Invasion by Hackers and Network Worms

These days, (black hat) hackers are more likely to be involved in organized crime than some malcontent kid out to wreak havoc.

Hackers

To hack (maliciously) is to use your skill and knowledge to trespass in other computers. Hackers have easy access to hacking tools and heuristic methods from the Internet underground. They often use "social engineering" rather than technology to insinuate their way into computers and computer networks.

Social engineering is the skill of getting passwords or other information about systems from people who should know better. The hacker poses as someone with a legitimate purpose for getting in and many people fall for it.

Hacking is largely a social malignancy -- not a technical problem. Don Parker, a seasoned security expert put it this way:

"Remote computing freed criminals from the historic requirement of proximity to their crimes. Anonymity and freedom from personal victim confrontation increased the emotional ease of crime, i.e., the victim was only an inanimate computer, not a real person or enterprise. Timid people could become criminals..."

The most common hacks

"The majority of the successful operating system attacks come from only a few software vulnerabilities. This can be attributed to the fact that attackers are opportunistic, take the easiest and most convenient route, and exploit the best-known flaws with the most effective and widely available attack tools." -- quote from SANS Institute

You're exposed to hackers every time you're on the Internet. When you're online you PC has an Internet address assigned to it. Crackers can easily find your PC and break in. They do that while you're busy surfing, or reading your e-mail.

You wouldn't know they're trying and probably won't know if they succeed until later if ever. For example, they might make off with your bank account number and PIN. You wouldn't know until the money was gone. Your bank would be dubious about your protest though.

Most hackers aren't out to get you personally. They want to use your computer for their own nefarious purposes, but they'll usually go away if yours is well protected. Some of the things they want your computer for:

Hide their intrusion to sensitive computers by going through yours.
Store and distribute spam, porn, pirated music, and warez (bogus software).
Attack their enemies.

Network worms

Network worms are a form of automated hacking. They have the capability to scan vast numbers of Internet addresses. They get in by finding computers that are vulnerable because they have not been patched against known vulnerabilities.

Once they get in, they install spyware or Trojan, or do many of the other things a hacker might do. Worms propagate by using the newly infected computer to look for more computers to infect. They can flood the Internet in a matter of minutes. The end objective is to create a network of zombie computers to use for even more nefarious purposes.

Heedless guests

The easiest place to hack into a computer is at the keyboard. When's a hacker going to be sitting at yours? It's not likely, unless you leave your laptop sitting around. But wait, have you ever considered what heedless guest users might do? They don't have to be malicious to delete things or disable your computer. Backup is a good defense.

Defense against invasion

The primary defense against hackers and network worms is to install a firewall, and keep Windows and your other software patched.

• map of security section

• Step 1: install a firewall: test your firewall online
• Step 7: patch and upgrade

• email security
• web smarts
• catalog of threats
• elements of defense
• 7 steps to security
• how to remove malware
• WiFi security

• attack vectors: deception the #1 threat; phishing #1 deception; poisoned websites; poisoned email; email attachments; downloads; spam (scams and phishing); hackers and worms; popup warnings
• malicious content: spyware; viruses and worms; trojans

"...a paranoid is just someone with all the facts." --Tim Belford