|
Can criminal hackers really get into your PC?
By Robert Vamosi at ZDNet 11/2003
In most cases, I'd say home systems are fairly safe, if only because each computer
is a needle in a giant haystack called the Internet. While the profile of the criminal
hacker (or cracker) suggests a young male who is both patient and obsessive,most
of these individuals would rather stalk the big fish--university, government, and
commercial systems--than your computer.
I don't mean to say home PCs aren't targets. They are. Crackers keep track of IP addresses
assigned by Internet service providers to dial-up, DSL, and cable-modem users. Some
regularly scan those addresses, looking for PCs that are connected to the Net and that have
known security vulnerabilities.
These lists of vulnerable computers are often traded or sold over the Internet, and help
virus writers plant their viruses quickly. That's why it's important to use firewall
software and keep all your applications updated with the latest patches.
ONE QUESTION I'm asked a lot is whether criminal hackers can turn on PCs remotely. The
answer is no. A powered-off PC cannot be connected to the Internet, and crackers looking for
vulnerable computers only see those that are online.
That's why a computer that is always on and connected to the Net via a cable modem or DSL is
vulnerable to attacks. Always-on computers with static IP addresses are even more
vulnerable, since a criminal hacker can get information about that system's exact hardware
and thus launch a more effective exploit against it.
Dynamic IP addresses, which are assigned to your system when you log onto the Internet and
rotate among an ISP's many customers on an as-needed basis, are much more common than
static. Fortunately, dynamic IP addresses are less likely to be targeted, if only because
they require a cracker to check that the system using a particular address is both online
and vulnerable at the time of an attack.
I'm also asked if criminal hackers can access a computer's internal files. That depends. For
this to happen, your system must have a remote-access vulnerability (such as the recent RPC
vulnerability in Windows) or the cracker must have a password that allows access to your
PC's hard drive.
Assuming a cracker did gain access to your hard drive, he or she would then need to know
what software you are running and where your data files are stored. If you performed a
typical install of the software, the files would be stored in predictable locations. But if
you assigned these files to custom locations, a criminal hacker might not want to take the
time to search through your directories to find and tamper with the files.
SO FAR I've spoken about active criminal hacking. But there are also more passive means
available to crackers, such as automated tools that harvest personal data. I'm talking about
Trojan horses--tiny apps that reside on your hard drive and send out information without
your permission. Trojans often lie in wait within pop-up ads or download to your system from
tainted Web sites. Sometimes they come attached to free software you download, or with music
and video files you share over a peer-to-peer network.
I'd also include in this group keystroke loggers--programs that record what you type on your
keyboard. Crackers can use these apps to obtain your passwords for online accounts or your
credit card number.
Since these automated tools require very little effort on the part of a cracker, they are
probably the greatest threat to your PC. It's more likely that some robot or Trojan horse
would breech your system than a real, live individual would get access to your hard drive
and steal your personal files.
ALTHOUGH I DOUBT crackers are attempting to break into your PC as you read this, there's
always the possibility. That's why I tell everyone that, in addition to the hardware
firewall that's included with your cable-modem or DSL router, you should use a software
firewall to hide your PC's ports from remote scans. Such a firewall will also keep Trojan
horses from sending out your personal data, whether it's the keystrokes of your online bank
account password or a list of your system's hardware specs.
If you're worried about your PC's security, keep your applications up-to-date (With Windows
Update), and run antivirus (Like Norton AntiVirus) and firewall software (Like Zone Alarm or
Outpost Firewall). Do this, and the chances a cracker could find or harm your system are
slim.
How about Wireless
access: Evil twin attacks
Dubbed "evil twin attacks," they occur when a cracker sets up an attack computer as a duplicate public access point in a cafe or airport, mirroring the actual settings but with a much stronger signal. An unsuspecting cafe or airport patron then simply logs in to the stronger but fraudulent signal. The user still connects to the Internet, but through the cracker's system. This allows the cracker to sniff or read any data that the victim is sending via the Internet, such as the login ID and password for an online banking account.
If you're just surfing the Web, looking for sports scores or weather in a foreign city, you aren't risking too much. But if you're logging on from an Internet cafe or airport waiting area to order a present for your wife online, you could find yourself a potential identity theft victim. Not all e-commerce sites are secure.
Evil twin phishing attacks take advantage of people's blind trust in free hot spots. Like clicking an e-mail link and ending up on some cracker's look-alike Web site, the wireless phishing experience is also transparent: most wireless users won't know that they've associated with a cracker's look-alike access point or base station. Meanwhile the attacker is collecting personal data from their Internet session.
Perspective
So what are the chances you could become an evil twin victim? Not that great. Seriously, you stand more of a chance of identity theft from someone standing nearby and reading your ID and password from over your shoulder (particularly in a crowded airport lounge). But the point of this and other wireless advisories is to remind you that practically every public hot spot available today is wide open and unsecured. Always proceed with caution. Just because it's unlikely that someone's sniffing your wireless session doesn't mean that it could never happen.
Prevention
You can take steps to secure your home networks, such as using Wired Equivalent Privacy (WEP) encryption or the new Wi-Fi Protected Access (WPA) standard. You can also use Secure Socket Layer (SSL) sessions, Virtual Private Networks (VPN), and Digital Certificates to keep third parties from sniffing your home wireless sessions.
Just because it's unlikely that someone's sniffing your wireless session doesn't mean that it could never happen.
But when you're out on the road, what do you do? Given that the fraudulent evil twin signal must be stronger than the legitimate signal, your attacker might be nearby: in a parked car, an apartment above the establishment, or a lounge seat over by the window. I don't recommend approaching every laptop user you happen to see, however.
|