Intruders have learned how to penetrate sophisticated barriers and "hijack" computer systems linked to the Internet, posing a vast new security threat on the global network, according to the government-financed Computer Emergency Response Team (CERT).
Millions of computers linked to the Internet are vulnerable to theft and eavesdropping by people who use the new technique, described in academic papers at least six years ago but used successfully only in recent weeks.
Intruders can gain "root" or top-level access to host computers, then copy or destroy documents or do other damage by masquerading as an authorized user, CERT said in an advisory distributed last week on the Internet.
"Once the attack is completed, it is difficult to detect," the team the Monday advisory said.
An unknown number of attacks already have been reported, says Tom Longstaff, manager of research and development at the CERT coordination center in Pittsburgh.
For many computer systems, "Even when you bought a security package for the Internet there is no security" from the new type of attack, he says. …