How Hackers Hack
Today the term "hacker" refers to someone who attempts to break into
one or more computer systems using computerized methods. Although the
old fashioned frontal attacks, including dumpster diving and
misleading phone calls, are still widely used, we are restricting this
document to the more common hacker techniques. See Top
Enterprise Security Threats
for more information.
All Computers Are Vulnerable
Any computer system is vulnerable to attack, however not all computers
are subject to attack. If a computer is not connected to a network
(even via modem), and contains no interesting or useful information,
it is likely to be safe.
Merely connecting a computer to the Internet makes it the potential
subject of attack from any of the hundreds of thousands of other
computers connected to the Internet. This includes computers connected
by dial-up modem, cable modem, DSL and data lines.
Full Time Connections are the Most Vulnerable
Users who have full-time Internet connections are the most
vulnerable. This includes most businesses and more and more home
Full-time Internet connections are typically provided via cable
modems, DSL, ISDN and data lines. These connections are "always
connected", and provide an instant connection to --and from-- the
Direct Attacks are generally reserved for specific businesses or
individuals who have upset the attackers. These are often political
targets, who are not doing business the way the hackers want them to.
Most direct attacks are variations of Denial of Service attacks.
These are the most easy to launch, and if done correctly are the
hardest to track down to an individual attacker.
Indirect attacks are often used to find vulnerable machines that can
be used for other nefarious objectives. Indirect attacks are launched
against random machines throughout the Internet in an attempt to find
any machine which may have a vulnerability. If these machines have no
interesting data on them, they are often used to launch Denial of
Service attacks on other machines.
Most Common Methods of Attack
The two most common forms of attack are:
- Trojans. These are programs which are run by an unwitting
computer user. They are often included in email or are downloaded
from a web page. Once run, these programs give the attacker control
over a computer.
- Port Scans. Every computer attached to the Internet uses and/or
provides services. Scanning for available services on a machine
provides possible avenues of attack to take over the machine.
What To Do
- Turn off all unnecessary services on your computer
- Install, properly configure, and use a firewall and anti-virus
software on every computer and network
- Read all security warnings concerning software you are installing
- Immediately upgrade or patch any installed software
- Perform regular automated and manual security audits of all
- Perform a security audit of any machine which has recently had
- Change all passwords for all accounts created by installed
- Restrict all software's access to the local network, or the
Internet, to an as-absolutely-needed basis
The bottom-line? Be careful out there. Pay close attention to all
emails, web sites you visit and software you install. Often a false
sense of security is much more dangerous than knowing that you are