Home Hackers
New high-speed modems put home computers at risk
Catherine Palmer wasn't sure if her computer had a virus or if she was just losing her mind. Every time she went online, the Long Beach, Calif., resident noticed something odd. The CD-ROM drive of her computer would open and shut without prompting. Once, a software voice recorder popped up on its own and captured a conversation Palmer was having with her husband. But when she walked in from grocery shopping one day and saw her financial files scrolling across the screen as if an invisible hand were operating her mouse, she realized she was being hacked. The Palmers' landlord was harassed about loans they had never taken out, and their credit cards were inexplicably maxed out. And though this has been going on for more than two years, and the Palmers have filed complaints with the local police department and America Online (her former service provider), Palmer says her hacker remains at large. "I can't go online anymore," she says. "I now feel helpless at the hands of this person."
Cracking, or hacking with the intent to steal or deface, is so feared in the corporate world that companies are spending about $1.8 billion this year on computer network security products and services. Cracking of home computers had been rare, but with the advent of high-speed Internet connections and home networks, it's of growing concern. "What most people don't realize is that it's just as easy for someone to connect to your computer as it is for you to connect out," says John Morency, executive vice president of Sage Research, a technology consulting firm based in Natick, Mass. It is going to get worse, he says. "If you have a high-speed connection, it's fairly simple for someone to find out if they can connect to your machine and then look for any applications they can exploit." Any machine connected to the Internet is potentially vulnerable, but the best targets are those with high-speed, "always on" connections, such as cable modems or digital subscriber lines. Systems with high-speed connections are typically targeted because they are the simplest to track down. That's because whenever you log on, your Internet service provider assigns your system an IP, or Internet protocol, address, which identifies your computer to the network. With dial-up connections, your IP address changes every time you go online; typically, "always on" addresses are fixed. The longer that address is "active," or online, the better the chance an outsider can find you and prowl around.
Under siege. Cable companies and phone companies that install these high-speed connections won't share their attack logs. But a Fremont, Calif., customer of one of the country's largest cable-modem service providers, Excite@Home, sent U.S. News a log of attacks on his computer showing 538 attempts over a two-month period-- an average of almost nine every day. The threat is even more severe on inadequately protected cable systems, as every computer in a neighborhood is connected via the same network. Consumers running home networks, Web server software, or remote-control software on their PCs are also at risk.
The kind of Gaslight creepiness Palmer experienced is unusual because it was directed at her personally. Usually, attackers don't care who you are; they're just looking for an unprotected system they can use as a launching pad to break into larger networks (such as those of the FBI or banks) or to ransack your machine for credit card data, passwords, or Social Security numbers.
Even relatively inexperienced crackers don't have much trouble breaking into home systems. The tools that make it possible to detect (or "ping," in tech lingo) IP addresses and weaknesses in those systems are known as "vulnerability scanners." They are not only easily downloaded from hacker sites but are given away by well-respected companies to prospective corporate customers for a tryout before buying. Network Associates, for example, offers its CyberCop Scanner as a free download for 30 days.
People who use those kinds of ready-made tools are called "script kiddies." "They're not respected by hackers," says Michael Hudack, a 16-year-old former hacker and editor of Aviary-mag.com. Hudack claims script kiddies are usually young vandals who want to break into a system and deface it or steal personal information. But, he says, "if they're any good, they'll use your machine as a jumping-off point to hop into at least 12 more to cover their tracks before they hack into an important government or corporate system."
A cracker will typically try to gain control of consumer systems by installing remote-control software, which is legitimately used in office networks to install, delete, and manage software on workers' computers. With one copy on his machine and one on yours, the cracker can control all the files and applications on your home system as if it were his own. The most popular of these programs with crackers is Back Orifice, because it allows them to log on to a system undetected.
Trapdoors. While it's unlikely the average consumer would install Back Orifice on his home system, one may inadvertently do so by falling into a trap laid by wily crackers, a technique known as remote access Trojan horses, or RATs for short (box, Page 53). "Someone pretending to be a representative of Microsoft or the service provider will send out an E-mail urging you to download what they claim is a critical software update, when in fact, it's Back Orifice in disguise," says Jay Rolls, director of network engineering for Excite@Home. "When the consumer installs it, they've just made themselves open for attack." Cable providers also recommend turning off the file-sharing features on home networks as a precaution, but, of course, doing so defeats the point of having a home network. And consumers who want to install remote access software for their own use should use a package with strong security, such as LapLink 2000 ($170).
The best protection for consumers may be to install consumer firewall software, which detects and prevents attacks. In U.S. News's tests, the best of these proved to be Network Ice's BlackICE Defender, which is a $40 download from the company's Web site (www.networkice.com). Symantec is also planning to ship a consumer firewall application called Norton Internet Security 2000 by month's end. Even dial-up users, who are open to attack if they stay online for long periods of time, should use firewall software.
"I've noticed people trying to break into my system once or twice a day on average," says Chip Rouse, regional manager for the Omaha-based consultant firm Management Communication Services. This was also the case with Harry Saal, a networking consultant in Palo Alto, Calif., who downloaded the software to monitor his cable-modem-enabled home computer. "Once a day, or at least every other day, someone or multiple people are attempting to get into this computer," he says. What's more, Saal says his provider, a local independent company called ISP Channel, "never went out of its way to let me know of these potential security flaws, and I think they've underestimated the risks." And with the risks so great, who should be responsible for protecting your home system from attacks: you or your service provider?
Who pays? "I believe if you are offering services that consumers expect to conform to certain standards of security and confidentiality, you have a responsibility to uphold those expectations," says Deirdre Mulligan, staff counsel specializing in consumer privacy at the Center for Democracy and Technology, a Washington, D.C., think tank. Indeed, home PC cracking is compelling major cable providers, including Excite@Home and Time Warner Cable Group, to consider offering consumer firewall software to their customers, though none has committed to a product, price, or time.
Meanwhile, users may find that not all hackers have nefarious intentions. That was Toronto real-estate appraiser Michael Roman's conclusion. Several weeks ago, Roman returned from a three-day conference to find that his home network had been hacked. But the marauders had not been stealing financial or credit card data; instead, they wanted his MP3 files. What were they--hard-core techno tracks, underground industrial? "No," says Roman, "just easy-listening tunes, like Cat Stevens and Neil Diamond."
The top hacks
Remote access Trojan horse probe (RAT). Crackers check to see if you've unwittingly installed remote-control software, such as Back Orifice. If so, they can then take over your PC. Advice: Never run a program sent to you via E-mail. Or install firewall software.
Nuke (also known as "blue bomb" and "blue screen of death"). As a prank during a chat or online game session, kids send data that crashes Windows 95 (usually with no long-term damage). Macintosh OS or Win 98 are protected, but pre-Win 95 and NT users can download fixes at www.winfiles.com/bugs/oob.html. Firewall software also works.
File-and-print-sharing hack. Activating the "file and print sharing" feature lets everyone on your home network share files, drives, and printers, including hackers. If file sharing isn't a must, turn it off (find instructions at http://v-wave.com/powernews/jan/REMEDY.HTM). If it is, a firewall is essential.
Cracking open your system
Any machine linked to the Internet is vulnerable to cracking, but high speed connections are the most susceptible. Here's one way crackers can break into your computer:
1 A cracker might send you remote-control software via an E-mail attachment, perhaps disguising it as an upgrade to your word processing program.
2 The attachment may appear to copy a benign piece of software when it's actually a remote-control program such as Back Orifice.
3 When you go online, the cracker can find your Internet protocol address. Then he can control you machine from his.
4 The cracker can now steal your files or use your computer as a jumping-off point to break into others, without your noticing.
This story appears in the October 4, 1999 print edition of U.S. News & World Report.