Big Brother is here and is already watching you, according to the University of Denver's Privacy Center, which warned in a recent advisory that Microsoft Word can be used to track computer users over the Internet with a feature called "Web bugs."
"Web bugs are made possible by the ability in Microsoft Word of a document to link to an image file that is located on a remote Web server," states the advisory issued by the nonprofit electronic advocacy center.
"Because only the URL of the Web bug is stored in a document and not the actual image, Microsoft Word must fetch the image from a Web server each and every time the document is opened. This image-linking feature then puts a remote server in the position to monitor when and where a document file is being opened."
The little-known feature of Microsoft Word is the latest flaw in a string of defects discovered in the widely used software product. According to one computer security expert, however, the Word bug is a minor problem when compared to other recent errors found inside Microsoft software.
"The Microsoft Word Web bug is a rather poor example of a 'Trojan' virus," stated June Bridges, president of Gabecor, a Virginia-based computer security firm. "The document is left at your gate like a giant wooden horse. All you have to do is drag it inside your computer. Your problems begin when it opens."
"A more recent bug in Microsoft Outlook illustrated the potential for a hacker to effectively 'take over' your system and run anything," noted Bridges. "Simply put, a flaw in the software could be forced to occur by an incoming e-mail message, leaving your computer in a slave-like state, ready to run any program a skilled hacker could imagine. For all practical purposes, a hacker could send an e-mail 'bomb' that can destroy your system at will."
Defusing cyber bombs
In July, Microsoft published a fix and a description of the e-mail
bomb "vulnerability" inside the Outlook program. According to the
Microsoft bulletin, the error occurs when Outlook is taking e-mail
messages off the mail server.
"A malicious user could exploit the vulnerability to send an e-mail that, when downloaded from the mail server, would have either of two effects," states the Microsoft security bulletin. "In the less serious case, it could cause Outlook or Outlook Express to fail. In the more serious case, it could cause code of the malicious user's choice to execute on the recipient's computer. Such code could take any action that the user was authorized to take on the machine, including reformatting the hard drive, communicating with an external website or changing data on the computer."
While recent software bugs show that it is possible to tamper with another computer system through security flaws, there are other threats that are far more dangerous than reformatting data on a computer hard drive. One type of computer virus is designed not to affect your system, but to affect your mind.
Computer mind games
So-called "subliminal" programs were introduced over a decade ago
by independent hackers. For the most part, subliminal virus programs
were specially written and were not designed to spread around the
globe like many computer virus programs do today. The software, often
embedded in screen savers or popular products, sends suggestive
messages that are undetected by the conscious mind and intended
to influence a person's behavior. Subliminal software came out of
the hacker's closet and into the commercial world in 1996 with a
computer game called "Endorfun."
"Best described as an interactive Fruitopia commercial, Endorfun's puzzle game is set against a background of pulsating, shimmering, moving, colorful patterns," notes a 1996 review of the subliminal computer game. "The colors animate to the hypnotic rhythm of jazzy World Beat and New Age music performed by The O Band, a collection of artists led by Nigerian master drummer, Onye Onyemaechi. Layered in the soundtrack are 100 subliminal messages of positive self-affirmation, a first for computer gaming. The messages are undetectable by the conscious mind, but comprehensible, at least in theory, by your subconscious. They range from the harmonious ('I love the world and the world loves me') to the downright scary ('It's OK for me to have everything I want')."
The danger of such subconscious messages being abused inside commercial software has concerned government officials. Computer game makers refused to comment on whether subliminal messages have been embedded inside children's software. Defense intelligence sources did admit, however, that "subliminal" forms of attack are under study for use in "offensive" computer combat.
"It may be possible to hack into an enemy air-defense network and plant subliminal messages," stated a highly placed defense contractor. "All it would take is to distract a missile operator for only a few seconds -- just long enough for bombs to fall."
"It's nice to be able to hack into a hostile computer, but most warfighters still prefer to put iron on target instead of bits," stated the defense contractor. "The military prefers real bombs over e-mail bombs. With real iron, you only have to blow up a computer once."
Warfare on the Net
Clearly, computer security flaws can have far-reaching effects beyond
the commercial tracking of individual computer users on the Internet.
A recent congressional report titled "China's New War Fighting Skills"
shows that the People's Liberation Army is preparing for a computer
war.
"The PLA has an aggressive new program to develop exotic high-tech weapons, titled Project 1-26, which was initiated in January 2000," stated the congressional report prepared in August. "This programs involves dual-use space and information technology, and exotic weapons such as miniaturized nanno weapons. Unfortunately, China is using technology from the U.S., Europe and Israel in aspects of this project.
"The PLA's doctrine of 'asymmetrical' warfare emphasizes paralyzing the high-tech strength of the U.S. and our allies through attacks on military, economic and governmental computerized information systems. Since mid-1999, some of the first incidents of 21st century Internet warfare have been conducted across the [Taiwan] Strait, with the PLA nowv openly recruiting an, 'army of hackers,' in civilian newspapers.
"Taiwan is particularly impressed with the PLA's rapid advances in utilizing a national 'plug-and-play' fiber-optic civilian telecom network to thoroughly secure its military communications. At the same time, Taiwan believes its current military information system is relatively easy for the PLA to monitor. Taiwan believes its forces have fallen behind the PLA in that important command-and-control area, which could lead to their defeat."
Defending yourself
Despite the vast array of threats to individual privacy and
international security, computer expert Bridges noted that there are
measures the ordinary PC user can take to defend against even the
best attackers. Protection, according to Bridges, is a matter of
staying informed and following a set of simple rules.
"E-mail attachments are notorious for security problems," stated Bridges, whose company teaches defensive information warfare practices to government agencies and commercial businesses.
"The first rule of e-mail security is never open attachments such as Word documents sent to you unless you know the sender and you are expecting something from them. The second rule is to install and use anti-virus software on your system.
"Finally, you should always encrypt and backup sensitive data," concluded Bridges.