Tracking the hackers - behind the scenes at internet security firm Symantec

Friday 03 May 2013 20.36
Engineers try to prevent customer computer systems from being compromised
Engineers try to prevent customer computer systems from being compromised

RTÉ's Science & Technology Correspondent Will Goodbody @willgoodbody takes a peak behind the curtains of internet security

If you are squeamish or paranoid about malware, worms and other online creepy crawlies, then brace yourself.

If you are blasé about internet security, then you really should read on. This morning I toured the west Dublin regional offices of IT security giant Symantec.

And what I heard during a fascinating couple of hours was, well, frightening, to put it mildly.

You would expect IT security at one of the world's largest IT security providers to be extreme. But such is the extent of the threat posed by international hackers that physical security at the facility is tight too.

Getting us into the Security Response lab, where threats are identified, monitored and neutralised, involves Senior Manager of Security Response, Orla Cox, who is our guide for the day, negotiating numerous sets of locked security doors.

Access to the lab is restricted only to those who have a legitimate reason to be there.

Inside are up to 60 software engineers, reverse engineers and analysts who spend their working hours trying to prevent customer computer systems all over the world from being compromised.

Dublin is one of Symantec's three main global sites where this work is carried out.

The others, in California and Tokyo, take over at night and in the early morning respectively, ensuring a 24/7 threat monitoring service.

Using closed infection networks they run newly identified malware or viruses in a controlled and locked down environment.

Occasionally there is a need to connect to the internet to allow the malware run its course. But, like in a biology lab, great care is always taken to ensure viruses aren't released or allowed to become destructive. They also provide a critical response service to customers whose machines are infected.

It's a far cry from 11 years ago, when the company first relocated to Ireland from the Netherlands with a staff of three engineers. Back then it was sufficient to push out virus definition updates every couple of days.

Today, such is the threat from online espionage, hacktivism and other targeted attacks, that one new update is sent out to the company's customers every hour.

Over the course of the past decade, security companies like Symantec have seen a steady evolution in the types of threats. Early spyware gave way to malware aimed at key consumer products.

Then came targeted attacks like Storm Worm in 2007, which its thought came from hackers in Russia and Eastern Europe, and the Conficker worm, which exploited a Windows vulnerability the following year.

2009 saw an explosion in malware, which led Symantec to develop automated systems to deal with the more straightforward threats.

The following year came the emergence of the first virus clearly sponsored by a nation state.

Stuxnet, which targeted uranium enrichment facilities in Iran, was an entirely new creature, which kept software security experts busy for some time.

Duqu followed a few months later, then reconnaissance tool, W32 Flamer, and most recently Stuxnet 0.5. Today, the focus is increasingly turning to mobile malware.

Staggering Statistics

The statistics are staggering, not to mention worrying.

Last year Symantec alone blocked 250,000 web based attacks every 24 hours, with one in every 532 websites infected by some form of virus and 1.6 million malware variations discovered by the company every day.

Attackers are primarily motivated by the lure of monetary gain. But Hacktivism, which typically involves a group of hackers trying to embarrass or disrupt a company or institution through so-called Distributed Denial of Service attacks on websites or the hacking of social media accounts, is on the rise.

The market moving fake tweet about Barack Obama, sent from the Twitter account of news agency AP, one recent high profile example.

But the most organised and sinister threats are targeted attacks. With the aim of causing maximum disruption by damaging critical infrastructure, they are very organised and often include state involvement.

Sometimes the aim is espionage, with hackers first stealing valuable or critical information, before unleashing code which devastates the system it infects.

It's a multimillion euro underworld business for those behind the attacks. But a massively expensive cost for those whose data is stolen or whose systems are compromised. And perhaps most worryingly of all, those responsible are extremely hard to catch.

The biggest eye-opener of my visit to Symantec was the practical demonstration by reverse engineer, Alan Neville, of just how easy it is for hackers to take control of someone else's computer.

Using pre-prepared hacking packs that can be purchased online, and exploiting a few common IT and human vulnerabilities, hackers can with frightening ease watch your desktop, record your keystrokes, open your files and much more.

The good news is that experts say there are things you can do to protect your system and your data.

Strong passwords and good password management are a must.

Don't use the same password for multiple systems, avoid using your own name, or the names of family or pets and use a mixture of numbers and letters.

You should also be aware of where you are going online, and use only reputable websites. Be careful too about how much information you give out about yourself online.

Oh, and not surprisingly, they say good up to date internet security software is useful too!