Confessions of an Internet hacker: Stealing your personal information was hard to resist.Some friends and I have pretended to be you a few times-setting up credit card accounts to purchase a few things. I hope you don't mind. Your personal information was easy to obtain over the Internet with the aid of a few well-known cracker tools. It was hard to resist. THE PERFECT COVER My name is John Smith. I'm from Crescent City Crescent City is the name of the following places:
If only we had stayed in Crescent City, you never would have found us. We had the perfect conditions for monitoring service The general surveillance of known air traffic movements by reference to a radar scope presentation or other means, for the purpose of passing advisory information concerning conflicting traffic or providing navigational assistance. providers, e-commerce sites and online banks that pointed the way to your personal computer to steal credit card numbers and other personal financial information. Sometimes we were able to use this information to persuade our "clients" to pay us not to share their sensitive data with the public or we would damage their computers. Once we were inside your computer, we made copies of your financial data files from Quicken, Quickbooks, your tax return software and other data sources. You pretend to protect your valuable data with passwords that don't take long to crack. Password-cracking software-supplied by some good friends of ours--allowed us to discover your passwords in minutes. Fortunately, you didn't bother to use uncrackable passwords. Apparently they are too hard to remember or a nuisance to change. We were able to obtain more than 56,000 credit cards with personal information "courtesy of" a few Internet service providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. and Internet retail sites. You may have felt safe when you signed up for Internet services or bought stuff online, but those online vendors have big back doors just waiting for us to walk through. We also "borrowed" bank account and other personal financial information from online banking services. PIECE OF CAKE It was not difficult for us to take control of your unprotected computer over the Internet-using it to establish thousands of anonymous e-mail accounts at e-mail Web sites like Hotmail, Yahoo! and My Own Email. With our "personalized" e-mail accounts we used special software to create associated accounts at PayPal, an online payment service, with random identities using your credit card numbers. With other software, we controlled and manipulated eBay auctions. We could act as both seller and winning bidder in the same auction and then paid ourselves with your "borrowed" credit cards. Did I mention that we had accumulated over 56,000 valid credit card numbers? Most of these card number sources were from sites that had weak firewalls with ports opened by common trojans. That's also how we accessed your PC. You may have acquired our trojan by opening an e-mail with attached script files, or by visiting some of our choice "educational" Web sites where this agent was downloaded without your knowledge. Thank you, computer users who do not use good virus protection or keep your definition files updated. You feel secure because you have a firewall? There is an old saying, "No security is better than false security." Even when we walked in through your computer's back door, we still had to crack a few passwords to get your personal information to authorize credit card use. If that information had secure password protection that took longer than a day or two to crack, we would have given up and moved on to one of your neighbor's computers whose passwords were not so secure. So please keep your passwords short--using only common English words and names. At least I had five fun years before I was caught. I have to go now. I have a hearing scheduled for 9 a.m. Monday. Don't worry, if I should somehow shake this rap, we'll be in touch. Larry Russell, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , CITP (Certified Information Technology Professional) A specialty credential awarded by the AICPA to its CPA members who excel in the provision of technology-related business services. , is a consultant with Valencia-based Cambridge Technology Consulting Group Inc., an information technology service provider. He is a member of CalCPA's state Technology Committee, CalCPA Council and chairs the Los Angeles Los Angeles (lôs ăn`jələs, lŏs, ăn`jəlēz'), city (1990 pop. 3,485,398), seat of Los Angeles co., S Calif.; inc. 1850. Chapter's Members in Industry Committee. RELATED ARTICLE: Viruses 101 Destructive. Secretive. Embedded. Executable. Variable. Just a few of the terms that describe a computer user's archenemy--the virus. Once executed, a mechanism in the virus enables its distribution to other computer systems. Some current strains, known as worms, spread on their own. The Code Red Worm automatically sends itself to 99 IP addresses it generates. Once activated, viruses can do anything--delete files or send themselves, together with documents on your hard drive, to some, or all, of the names in your Microsoft Outlook For the e-mail and news client bundled with certain versions of Microsoft Windows, see . Microsoft Outlook or Outlook (full name Microsoft Office Outlook address book or to any Internet address There are two kinds of addresses that are widely used on the Internet. One is a person's e-mail address, and the other is the address of a Web site, which is known as a URL. Following is an explanation of Internet e-mail addresses only. For more on URLs, see URL and Internet domain name. . A virus attached to e-mail messages can infect an entire enterprise in a matter of minutes A Matter of Minutes is an episode from the television series The New Twilight Zone. Cast
prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the International Computer Security Association, more than 10,000 already are identified, and more than 200 new ones are created monthly. No computer is immune from viruses. Virus Types Viruses fall into four main classes: Macro Viruses According to the International Computer Security Association, 80 percent of viruses are macro viruses--and the numbers are growing. These are not specific to an operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. and spread with ease via e-mail attachments, floppy disks, Web downloads, file transfers and general use applications. Macro viruses are application-specific. They infect macro utilities within Microsoft Word A full-featured word processing program for Windows and the Macintosh from Microsoft. Included in the Microsoft application suite, it is a sophisticated program with rudimentary desktop publishing capabilities that has become the most widely used word processing application on the market. and Excel, and can infect hundreds of files if undeterred. They can infect at different points in a file's use, such as when it is opened, saved, closed or deleted. Trojans Trojan viruses hide themselves and quietly open a communication port on your Internet-connected PC. You may have installed a personal firewall or be inside a secured network, but this virus type opens back doors so that hackers can access your machine to steal data or use it as a zombie A computer that has been covertly taken over in order to perform some nefarious task. It is estimated that millions of PCs around the world have been compromised and, under the control of a third party, routinely transmit messages unbeknownst to the user. to attack other network PCs. These trojans are distributed by e-mail or picked up at unseemly Web sites referred to as Web bombs. File Infecting Viruses File infectors are parasitic viruses that operate in memory. They usually infect executable files with these extensions: *.COM (1) (Computer Output Microfilm) Creating microfilm or microfiche from the computer. A COM machine receives print-image output from the computer either online or via tape or disk and creates a film image of each page. , *.EXE Exe (ĕks), river, c.55 mi (90 km) long, rising in the Exmoor, Somerset, SW England, and flowing S across the Cornwall peninsula, past Exeter to the English Channel at Exmouth. , *.DRV DRV Driver DRV Drive DRV Device Driver (file name extension) DRV Democratic Republic of Vietnam DRV Darunavir (pharmaceutical drug-HIV treatment) DRV Daily Reference Value DRV Deutscher Raiffeisen Verband , *.DLL (1) See data link layer. (2) (Dynamic Link Library) An executable program module in Windows that performs one or more functions at runtime. DLLs are not launched by the user; they are called for by an executable program or by other DLLs. , *.BIN, *.OVL OVL Oval (street type) OVL Open Verification Library OVL Program Overlay (File Name Extension) OVL Oxford Vehicle Leasing (UK) OVL Officier Vlieger and *.SYS SYS System(s) SYS System Configuration (File Name Extension) SYS See You Soon SYS Sun Yat-Sen (founder of Republic of China) SYS Stretch-Yawn Syndrome . They activate every time the infected file is executed by copying themselves into other executable files and then remain in memory. The vast majority operate in a DOS 16-bit environment. Although some have successfully infected Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. . Boot Sector Reserved sectors on disk that are used to load the operating system. On startup, the computer looks for the master boot record (MBR) or something similarly named, which is typically the first sector in the first partition of the disk. Viruses This virus type was the most prevalent until the mid-1990s, spreading primarily in the 16-bit DOS world via floppy diskettes. It infects the boot sector on a floppy disk and spreads to a user's hard drive and can infect the master boot record The first sector on the hard disk, which directs the computer to the location of the operating system. See boot sector. (MBR (Master Boot Record) See boot sector. ) on a hard drive. Once the MBR or boot sector on a drive is infected, the virus infects the boot sector of floppies accessed on that computer. How to Protect Against Viruses The following steps will help protect users against most viruses: * Install on every computer an industry standard virus protection, such as Norton AntiVirus A popular antivirus program from Symantec. The AntiVirus function is available as a separate product for home and business users or as part of various packages that contain other utilities such as Norton SystemWorks and Norton Internet Security. See Norton Utilities. , McAfee AntiVirus or Tend PC-cilin. * Install server-based anti-virus protection on both file and e-mail servers. * Turn on all the virus protection features such as scanning executing applications and opening data files. * Enable Web filters, heuristics and today's most important option--POP3 or e-mail security. * Stay current on the software virus application engine and update virus definition files at least once a week. New viruses strike within hours of their introduction to the Internet. A good virus software company will have the antidote within hours of a new virus introduction. * Scan your hard drives regularly--at least once per week. Some viruses will hide themselves in a downloaded file and are set not to trigger until a future date. Regular virus scans will find and deactivate de·ac·ti·vate tr.v. de·ac·ti·vat·ed, de·ac·ti·vat·ing, de·ac·ti·vates 1. To render inactive or ineffective. 2. To inhibit, block, or disrupt the action of (an enzyme or other biological agent). 3. these sleepers. * Save all e-mail attachment files and scan them before opening. Most viruses are sent from people you know. You were in their e-mail address See Internet address. e-mail address - electronic mail address book and the virus selected you as its next victim. If everyone practiced safe computing and simply kept their antivirus software up to date, viruses would have a hard time propagating, and maybe the individuals who create them might abandon their unfruitful efforts. Your First Line of Defense IMPLEMENT SAFE PASSWORD POLICIES Ineffective passwords are the weakest link in computer security. With workstations attached to both the company network and Internet, having a weak password policy is the equivalent of puffing a $2 padlock on a jewelry store's door. You might as well post a sign, "Come and get it." Guidelines for Secure Passwords The FBI offers guidelines for an effective password policy, all based on common sense. Still, many of us resist applying these rules as they tend to be bothersome. The FBI guidelines include: * Do not write down a password on a sticky note and place on or near your computer. * Do not use words found in a dictionary. That's right, a dictionary--any dictionary. * Do not use words from a dictionary followed by two numbers. * Do not use the names of people, places, pets or other common items. * Do not share your password with anyone else. * Do not use the default password provided by the vendor. * Use a different password for each account. * Change your password often. * Use passwords with 10 characters or more, mixing alpha, numeric and special characters. * Turn off your computer or disconnect it from the network when not in use. The Weak Links Passwords are one of the first lines of defense that users have to protect their systems. Unfortunately, people are not accustomed to remembering difficult passwords consisting of numbers and weird characters. A growing number of applications and Web sites that require passwords makes this problem worse. The most common work-around for this problem is that users write down their passwords and keep them in an unsecured area, like stuck to a computer screen or taped under a keyboard. A hacker will attempt to crack a system by running a program that will guess the correct password of the target machine. These programs may contain entire dictionaries in several different languages and often contain words from pop culture such as idioms, science fiction movies and novels. Hackers attack people's weaknesses such as a user's reluctance to remember several long and difficult to guess passwords. Once most users choose a password, they tend to use it for several accounts. When a user keeps the same password for a long period of time, it allows attackers that much more time to gain access to a system. Tricks of the Trade Here are some basic techniques for remembering long passwords: * Choose a phrase that is easy to remember, such as "Tastes Great and Less Filling." * Pick a familiar number, such as a phone number, (800) 922-5272. * Interlace To illuminate a screen by displaying all odd lines in the frame first and then all even lines. Interlacing uses half frames per second (fields per second) rather than full frames per second. the first letter of each word in your phrase with the last five digits of the phone number to create a password such as t2g5a217f2. This method creates a password that won't be found in any dictionary and is unique to the person who created it. Any password can be guessed if given enough time--even the one created here. Therefore, it is important to change your password within the amount of time it would take an attacker to guess it. The sample password may take 60 days to crack on to put on; as, to crack on more sail, or more steam. See also: Crack a very fast computer. Therefore a user should change a password of this length every 60 days. This Means You The password security procedures outlined here apply to both organizational and home-use computers. All computers with Internet connections have the potential to become gateways to sensitive information. Crackers use unprotected workstations as agents to cover their attacks on other systems. While passwords are a very important security measure, they are only one component of the "defense in depth" principle. Passwords need to be used along with other measures such as updated anti-virus software, personal firewalls and a well-constructed overall security policy. Larry Russell 
i want to join the hackers club.<br>ecobanksn@yahoo.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion