Hacking RAM has been a pervasive problem for many years. While numerous high-profile examples of corporate hacks have drawn the majority of recent attention to this topic in the press, it is also a problem that affects private users of personal computers. The types of RAM hacks currently known fall into two broad categories: the physical process of manipulating a DRAM chip (usually via freezing) and the virtual process of capturing data, one example of which is accessing information that is vulnerable in an unencrypted state while it is being processed by running web servers.
The first category of hacking RAM was initially detailed by Princeton University researchers in 2008 (Robertson, 2008, p. 1). These researchers showed how hard drives can be compromised by a simple technique of directing a burst of cold air at the computer's DRAM memory chip, the most common sort of PC memory chip (Robertson, 2008, p. 1). Based on the principle that DRAM chips retain their contents for significant periods of time after their power source is turned off, the researchers accomplished the hack by directly spraying DRAM chips with a canister of multipurpose duster spray (Robertson, 2008, p.1). This action froze the chips to 50 degrees below zero Celsius, which was enough to capture the data contained on the chip (Robertson, 2008, p. 1).
The work done by the Princeton researchers allows for a new perspective on the safety of encryption, which has always been assumed to be a nearly impenetrable measure used to thwart hacker attacks. Specifically, it reveals that encryption can be overcome by taking physical advantage of how DRAM chips operate. According to the researchers, the relative simplicity of their technique should raise red flags regarding the safety of laptop computers more than anything else (Robertson, 2008, p. 1). Given the widespread use of laptops for storing important information, including that regarding financial data, sensitive corporate details, and even that pertaining to national information technology security and other aspects of government.
According to technology reporter Michael Lee, current widespread encryption techniques excel at safeguarding data that is "at rest, such as data stored on a server or in transit across a network" (Lee, 2015, p. 1). Unfortunately, these are far from the only states that data assumes in normal, everyday situations. A common state of data is when it is in the processing stage, and this stage often leaves the data extremely vulnerable to attack and capture. In his article, Lee quotes Verizon Business Investigative Response managing principal Mark Goudie, who succinctly summed up the threat in this way "It's hard to process encrypted data. If you want to process the data, you need it unencrypted. We all know that, [but] so do the bad guys" (Lee, 2015, p. 1).
Lee goes on to explain that the need for unencrypted data leaves servers vulnerable to hacking by paving the way for a technique labeled "RAM scraping" by Goudie (Lee, 2015, p. 1). This hack closely monitors the memory of the web server and waits until it is being processed and is therefore momentarily unencrypted (Lee, 2015, p. 1). When this happens, the hackers quickly capture the data. Common examples of virtual spaces that are especially vulnerable to these attacks include online retail sites that do not keep credit card data and instead transfer it on to third-party payment processors, a very prevalent practice(Lee, 2015, p. 1). The data is safe once it arrives at the payment processor, but, unfortunately, it must be handled and unencrypted by the web server during the process, where it can be grabbed by skilled hackers (Lee, 2015, p. 1). According to Goudie, this hack has been functional for many years, going back to 2008 (Lee, 2015, p. 1). This does not mean, however, that the technique is widely known by retailers and other vulnerable parties. On the contrary, as Lee points out, "many organizations are simply unaware and assume that because data is encrypted at rest and in transit, the security of the information is foolproof" (Lee, 2015, p. 1).
The recent hack of the Target Stores website in December 2014 is a good example of the type of attack Goudie describes, and it exposed the widespread dangers it poses to modern society and commerce. In this case, many thousands of customers had their personal information, including credit card data, stolen by hackers. This phenomenon not only poses technical problems; it also undermines consumer confidence in the sources of their goods, a psychological factor that harms the health of the economy as a whole.
These two examples of hacking, which are far from the only techniques used, make it obvious that computer users should employ methods to protect themselves from attacks. Of the available methods, three make the most sense, both in terms of efficacy and affordability: installing firewalls, anti-virus software, and anti-spyware software. A firewall is an element of a personal computer, or a network of computers, that works to prevent access to the computer or network while at the same time allowing users to send information out. Anti-virus software is designed to thwart viruses that attack computers and expose valuable information. Anti-spyware software pinpoints and eliminates malicious software that threatens to steal data regarding web habits and other computer practices. While these methods do go a long ways toward protecting computer users, they are not foolproof. In fact, the two specific hacking techniques described in this paper would evade these methods of protection. This shows the frailty of the current computing atmosphere and reveals the urgent need for more resources to be devoted to developing protective methods and tools.
Lee, M. (2012). How hackers scrape RAM to circumvent encryption. ZDnet. Retrieved from http://www.zdnet.com/article/how-hackers-scrape-ram-to-circumvent-encryption/
Robertson, J. (2008). Computer memory vulnerable to hacking. USA Today. Retrieved from http://usatoday30.usatoday.com/tech/products/2008-02-22-4059846489_x.htm