Internet Security: How Criminals Hack Other Peoples Computers

chained computer   Internet Security: How Criminals Hack Other Peoples ComputersFor those of you that work in Information Technology and started in the last 20 years or so, chances are you were inspired by movies such as War Games, Sneakers or even Hackers. Remember that 80’s T.V. show Whiz Kids? That was cool too. I so wanted to be one of those kids.

Of course, those movies were exaggerating the power of computers or how they worked, but it was fascinating! The idea of taking control of something or figuring out how it worked by poking around and analyzing it. It was this endless world of possibilities that got us pursuing some of the most thankless jobs in the world.

So how do criminals do things like hack other people’s computers? It really doesn’t take a lot of skill at all.

Let’s assume I’m the criminal for the sake of this story. Disclaimer: I have never been charged with any crime. I do not do the things I’ll talk about here. You shouldn’t either! Do not try this at home – do it somewhere else.


computer theif   Internet Security: How Criminals Hack Other Peoples ComputersThe easiest way to hack someone’s computer is to get your grubby little hands on it.  If I got your computer AND found that your Windows XP accounts were password protected, I would simply use a bootable password reset disk to change or remove the passwords. Then I’m in. I’m not going to tell you where to get these utilities, however, I’m sure you can use Google.

If you had Windows Vista on the disk, with it’s BitLocker technology, it would be harder to get around the protection for certain. But it can be done. I’m sure this isn’t the only method out there.

“Okay smarty-pants! You’ve gotten into my account but I have passwords on all the documents that have my important information!”

Really? First, I don’t believe you since very few people even know that they can password protect documents. Second, there’s a good chance you use the same password for all the documents. Chances are you figure that having a strong password on the Windows account is good enough, that you’ve used a pretty weak one on your documents. Any sort of password cracker using a rainbow table or dictionary attack will get through those in a matter of seconds to minutes.

What if you had set a BIOS password, so that I couldn’t even get to the operating system without knowing it? Well, that’s another step in the right direction, but, yet again, it can be done. The thing is, now I have to do a lot of work. Steal the computer, crack the BIOS password, crack your Windows protection, and crack the document protection. Since most people who steal, steal from people they know, I’ll probably know that you do these things. I’ll look for an easier target. Lazy criminal laggards!

“But Guy!” you say, “what if  I do all of that but you want to get at me over the Internet?”

First off, why do you keep calling me Butt Guy? (Seriously, I NEVER get tired of that joke!) Second, um, yeah, I could do that. However, I’m less likely to try to actually hack your computer. What I’m likely to do is hack websites that you use to gather the information I need to steal your information or money. Even with some creative web searching I can get an awful lot of information on you. Seriously. Try searching on your name and aliases you use on the web. You’ll be amazed by the social profile one could build on you, to steal your identity. So, be careful about what you put out there. It’s out there, pretty much forever.

If you would like to trace someone online MakeUseOf lists a numbers of really good free tools in the post about 15 Websites to Find People On The Internet.

trojan horse1   Internet Security: How Criminals Hack Other Peoples ComputersLet’s say that I’m going to hack right into your computer remotely. The easiest way to do this is to trick you into downloading software that will allow me to take control of your computer. This kind of software is known as a Trojan Horse. I may send you an attachment, or link, in an e-mail that, once you open it, installs the Trojan program without you knowing it. Or, I may set up a web page on a popular topic, that will attack your computer and drop the Trojan Horse onto it. Here’s a story on exactly that.

Once that Trojan is on there, I can use it to take information from you, or I might use it to set up a proxy for me to get to other computers. The nasty part of that is that it is possible for you to then be implicated in whatever crime I committed. Sure, a good lawyer would get you exonerated, but how many lawyers are good enough with computers to understand what just happened? By the time you pay for the lawyer, and dealt with the embarrassment of being charged, you’re already done in. Then I’m long gone.

So what do you do? Well, you keep your operating system updated, you keep your software updated, you keep your antivirus and firewall on and updated. You should also disconnect your computer from the Internet when you are not using. But really, who does all that?

Every computer is like a house – locks on the door, but a glass window right beside it. Just as my dad often said, “Locks only keep out honest people.”

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

18 Comments -

axealis

Computer security education is very important for every computer users, it’s may be can reduce the hackers attack your system.

Sathyavrathan PK

Yeah…it really helps for every user to understand the basic mistakes will lead the hackers to get in…

zeno

I think that, for greater security suitable tor

Mackenzie

Crack the BIOS password? Um…yeah right. Screwdriver. That’s all you need: a screwdriver. Open the case, yank the CMOS battery loose, shove it back in, and Bob’s your uncle, the BIOS password is gone.

Guy McDowell

I think you’ve proven my point. Although that’s not as easily done on laptops, it can still be done.

Anant Shrivastava

I was just about to type that in…

so instead of typing again here i am supporting it you don’t need to crack BIOS.

battery out password gone.

Anant Shrivastava

this must have a disclamer for Windows only.

what if you have linux…..

blog.anantshri.info/2007/08/27/how-to-change-root-password-in-debian/

check this link for how to get pass linux authentication mechanism.

Guy McDowell

The principles of hacking are the same regardless of the operating system. By simply having Linux or other *nix based OS’s, you are already making it difficult for criminal hackers.

If I were a hacker and came across your *nix system, my first thought would be, “This person knows their stuff.” Then I’d look for another target.

Mackenzie

That’s why you password-protect GRUB!

john

i need the password of the person i use his id

Ryan Dube

When it comes to hacking, I think it’s not so much a matter of if there are ways to circumvent your security, but how difficult circumventing it will be. Like criminal thieves, they seek out easy targets. If you’ve layered your system with some of the layers of security Guy has described – you’re at least making sure a hacker really has to *work* to accomplish what he or she is setting out to do. Great article Guy!

debt reduction

thx for it. i will protect my laptop now thx

anders

About the password protected grub:
What if I go with a LiveCD and change the /boot/grub/menu.lst ??
I think that the most secure is encrypting your disk and that’s it :)

Steven

“If I got your computer AND found that your Windows XP accounts were password protected, I would simply use a bootable password reset disk to change or remove the passwords. Then I’m in.”

Actually no, you’re not in, a password reset disk will only work on the computer it was created on. Windows won’t just accept any old password reset disk..

Guy McDowell

The Windows generated password-reset disk isn’t the one I’m talking about. I have one that allows me to reset any account password on most versions of Windows. I won’t mention the name of it here, for the sake of plausible deniability.

Steven

“Any sort of password cracker using a rainbow table or dictionary attack will get through those in a matter of seconds to minutes.”

Not really, a dictionary attack is as it says, a huge list of words. I don’t know about most people but not one of the passwords I’ve ever used, I am using or ever will use will be just 1 single word. Any password I use is a series of numbers/letters and if possible symbols and upper case/lower case. Rainbow tables take up huge amounts of memory and even running a program which entered every possible combination of for a password of 1-10 characters being numbers/letters lowercase/letters uppercase/symbols/ would take ages (73742412689492826049 possible combinations, at 10,000,000 combinations per second is still 7374241268950 seconds = 2048400353 hours.. Hows that for a matter of minutes?

Guy McDowell

If you’re the kind of person that uses strong passwords on all of your files, inside of your account, I probably wouldn’t want to go after your computer. If I did, I would probably use one of the application-specific password crackers that are out there, like the one for Excel files.

Again, I’m not going to mention the name of that tool, for the sake of ethics.

Now part of the problem with your math is the assumption that your password would be the last combination that would be tried. What if it were the 457th word tried? That would be a matter of minutes.

The point is, that, all security is just acceptable security. Nothing is 100% secure, if someone wants it bad enough.

Steven

Yeah I guess, but if it were the 457th tried it wouldn’t be a matter of minutes.. would be a matter of milliseconds.. if that..