Hackers
Many hackers take offense at being lumped
with crackers. Crackers are the evil hackers
in the view of most hackers -- "black
hats". "Good" hackers think
of themselves as "white hats".
To hack is to use your skill and knowledge to trespass
in other computers. Even hackers are uninvited,
no matter how pure their motives are. This
controversy is just a typical argument on
the Internet, which you can read more about
here.
Hackers use tools that are available in the
underground, heuristic methods and "social
engineering" to insinuate their way
into computers and computer networks. Social
engineering is the skill of getting passwords
or other information about systems from people
who should know better. The hacker poses
as someone with a legitimate purpose for
getting in and many people fall for it.
The most common attacks
"The majority of the successful
operating
system attacks come from only
a few software
vulnerabilities. This can be
attributed to
the fact that attackers are opportunistic,
take the easiest and most convenient
route,
and exploit the best-known flaws
with the
most effective and widely available
attack
tools." -- quote from SANS Institute
You're exposed to crackers every time you're
on the Internet. When you're online you computer
has an Internet address assigned. Crackers
can easily find it and break in. They do
that while you're busy surfing, or reading
your e-mail. You wouldn't know they're trying
and probably won't know if they succeed until
maybe later. For example, they might make
off with your bank account number and PIN.
You wouldn't know until the money was gone.
Your bank would be dubious about your protest.
Most hackers aren't out to get you personally.
They want to use your computer for their
own nefarious purposes, but they'll usually
go away if yours is well protected. Some
of the things they want your computer for:
- Hide their intrusion to sensitive computers
by going through yours.
- Store and distribute spam, porn, pirated
music, and warez (bogus software).
- Attack their enemies.
More attacks
Another thing crackers do is intercept sensitive
data -- much like "wiretapping".
There are many places and ways to tap your
data. Some call it "fiber-tapping"
because data travels on the Internet on glass
fibers much of the time. However, "secure
sites" have practically eliminated this
risk. They use encryption and handshake techniques
to provide security. (Secure sites start
with https, not http.)
Crackers can hack into the servers that you
use on the Internet. The 1999 Hotmail exploit
was a classic example of server cracking.
Software running on the Hotmail server could
be *spoofed* with an unusual but simple command.
That made it easy to get in and read anyone's
e-mail account. A lot of people quickly found
out how to do it themselves because crackers
love to brag. Thousands of people were compromised
before it was fixed.
What have you got to lose from cracking?
Plenty. Having someone read your e-mail read
might not be too bad. Having the book you're
writing erased from your computer wouldn't
be fun. If a cracker made your computer unable
to start, that would be a bad joke. Getting
your IRA stolen might ruin your entire day.
Think it couldn't happen to you? Think nobody
will notice you on the Internet? I used to
hope so. I now know better. Even though I
just have a dialup connection, my firewall
shows regular attempts to break in. [zombie] [event]
Heedless guests
The easiest way to hack into
a computer is
when your're sitting at the keyboard.
So
when's a hacker going to be sitting
at yours?
It's not likely, unless you leave
your laptop
sitting around. But wait, have
you ever considered
what Heedless guest users might do? (Or have you already experienced
it?)
Concerned?
Go back to the security plan page, and learn how to put an effective
defense in place.
|