Wednesday, March 10, 2010
One of the questions I hear all of the time is "who are these hackers, and why are they targeting me?" Most people erroneously assume that hackers are poorly behaved super-smart kids--geeks that get a kick out of manipulating the system and causing mischief. They envision poorly supervised teenagers sitting around a computer trying this and that until they crack into a system. Many of us remember the movie "War Games" where Matthew Broderick plays a lovable, super-smart high school student who hacks into the school's computers to manipulate his grades, and who accidentally hacks into the Defense Department's war games computer and nearly starts a nuclear war.
Today, hacking is no longer kid's stuff, but a multi-billion dollar industry that spans the globe. Some experts believe that as many as 25% of all computers are infected by hacker's software. In my first blog, I explained that we are involved in computer forensics, and as such, attend conferences where we listen to reports from the FBI, Defense Department, and Homeland Security on the newest problems out there right now. Part of what we do at Computer PRO (besides fix what hackers do to our customer's computers, along with anything else, and build new computers and networks)is to educate people on how to stay out of the hacker's line of fire. Having said that, let me try to describe what hacker's goals are.
Visualize a robot. Mindless, emotionless, silent unless it comes to life. A big part of what hackers do is to turn your computer into a robot. The tech name for this is a BOT-network, actually. Suppose you go on the Internet and download something--perhaps a song, some freeware, a game--you will never know that download is infected. (however, PLEASE read my articles on learning how to spot these sites) When you click download, you not only get your music, but the download will install hidden software deep inside your computer that will turn your computer into a robot. This software is called a virus, a worm, spy ware, malware, or a Trojan horse. The hackers gather thousands of bot computers into a bot network, and these computers are used to send infected files to thousands of other computers. If the attack is caught and traced, it is traced to you, not to the hacker. There are a few symptoms that your computer is a BOT--mainly that it slows down because the hacker is using your resources, but often you get pop-ups, and the computer starts performing unusually and locking up. Often the ISP (Internet Service Provider--such as Road Runner) will catch this, and shut down your Internet connection. We have people come in our business all of the time who are incensed because their ISP has shut them down for sending spam. They are always understandably upset, and don't understand until we explain to them that they have been hacked. Once we fix their computer, the ISP will hook them back up. Don't worry, the Internet Police are definitely not going to show up at your door and arrest you for sending spam, everyone knows what is going on here, but your computer MUST be cleaned up before it is put back on the Internet. Your computer is being used to steal identities, and rob people--by a person who may be on the other side of the world! There are actually businesses who sell time on their bot-nets, for bad guys to send their malicious software to thousands of unsuspecting computers! This leads me to the next type of hacker--the phisher.
The main goal of hackers is to gather information to steal money. Phishing is pronounced fishing--and it is the same thing--fishing for information. The phishers have a variety of ways to steal your information, all of which require YOUR action--clicking on something. A main way for phishers to gather your banking information is to send you an email (through a bot-network) that tells you that your banking information needs updating, and that your account has been frozen until you resolve this. You may have gotten such an email, it may be confusing because it is not from your bank. These guys know that among the thousands of phishing emails that are sent, some of the recipients will be customers of that bank. According to the FBI, as many as 3% of the recipients of these phishing emails actually input their bank passwords and pins. With one click, their identity is stolen, and their bank account drained.
Another type of phishing works like the bot-network, you download a file, and get hidden software installed deep in your computer, hidden from view. This type of software is called a Key logger. This creepy software allows the hackers to see everything you type-and remotely see, and go through your computer files. The goal is to find passwords, credit card numbers, names, addresses, social security numbers, email passwords--in other words, your identity. When you log onto your bank account, or type in your credit card number, it is as though the hacker is looking over your shoulder. These identities are gathered and sold on websites to bad guys who will steal your identity and rob you. They are sold in groups--like complete identities (including name, address, passwords, credit cards, and mother's maiden name), partial identities, or just credit card numbers. Sometimes these creeps even have buy-one-get-one-free sales of people's identities! The FBI has a whole department that monitors these websites, and works diligently to catch the cyber-crooks. However, many of them are in places in the world where extradition to the US for prosecution is complicated, often Russia or Nigeria.
I do not mean to give you the impression that you are helpless in this, and that you should never use your computer again! There are ways to out-smart them. First, if you haven't read my earlier posts about hackers and cyber-intrusions, read them. However, I am finding that one of the best new tools to combat key loggers is software where you enter your log-ins and passwords (and credit card numbers), and when you need to log in or enter your passwords, pins, credit card numbers, name, address--anything that can be stolen from you, the software automatically enters it in an encrypted format. You never type this on your keyboard so the keys can't be captured, and if the bad guys can see your computer, what they see is encrypted. We like Norton's Internet Security 2010, because it has this feature. We also recommend that the time has come to make your passwords tough to crack--long, a combination of numbers and letters, unpredictable. For example, your first grade teacher's name followed by a number combination followed by the name of a river you know. I know this is hard, but it is important to have unpredictable and long passwords as a part of your cyber-safety routine.
This problem is not going away, in fact it is slated to get worse. Hackers are not only targeting individuals, but governments, banks, and large companies. So strap on your cyber-pistols and meet those creeps on their own turf--knowledge!