What Hackers Do?
In theory, people who try to breach computer security should be called crackers rather than hackers. But the popular press has lost the distinction between the two, and I’m not going to make life difficult by trying to resurrect it.
So, hackers, as popularly defined, are computer experts who spend enormous amounts of time trying to breach the security of networks, Web servers and email servers. Usually they use a selection of specialist software to identify weaknesses, which are then exploited.
The majority do it for fun and as a challenge. They’re not interested in attacking private individuals. It’s the big companies and authorities they go for.
There’s not a lot you can do about this, and it definitely happens from time to time. The good news is that you won’t finish up with any financial liability if your credit card details are discovered. Your credit card company and the company that was cracked will sort it out between themselves. It’s unlikely that you’ll even know it happened.
The second problem is that serious hackers need to protect their anonymity. This means they can’t mount their attacks on organizations like the FBI directly through their own computers and telephone lines. They need first to create an intermediary, like a kind of base camp for a mountain expedition.
To get their intermediate base they use purpose built programs called trojans and backdoors. A trojan is a program that looks innocent but carries a dangerous payload, like the Trojan Horse of Greek mythology. It may be disguised as a game or some other kind of executable program, in the same way that viruses are often disguised.
The payload it carries is a backdoor program (or maybe just a few lines of code that create a security hole so a backdoor program to be installed later). A backdoor program allows the hacker access to your computer whenever it’s on the Internet. It’s a remote control, and usually a very thorough one with full access to every facility and file on your computer.
Again, in the popular press the distinction between a trojan and a backdoor (or more specifically the client element of a backdoor program) has been lost and the two are often used interchangeably.
It’s obviously important to avoid getting a backdoor program inside your computer. The best way is to use a competent virus protection program. Most of these will stop trojans and backdoors getting through.
Don’t rely on secure procedures as a method of stopping hackers. They sometimes fire programs over the Internet at a random IP addresses to see if they stick. You could be happily surfing Disneyland, and from nowhere (certainly not the Web site server) a hacking program can turn up at your machine trying to get in.
Once it’s inside, it will send a message back to the hacker to say it’s colonized your computer. It may also send a message each time you log on to the Internet, because it’s likely you’ll be given a different IP address by your ISP each time you log on.
If your machine behaves strangely and you think you’ve got a parasitic backdoor (it’s a bit like somebody else having a remote keyboard for the same computer) manually unplug the phone line to break the connection and get yourself a top virus protection program. Don’t reconnect that machine to the Internet (not even to collect email) until you’re sure it’s clean.
Don’t worry unnecessarily about hacking programs. They’re quite rare on personal computers. It’s network managers who lose sleep over them.
The exception is if you run a permanent (always-on) Internet connection, especially a broadband cable connection or DSL. Hackers just love to colonise these connections because they’re so useful. If you’ve got one of these you must install extra security. Your service provider will be aware of the risk and should offer you advice on what kind of security you need.
A good start is to install a firewall. There’s a free one that’s easy to use called ZoneAlarm, available from ZDNet. It’s also recommended for users of regular modems who want to improve their security.