Deadbolting The
Backdoors On Your Network
Home Solutions Cyber Crime Lab Testing Contracts Information Employment Contact



o Back

o Dial-up Protection
o Digital Crime
o FBI Forensics
o Financial
o Hackers
o IDS Thoughts
o Modems
o Security

Dial-up Protection

Ever had your home computer crash while on-line? Ever wondered why software on your computer suddenly stops working correctly? Ever had a computer file suddenly disappear? Wonder how some "spam" e-mail finds you? Ever had fraudulent charges on your credit card? All of these issues can be the direct result of a person breaking into your personal computer from the Internet. Internet intrusions are no longer a problem for big companies or the government.

Introduction

In the past, home computer security was not a very serious issue because very few people connected their computers to the Internet. When you entered your finances into a spreadsheet it was impossible for somebody to view that spreadsheet unless they were sitting at your computer. Today, nearly all home computers are connected to the Internet. With upwards of 250 million Internet users worldwide, the market for computer theft and hacking is only getting bigger and more diverse.

Most criminals are opportunists. Why break into Fort Knox when you can rob 10 small banks? The Internet is the same way. Why break into a huge company that has firewalls and a comprehensive security system when you can steal a little from a dozen home users? Many hackers are specifically targeting the home user because most home users have no network intrusion protection.

Unfortunately, many home users believe their computer does not contain any valuable information. To a hacker, your computer can be a wealth of information about you and your habits. Armed with information about you, a hacker can attempt to make charges on your credit card, take out loans against your credit, and pose as you on-line. If you use the Internet, you are a target for hackers.

How Hackers Break Into Your Home Computer

There are a number of common ways hackers can access your computer or Internet accounts. One of the more commons ways is using a primitive yet effective Internet tool called Telnet. Telnet pre-dates the web browser by decades. It was one of the first tools used on the Internet. However, in the last few years, the popularity of Telnet has waned due to the complex commands the user must enter to connect to a remote computer. For that reason, most people are not familiar with Telnet.

To a hacker, Telnet is a powerful tool. A computer that is connected to a network uses one or more protocols. A protocol is like a language two computer use to communicate. The language or protocol for the Internet is called Transmission Control Protocol/ Internet Protocol or TCP/IP. A computer using TCP/IP has many "ports" open. A port is like a "pipe" or connection to the Internet where communications are directed. For example, when you retrieve web pages from a web site, that information is usually transmitted via TCP port 80. You computer has many ports and while they are open, a hacker can attempt to access your computer through the port.

A hacker can scan your computer looking for open ports. When the hacker finds an open port, he can attempt to connect to you computer via that port using a Telnet application or other specialized networking tools. From there, he may be able to retrieve files, place files (including viruses) on your computer, or watch your Internet communications. All of this can be done without anything showing up on the screen.

Another common way hackers access computers is to send you a Trojan Horse application. Like the mythical gift from the Greeks to the residents of Troy, a Trojan is an application that looks innocuous and may even behave as expected, but lurking inside is a virus or other malicious program. Some Trojans allow a user to access your computer at anytime you are on the Internet. One of the most common Trojan applications is called BackOrifice. Originally designed as a remote maintenance and administration tool for corporate networks, BackOrifice quickly became a tool for hackers to access computers and steal information.

Army of Bots

One common misconception about hackers is that they are all teen-age boys sitting at a computer diligently trying to break into your system. In reality, most hacking is actually done by automated programs called "bots" (short for robot) or spiders. A bot is merely a automated script or program designed to systematically carry out scans and attacks. A spider is an automated program that can search areas of a network for a particular vulnerability.

For hackers, bots can be programmed to immediately respond to activity on your computer. For example, you log on to the Internet. 12,000 miles away in Russia, a hacker's computer is monitoring your Internet Service Provider (ISP). The hacker's computer notes that your computer logs on. This triggers a bot that begins to scan your computer for known vulnerabilities and security holes. If a vulnerability is located, another bot is triggered which connects to your computer and downloads important files and information, such as password lists or cached web browsing data.

Hours later when the hacker wakes up or comes home from work, he can survey the information his hacking bots collected the night before. Perhaps your credit card number was stolen? Perhaps one of his bots collected a password list from your computer? Perhaps he scored some embarrassing information about you making you vulnerable to threats and extortion from a stranger on the other side of the globe.

Social Intrusions

One common way for less sophisticated hackers to gain access to your accounts or computer is through "social intrusions." A social intrusion is merely a fancy word for "tricking you into revealing sensitive information." One of the most common social intrusions is a hacker poses as an administrator from your Internet service. You receive an email that looks like an official mail from the administrator. In the email, the hacker might say there was a problem with your account and they need to verify your password or your credit card number.

Most social intrusions do not work simply because they are easy to identify. When a suspicious person asks for a password, most people know better than to give out such information. However, some people are unfamiliar with the Internet. Moreover, some social intrusions are not so easy to identify. Some social intrusions are multi-step attacks where they will ask innocuous, unrelated questions in an attempt to crack your passwords.

Always-On Connections

When you connect to the Internet via a dial-up modem, you are live on the Internet only while your connected. When you hang up, the connection is gone. For the most part, dial-up connections are harder to hack because they are not active for very long. However, many people are now installing high-speed, always-on Internet connections in their homes. Cable modems, ADSL lines, and ISDN connections are "always-on". Because these connections are always live on the Internet they are much easier for hackers to target. Moreover, these connections often have fixed system addressing schemes which make it easier for a hacker to target you specifically.

To make web surfing more interactive, these three technologies expand the capabilities for web browsers. However, they can also serve as a tools for hackers.

Cookies are rather safe. A cookie is a very small text file placed on your computer so a web site can track your use of the site. For some on-line shopping and interactive sites, cookies are required to track the web pages you visit. Most current browsers allow you to disable the cookie features. However, this may make you unable to view some web sites or purchase items on-line. Hackers generally do not use cookies for hacking. Cookies are also unable to execute any applications on your system.

Applets are small little Java programs that execute on your computer. Most applets are completely safe. However, some applets can collect information off your computer and then send it back to the hacker. Be careful with the sites you visit. If you are unsure about a site's content, change the security settings of your web browser to disable active content or Java.

ActiveX is another language for developing applications for web browsers. Most Active X modules are safe. However, some hackers use Active X modules to collect information off your system or execute malicious programs. The best way to stop malicious Active X modules is to be careful with the web sites you visit. If you are unsure about a site's content, change the security settings of your web browser to disable active content or Java.

Newer web browsers now support much tighter security requirements for Active X and Java applets. If you are using an older web browser, upgrade to the latest version. It will contain the latest security patches which may stop damaging content before it can be executed.

How to Stop Hackers

Hackers are clever people. Most hackers are intelligent, resourceful individuals. While many hackers are honest people merely looking for a challenge, some are dedicated criminals and terrorists. Some hackers are dedicated to causing trouble or terrorizing people they feel are "unfit" to use the Internet. In the early days of the Internet, some hackers were so militant about using the resources of the Internet they designed crude, yet effective systems to "bounce" people off systems to discourage them from using the Internet. Today, services like AOL are constantly under attack from hackers who feel AOL and its users have "polluted" the Internet.

Stopping hackers at home is actually quite easy. The most powerful weapon against hackers is knowledge. The following list provides some basic pointers to keep in mind while using the Internet.

  • Never, ever give out a password, account number, credit card number, or any sensitive personal information via email. Hackers sometimes watch email servers and can intercept emails.
  • Your ISP will never call or email you and ask for your password. If they do, get their telephone number and tell them you will call them back with the information.
  • Keep your operating system and Internet software updated. Microsoft and Apple regularly issue updates and patches to their operating systems. Moreover, Netscape and Microsoft also regularly update their web browser software. Updates patch known vulnerabilities in software. One of the most common ways hackers break into systems is to exploit well known security holes in older software.
  • Never reveal your IP address or the name of your computer. Armed with an IP address, a hacker can specifically target your computer for hacking.
  • Be careful what Internet web sites you visit. Some web sites for hackers contain code that can figure out your operating system and IP address. This can trigger a bot to begin scanning your computer. If you are concerned about the security on a web site, change your web browser security settings to prohibit the execution of any Java applets or Active X modules.
  • If you use Internet Relay Chat (IRC) or "chat" rooms, be careful about personal information you reveal. Some hackers "lurk" in chat rooms looking for people to exploit.
  • If you post messages on the Usenet newsgroups, be careful with any information you reveal about yourself. Newsgroups are public areas. Hackers may be watching your favorite newsgroup for information about you.
  • If you use Windows 95 or 98, disable file and print sharing, turn off file and print sharing. To do this, follow these instructions:
    1. Open your Control Panel (Start > Settings) and double-click Network.
    2. Click File and Print Sharing.
    3. Uncheck the I want to be able to give others access to my files and I want to be able to allow others to print to my printer(s) options.
    This turns off all file and print sharing across a network. Home computers, that are not connected to a network, do not need to have this option enabled.
  • If your machine regularly crashes while you are on-line, you may be targeted by a hacker.
  • If you have an "always-on" connection via a cable modem, ADSL, or ISDN make sure to use all the proper Network settings your service provider recommends. These connections are especially prone to attack. If you notice any suspicious behavior with your computer, report it to your service provider immediately.
  • Never submit sensitive information via a web page unless the web site uses secure connections. You can identify a secure connection with a small "key" icon on the bottom of your browser (Internet Explorer 3.02 or better or Netscape 3.0 or better). If a web site uses a secure connection, it is safe to submit information. Secure web transactions are virtually impossible to crack.
  • If you use a computer to purchase anything, especially online securities brokerages, you might want to clear your browser cache after visiting these sites. Hackers can download files from your browser cache and possibly find out information about your on-line activities.
  • Be careful of files that are emailed to you from strangers. Never execute a program attached to an email from someone you do not know. The application could contain Trojan viruses that could allow a hacker access to your computer.
  • If your computer begins to exhibit strange behavior such as applications crashing, shut down your Internet connection and reboot your computer. A hacker may be damaging files on your computer.
  • If your Internet connection becomes very slow or you cannot connect to any web sites, hang-up and redial your ISP. A hacker might be downloading files from your computer. One way to check if someone is downloading files is to look at your Internet connection information. If there is a lot of activity on your connection, yet you have not initiated any file downloads or web page requests, it could mean someone is breaking into your system.
  • If you use your computer to do your taxes (TurboTax) or personal finances (Quicken, Money) you might want to keep your data files for these applications in an encrypted or abnormal place on your computer. While these programs are not necessarily sending information over the Internet, a hacker could break into your computer, steal these files and use them to commit fraud.
  • You may want to consider obtaining an encryption key for your email. Encryption software is available from a number of popular software companies.

Conclusion

Hacking is not merely a hobby for young computer nerds looking for fun. There are some hackers that are dedicated criminals and terrorists. With more people using the Internet for purchasing goods and services, there are more opportunities for criminals to steal from you. Even simple protection measures can help defend yourself and your computer from these criminals.

Nobody is exactly sure how much damage hackers cause each year. Estimate range from the hundreds of millions of dollars to billions. One fact is certain, each day there are more people on the Internet giving criminals more opportunities to steal. Stop hackers before they stop you.

Battle Lab
Coming soon, the Battle Lab! A virtual play-ground for your applications and security tools. Scenarios running daily!

Wireless
With everybody trending to wireless technologies, make sure your information is secure.

Contact Us
We always welcome comments and questions. Contact us via e-mail or by phone at (505)-798-0129.

Copyright System Solutions Group, 2003.
All rights reserved. Disclaimer