New high-speed modems put home computers at risk
Catherine Palmer wasn't sure if her computer had a virus or if she was just losing her mind. Every time she went online, the Long Beach, Calif., resident noticed something odd. The CD-ROM drive of her computer would open and shut without prompting. Once, a software voice recorder popped up on its own and captured a conversation Palmer was having with her husband. But when she walked in from grocery shopping one day and saw her financial files scrolling across the screen as if an invisible hand were operating her mouse, she realized she was being hacked. The Palmers' landlord was harassed about loans they had never taken out, and their credit cards were inexplicably maxed out. And though this has been going on for more than two years, and the Palmers have filed complaints with the local police department and America Online (her former service provider), Palmer says her hacker remains at large. "I can't go online anymore," she says. "I now feel helpless at the hands of this person."
Cracking, or hacking with the intent to steal or deface, is so feared in the corporate world that companies are spending about $1.8 billion this year on computer network security products and services. Cracking of home computers had been rare, but with the advent of high-speed Internet connections and home networks, it's of growing concern. "What most people don't realize is that it's just as easy for someone to connect to your computer as it is for you to connect out," says John Morency, executive vice president of Sage Research, a technology consulting firm based in Natick, Mass. It is going to get worse, he says. "If you have a high-speed connection, it's fairly simple for someone to find out if they can connect to your machine and then look for any applications they can exploit." Any machine connected to the Internet is potentially vulnerable, but the best targets are those with high-speed, "always on" connections, such as cable modems or digital subscriber lines. Systems with high-speed connections are typically targeted because they are the simplest to track down. That's because whenever you log on, your Internet service provider assigns your system an IP, or Internet protocol, address, which identifies your computer to the network. With dial-up connections, your IP address changes every time you go online; typically, "always on" addresses are fixed. The longer that address is "active," or online, the better the chance an outsider can find you and prowl around.
Under siege. Cable companies and phone companies that install these high-speed connections won't share their attack logs. But a Fremont, Calif., customer of one of the country's largest cable-modem service providers, Excite@Home, sent U.S. News a log of attacks on his computer showing 538 attempts over a two-month period-- an average of almost nine every day. The threat is even more severe on inadequately protected cable systems, as every computer in a neighborhood is connected via the same network. Consumers running home networks, Web server software, or remote-control software on their PCs are also at risk.