Hackers Hide in PDF Files
When you want to read an online article or white paper, the chances are pretty good you will download it as a PDF file. PDF has become one of the common ways to distribute information. For most internet savvy web surfers, PDF is a trusted format that is just as accepted as a web page or a Microsoft Word file. For people publishing information on the internet, PDF gives them a lot of control because you can change the settings so your intellectual property cannot easily be copied and plagiarized. PDF also gives you the tools to "dress up" an article or white paper to give it a very professional look.
We can thank the smart people at Adobe for the PDF file format. Adobe has used a very successful business model to give away popular utilities like the Adobe Reader which them gives them the chance to promote their products and encourage customers to upgrade or buy other Adobe products. And because almost everybody has a copy of Adobe Reader on their home or office computers, the level of trust people have in this company is extremely high.
However, more and more it appears that level of trust may need to be reconsidered. A number of respected security watchdog groups as well as Microsoft have sounded the alarm that Adobe products are products that hackers just love to exploit to get inside the computer systems of computer users like you and I. The PDF format apparently has been riddled with openings for hackers to tuck away their malicious computer code. Then when you innocently download a nice PDF document to read at your leisure, you might also download hacker code that escapes into your computer to do it's dirty work.
This kind of security compromise seems inconceivable to most of us who have come to trust PDF files over the years. Of course, you may not have noticed that these hackers have entered your computer through the back door of a PDF file simply because hackers are very good at concealing their stealth entry into internet surfer's computers. They are also smart enough to stay hidden in your computer while they target your computer. They might be quietly stealing your personal information, setting you up for unwanted advertising or uploading your web surfing habits to a hacker site to be used to target you in the future.
It turns out that hackers have known about the weaknesses in the Adobe PDF file structure and been using it to break into computers for a long time. F-Secure is a Finnish security company that has helped to raise the alarm in the security industry about the dangers of the Adobe PDF file format. F-Secure has released their findings that out of 900 hacking attacks that they have studied, a shocking 61% were accomplished using the weaknesses of PDF files.
Now to be fair, online criminals have also exploited weaknesses in Microsoft Word, Excel and PowerPoint to carry out their nefarious plans. But the degree to which Microsoft products are used by hackers compared to the PDF hacking problem are much less extreme. Microsoft has also done a good job in the last few years of repairing problems with their most popular PC products so hackers no longer find ways to invade PC owner's computers through those products.
Home computer users are at risk to exposure to hacking code from hackers. But the home computer tier of computer users are not the only risk group. Hackers have exploited the holes in the PDF file format to target some very large companies and successfully do a lot of damage once they get inside a corporate network. Because large companies have thousands of workers on the internet, it is easy for hackers to "sneak" into a corporate network inside of PDF files and then commit high level computer crimes once they are inside.
Some notable victims of targeted hacking attacks of this nature are Google, Intel and even the Federal Deposit Insurance Corporation which saw millions of dollars stolen from banking accounts that belong to small businesses because of the crafty work of computer hacker bank robbers. This kind of thievery is not as spectacular as bank robbers with guns but it is just as dangerous and just as common as those crimes we see on the news. And hackers have less of a chance of getting shot, arrested or ever having to stand trial for their crimes.
Adobe is aware that they are a prime target for evil doers who need vehicles into a lot of computers to carry off their ambitious cyber crimes. A spokesman for Adobe by the name of Wiebke Lips discussed the problem saying…
"Given the relative ubiquity and cross-platform reach of many of our products, Adobe has attracted -- and will likely continue to attract -- increasing attention from attackers,"
So does this mean we all have to abandon PDF files and maybe begin to distrust other popular Adobe products as well? That would be an overreaction to a problem that has been and will continue to be addressed. We should not see Adobe as a sloppy or bad company when some of the most respected and admired technology companies in the world have been exploited in this fashion as well. Adobe is a victim of hacking crime just as much as the people or companies that have hackers target.
We can be grateful for security watchdog groups like F-Secure and others because every time security problems like this are identified, that gives good companies like Microsoft and Adobe the chance to shut down that security weakness. Adobe has promptly and aggressively gone after this security problem so that each time a weakness in one of their software products is found, they upgrade the product to stop hackers cold.
As users of popular products like Adobe Reader, our responsibility is to allow the product to be upgraded each time Adobe offers a new release. Adobe has patched the PDF reader product in the last few months so if you have not updated your version of Adobe Reader, its time to do so. You can download the product here.
If we do our parts to keep the software and operating system of our computers up to date at home and at the office, we can partner with big companies like Adobe and Microsoft to fight hackers wherever they strike. These measures won't stop hackers completely because computer criminals are notoriously determined bad guys. But we can fight back with every tool we have. And if we do that, most of the time, the good guys will win.
Filed Under: News in Technology
