By RICHARD RICHTMYER
Anchorage Daily News
November 24, 2006
But to the folks at Anchorage-based network-security company 3SG, it's a powerful tool that helps turn the tables on an ever-growing swarm of cyber scoundrels.
They call it a "honey pot," and it's designed to attract the spammers, identity thieves, vandals, pranksters and others who buzz around the Internet looking for unsecured computers that they can use to do their misdeeds.
The idea is to make the bad guys think they've found an easy mark, then watch how they break in and what tools and tricks they use to compromise the computer once they've gained access to it.
"It looks just like any other computer on the Internet," said Brian Evans, 3SG's vice president of marketing.
Little do the hackers know, however, that once they get in, they're being watched.
The "victim" computer logs everything - every command they enter, every bit of computer code they upload, every file they look at, every password they try. Then 3SG technicians analyze the information and use it to make sure their network-security systems defend against the newest threats.
The five-year-old company provides network security and other computer services mostly to small and midsized businesses, which usually have a reasonable number of computer defense systems in place to keep hackers from getting into their systems.
Home computers typically are more vulnerable, and 3SG's honey pot illustrates how easy it is for hackers to use an unsecured computer to help them make their mischief, said Eddie Phay, the company resident "ethical hacker" who manages the decoy system.
Once they get in, the hackers can use the victims' computers to spread spam e-mails, store files that they want to share with other hackers and install software that automatically looks for other vulnerable computers, Phay said.
And the sheer volume of hackers, crackers and cyber snoops with their noses in 3SG's honey pot suggests that there are lots of them out there. On average, Phay said, he logs 200 to 250 access attempts per day.
In a back corner of 3SG's South Anchorage office, Phay pecks at the keypad on one of two laptops on his crowded desk. A long list of passwords scrolls down the screen. The passwords include common names like "Barbara" or "Steven" and everyday words such as "pencil" or "keyboard."
It's the latest log file from the honey pot. A hacker had run a program that tried to gain access to files on the computer by running a program that runs through a list of possible passwords until it finds one that works.
"People don't realize that there are these massive lists of passwords," Phay said. "That's why it's so important to change your passwords frequently and use a combination of letters and numbers."
Using tough-to-crack passwords is one way to keep hackers at bay. Another simple and inexpensive step is to make sure your computer has a firewall, which is software that makes your computer invisible to hackers.
Several companies sell firewall software, and it usually costs less than $50 to buy. Microsoft's Windows XP has firewall software built in that will protect your computer at no extra cost.
"The Windows firewall works just fine," Phay said. "All you have to do is turn it on."
Scripps Howard News Service,, http://www.shns.com
Publish A Letter on SitNews Read Letters/Opinions