Linux in Government: How Security Exploits Threaten Government Infrastructures

Showing government offices and agencies how Linux and open-source software provide better security.
What Does This Tell Government?

First, your infrastructures may be exploited. As shown in Figure 3, the ISP says, "Individual responses to these complaints are not possible due to volume received." Consider that another way of saying, "we cannot stop the abuse because too much exists". Also notice that the e-mail says, "Note that SBC will not release any confidential customer information without court ordered consent." Consider that another way of saying, "we will not tell on our customer".

Ultimately, SBC/PacBell has delivered a simple message that we are on our own when it comes to protecting ourselves against the enemy. So, while you may think that you have done everything necessary to protect your infrastructure, you haven't.

Example #2: How Perpetrators Get In

The next example demonstrates how an individual can grab enough information to gain access to your network. Figure 4 demonstrates a simple and effective means of getting the information needed.

Figure 4. Forged Notice

In this figure, you can see what appears to look like an alert from a well-known provider of e-commerce transactions, PayPal. Anyone with a PayPal account simply could click the Web site address provide to find out what the problem might be with his or her account.

However, if you right-click on the link, copy the link location and paste it into a text editor, you discover that the link actually goes to another location, as indicated in Figure 5. We call this the actual URL link. This Web site hosts a script that downloads a tiny program to a Windows Internet Explorer browser and begins broadcasting information about your network to a server.

Figure 5. The Actual URL Link

We performed a whois on the URL and discovered a domain registered to someone with a set of jumbled letters as a name and address. After reporting the scheme to PayPal, the company contacted the issuer and took control of the URL. Figure 6 shows the domain registration after the report.

Figure 6. Domain Information After Reporting to PayPal

PayPal handled the matter in less than one day, but we do not know how many spyware programs the short-lived Web site delivered. Nor do we know the location of the server receiving information transmitted to it from inside unsuspecting networks.

Combating Attacks

Most government infrastructures have used Microsoft networking protocols in the past several years and do not have the kinds of protections afforded them by Linux. Several means of transitioning to a safer environment without a massive effort include using software written for Linux and ported to Microsoft on the desktop and using Linux in place of your Microsoft servers. In fact, many institutions have started using Mozilla Firefox as their default browser, Mozilla Thunderbird as their email client and OpenOffice.org as their productivity suite. These products add a measure of protection not found in Microsoft Internet Explorer, Outlook or Microsoft Office. OpenOffice.org also offers file compatibility with Microsoft Word, Excel and PowerPoint.

Linux also can replace Microsoft NT and Windows 2000 servers. By using Samba and various Linux BackOffice solutions, you can provide a higher level of security than what existing infrastructures offer. Your Windows users will find these servers transparent.

Linux desktops also run nicely on Intel platforms and fit into Microsoft networks without changing the overall infrastructure. Many Linux desktops already can take advantage of Active Directory, network browsing, sharing directories and Microsoft Exchange servers. Within the coming year, most Linux distributions will fit into your existing infrastructures like a hand in a glove.

Final Notes

This article barely skims the surface of the kinds of exploits that threaten our critical infrastructures. In future articles, we will explain such exploits in more depth and show you how Linux can provide a low-cost and secure solution to governments wishing for more security.

Tom Adelstein lives in Dallas, Texas, with his wife, Yvonne, and works as a Linux and open-source software consultant with Hiser+Adelstein, headquartered in New York City. He's the co-author of the book Exploring the JDS Linux Desktop and the upcoming book Essential Linux System Administration, to be published by O'Reilly and Associates. Tom has written articles and books on Linux since early 1999.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Follow up from our ISP

tadelste's picture

It is disappointing they do not police their home subscribers, but at the same time, it is hardly a surprise. You will find a list of blocks attached that belong to them in the event you wish to filter traffic from them in a different fashion.

If this occurs again, open a ticket with a summary along the lines of, "Abuse from PacBell IP <x>", attach text logs to the ticket, and we will report the issue to them immediately and see what response we garner. If it is not favorable, I have some other options for contacting someone with PacBell that will be more responsive.

I am closing this ticket, but again, please open another if the abuse continues.

Latest response from PacBell

tadelste's picture

If you have followed this article, you might enjoy this latest piece.

PacBell wrote me:

From: kana1@pbi.net
Reply-To: kana1@pbi.net

"This is to acknowledge receipt of your complaint. All complaints
received are investigated. However, individual responses to these
complaints are not always possible due to the volume received.

"Please be assured we will investigate this issue and take appropriate
action.

"Please do not hesitate to write again if you have any questions or if
you wish to report instances of abuse by SBC Internet customers.

"Thank you,

"The SBC Internet Abuse Security Department"

I responded to them and received this immediately:

"User's mailbox is full:
Unable to deliver mail."

oh... PacBell cares now

Ben LeMasurier's picture

It's funny that PacBell all of a sudden seems to care a little more about this problem...
- Ben

uidzer0.org

SBC response

Doug Morris's picture

I am constantly reporting abuse through e-mail to SBC. I like to add a 'CC' to abuse@FTC.gov. But recently, SBC's email server tends to refuse relays to the FTC.gov email server. Suprising, huh?

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix