Home Hackers
New high-speed modems put home computers at risk
The kind of Gaslight creepiness Palmer experienced is unusual because it was directed at her personally. Usually, attackers don't care who you are; they're just looking for an unprotected system they can use as a launching pad to break into larger networks (such as those of the FBI or banks) or to ransack your machine for credit card data, passwords, or Social Security numbers.
Even relatively inexperienced crackers don't have much trouble breaking into home systems. The tools that make it possible to detect (or "ping," in tech lingo) IP addresses and weaknesses in those systems are known as "vulnerability scanners." They are not only easily downloaded from hacker sites but are given away by well-respected companies to prospective corporate customers for a tryout before buying. Network Associates, for example, offers its CyberCop Scanner as a free download for 30 days.
People who use those kinds of ready-made tools are called "script kiddies." "They're not respected by hackers," says Michael Hudack, a 16-year-old former hacker and editor of Aviary-mag.com. Hudack claims script kiddies are usually young vandals who want to break into a system and deface it or steal personal information. But, he says, "if they're any good, they'll use your machine as a jumping-off point to hop into at least 12 more to cover their tracks before they hack into an important government or corporate system."
A cracker will typically try to gain control of consumer systems by installing remote-control software, which is legitimately used in office networks to install, delete, and manage software on workers' computers. With one copy on his machine and one on yours, the cracker can control all the files and applications on your home system as if it were his own. The most popular of these programs with crackers is Back Orifice, because it allows them to log on to a system undetected.
Trapdoors. While it's unlikely the average consumer would install Back Orifice on his home system, one may inadvertently do so by falling into a trap laid by wily crackers, a technique known as remote access Trojan horses, or RATs for short (box, Page 53). "Someone pretending to be a representative of Microsoft or the service provider will send out an E-mail urging you to download what they claim is a critical software update, when in fact, it's Back Orifice in disguise," says Jay Rolls, director of network engineering for Excite@Home. "When the consumer installs it, they've just made themselves open for attack." Cable providers also recommend turning off the file-sharing features on home networks as a precaution, but, of course, doing so defeats the point of having a home network. And consumers who want to install remote access software for their own use should use a package with strong security, such as LapLink 2000 ($170).
The best protection for consumers may be to install consumer firewall software, which detects and prevents attacks. In U.S. News's tests, the best of these proved to be Network Ice's BlackICE Defender, which is a $40 download from the company's Web site (www.networkice.com). Symantec is also planning to ship a consumer firewall application called Norton Internet Security 2000 by month's end. Even dial-up users, who are open to attack if they stay online for long periods of time, should use firewall software.
advertisement
