Happy Trails Computer Club

home > security > overview > attack vectors > hackers  
Hackers... Crackers...


Many hackers take offense at being lumped with crackers. Crackers are the evil hackers in the view of most hackers -- "black hats". "Good" hackers think of themselves as "white hats". To hack is to use your skill and knowledge to trespass in other computers. Even hackers are uninvited, no matter how pure their motives are. This controversy is just a typical argument on the Internet, which you can read more about here.

Hackers use tools that are available in the underground, heuristic methods and "social engineering" to insinuate their way into computers and computer networks. Social engineering is the skill of getting passwords or other information about systems from people who should know better. The hacker poses as someone with a legitimate purpose for getting in and many people fall for it.

The most common attacks

"The majority of the successful operating system attacks come from only a few software vulnerabilities. This can be attributed to the fact that attackers are opportunistic, take the easiest and most convenient route, and exploit the best-known flaws with the most effective and widely available attack tools." -- quote from SANS Institute

You're exposed to crackers every time you're on the Internet. When you're online you computer has an Internet address assigned. Crackers can easily find it and break in. They do that while you're busy surfing, or reading your e-mail. You wouldn't know they're trying and probably won't know if they succeed until maybe later. For example, they might make off with your bank account number and PIN. You wouldn't know until the money was gone. Your bank would be dubious about your protest.

Most hackers aren't out to get you personally. They want to use your computer for their own nefarious purposes, but they'll usually go away if yours is well protected. Some of the things they want your computer for:

  1. Hide their intrusion to sensitive computers by going through yours.
  2. Store and distribute spam, porn, pirated music, and warez (bogus software).
  3. Attack their enemies.

More attacks

Another thing crackers do is intercept sensitive data -- much like "wiretapping". There are many places and ways to tap your data. Some call it "fiber-tapping" because data travels on the Internet on glass fibers much of the time. However, "secure sites" have practically eliminated this risk. They use encryption and handshake techniques to provide security. (Secure sites start with https, not http.)

Crackers can hack into the servers that you use on the Internet. The 1999 Hotmail exploit was a classic example of server cracking. Software running on the Hotmail server could be *spoofed* with an unusual but simple command. That made it easy to get in and read anyone's e-mail account. A lot of people quickly found out how to do it themselves because crackers love to brag. Thousands of people were compromised before it was fixed.

What have you got to lose from cracking? Plenty. Having someone read your e-mail read might not be too bad. Having the book you're writing erased from your computer wouldn't be fun. If a cracker made your computer unable to start, that would be a bad joke. Getting your IRA stolen might ruin your entire day. Think it couldn't happen to you? Think nobody will notice you on the Internet? I used to hope so. I now know better. Even though I just have a dialup connection, my firewall shows regular attempts to break in. [zombie] [event]

Heedless guests

The easiest way to hack into a computer is when your're sitting at the keyboard. So when's a hacker going to be sitting at yours? It's not likely, unless you leave your laptop sitting around. But wait, have you ever considered what Heedless guest users might do? (Or have you already experienced it?)


Go back to the security plan page, and learn how to put an effective defense in place.

"...a paranoid is just someone with all the facts." -- Tim Belford
club stuff
   lost? > index
attack vectors
   web sites
   #  2  3
safe settings
   email client
safe practices
   file handling
defense tools
defense tests