Monday, August 3, 2009

Internet Security: How Criminals Hack Other Peoples Computers

chained computerFor those of you that work in Information Technology and started in the last 20 years or so, chances are you were inspired by movies such as War Games, Sneakers or even Hackers. Remember that 80’s T.V. show Whiz Kids? That was cool too. I so wanted to be one of those kids.

Of course, those movies were exaggerating the power of computers or how they worked, but it was fascinating! The idea of taking control of something or figuring out how it worked by poking around and analyzing it. It was this endless world of possibilities that got us pursuing some of the most thankless jobs in the world.

So how do criminals do things like hack other people’s computers? It really doesn’t take a lot of skill at all.

Let’s assume I’m the criminal for the sake of this story. Disclaimer: I have never been charged with any crime. I do not do the things I’ll talk about here. You shouldn’t either! Do not try this at home – do it somewhere else.

The easiest way to hack someone’s computer is to get your grubby little hands on it.  If I got your computer AND found that your Windows XP accounts were password protected, I would simply use a bootable password reset disk to change or remove the passwords. Then I’m in. I’m not going to tell you where to get these utilities, however, I’m sure you can use Google.

If you had Windows Vista on the disk, with it’s BitLocker technology, it would be harder to get around the protection for certain. But it can be done. I’m sure this isn’t the only method out there.

“Okay smarty-pants! You’ve gotten into my account but I have passwords on all the documents that have my important information!”

Really? First, I don’t believe you since very few people even know that they can password protect documents. Second, there’s a good chance you use the same password for all the documents. Chances are you figure that having a strong password on the Windows account is good enough, that you’ve used a pretty weak one on your documents. Any sort of password cracker using a rainbow table or dictionary attack will get through those in a matter of seconds to minutes.

What if you had set a BIOS password, so that I couldn’t even get to the operating system without knowing it? Well, that’s another step in the right direction, but, yet again, it can be done. The thing is, now I have to do a lot of work. Steal the computer, crack the BIOS password, crack your Windows protection, and crack the document protection. Since most people who steal, steal from people they know, I’ll probably know that you do these things. I’ll look for an easier target. Lazy criminal laggards!

“But Guy!” you say, “what if  I do all of that but you want to get at me over the Internet?”

First off, why do you keep calling me Butt Guy? (Seriously, I NEVER get tired of that joke!) Second, um, yeah, I could do that. However, I’m less likely to try to actually hack your computer. What I’m likely to do is hack websites that you use to gather the information I need to steal your information or money. Even with some creative web searching I can get an awful lot of information on you. Seriously. Try searching on your name and aliases you use on the web. You’ll be amazed by the social profile one could build on you, to steal your identity. So, be careful about what you put out there. It’s out there, pretty much forever.


trojan-horseLet’s say that I’m going to hack right into your computer remotely. The easiest way to do this is to trick you into downloading software that will allow me to take control of your computer. This kind of software is known as a Trojan Horse. I may send you an attachment, or link, in an e-mail that, once you open it, installs the Trojan program without you knowing it. Or, I may set up a web page on a popular topic, that will attack your computer and drop the Trojan Horse onto it. Here’s a story on exactly that.

Once that Trojan is on there, I can use it to take information from you, or I might use it to set up a proxy for me to get to other computers. The nasty part of that is that it is possible for you to then be implicated in whatever crime I committed. Sure, a good lawyer would get you exonerated, but how many lawyers are good enough with computers to understand what just happened? By the time you pay for the lawyer, and dealt with the embarrassment of being charged, you’re already done in. Then I’m long gone.

So what do you do? Well, you keep your operating system updated, you keep your software updated, you keep your antivirus and firewall on and updated. You should also disconnect your computer from the Internet when you are not using. But really, who does all that?

Every computer is like a house – locks on the door, but a glass window right beside it. Just as my dad often said, “Locks only keep out honest people.”

No comments:

Post a Comment