New software can thwart cyberattacks

German scientists have developed free software that can help prevent cyberattacks.
Scientists at the Technische Universitat Munchen (TUM) developed the software which they claim can thwart five western intelligence agencies using the Hacienda software to identify vulnerable servers across the world in order to control them and use them for their own purposes.
According to a report published by journalists at Heise Online, Hacienda is a port scanning programme.
Port scanners are programmes that search the Internet for systems that exhibit potential vulnerabilities.
The report said that Hacienda is being put into service by the "Five Eyes," a federation of the secret services of the US, Canada, the UK, Australia and New Zealand.

"The goal is to identify as many servers as possible in other countries that can be remotely controlled," said Dr Christian Grothoff, Emmy Noether research group leader at the TUM Chair for Network Architectures and Services.

Grothoff and his students at TUM have developed the "TCP Stealth" defence software, which can inhibit the identification of systems through both Hacienda and similar cyberattack software and, as a result, the undirected and massive takeover of computers worldwide.
The connection between a user and a server on the Internet occurs using the so-called Transmission Control Protocol (TCP).
The user's computer first has to identify itself to a service by sending a data packet to the server. "This is the user asking, 'Are you there?'" said Grothoff.

The service then answers the user's request; within this response alone, there is often information transmitted that adversaries can use for an attack.
The free software developed by TUM researchers is based on the following concept: There exists a number that is only known to the client computer and the server.
On the basis of this number, a secret token is generated, which is transmitted invisibly while building the initial connection with the server.
If the token is incorrect, the system simply doesn't answer, and the service appears to be dead.
While similar defencive measures are already known, the protection capabilities of the new software are higher than that of extant techniques, researchers said.