Sunday, 5 April 2009

How hackers break into your PC

For a hacker common methods for finding your IP address is through chatrooms, looking up domain names on a domain name registrar site, or running programmes that can create a log of all valid IP addresses.

In a chatroom, all a hacker has to do is right click on a chat ID and get the IP address. A domain registrar can yield a website’s employees’ names, phone numbers, fax numbers, physical addresses and IP addresses. In ‘social engineering’ a hacker verbally chats up the user and gets his IP address and other important information. Here’s looking into how a hacker can break into a PC and misuse it.

How it works
With the users IP address, a hacker can send programmes to his PC to test the system for vulnerabilities. He can even find bugs, or holes in the software. The file- and print-sharing options allow the hacker to access the user’s hard drive, load any programme on the drive and delete/change any file on his PC.

The hacker may use ‘Trojans’, which pretend to do useful tasks--like playing a video or greeting--but actually help him access info from the computer and/or even take it over. Programmes that allow the hacker ‘backdoor’ entry to a computer are commonly available.

These programmes are used daily and legitimately by many systems administrators for remote systems. Hackers change the names of their programmes to make them look like legitimate system programmes.

Or they create a hidden folder on the user’s computer to keep programmes. The most common way that viruses are spread is through e-mails. Usually, the virus is not in the e-mail itself, but as an attachment.

Cracking passwords
Hackers use programmes to crack passwords. Even a password-protected computer can be broken into and other passwords then cracked.

A password cracker dictionary has common computer terms and phrases, names, slang and jargon, easily typed key sequences (like ‘qwerty’), and phrases one might commonly use as a password.

Programmes to crack passwords are handed out with copies of these dictionaries. A common method for cracking passwords is to get a copy of a system’s password file. It lists all encrypted passwords on the system.

Security breach
A hacker can steal and delete files, load dangerous programs on a PC and involve people in computer crime. He can get your home, office and even bank passwords.

A hacker can even see the screen as the user sees it, watch every move of his mouse and see every word he types.

Often, the hacker is not interested in the hacked system. He just wants to hack into larger systems or send e-mails. A hacker can load a programme onto hundreds of hacked PCs and then direct the PCs to bomb a particular firm’s server with junk mail or problem messages.

Specific measures
The user must keep in mind not to visit chat rooms unless they are closed and he knows the administrator. One must almost never open an attachment that ends in .DLL or .EXE, even if the email is from one’s best friend. The only time one can open such attachments is if he knows what’s in them.

In order outwit script-based viruses; it is adviceable to ask an expert how one can open scripts in Notepad or Wordpad. Then he should get someone who knows Visual Basic to look at it. If the user is not on his PC, but sees its modem lights flash, it means a hacker could be testing for vulnerabilities.

Password protection
A good password is easily remembered, but not easily guessable. It should be kept a secret, never written down and never saved in a file. When a website asks if a password should be saved, always say no. A password ideally should have at least six or more letters, numbers or punctuations.

The letters should be in capitals and lowercase. It should not have four or more letters found consecutively in the dictionary. Here reversing the letters won’t help.


akim said...

i learned a lot from this. :)

akim said...

i learned a lot

Karthick N said...

your welcome! happy to be of any help!