Abstract

I wrote this collection of articles as a research project for my college course. The version that is presented here is the full version, the one for my college assignment was approximately one-half of this size.

It is by no means an exhaustive study of hacking culture and techniques, but it does provide a detailed overview of the more common methods, while also providing help on security and anti-virus protocols.

John Collins, 12-FEB-2002.

Table of Contents

1 Introduction to Hacking
2 Hacker Motivation
3 Infiltration and Trashing
4 Hacking Techniques
5 Computer Viruses
6 Warez and MP3s
7 The Costs and Effects of Hacking on Business
8 Security
9 Conclusion
10 Sources

1. Introduction to Hacking

The Internet, like any other new media historically, provides new methods of engaging in illegal activities. That is not to say that the Internet is intrinsically 'bad', as many tabloid journalists would have us to believe, it is simply a means for human beings to express themselves and share common interests. Unfortunately, many of these common interests include pornography, trading Warez (pirated software), trading illegal MP3 files, and engaging in all kinds of fraud such as credit card fraud.

Hacking on the other hand, is a greatly misrepresented activity as portrayed by the wider media and Hollywood movies. Although many hackers go on from being computer enthusiasts to Warez pirates, many also become system administrators, security consultants or website managers. This does not fit the stereotypical mould that the media likes to portray, but in many cases it is the reality.

1.1 A Definition of Hacking

There are many good definitions available, the Concise Oxford English Dictionary for example defines a hacker as:

hacker / n

1. A person who or thing that hacks or cuts roughly.
2. A person who uses computers for a hobby, esp. to gain unauthorized access to data.

This is a simply definition, one which we will have to go beyond to understand. Firstly, there are in essence two types of hackers, often referred to as 'white-hat' hackers and 'black-hat' hackers.

White-Hat Hackers

This type of hacker enjoys learning and working with computer systems, and consequently gains a deeper understanding of the subject. Such people normally go on to use their hacking skills in legitimate ways, such as becoming security consultants. The word 'hacker' was originally used to describe people such as these.

Black-Hat Hackers

This is the more conventional understanding of the term 'hacker', one that is portrayed in newspapers and films as being essentially 'chaotic', an obsessive social misfit hell-bent on the destruction of everything good about the Internet. White-hat hackers often call this kind of hacker a 'cracker', as they spend most of their time finding and exploiting system insecurities.

In reality, nobody really fits into either camp neatly. It is down to the individual's set of ethics to decide what path that they will take in their hacking career. Not all of the activities of white-hat hackers may be legal, while not all of the black-hat hackers activities are illegal, so many shades of grey exist.

2. Hacker Motivation

The factors that affect the motivation of someone who is drawn to illegal hacker activities are not always clear. It is well known, for example, that few hackers are motivated by financial gain. Most hacker activity is of a nature were money is rarely involved.

2.1 Factors of Motivation

Few studies have been carried out into hacker motivation, although much has been gained by interviewing former hackers who have now gone 'white-hat' (i.e. hacking for security companies etc.). Here are some of the factors that may motivate a person into becoming a hacker:

• Curiosity: Many hackers have stated that they are simply 'curious' about computer and telephone networks and how they work. They wish to explore these networks in order to better understand how they work.
• Spying: This may be on a friend or family member, a work colleague or employee, or a business rival. Hacking of this nature usually involves monitoring an individuals Internet activities or personal data files over a certain period of time without them knowing of the surveillance.
• Prestige: Creditability or social standing within the hacking community can be heightened by hacking a high-profile target, one that will ideally gain coverage in the broader media such as the newspapers or television.
• Intellectual Challenge: These are two words that come up again and again when convicted hackers are interviewed. Many hackers simply thrive on the excitement of eventually cracking a server that they may have been working on cracking for months.
• Anarchy: Although perhaps less common then the above factors, many hackers have expressed political views leaning towards Anarchy, stating anti-globalization views combined with a deep hatred for the corporate nature of many e-commerce sites. They hope to bring down these financial systems in order to reclaim the Internet for themselves.
• Money: Most hackers are not motivated by financial gain, if they do engage in credit card fraud its likely that they used it to buy domain names or web space! It is important to point out, however, that many professional criminals use hacking techniques to make money by setting up bogus e-commerce sites to collect credit card details, hacking servers that contain credit cards details, or engaging in other forms of credit card fraud. These people would not normally fall within the umbrella of 'hackers' however, due to the more serious nature of their motivation.

There have been many cases of hackers probing a computer system and finding security vulnerabilities, and then e-mailing the system administrator in order to help the administrator to improve their security! All hackers are individuals operating according to their own rule books, they are not all bad.

2.2 The Likelihood of being a Target

Many people are likely to worry about the likelihood of becoming a target for a hacker. It is common sense that if you have a computer at home and only connect to the Internet once a week for two hours, you are highly unlikely to become a victim of being hacked. Applying this logic it is possible to determine the likelihood of being hacked dependant upon your level of Internet exposure, from high-risk to low-risk:

• Internet Security firms. Internet Security firms are the most likely targets for hackers, the very nature of their work makes them the natural enemies of the 'black-hat' community. Their servers and web sites contain the best security, therefore making them a very challenging target for hackers.
• High-profile media-friendly targets. These include large corporation's sites, political party sites, celebrity sites etc. Basically, anything that will gain the hacker coverage in the wider media, and credibility within the hacker community.
• Anyone with a web site. Anyone that has their own web site, be it for e-commerce reasons or otherwise, is more likely to become the victim of hacking then those who don't. Your web site is available 24 hrs a day, 365 days a week, and can be hacked at any time due to its 'always-on' nature. E-commerce sites are far more attractive to hackers than community pages, for example.
• Always-on Broadband Connections. Again, due to broad band's always-on connection, the likelihood of being hacker is increased. Furthermore, unlike dial-up modems where the user is given a different 'dynamic' IP (Internet Protocol) address by the web server each time they connect, the always-on IP address is said to be 'static' meaning it never changes. Once the hacker gains your IP address (which is very easily achieved), he/she knows exactly where to find your computer again and again in the future, while being sure that you are currently connected. Use of a firewall is especially important with always-on connections.
• Dial-up Modem Connections. Although some protection is provided by having a different IP address assigned to you each time you dial-up connect to the Internet, dial-up connections are still vulnerable to being attacked as long as the connection is live. However, if you only use the Internet now and then, and you don't have any other web presence such as a web site, your obscurity is your best protection in terms of not being a high profile target.

Anyone who is connected to the Internet in any way is vulnerable to being hacked, having a Trojan horse sniff out their computer, or falling victim to a virus. For these reasons and many more, all users should make themselves aware of anti-virus software, firewalls and general security measures in order to ensure that they minimise the likelihood of falling victim to such attacks, by making their personal computers, web sites or servers as unattractive to potential hackers as possible.

3. Infiltration and Trashing

3.1 Gaining Access

For many dedicated hackers, gaining physical access to a system server is a viable alternate to remote hacking. Hackers are aware of the lax security of many firms, including Internet Service Providers (ISP's), towards the physical security of their computers. A server may be stored in an office, for example, that office may be unlocked, that building may have new people passing through every day unnoticed.

They are many techniques that may be employed by a hacker to gain access to a site, some of which include:

• Applying for a job at the targeted site, using a bogus identity and CV. Once inside and issued with a visitors pass, reasons such as going to the toilet or getting lost can get the hacker around the building.
• Selling sandwiches to the office workers at lunchtime. In this way, the hacker becomes familiar to the workers and nobody pays him/her to much attention.
• Getting a job with a company that provides a service to the targeted site, such as cleaning, computer installation or maintenance work.

All of these methods are, of course, very 'black-hat' and liable to get the hacker into real trouble. The rewards to the hacker may outweigh the risks involved, however, so site security should never be overlooked where sensitive information is stored.

3.2 Social Engineering

Social engineering is a term that is given by hackers to any kind of con trick that is used to get information from a worker of a targeted firm. At its basic level, social engineering exploits an understanding of human nature and people's natural openness and helpfulness when they are asked for help and advice.

In a large business or university, any given worker will only possess a small piece of the overall picture, and therefore they can only respond to requests based on their existing knowledge of events. For example, if a hacker rings an internal number to an office worker to ask for information, the hacker may build 'trust' in the worker by displaying knowledge of office jargon, procedures or other office co-workers, and then use this trust to gain valuable information from the unsuspecting target.

3.3 Trashing

Another valuable source of information to the dedicated hacker comes from an unlikely place, your trash! Hackers may gain access to a targeted site's dumpsters or even office waste paper baskets, where they would hope to find all or any of the following items:

1. Computer, network or phone manuals. Any of these can tell the hacker about the kind of hardware and software that is being used at the targeted site, so that they can better tailor their future attacks.
2. Floppy disks, old PC's containing hard drives, CD-ROM's etc. Even apparently damaged storage devices can still yield recovered information.
3. Memos, reports and other office documents. These will help to build familiarity into the hacker's future social engineering attempts.
4. Computer and IT procedures and protocols, especially those that have been written in-house for operating staff to enable them to fix network or phone problems quickly.
5. Customer information (invoices, contact details etc.). These can also be used for social engineering purpose, as the hacker can show familiarity with customer contracts.
6. Shredded documents. They may look like a mess, but to the most dedicated of hackers, patience is a genuine virtue. If a document is sensitive enough to shred, then it should really be disposed of by a company that specializes in the destruction of such documents.

Something such as trash that the average office worker may never consider, can become an information goldmine to the creatively thinking hacker. The security of sensitive information, especially client information, is the responsibility of the company involved, so they should never dispose of sensitive information in such a care-free way.

The physical security and location of the dumpsters should be discussed with the person in charge of site security, and the necessary precautions put in place.

4. Hacking Techniques

4.1 Overview of Hacking Techniques

The depth and variety of techniques employed by hackers to illegally enter a computer system are vast, for this reason I intend to provide a brief overview of some of the more common techniques involved, without going into to much detail on any particular technique.

Hacking a system is a two-step process, Gathering Information and Launching an Attack.

4.2 Gathering Information

A dedicated hacker may spend several months gathering information on the intended target before launching an attack armed with this new information. Some of the more 'hands-on' techniques involved were discussed in depth in the previous section entitled "Infiltration and Trashing", but there are also more remote methods available to the hacker.

Port Scanning: A port scanner is a program that automatically detects security weaknesses in a remote system. Scanners are TCP port scanners, that attack TCP/IP ports and services (Telnet or FTP, for example), and record the response from the target. In this way, they learn valuable information about the targeted system such as if whether or not the remote system will allow an anonymous user to log in, or indeed if the system is protected by a firewall.

Many hackers simply type large amounts of IP addresses into a port scanning program and launch random attacks on many users simultaneously, hoping to strike it lucky with that one system that shows a serious weakness.

Packet Sniffing: A sniffer is a piece of software that grabs information 'packets' that travel along a network. That network could be running a protocol, such as Ethernet, TCP/IP, IPX or others. The purpose of the sniffer is to place the network interface into 'promiscuous' mode and by doing so, capture all network traffic. Looking into packets can reveal valuable information like usernames, passwords, addresses or the contents of e-mails.

4.3 Launching Attacks

There are many attacks employed by hackers. Here is an overview of just some of the more common:

Denial of Service (DOS): A denial of service attack is basically an act of sabotage against a service running on a port on a targeted system. The aim is to disable the service, for example a web server, in order to prevent people from being able to access that service remotely.

A typical denial of service attack would involve sending hundreds or even thousands of connection requests to a single machine at any one time, causing the machine to crash under the strain. A more advanced approach is to send corrupt connection requests, that exploit a flaw in the service software which fails to recognise the malformed data when it attempts to process it, resulting in a system crash.

Trust Relationship Exploitation (Spoofing): A 'spoofing' attack involves the hacker forging their source address, in order to use their machine to impersonate another. These machines may be operating within a 'trusted zone', for example, where each computer will challenge another trying to connect to it to identify itself. If the computer cannot authenticate itself with the computer that it is trying to connect to, the connection will not be allowed. The hacker uses this relationship to impersonate a particular computer in order to gain access, and because the authentication dialog between computers is automatic, the hacker never needs to use a username or password.

Password Cracking: A password cracker is a program that attempts to decrypt or otherwise disable password protection. Often simulation tools are used to simulate the same algorithm as the original password program. Through a comparative analysis, these tools try to match encrypted versions of the password to the original. Many password crackers are simply brute-force engines that try word after word from a dictionary, often at very high speeds.

Packet Fragmentation Attacks: The packet fragmentation attack leads to attacks that bypass many current firewalls, because of the way datagrams reassemble. Datagrams are supposed to be fragmented into packets that leave the header portion of the packet intact except for the modification of the fragmented packet bit and the filing in of an offset in the IP header. This indicates at which byte in the whole datagram the current packet is supposed to start. Once the whole datagram is reassembled, it is processed as if it came in as a single packet.

According to the IP specification, fragmented packets are to be reassembled at the receiving host. This means that an attacker can send a TCP packet to port 80 through the firewall. The host, behind the firewall, starts to reassemble the packet. The attacker then sends a second packet that overwrite the first and gets, for example, telnet access, which was originally forbidden by the firewall.

Packet Sequence Attacks: In packet sequence attacks, the hacker tries to guess the random sequence number of TCP packets so that he/she can insert their own packets into a connection stream. In this way the hacker can supply new corrupt content between two hosts, while remaining largely anonymous.

Operating System Exploits: All operating systems (Windows NT, Unix, Redhat Linux etc.) have their own specific vulnerabilities and bugs that need to be resolved by 'patching' the OS in order to keep it up to date. Unfortunately, many system administrators neglect to do so frequently enough, leaving their systems open to attack. Hackers, however, are very thorough in keeping abreast of all the possible vulnerabilities in all operating systems.

DNS (Domain Name Servers) Exploits: In DNS exploit attacks, the DNS cache is corrupted by the hacker. The mapping of DNS domain names and IP addresses can be changed so that traffic is redirected to bogus locations, for example to a pornography site in order to cause embarrassment to the targeted site.

FTP (File Transfer Protocol) Bounce Attacks: The main problem with FTP bounce attacks is that the hacker can use the PORT command in active FTP mode in order to establish connections with machines other the original FTP server, effectively allowing the hacker's connection to 'bounce' off the FTP server to another clients machine.

FTP Core Dumping: FTP core dumping enables the hacker to bring down the FTP service. A core dump may be stored on an FTP readable area, where it can then be retrieved in a following FTP session. The first few lines contain the password file that can be cracked offline. Once the hacker has the password, they can impersonate a legitimate user and remove, update or delete files at will.

5. Computer Viruses

5.1 Introduction to Computer Viruses

A computer virus is a term applied to any program that is designed to damage data stored on a computer system or network. The virus may infect documents, applications or worst of all system files that are essential to the correct running of the computer system.

A computer virus is written by an ill-intentioned computer programmer and spread from computer to computer by means of e-mail attachments, downloaded software (often Warez), or portable storage mediums such as floppy or zip disks.

A computer virus only infects the software of a computer system, not the hardware. In the worst-case scenario where a virus has caused irreparable damage to a system's software, the machine can still be recovered by re-formatting the hard drive and re-installing the operating system, but all of the data stored on the machine will be lost.

5.2 Classification of Computer Viruses

There are many types of computer viruses, here is a description of some of the more common variants:

Boot Sector Virus: A boot sector virus occupies the boot sector of a floppy disk or hard disk and loads into memory during the boot-up process. Once in memory, it will attempt to infect the boot sector of any floppy disk that is used in the computer system.

Executable Load Virus: This type of virus attaches itself to executable files and installs itself on the system whenever the executable file is run. Once in memory, it will attempt to infect other program files by attaching itself to them.

Polymorphic Virus: A polymorphic virus is a virus that encrypts itself, changing it's 'signature' so that it is difficult to detect by anti-virus software, by using a 'mutation engine' to change the appearance of the virus in an attempt to evade detection and destruction.

Macro Viruses: A macro virus is one written in a programming language embedded inside another document, such as a word processor document or spreadsheet document. The software suite most targeted by macro viruses is the Microsoft Office suite of applications, but any application that contains a complex embedded macro language can be used to write such a virus.

Trojan Horses: Although technically not a virus, the Trojan horse posses a greater threat to the integrity of your computer system's privacy than any other attack. A Trojan horse must be installed on your machine either by direct access (by a hacker using a floppy, etc.), or installed using the 'executable load' payload method described above. Once installed, the virus begins to log every key press made on the keyboard into a log file, which it then e-mails to the hacker covertly upon you connecting to the internet.

The key log file may contain credit card numbers, personal information, or network or e-mail passwords which often leads to Trojan horses being labelled 'password-sniffers'.

Worms: Worms possess the ability to replicate themselves independently of human interaction, while using polymorphic engines to disguise their movements. They are often designed to read the computer users contact e-mail lists from something like Outlook Express, and then e-mail themselves to every address within that list.

Worms copy themselves from computer to computer rather than from file to file, and because they require no human help to do so, they can spread much more rapidly than regular computer viruses, in extreme cases they can cause e-mail servers to crash with the resulting excessive e-mail traffic that is generated.

Zombies: Zombies may remain dormant on a computer system for an extended period of time. They are normally programmes used by hackers in a coordinated attack on a system, whereby the hacker triggers the Zombie remotely to aid his/her attack on the computer system or network, creating a 'back door' into the system by weakening security devices or programs.

Although Zombies cause no actual damage to a computer system, their presence on the system is unwelcome. Like many other types of virus, they can be received by e-mail or else have to be physically installed onto the targeted system.

6. Warez and MP3s

6.1 Warez

The term 'Warez' is the name given to software that is copied illegally and either sold, traded or given away across the Internet. According to search engine statistics from recent reports, the word 'Warez' is the number one search engine term typed into most popular online search engine facilities.

Just as soon as a company releases it's latest software product, the Warez community is already hard at work trying to crack the software's anti-copying protection. This period in time can be very short, with many cracked software titles appearing on Warez sites around the same time as the product is officially realised to the consuming public.

6.2 The Warez Community

Successfully tracking down and downloading Warez can be a difficult task if the person trying to do so is not a part of the Warez community. In order to be accepted into the inner circles of Warez groups, a person has to have something to trade. Novice Warez enthusiasts normally start by getting something expensive from work or university, then they get themselves a Hotmail address with a smart hacker handle (name), one that is easy to remember, and begin to hang out on Warez newsgroups and IRC channels. Their aim now is to start trading with the Warez community, so that they can gain better access to the better Warez sources, and further expand their collection of pirated software.

6.3 MP3s

MP3 (MPEG-3) is an abbreviation of Motion Picture Experts Group Audio Level 3, which is a technique used to compress audio files down from large multi-megabyte files to something much smaller, typically around 10% of the original file size.

MP3 works by discarding the information that the human ear cannot hear, but which is still sampled along with the rest of the information in the original audio file. Variable levels of quality versus file size may be achieved, making MP3 an effective means of transporting entire audio tracks across the Internet while not suffering long download times. In many (if not all) cases of such transactions, copyright protection has not been regarded as MP3s are traded without the permission of the record companies and bands in question, who undoubtedly loose a lot of money due to the illegal trade in MP3s.

6.4 Warez, MP3s and the Law

Different countries have different organisations who attempt to stop the copyright violations caused by software and music piracy, which makes it difficult for these organisations to effectively coordinate their efforts. Some third world and far east countries are effectively a hotbed for piracy.

The Recording Industry Association of America (RIAA) has been active against mp3.com and against Napster software, which provides a global database of MP3 recordings.

In the UK, the British Phonographic Institute (BPI) has come out in favour of the MP3 format as a distribution mechanism, provided the distribution of music in MP3 files does not harm the artist's and producer's rights.

In 1988, the Business Software Alliance (BSA) was set up to act as a watch dog group to represent a consortium of the worlds leading software developers. BSA has been very active in fighting software piracy, and has cracked down on many offending web sites. In the UK, the Federation Against Software Theft (FAST) was formed in 1984 to fulfil a similar role, campaigning to raise public awareness of the damage caused by software piracy, while finding and prosecuting offenders. These organisations use various methods to catch and shut down offenders, such as running free phone numbers to encourage people to report piracy. They are also known to actively monitor the Internet looking for offending web sites, often applying pressure to local ISP's (Internet Service Providers) to shut down the sites in question, or else face a lawsuit.

7. The Costs and Effects of Hacking on Business

The effect on e-commerce of hackers exploits is very real, with the negative publicity generated undermining consumer confidence in particular companies security. Often these attacks may start out as pranks, but unfortunately they can cause real harm through companies losing customers, which jeopardises their future and that of their employees.

For the purpose of this section on the costs of hacking to business, I will look at five case studies separately:

Case 1: Burger King

In March 2001 a hacker replaced the home page of the Burger King UK site with a parody of their arch rival McDonald's site, stating "Eat our food, we want your money" and suggesting to visitors that they should go to McDonalds instead! The site was running on Windows NT4 using Microsoft's Internet Information Server (IIS), and its thought the group of hackers called Dreamscape2K exploited security holes in the system to redirect the URL to the defaced page.

Damage caused:

It is unlikely that this attack caused any financial damage (Burger King refused to release any figures), but it did make the company look really foolish, and hurt their reputation.

Case 2: Cert.org

The University of California estimate that about 4,000 Denial of Service (DoS) attacks happen every week. Cert.org, the site of the Computer Emergency Response Team set up to investigate computer and Internet security issues, fell foul to such an attack in May of 2001. The site was flooded with requests for information for two days which made it impossible for users to gain access to the site for more than 24 hours.

Damage caused:

The Cert.org site was down for 24 hours, which does not do anything for the reputation of this government funded research facility by showing that it can be taken down this easily. The problem is that it is virtually impossible to prevent these kind of attacks, the servers simply cannot cope with these large surges in traffic. Furthermore, it is very difficult to track down the perpetrators of these attacks.

Case 3: The FBI and SirCam

The SirCam worm infected thousands of online companies, but few are willing to go public with their stories. In July 2001, the FBI was forced to admit that it infected it's own machines with the virus, allowing the bug to forward confidential files to outsiders. The virus was released accidentally by an FBI anti-virus researcher in the National Infrastructure Protection Centre (www.mipc.gov) which is the FBI's online security division.

Damage caused:

Analysts Computer Economics believe SirCam did around $1.035 billion worth of damage across the world and infected an estimated, yet staggering, 2,300,000 computers. It certainly did nothing to improve the reputation of the FBI's fight against Internet crime.

Case 4: NetNames and Osama Bin Laden

In September of 2001, thousands of customers of the domain name registrars NetNames (www.netnames.co.uk) were affected by an attack from a hacker group calling itself Fluffi Bunni. Traffic to thousands of customer's web sites was redirected to a page containing a picture of a pink rabbit propped up against a keyboard with the message: "If you want to see the Internet again, give us Mr. Bin Laden and $5 million in a brown paper bag. Love Fluffi B." The text then went into a rant against religion and the US. The attack hit over 10,000 sites that use NetNames domain name servers.

Damage caused:

NetNames shut down the servers half an hour after discovering the attack and their systems were back up within an hour. Even so, many customers lost fate in NetNames, with many security experts pointing the finger of blame at them. Although it is difficult to quantify the actual financial damage caused to the company, it is undoubtedly an incident that may overshadow their reputation for many years to come.

Case 5: Adobe and Dmitry Sklyarov

In July of 2001, Russian software programmer Dmitry Sklyarov found himself in a US prison cell after presenting a paper on the encryption methods used to protect electronic books at the Def Con hacker conference in Las Vegas. Sklyarov had written software that enabled people using Adobe's eBook reader software to get around any copyright protection codes and to print digital books at will.

Sklyarov became the first person to go to court under the 1998 Digital Millennium Copyright Act (DMCA), which prohibits anybody from selling technology that breaks copyright protection. Adobe's actions prompted a backlash from the hacker community, who pointed out that Sklyarov was doing the company a favour by pointing out the weaknesses in the eBook encryption system.

Damage caused:

Online book stores such as Barnes & Noble, pulled the eBook format from their web sites until security issues were resolved. Adobe lost face within the industry and generated a lot of bad feeling in the tech community. Overall, the whole incident dented the publishing industry's confidence in the eBook format, while the US Department of Justice is to go ahead with the prosecution of Dmitry Sklyarov, so this affair is unlikely to go away for Adobe.

8. Security

8.1 Server-side Security

Internet security can basically be broken into two separate areas: client-side security (i.e. you and me), and server-side security (web servers, LAN servers etc.). For the purpose of this discussion I will focus on client-side security, as this is the area that affects the majority of Internet users.

Server-side security is a large and very complex area, and generally falls within the domain of the system administrator. Server-side security only becomes a major issue for the average Internet user when their privacy is violated by sloppy server security, for example, if their e-mail server is hacked, or the server hosting their web site is hacked. It is the system administrator's responsibility to ensure that all measures that can be taken have been put in place to ensure that such eventualities do not take place.

8.2 Client-side Security

Personal security on the Internet is a real issue, one that is unfortunately overlooked or not taken seriously enough by the majority of Internet users. It is this 'care-free' environment combined with the genuine ignorance of many Internet users that allows hackers a free reign over many people's systems, where all of their private documents (letters, e-mails, contact lists, credit card numbers, CV's etc.) are liable to fall into the wrong hands, without the user even knowing that their system has been hacked.

For this section on personal Internet security, I will guide you through a practical tutorial on how you can beef-up your online presence. There is no such a thing as a completely 100% safe method, but you can go out of your way to make it difficult for any black-hat hacker to target your computer, and therefore make it a very unattractive target.

This tutorial will be broken into four main areas:

1. Anti-virus security.
2. Personal firewall.
3. Encryption.
4. Responding to being hacked.

This sequence follows a logically sequence, one that could be repeated in a real-world hacker attack on your personal files. Hopefully, this will become clear as we proceed.

8.2-1 Anti-virus Security

In part 5 of this article, I discussed in detail what a computer virus is, but I neglected to discuss how you could protect your machine from computer viruses, which is exactly what I will cover here.

Anti-virus Software:

Anti-virus software resides in the active memory of your computer, and takes control of your machine to alert you if an active virus is present on your machine. If the software cannot repair the infected file, it will quarantine the file or give you the option of safely deleting the file from your system.

Anti-virus software may also be used to scan your hard disk, floppy disks, zip disks or CD ROMS. It may also be used to scan attachment files in e-mails, which is one of the main sources of viruses. The important thing to remember is that new viruses are being discovered daily, so if you have anti-virus software installed then you need to make sure that you keep it's library of known viruses up-to-date, otherwise you will have no protection against the latest batch of viruses.

General Virus Prevention Methods:

There are many other methods to prevent your computer files from becoming infected, most of which are common sense. Here are some of the more important ones:

• ALWAYS be wary of unsolicited e-mails, especially ones of an 'unsavoury' nature such as pornography related e-mails.
• Any .exe (executable) files should not be opened unless you trust the source 100%.
• Always be wary of any software that you install on your system, especially free downloaded software. Check the software company's credentials.
• Steer clear of 'Warez' (pirate software).

Finally, and most importantly, backup all of your important data onto floppies, zip disks or ideally CD ROMs. That way if the worse does happen, and you need to wipe you computer's hard disk (or the virus does it for you!), then at least all of your hard work is stored in a safe location.

8.2-2 Personal Firewall

Firewall technology is nothing new; it has been present on most Internet and LAN servers for many years. What is new is that firewall technology is now available on a smaller scale for the single user with one computer connected to the Internet. While not as immediately important as anti-virus software, if you are serious about your security and protecting your privacy online, you might consider buying a firewall.

Firewall software acts as a secure barrier between your computer and the outside world. It monitors all traffic to and from your computer, and decides whether or not this is normal Internet activity or an unauthorised security risk. To the hacker, firewall gives the impression of your computer not being there, or at very least being difficult to locate. Furthermore firewall provides additional protection against Trojan horses, as it will block the unauthorised e-mailing of the key-log file to it's intended recipient, and alert you of the Trojan horse's attempt to do so.

From the above diagram, it is possible to see how a firewall protects your system by monitoring incoming traffic from the Internet, while at the same time watching for un-authorised software connections from your computer to the Internet.

Like anti-virus software, there are many brands of firewall software on the market. Many companies now offer anti-virus and firewall technologies bundled together at a reduced price, which generally prove to be excellent value for piece of mind.

8.2-3 Encryption

Let us assume that you are infected with a Trojan horse that e-mails off the contents of your 'My Documents' directory, or your e-mail server is hacked and some of your e-mail attachments are stolen, your privacy has now been utterly violated, right? But what if the files that fell into the hackers hands were encrypted using a powerful algorithm combined with long, complex password that the hacker could never crack? In theory, the integrity of your data should still be secure in this 'worse-case scenario', provided you have taken these precautions.

Encryption programs basically 'scramble' the original file so that it is unreadable to anyone without the correct password to de-scramble the file. Apart from the many commercial products available, there are many reputable encryption engines available online for free. These allow the user to encrypt all types of data files at will (Word documents, JPEGs, databases etc.), some even allow the user to create self-extracting zipped archives that are also encrypted, which provide an excellent means of transferring important data files via e-mail in a safe and secure way.

The key to data encryption is to choose your passwords carefully, and change your passwords frequently.

8.2-4 Responding to being Hacked.

If your computer is hacked and you do not have any form of firewall installed, you won't even know it happened. Let us suppose that you have firewall installed, and your firewall has alerted you of an attempted hack attack which it has blocked, what do you do next? An attack may show up in your firewall log-file looking something like this (note that some details have been removed for security reasons):

03/11/01 17:13:01 Rule "Default Block Backdoor/SubSeven Trojan horse" blocked (***.***.**.***,*****). Details: Inbound TCP connection
Local address,service is (***.***.**.***,*****)
Remote address,service is (***.***.**.***,*****)
Process name is "N/A"
03/11/01 17:13:01 Intrusion attempt detected from address 123.123.123.00 by rule "Default Block Backdoor/SubSeven Trojan horse".
Blocked further access for 30 minutes.

The key piece of information here is that your firewall has capture the hacker's IP (Internet Protocol) address, 123.123.123.00, which allows you to trace the whereabouts of the hacker (i.e. literally to any city in the world). Using a piece of software called Visual Route, you can now run a trace on the IP address. Visual Route will now follow the path of the IP address right back to the ISP's (Internet Service Provider's) server that the hacker is using to connect to the Internet. It is now possible to e-mail your firewall log-file to the hacker's ISP, alerting them to his/hers misuse of their service.

8.3 Review of Client-side Security

In this tutorial on Internet security, I have shown how any Internet user can protect their privacy online by simply being armed with the right knowledge and tools. I have shown how to safe-guard against viruses, explained the importance of firewalls and what they do, explained how data security can be increased even further by employing encryption software, and finally how a user can respond to being hacked from a remote location.

Internet security constitutes many other areas that are not covered in this tutorial, but I hope I have ignited the spark that will motivate the Internet user to research for themselves the various methods at their disposal, in order to make themselves the least attractive target for any potential hack attack.

9. Conclusion

The main appeal of the Internet to me is the ability to communicate complex ideas in a fast, cheap and creative way. This may include e-mail, web design or even chat rooms and message boards. No other media in the history of the industrialised world provides such a level playing field, where the individual like you or I may compete with the giant corporations to have our voices heard online.

In my opinion, for the most part, the hacking culture does not provide a significant threat to the majority of Internet users, certainly not big enough to justify them being scared away from the Internet by all of the negative media hype of high profile hacking cases, which at worst often border on the hysterical.

I am certainly not saying that the threat does not exist, which would be irresponsible, but what I am saying is that a level-headed approach should be taken by all Internet users to protect their privacy and security online, and to ensure that they educate and inform themselves of the more serious risks involved in maintaining any kind of Internet presence.

The history of Internet hacking is an ongoing affair, one that will eventually show the true meaning of hacking to be to explore and understand, not to destroy and corrupt. When this ideal is realised, perhaps one day people will again be able to publicly declare themselves to be hackers, without the fear of losing their jobs or facing prosecution.

10. Sources

Web resources:

Denial of Service: http://www.net-security.org/text/articles/index-security.php
Hacker Motives: http://www.net-security.org/text/articles/index-security.php
Hacking Techniques: http://www.securitywatch.com/

Books:

"A Complete Hacker's Handbook" by Dr-K.

---

Updated 2020 : note that the above post is out-of-date in terms of some of the technical details, given this post was originally published in 2002, but is left here for archival purposes. Sadly it seems all of the links in the "Web Resources" section are now dead, so I have de-linked them.