How do computer hackers “get inside” a computer?

Julie J.C.H. Ryan, assistant professor at George Washington University and co-author of Defending Your Digital Assets against Hackers, Crackers, Spies, and Thieves, explains:

               Essentially, hackers get inside a computer system by taking advantage of software or hardware weaknesses that exist in every system. Before explaining how they do this, a few defi nitions are in order. The term “hacker” is fairly controversial: some use this word to describe those whose intrusions into computer systems push the boundaries of knowledge without causing intentional harm, whereas “crackers” want
to wreak havoc. I prefer “unauthorized user” (UU) for anyone who engages in unsanctioned computer access. “Getting inside” can mean one of three things: accessing the information stored on a computer, surreptitiously using a machine’s processing capabilities (to send spam, for instance) or capturing information being sent between systems.

               So how does a UU get inside a computer? The easiest weakness to exploit is a poorly conceived password. Password- cracking programs can identify dictionary words, names and even common phrases within a matter of minutes. Many of these programs perform a “dictionary attack”: they take the encryption code used by the password system and encrypt every word in the dictionary. Then the UU plugs in the encrypted words until the password match is found. If a system has a complex password, the UU could try a “technical exploit,” which means using technical knowledge to break into a computer system (as opposed to nontechnical options such as stealing documentation about a system). This is more challenging, because the UU must fi rst learn what kind of system the target is and what the system can do. A profi cient UU can do this remotely by utilizing a hypertext transfer protocol (http) that gains World Wide Web access. Web pages usually record the browser being used. The UU could write a program that takes advantage of this procedure, making the Web page ask for even more information. With this knowledge in hand, the UU then writes a program that circumvents the protections in place in the system.

               Although you cannot eliminate all possible weaknesses, you can take steps to protect against unauthorized access. Make sure you have the latest patches for your operating system and applications. Create a complex password with letters, numbers and symbolic characters. Consider installing a fi rewall program, which blocks unwanted Internet traffic.Make sure your antivirus software is up-to-date and check frequently for new virus defi nitions. Finally, back up your data, so you can recover important material if anything does happen.