[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hair raising experience with apparent hacker attack



PureBytes Links

Trading Reference Links

I just had a hair raising experience.  It turned out to just be an big
inconvenience, but it sure woke me up to the disaster it could have
been and how little I could do about it.

Executive summary: If you are connected to the internet for long
periods of time, such as using it for your data feed or some other
purpose, .get an intruder monitor.  

The story behind this conclusion  is long so come back to it when you
have time to relax and perhaps have a chuckle at my expense.

I use a cable modem/fixed IP address for my internet connections which
are on 24/7.  However, the import of my experience should apply to
anyone who is on the internet for long periods of time since even if
you use a dial-up account once you are connected, your IP address
stays the same until you are disconnected.

I have three ISP accounts, one for each computer.  They are all
networked via a hub which is also connected to the cable modem.  I
didn't want to turn off file sharing because that would defeat the
purpose of having my computers networked..   Consequently I had been
concerned about hacker/intruders because the warnings specifically
directed cable modem users.  So, Sunday Dec 5th after some research I
purchased and installed Black-ICE (previously mentioned on this list
by others)

I was quite taken aback by the scans for weaknesses done by hackers
that Black-ICE reported, by danger levels, and prevented.  (Black-ICE
let me turn OFF file sharing for the internet but leave it on for my
LAN).  There are hacker programs that will simply scan millions of ISP
addresses looking for an opening.  Most of the time these are benign
unless you already have a virus designed to let them in.

This Monday Dec 13th, someone who had done a port probe or scan on the
8th and 9th hit me non-stop on one of my trading computers.  Black-ICE
went wild!!  (so did I!!---I have my brokerage accounts and do
electronic banking on this machine).  I could tell by the lights on my
hub which computer it was attacking so I simply pulled it's network
cable out of the hub.  But, the moment I put the plug back in Black-
Ice would show non-stop attack.  Right now I get my RT market data
from BMI via the AMC channel, but I use the internet to place my
trades.  If I am not connected to the internet I don't trade, since my
back-up connection is to emergency exit trades not to initiate them.
What would I have done if I was getting my data from the internet?

The lights on the cable modem showed that the intruder was still
trying even though the victim-computer was removed.  My ISP's response
was "not our problem" which of course makes sense since they don't
have the wherewithal to pull the hacker's account.  I called the
intruder's ISP in Colorado.  The said they would ask the intruder to
stop. At 4 PM it was still happening.  I had to leave then, and when I
got back at 9 PM it had stopped.  HoRAY!! I'll be able to trade
Tuesday.  WRONG.  Tuesday morning it started again, and I un-hooked
again, called Colorado again.  They hadn't yet gotten a hold of the
intruder yet, but were working on it.  Since I couldn't trade I
thought I should do something productive--such as finding out what my
recourse might be against this intruder.  Not much.  The harshest
thing the perpetrator's ISP will do is kick them off, IF IT HAPPENS
AGAIN!!  There are no government agencies that can or will help you
out in such a situation.  You must first "get hurt".   What are you
going to do, paper trade and sue for the gains made if you could have
traded that day?  This scenario only applies if you know your being
hacked and have at least kept them out of your critical personal data.
Very few of us have installed intruder alert programs, so it makes
sense that this must happen more than we are aware of.  The Colorado
ISP told me they couldn't tell me who it was without a subpoena.  In
trying sleuth how I might get some help in this I asked him which
government agencies had he received subpoenas from.  He wasn't sure,
but he would go back through them and let me know.  He gets them from
all  over the place!  So obviously it has been bad enough for some
that they had to engage an attorney to take action.

I did eventually find out who the intruder was and the attack turned
out to be innocuous.  Since this post is plenty long and in case you
have had enough of this I will give you that part of the story in
another post with the subject: Squawking Intruder.

Fred