Beware of HACKERS

Did you know that a hacker could be watching you right at this very moment, reading
exactly what you are reading right now, and you didn't even know they were there or how t
hey got in?
A hacker can get into your bank account if you save your password on your PC. They can
"break" your password using commonly available programs and then change your passwords
to your banking accounts and PC effectively locking you out. But they don't even need to
"break" your password, if they load the right program on your PC.

They can, and do ...
..steal and delete files,
..load dangerous programs onto your PC,
..involve you in computer crimes.

True story:
A woman gets up in the middle of the night and notices her PC operating all by itself,
an invisible hand is controlling her mouse and opening up applications. Thinking that her
PC is malfunctioning, she calls the PC manufacturer the next day. Of course, now, the
PC is behaving normally. She finds that she has been infected with a commonly available
trojan, and she had witnessed the hacker rummaging through her system.


Continue reading and you will learn how they get in ........

These are the 5 steps to a successful "hack".

1. Hackers look for easy targets and find out information about them and their systems.

2. Breaking into your system.

3. Getting authority to control everything on your system.

4. Hiding the evidence of their break-in.

5. They load programs and passwords on your PC to give them easy access in the future.



Scoping Their Target

Every computer that connects to the Internet is assigned an IP (Internet Protocol) address.
This is very similar to a telephone number in many ways. If you have a DSL connection
or cable modem connection your IP address stays the same and is "always on". If you
have a "dial-up" account, then your IP address is dynamic (it changes each time you connect),
and your ISP (Internet Service Provider) cuts you off after a certain amount of time of
inactivity.

Dial-up accounts are less hacker friendly because your IP address changes each time you
are on. This makes it impossible for the hacker to make repeat visits unless he has tricked
you into loading a program on your PC that tells him when you are on-line and gives him
your current IP address.

"Always on" connections are just that, always connected and open for attack. The hacker
can take his time getting to know your system and it's weaknesses, searching until he finds
a way in. Your only safety is in the vast numbers of open, unprotected systems.

There are many ways for the hacker to find out what your IP address is. Some of the more
common methods are through chat rooms, by looking up domain names on a domain name
registrar site, or by running programs that can create a log of all valid addresses.

Chat rooms are the easiest way for hackers to find out your IP address. All they have to do
is right click on your chat id and they have your IP address. With your IP address in hand t
hey can start testing your system for weaknesses.

You would be amazed at what information is available from a domain name registrar like
Network Solutions. Anyone can type in the name of a domain, for example, Yahoo.com,
and find out employee names, phone numbers, fax numbers, physical addresses and IP
addresses.



Breaking In

A hacker wants to know your IP address and what operating system you are running.
Most home PCs run Windows, so home PC hacking is easy because there are many known
Window "bugs" that can be taken advantage of. Most home users have never worried
about computer security.

Hackers look for commonly know system weaknesses (bugs or holes in software).
The operating system, like Windows, has bugs, as do other software like browsers, such as
Microsoft's Internet Explorer. They scan your open ports looking for a running program
that they can take advantage of. Scanning is like a burglar who checks all the doors and
windows of your house to see if any are unlocked.

Windows 95 and 98 often have File and Print Sharing option on. This allows someone to
access your hard drive and load any program they want on your hard drive or delete or
change any file they want on your PC. (the next page, Cyber Defense will show you how
to turn this off). This access makes it very easy for a hacker to use your PC as his own.

Hackers often use trojans to break into and control home computers.

One of the most famous hackers, Kevin Metnick, used social engineering to obtain needed
information to break into systems. Social engineering is where a person wants to find out
information about you, so they call you and trick you into to telling them what they want
to know. They then use that information to break into your or your company's system.

Basically, hackers don't need to know much of anything about you to get into your system
. They are counting on the public being uninformed and use that lack of knowledge to
gain access to many computers.



Getting Total Control

You may be thinking...
"I don't have to worry, my PC is password protected."
Not true!

PCs used at home did not need a lot of security features before the Internet. They were
designed for convenience, not security. Windows 95 and 98 are very insecure. It takes
about 10 seconds to bypass any password you have to "lock out" other people from your
home PC. Don't make the mistake of thinking that because you have password protected
your PC, that it is safe. IT IS NOT SAFE!

Hackers use specialized programs to "crack" passwords. Your password at work or to
your bank account can give a hacker much greater control over your life or company than
you realize. Choose your password carefully. Please take the time now to read about how
hackers "crack" passwords and how to create a good password."



Disposing of the evidence
One way that hackers camouflage their dirty work is by changing the name of their programs
to look like program names of legitimate system programs. Or they will create a hidden
folder to keep all their programs in.



What is left behind

The most dangerous trojan is a "back-door" trojan. A trojan horse program is a way of
tricking you to load a program onto your PC that gives a hacker access to your computer.

The name comes from the legend of Troy. Ulysses, enemy of the Trojans, leaves a wooden
Trojan horse outside the gates of Troy. The Trojans believing that it is a sacrifice to the
gods, bring it inside the walls of the city. What they did not know was that inside the belly
of the trojan horse were Greek soldiers. At night, the Greek soldiers snuck out and opened
the gates of Troy to the Greek army who then defeated the Trojans.

Software trojans are more clever, often arriving from friends who do not know what is in
the cute little program that sings Merry Christmas to you. While you are enjoying the
show, a nasty little trojan program could be loaded.

A "back door" trojan gives hackers complete access and control over your PC. They can s
ee your screen, just as if they were sitting in front of it. They can watch every move you
make with your mouse, every word you type, like a spy standing over your shoulder. And
you will have no idea that they are there. These programs run in stealth mode, silent and
deadly.

"Back door" programs are commonly available. They can be tools used to administer remote
systems and are used on a daily basis in a legitimate way by system administrators.

When your PC asks you if you would like to save your password to your bank account or
other important accounts, SAY NO! This little convenience of not having to remember
and type in your password might give a hacker complete access to your bank account.

More often than not, the hacker is not interested in you or your system. He just wants to
control your PC to hack into much larger, profitable, head-line creating sites, like
government, bank, and popular sites.



One technique hackers use to attack web sites is called "denial of service attack". The
hacker might send signal to all the PCs he has infected with specialized software. The
software, which could be running on hundreds of PCs, simultaneously sends problem
messages to the target web server and ties up all it's connections so no one new can
connect, or crashes the web server, or overloads the mail server with junk mail.
The effect is that legitimate customers can no longer access a service or web site. eThis can
cost companies millions of dollars.