How Hackers Hack

Security Software Alone Can't Stop Them

Syke and Optyx explain that several conditions make it easier for them to hack into a system. Lax security is one of them--such as when a company uses no passwords on its system or fails to change Windows' default passwords.

In October 2000 hackers broke into Microsoft's system and viewed source code for the latest versions of Windows and Office after discovering a default password that an employee never bothered to change.

Other common mistakes: When system administrators don't update software with security patches, they leave vulnerable ports open to attack. Or when they install expensive intrusion detection systems, some fail to monitor the alarms that warn them when an intruder is breaking in.

Still another boon to hackers is a firewall or router that is misconfigured, allowing hackers to "sniff" pieces of data--passwords, e-mail, or files--that pass through the network.

Got Root?

Once a hacker cracks into a system, his next goal is to get root, or give himself the highest level of access on the machine. The hacker can use little-known commands to get root, or can search the documents in the system's hard drive for a file or e-mail message that contains the system administrator's password.

Armed with root access, he can create legitimate-looking user accounts and log in whenever he wants without attracting attention. He can also alter or delete system logs to erase any evidence (such as command lines) that he gained access to the system.

But a hacker doesn't need root access to affect a system. He can misroute traffic intended to go to one company's Web server to a different one. Or, exploiting a well-documented bug (for which there's a patch that many sites haven't applied), a hacker can replace any Web page with his own text using a simple set of UNIX commands typed into the browser's Address bar.

Denying Service

A more serious threat, however, comes from skilled hackers who launch a denial-of-service attack, in which a Web server is flooded with so many requests that it stops responding altogether.

Previously one of the most common attacks, DoS attacks are now much harder to accomplish. Large Internet companies counter them by buying larger Internet pipes, which are harder to fill with the junk data hackers throw at them. The more bandwidth a company has, the more service the hacker needs to interrupt in order to produce a noticeable effect.

Hackers quickly learned that a single computer couldn't send enough phony requests to deny service, so they came up with a clever approach that employs dozens of hacked computers, working in synch to execute a distributed denial-of-service attack.

A DDoS attack uses as many computers as the hacker can control (called "zombies") to send bogus data requests to a targeted server. To unleash the attack, the hacker sends just one command, which propagates to all of the zombies and causes a near-instantaneous death-by-data on the Web server.

A hacker can also use an army of compromised computers to steal data--such as credit card numbers and proprietary corporate files--without leaving a clear trail. The hacker hops from machine to machine and then launches an attack that passes through all of them, creating a maze of connections for authorities to sift through.

University systems are prime targets for such activity, since administrators often leave student accounts active after students have graduated. A hacker can take over the account and use it as a base to attack another system.

In December 2000 hackers broke into a U.S. Air Force system in Virginia and downloaded code for controlling communication and spy satellites to a computer in Sweden. The Swedish company that owned the system housing the data had no idea hackers were using its computer, and cooperated with authorities.

From Sweden the activity was traced to a university machine in Germany, which authorities also believe was being used by a distant hacker.

Online Espionage

Hackers can silently collect information from a machine for months without being detected. Using a Trojan horse, a hacker can log keystrokes on a computer (to obtain a user's passwords) or use a "sniffing" program to collect sensitive data as it passes from one computer to another.

Sniffer software is a bit like a radio in that it simply listens for traffic to pass by it on the network wire. Sniffers are undetectable by the user and (usually) by the system administrator.