Hackers look to hide communications

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Study: Bad security flaws don't die
July 30, 2003; Hacker code could unleash Windows worm
July 25, 2003; Taking aim at denial-of-service attacks
May 13, 2003

LAS VEGAS--Hackers intent on anonymously sending data across the Internet have a new tool.

A program called NCovert uses spoofing techniques to hide the source of communications and the data that travels over the network--a potential boon to both privacy advocates and hackers, said Mark Loveless, senior security researcher for network protection firm BindView, who unveiled the program Thursday at the Black Hat Briefings security conference here.

"I am not going to beat around the bush," Loveless said. "If you have something to hide, you would use this--so it could help black hats (criminal hackers)."

The technique essentially creates a covert channel for communications by hiding four characters of data in the header's initial sequence number (ISN) field. The header is the part of data packets that tells network hardware and servers how to handle the information. The header also includes source and destination Internet protocol (IP) addresses. Those addresses are used to add anonymity to the communications.

Loveless, known among the security community as "Simple Nomad," said the key to the technique is to forge the source of the IP address to look like the intended recipient of the information, while the destination IP addresses points to another third-party server on the Internet.

The hacker would then send off a data packet to the third-party server with any valid-looking information in the data fields, but the real message would be hidden in four bytes of the ISN field. The packet would contain a message indicating to the third-party server that a computer wants to start a communications session. The server would acknowledge the message, but because of the forged source address, the message would be forwarded on to the recipient.

The technique makes it almost impossible to track where the original message came from, because the data holds only the addresses of the recipient and the third-party server.

The move to the next-generation Internet Protocol, IP version 6, will make it harder to spoof the address of the sender but will allow far more data to be hidden within the headers of the packets, Loveless said.

"There's a lot more room for data in IPV6," he said.

Latest tech news headlines

CEA: Economy down, TV sales up?
Posted in Crave by Leslie Katz

October 7, 2008 6:25 PM PDT
Click-to-buy links for songs, games added to YouTube
Posted in News - Digital Media by Jennifer Guevin

October 7, 2008 5:57 PM PDT
No escape from the perfect financial storm
Posted in Outside the Lines by Dan Farber

October 7, 2008 5:29 PM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Tech stocks tumble for a second straight day
The Dow Jones industrial average takes another wild ride, marking a second consecutive day it has ended the session below 10,000.
Gallery
Photos: Messenger returns to Mercury
Crave
CEA: Economy down, TV sales up?
Sales in flat-panel TVs and game hardware should do fine during the upcoming holidays, the Consumer Electronics Association says.
Outside the Lines
No escape from the perfect financial storm
After this perfect storm, brewed out of years of habit and taken down by mortgages for the masses, consumers and businesses will be far more conservative in their spending habits.
Video
Mercury exposed
News - Digital Media
Click-to-buy links for songs, games added to YouTube
YouTube is adding links to Amazon.com and the iTunes Store from the pages of thousands of its videos, making it easier for people to buy an MP3 they hear or a video game that looks good.
Video
DIY political ads proliferate
News - Politics and Law
CBS live Webcast: Presidential debate, round two
Continuing our coverage of Election 2008, CBS News and CNET are presenting a live Webcast of Tuesday's presidential debate, followed by Web-only analysis and commentary.
News - Cutting Edge
Astronaut training awaits Esther Dyson
The tech pundit and investor is girding for six months of training at Russia's Star City, as an understudy to International Space Station-bound Charles Simonyi.
Gallery
Photos: Top 10 reviews of the week
Crave
HTC Touch HD won't be coming to the U.S.
HTC announces that it will not bring the Touch HD smartphone to the United States.
Green Tech
Army plans 500-megawatt solar thermal farm
A new Army energy strategy includes plans for what could become the world's largest solar thermal farm, as well as geothermal and biomass-to-fuel projects.