Technology Explained

How Can Hackers Hijack My PC? [MakeUseOf Explains]

James Bruce 28-04-2013

how hackers hackMalware is usually very specific in what it does to your PC, whether that’s displaying ads, taking over your browser homepage and search bar, or nagging you to pay for some fake anti-virus. Hijacking however is potentially far more devastating, giving the hacker backdoor remote access to your entire PC.


This is the holy grail for how hackers hack, so it’s important to understand how it can occur and what you can do to protect yourself.

Social Engineering

This is the most common attack method, and we’ve given a full account of one such process before Cold Calling Computer Technicians: Don't Fall for a Scam Like This [Scam Alert!] You've probably heard the term "don't scam a scammer" but I've always been fond of "don't scam a tech writer" myself. I'm not saying we're infallible, but if your scam involves the Internet, a Windows... Read More , involving a scam technical support call that goes something like this:

  • “Hi, I’m from the security team at Microsoft and we’ve detected a virus warning from your Windows PC”
  • They instruct you to open the event viewer, where there are lots of warning messages awaiting you, proving there must be something wrong!
  • They offer to fix it for you, you just need to go to this remote support site and download the remote control software.
  • They gain control of your PC, and proceed to do meaningless fixes, like opening file property dialogs.
  • The login details are passed onto a criminal network who now have full access to your PC anytime they wish, and a tidy commission is paid to the guy who made the call.

how hackers hack

The fake technical support scam isn’t the only way this can occur of course – if you leave your computer in the hands of someone you can’t completely trust, there’s always a chance backdoor software could be installed. Although there’s no cases recorded, a Best Buy employee was found stealing raunchy pictures from a user’s PC – so there’s nothing to stop rogue repair technicians installing trojan software either.

While rogue technicians are certainly rare – the fake technical support scam is all too prevalent, and I’ve personally had to deal with the aftermath on family machines where they’ve fallen for it. The key to protecting yourself and your family is education – explain to less technically capable friends and family that these support calls are fake What's Fake Tech Support & Why You Shouldn't Trust Everything You See on Google You’re sitting at home, minding your own business. Suddenly, the phone rings. You pick up, and it’s Microsoft (or Norton, or Dell, or …). Specifically, it’s a support engineer, and he’s concerned – concerned for... Read More and they should simply hang up.


how hackers work

For single user computers, it’s also quite likely they’re using the administrator account by default. The safest thing to do would be to set up a restricted user account for them to use on a daily basis, and ask them to never use the administrator account without talking to you first.

Also, note that while Microsoft will never call you personally, they do sometimes contact home users – but only via their ISP so that they can confirm they are an existing customer, and charges will never be made.  This happened recently in 2010, when Microsoft set about cleaning 6.5 million computers of the botnet they were a part of.

Browser Vulnerabilities – Flash & Java

Modern browsers are themselves rather secure. Chrome and more recently others run website tabs in their own sandboxed environment, where no changes can be made to the local filesystem. However, plugins such as Java operate outside of this sandbox, so these remain a concern.


If these plugins are enabled and not blocked by the browser, malicious Java or Flash code can be run as soon as you visit an infected site, or even loaded through the untrusted ad-network of a trusted site.

Thankfully, most of these problems are mitigated by simply :

  • running the latest version of a browser.
  • keeping up to date.
  • enabling “click to play” (so code doesn’t run automatically).
  • uninstalling the Java plugin completely.

Really, no decent website uses Java anymore (note: Java and Javascript are completely different), and the average home user does not run Java applications.

how hackers work


Chris has explained the problem of browser plugin security Browser Plugins - One of the Biggest Security Problems on the Web Today [Opinion] Web browsers have become much more secure and hardened against attack over the years. The big browser security problem these days is browser plugins. I don’t mean the extensions that you install in your browser... Read More before, so I’ll point you there for ways of either disabling or checking your particular browser and setup.

Port Scanning

I’m listing this last as it’s the least likely to affect home computers that are connected via a router. If you’ve read our explanation of what port forwarding is What Is Port Forwarding & How Can It Help Me? [MakeUseOf Explains] Do you cry a little inside when someone tells you there’s a port forwarding problem and that’s why your shiny new app won’t work? Your Xbox won’t let you play games, your torrent downloads refuse... Read More , you’ll understand that any application that needs to receive information over the network is required to open a port. Sometimes these are predetermined – such as a web server on port 80 – and other times they’re just random. By default, unused ports are closed, so that’s where the difficulties around port forwarding arise.

If you want to run a web server from your home PC, you’ll need to configure the router specifically to take incoming traffic for port 80 and forward it to your PC. Some applications and devices use uPnP, which handles this configuration of opening ports as and when required. If you have an Xbox 360 for instance and regularly play online, it’s using this to configure ports dynamically.

how hackers work


Port mapping involves a hacker scanning your router from the outside and systematically talking to every single port number, looking for open services. Once the services are found, the hacker is able to check certain characteristics that identify the version of software being run (“software footprints”). The version is then cross-checked against a database of known vulnerabilities, and if a match is found they can proceed with the exploit. Although this sounds laborious, in practice it’s a single tool to scan, cross-check and deliver the exploit.

Unless you’re doing things like setting up your own network servers and performing manual port forwarding, it’s unlikely you’re vulnerable to simple port scanning. However, if you’re curious about what ports are open on your home network, there’s a quick Internet-based tool available here, though you’re limited to the standard ports and 500 others. If you run Linux, check out the nmap tool for a more full test.

how hackers hack

The exception to being protected by a router is when you’re connected to public Wifi. You’re placed on the same network as everyone else, and any one of them could be running a port scanner looking for vulnerable services.

Finally, Matt wrote a great PDF guide – HackerProof, Your Guide to PC Security A Universal Guide To PC Security From trojans to worms to phishers to pharmers, the web is full of hazards. Keeping yourself safe requires not only the right software, but an understanding of what kind of threats to look out for. Read More  – which should be considered essential reading on the topic.

Have you ever had your computer hijacked, and if so, what happened? Do you know how they got in?

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Frustrated
    May 10, 2013 at 10:07 pm

    So, what do I do when my wife falls for this "tech support" and gives access to our laptop? How do I make sure the PC is secure again?

    • MakeUseOf TechGuy
      May 11, 2013 at 9:17 am

      Personally, I would re-install Windows, but if that's too drastic for you check out our free malware removal guide.

  2. kashif faridi
    May 5, 2013 at 7:03 pm

    i hate hackers the most as i like thm !!

  3. Ahcen Adj
    May 3, 2013 at 6:23 pm

    reading your posts helps a lot thanks

  4. Constance Radclyffe
    May 2, 2013 at 2:13 am

    I meant via mirk channel

  5. Constance Radclyffe
    May 2, 2013 at 2:09 am

    Yes,I had my laptop hacked by a friend who no longer is a friend anymore. He put is keylogger to see when I typed in my passwords,then hacked my email plus put a admin password in the BIOS. When I got him to fix my computer he asked for my email password. Thinking nothing of it I gave it to him. I also got messages via mark channels maybe IRQ. One day his name showed up after many stupid messages were received. I checked the net for answers for help understanding the odd behaviors happening to my laptop. When I called him he got defensive. That is when he put an admin or supervisor password in the BIOS settings. The next time i went to boot up my laptop I could not get in without typing in an administrator password. After several panic attacks & several more rebooting tries the name "Mr Clean " showed up on the screen. This occurred during one of the reboot sessions. I called the guy back & asked how "Mr Clean " was doing & told him to go fly a flipping kite . This was why it took him three months to reinstall my Windows operating system . He needed the time to install all his hacking software .
    I resolved everything by wiping my hard drive a million to speak. Than I did a clean install & updated every update & Windows hotfix available.
    soon after this incident a computer warehouse store was closing its door & selling their books for like 90% off. I bought a library full of books. Some of you may wonder why I did not report. Normally I would but his wife is & still is my best of best friends in the whole wide world. Best thing that happened is that it forced me to take charge of my own pc needs & I do.

    • preferred user
      May 3, 2013 at 6:58 pm

      " his wife is & still is my best of best friends in the whole wide world."
      really , maybe he is jealous or should be?

  6. Manide
    April 29, 2013 at 9:15 pm

    Thanks, worth reading.
    I've just created a PayPal account and this kind of articles get my attention instantly.

  7. Dennis Arter
    April 29, 2013 at 5:06 pm

    I am disappointed that you failed to mention the excellent (and free) port checking program called "Shields Up" from Steve Gibson has many other free security tools on his site and continues to comment on the Java plugin problems through his weekly podcast.

    • Lisa Santika Onggrid
      April 30, 2013 at 1:24 am

      Comment system is there to fill the missing piece. Thanks for mentioning that site! I went there a while ago and have forgotten the name.

    • James Bruce
      April 30, 2013 at 6:21 am

      Thanks Dennis, good tip.

  8. Onaje Asheber
    April 29, 2013 at 4:31 pm

    Thanks, I am uninstalling Java.

  9. dragonmouth
    April 29, 2013 at 12:25 pm

    “Hi, I’m from the security team at Microsoft and we’ve detected a virus warning from your Windows PC”
    That sounds so much like one of the Three Great Lies "I'm from the government, I'm here to help you".

    • James Bruce
      April 30, 2013 at 6:22 am

      What are the other two? I'm thinking one is the guy who knocks on your door and says "I'm not here to sell you anything"...

      • dragonmouth
        April 30, 2013 at 11:31 am

        2. The check is in the mail.

        Number 3 is rather too off-color to mention in a polite company.

  10. Nevzat A
    April 29, 2013 at 6:07 am

    God save us from those hackers, they always find a way. Firewalls, anti-viruses, password managers, encryption are all we can do.