Just before I start writing, I look at the colorful blocks and jagged lines of the SETI at Home screen saver that runs on my workstation. SETI at Home is a distributed computing application that divides a massive signal processing problem into tiny segments and sends them to millions of computers worldwide. Since SETI's inception, many other distributed--or grid--computing projects have begun work, and vendors such as Sun, IBM, and Compaq have jumped into the fray.
One particular project, however, has nefarious intentions. A worldwide hacker confederation is quietly setting up a global, real-time, peer-to-peer grid of processing power to crack encryption--especially passwords--used in commerce.
Cracking passwords is not an easy task; you need a huge amount of computing power to get results. Grid computing, however, gives hackers the horsepower they need in an unprecedented way.
Here's how it works: Hackers send clients into your system via a worm, or through any other site that's been hacked or intentionally set up to run programs on your PC remotely. Or, a user downloads a screensaver from any of the sites that let you share computing assets.
After the clients are inside users' machines, they lend processing power to the encryption-cracking effort. The hacker clients sniff the password and user IDs from a stream going to a commerce site. With all that processing power, it doesn't take very long to encrypt a password; you could crack the average seven-character password in about an hour if you had 160 computers working on it.
Worse, these clients don't stop using resources when you start working; they take advantage of the real-time connections in a corporate environment and continue cracking.
To guard your computing power, make sure your firewall is set to stop outgoing traffic on ports and by unauthorised applications. Use strong passwords (eight really random characters will do) and change them regularly. Also, deploy auditing software that will search for unauthorised applications--including those that may contribute to a hacker network.
If you decide you don't mind contributing some of your computing resources, make sure you know who's really behind the effort. SETI at Home is backed by the University of California at Berkeley, but not every backer is legitimate.
