 Dec 10 |  Technology
Q&A: Web Attacks
09 Dec 10 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific