An Introduction to Criminal
Hacking, Viruses, and Malicious Activities
Time is precious. Life’s too short to worry about computers.”
We agree. But to understand the threats that exist and how to handle
those threats, you need to know some technical stuff. Don’t worry —
we’ll keep it to a minimum.
On This Page
One computer on its own is a beautiful thing — a technical marvel. But
it’s good to communicate. Link two or more computers together using
network cards and cables (or a wireless setup) and you have a local area
network (LAN). All the computers on the network can share data and email
as well as access shared resources like printers, modems, or broadband
Internet connections. Link two or more LANs together and you have a wide
area network (WAN). For example, you might link two offices in different
locations with a dedicated leased line.
An internet (note the small “i”) is a network of networks. Information
from any computer in any given network can travel over the internet to any
computer on any other network, with the internet acting as a sort of
common carrier. Think of an internet as a highway system linking local
road systems together.
The Internet (note the capital “I”) is a global internet. All computers
on the Internet communicate using standard protocols so that information
from any computer on the Internet can reach any other computer on the
Internet. Here the trouble comes: Until you connect with a public network,
you are reasonably safe from external threats. Hooking up to the public
Internet is like publishing your name, address, and phone number and
saying, “Hey look, we have computers here.”
Packets
Information typically travels across networks in packets. A packet
is a chunk of data plus an address and other information that tells the
network where to deliver that data. Everything going over the Internet is
broken down into packets: Web pages, email, downloads, everything. Think
of it like taking a circus on the road. You can’t take the whole circus in
one vehicle. You have to break it up, package it into separate vehicles,
tell each vehicle where it’s going, and put the circus back together when
all the vehicles arrive at their destination. Like vehicles on a road,
packets share physical connections and travel in streams. Big data is
broken down into a series of packets and reassembled at the destination.
As packets travel over the Internet, they are effectively exposed to
eavesdropping by the public.
Ports and Addresses
Each computer on a network is assigned a unique number called an IP
address. The IP address uniquely defines that computer on the network
and provides directions for packets to reach their destinations. IP
addresses work a lot like a street addresses. Part of the address
identifies the network segment of the destination computer and part of the
address identifies the actual computer.
While an IP address refers to a computer and the network segment on
which that computer exists, the individual applications on that machine
must also be identifiable. Think of it like an apartment number attached
to the street address; the street address denotes the apartment building,
and the apartment number denotes the actual apartment. The IP address
denotes the computer, and the port number denotes the program on that
computer. Each program on a computer that must send and receive data over
the network is assigned a special port number. When packets of information
are received at a particular port number, the computer knows which
application gets the packet. For example, port 80 is the port for Web
servers (which host the Web sites you use your Web browser to explore),
and port 25 is the port that is used to send email. Packets are addressed
to a specific port at a specific IP address.
Firewalls
A firewall blocks traffic over specified ports. This doesn’t mean that
you can’t access services on other people’s computers, just that outsiders
can’t get into yours. Some firewalls examine the packets that flow in and
possibly out of the network to make sure that they are legitimate; they
can also filter out suspicious packets. Firewalls hide the identities of
computers within your network to make it harder for criminal hackers to
target individual machines.
Servers
A server is really just another computer attached to a network but one
that is designated to perform some special function, such as share a
printer, store files, or deliver Web pages. Remember that if your notebook
or desktop computer is connected to the Internet, it is also a kind of
server and, without a firewall, is capable of receiving unwanted traffic
from the Internet.
Email is the conduit for billions of email messages per year, and an
increasing proportion of those messages are not pleasant. One email
security firm scanned 413 million emails in August 2003. Three percent
contained a virus, 52 percent were spam, and in many cases contained some
kind of pornographic image. There are five main email threats:
| • |
Viruses are programs designed to replicate
themselves and potentially cause harmful actions. They are often
hidden inside innocuous programs. Viruses in emails often masquerade
as games or pictures and use beguiling subject lines (e.g., “My
girlfriend nude”) to encourage users to open and run them. Viruses try
to replicate themselves by infecting other programs on your computer.
|
| • |
Worms are like viruses in that they try to
replicate themselves, but they are often able to do so by sending out
emails themselves rather than simply infecting programs on a single
computer.
|
| • |
Trojan horses are malicious programs that
pretend to be benign applications. They don’t replicate like viruses
and worms but can still cause considerable harm. Often, viruses or
worms are smuggled inside a Trojan horse.
|
| • |
Spam, or unsolicited commercial email,
wastes bandwidth and time. The sheer volume of it can be overwhelming,
and it can be a vehicle for viruses. Much of it is of an explicit
sexual nature, which can create an oppressive working environment and,
potentially, legal liabilities if companies do not take steps to stop
it.
|
| • |
Hoax emails, such as fake virus warnings,
chain letters, or implausible free offers, waste readers’ time. Hoax
emails often contain viruses or Trojan horses. |
Software developers do not set out to write unsafe programs. For
example, a typical operating system is the product of tens of thousands of
hours of work and consists of millions of lines of code. A simple bug or
oversight can provide an unexpected backdoor into an otherwise secure
system. It is impossible to write bug-free software. Of course, that
doesn’t mean developers should give up trying to do so.
Then there are the bad guys. Bank robber Willie Sutton once said, “I
rob banks because that’s where the money is.” It’s the same with software.
The more successful and widespread a piece of software is, the more likely
attackers are to target it.
There is a continual struggle between attackers exploiting weaknesses
and developers seeking to eliminate those weaknesses. It’s the same with
locksmiths and burglars, alarm manufacturers and car thieves. This is why
software developers release updates that fix known vulnerabilities and why
you should install those updates.
Attackers have different motivations—profit, mischievousness, glory—but
they all work in similar ways. There are a number of basic threats all of
which are capable of infinite variation:
| • |
Spoofing. There are a couple of kinds of
spoofing. IP spoofing means creating packets that look as
though they have come from a different IP address. This technique is
used primarily in one-way attacks (such as DoS attacks). If packets
appear to come from a computer on the local network, it is possible
for them to pass through firewall security (which is designed to
protect against outside sources). IP spoofing attacks are difficult to
detect and require the skill and means to monitor and analyze data
packets. Email spoofing means forging an email so that the From
address does not indicate the true address of the sender. For example,
a round of hoax email messages circulated the Internet in late 2003
that were made to look as though they carried notice of official
security updates from Microsoft by employing a fake email address from
Microsoft.
|
| • |
Tampering. Tampering consists of altering
the contents of packets as they travel over the Internet or altering
data on computer disks after a network has been penetrated. For
example, an attacker might place a tap on a network line to intercept
packets as they leave your establishment. The attacker could eavesdrop
or alter the information as it leaves your network.
|
| • |
Repudiation. Repudiation refers to the
ability of a user to falsely deny having performed an action that
other parties cannot prove otherwise. For example, a user that deleted
a file can successfully deny doing so if no mechanism (such as audit
records) can prove otherwise.
|
| • |
Information disclosure. Information
disclosure consists of the exposure of information to individuals who
normally would not have access to it.
|
| • |
Denial of Service. DoS attacks are
computerized assaults launched by an attacker in an attempt to
overload or halt a network service, such as a Web server or a file
server. For example, an attack may cause a server to become so busy
attempting to respond that it ignores legitimate requests for
connections. In 2003, massive DoS attacks were orchestrated against
several major businesses on the Web, including Yahoo and Microsoft, in
an attempt to clog the servers.
|
| • |
Elevation of privilege. Elevation of
privilege is a process by which a user misleads a system to grant
unauthorized rights, usually for the purpose of compromising or
destroying the system. For example, an attacker might log in to a
network using a guest account, then exploit a weakness in the software
that lets the attacker change the guest privileges to administrative
privileges. |
Most attackers use the processing power of computers as their weapon.
They might use a virus to spread a DoS program to hundreds of thousands of
computers. They might use a password-guessing program to try every word in
the dictionary as a password. Of course, the first passwords they check
are “password,” “letmein,” “opensesame,” and a password that is the same
as the username. They have programs that randomly probe every IP address
on the Internet looking for unprotected systems and, when they find one,
have port scanners to see whether there are any ports open for attack. If
they find one, they have a library of known vulnerabilities that they can
use to try to gain access. For more deliberate attacks (e.g., industrial
espionage) a combination of technology and social engineering is most
effective. For example, inducing members of staff to reveal confidential
information, rifling through trash in search of revealing information, or
simply looking for passwords written on notes by monitors are all options.
