An Introduction to Criminal Hacking, Viruses, and Malicious Activities
Time is precious. Life’s too short to worry about computers.” We agree. But to understand the threats that exist and how to handle those threats, you need to know some technical stuff. Don’t worry — we’ll keep it to a minimum.

Networks, Internets, and the Internet
One computer on its own is a beautiful thing — a technical marvel. But it’s good to communicate. Link two or more computers together using network cards and cables (or a wireless setup) and you have a local area network (LAN). All the computers on the network can share data and e-mail as well as access shared resources like printers, modems, or broadband Internet connections. Link two or more LANs together and you have a wide area network (WAN). For example, you might link two offices in different locations with a dedicated leased line.

An internet (note the small “i”) is a network of networks. Information from any computer in any given network can travel over the internet to any computer on any other network, with the internet acting as a sort of common carrier. Think of an internet as a highway system linking local road systems together.

The Internet (note the capital “I”) is a global internet. All computers on the Internet communicate using standard protocols so that information from any computer on the Internet can reach any other computer on the Internet. Here the trouble comes: Until you connect with a public network, you are reasonably safe from external threats. Hooking up to the public Internet is like publishing your name, address, and phone number and saying, “Hey look, we have computers here.”

Packets
Information typically travels across networks in packets. A packet is a chunk of data plus an address and other information that tells the network where to deliver that data. Everything going over the Internet is broken down into packets: Web pages, e-mail, downloads, everything. Think of it like taking a circus on the road. You can’t take the whole circus in one vehicle. You have to break it up, package it into separate vehicles, tell each vehicle where it’s going, and put the circus back together when all the vehicles arrive at their destination. Like vehicles on a road, packets share physical connections and travel in streams. Big data is broken down into a series of packets and reassembled at the destination. As packets travel over the Internet, they are effectively exposed to eavesdropping by the public.

Ports and Addresses
Each computer on a network is assigned a unique number called an IP address. The IP address uniquely defines that computer on the network and provides directions for packets to reach their destinations. IP addresses work a lot like a street addresses. Part of the address identifies the network segment of the destination computer and part of the address identifies the actual computer.

While an IP address refers to a computer and the network segment on which that computer exists, the individual applications on that machine must also be identifiable. Think of it like an apartment number attached to the street address; the street address denotes the apartment building, and the apartment number denotes the actual apartment. The IP address denotes the computer, and the port number denotes the program on that computer. Each program on a computer that must send and receive data over the network is assigned a special port number. When packets of information are received at a particular port number, the computer knows which application gets the packet. For example, port 80 is the port for Web servers (which host the Web sites you use your Web browser to explore), and port 25 is the port that is used to send e-mail. Packets are addressed to a specific port at a specific IP address.

Firewalls
A firewall blocks traffic over specified ports. This doesn’t mean that you can’t access services on other people’s computers, just that outsiders can’t get into yours. Some firewalls examine the packets that flow in and possibly out of the network to make sure that they are legitimate; they can also filter out suspicious packets. Firewalls hide the identities of computers within your network to make it harder for criminal hackers to target individual machines.

Servers
A server is really just another computer attached to a network but one that is designated to perform some special function, such as share a printer, store files, or deliver Web pages. Remember that if your notebook or desktop computer is connected to the Internet, it is also a kind of server and, without a firewall, is capable of receiving unwanted traffic from the Internet.

Viruses, Worms, Trojan Horses, Spam, and Hoaxes
E-mail is the conduit for billions of e-mail messages per year, and an increasing proportion of those messages are not pleasant. One e-mail security firm scanned 413 million e-mails in August 2003. Three percent contained a virus, 52 percent were spam, and in many cases contained some kind of pornographic image. There are five main e-mail threats:

Viruses are programs designed to replicate themselves and potentially cause harmful actions. They are often hidden inside innocuous programs. Viruses in e-mails often masquerade as games or pictures and use beguiling subject lines (e.g., “My girlfriend nude”) to encourage users to open and run them. Viruses try to replicate themselves by infecting other programs on your computer.

Worms are like viruses in that they try to replicate themselves, but they are often able to do so by sending out e-mails themselves rather than simply infecting programs on a single computer.

Trojan horses are malicious programs that pretend to be benign applications. They don’t replicate like viruses and worms but can still cause considerable harm. Often, viruses or worms are smuggled inside a Trojan horse.

Spam, or unsolicited commercial e-mail, wastes bandwidth and time. The sheer volume of it can be overwhelming, and it can be a vehicle for viruses. Much of it is of an explicit sexual nature, which can create an oppressive working environment and, potentially, legal liabilities if companies do not take steps to stop it.

Hoax e-mails, such as fake virus warnings, chain letters, or implausible free offers, waste readers’ time. Hoax e-mails often contain viruses or Trojan horses.

Why Software Is Vulnerable
Software developers do not set out to write unsafe programs. For example, a typical operating system is the product of tens of thousands of hours of work and consists of millions of lines of code. A simple bug or oversight can provide an unexpected backdoor into an otherwise secure system. It is impossible to write bug-free software. Of course, that doesn’t mean developers should give up trying to do so.

Then there are the bad guys. Bank robber Willie Sutton once said, “I rob banks because that’s where the money is.” It’s the same with software. The more successful and widespread a piece of software is, the more likely attackers are to target it.

There is a continual struggle between attackers exploiting weaknesses and developers seeking to eliminate those weaknesses. It’s the same with locksmiths and burglars, alarm manufacturers and car thieves. This is why software developers release updates that fix known vulnerabilities and why you should install those updates.

Common Security Threats Against Networks
Attackers have different motivations—profit, mischievousness, glory—but they all work in similar ways. There are a number of basic threats all of which are capable of infinite variation:

Spoofing. There are a couple of kinds of spoofing. IP spoofing means creating packets that look as though they have come from a different IP address. This technique is used primarily in one-way attacks (such as DoS attacks). If packets appear to come from a computer on the local network, it is possible for them to pass through firewall security (which is designed to protect against outside sources). IP spoofing attacks are difficult to detect and require the skill and means to monitor and analyse data packets. E-mail spoofing means forging an e-mail so that the From address does not indicate the true address of the sender. For example, a round of hoax e-mail messages circulated the Internet in late 2003 that were made to look as though they carried notice of official security updates from Microsoft by employing a fake e-mail address from Microsoft.

Tampering. Tampering consists of altering the contents of packets as they travel over the Internet or altering data on computer disks after a network has been penetrated. For example, an attacker might place a tap on a network line to intercept packets as they leave your establishment. The attacker could eavesdrop or alter the information as it leaves your network.

Repudiation. Repudiation refers to the ability of a user to falsely deny having performed an action that other parties cannot prove otherwise. For example, a user that deleted a file can successfully deny doing so if no mechanism (such as audit records) can prove otherwise.

Information disclosure. Information disclosure consists of the exposure of information to individuals who normally would not have access to it.

Denial of Service. DoS attacks are computerised assaults launched by an attacker in an attempt to overload or halt a network service, such as a Web server or a file server. For example, an attack may cause a server to become so busy attempting to respond that it ignores legitimate requests for connections. In 2003, massive DoS attacks were orchestrated against several major businesses on the Web, including Yahoo and Microsoft, in an attempt to clog the servers.

Elevation of privilege. Elevation of privilege is a process by which a user misleads a system to grant unauthorised rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log in to a network using a guest account, then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges.

Most attackers use the processing power of computers as their weapon. They might use a virus to spread a DoS program to hundreds of thousands of computers. They might use a password-guessing program to try every word in the dictionary as a password. Of course, the first passwords they check are “password,” “letmein,” “opensesame,” and a password that is the same as the username. They have programs that randomly probe every IP address on the Internet looking for unprotected systems and, when they find one, have port scanners to see whether there are any ports open for attack. If they find one, they have a library of known vulnerabilities that they can use to try to gain access. For more deliberate attacks (e.g., industrial espionage) a combination of technology and social engineering is most effective. For example, inducing members of staff to reveal confidential information, rifling through trash in search of revealing information, or simply looking for passwords written on notes by monitors are all options.