September 2008
S	M	T	W	T	F	S
« Feb
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

How the bad guys use the internet

How the internet works

A computer that is never connected to the internet is safe from online threats. The problem comes from connection to other computers. The internet is open to everyone. It’s the difference between a gated community and a big city.

Think of the internet as a road network. You can get in your car and drive from any place to any other place using a combination of local roads and motorways. A dial-up or broadband connection to your internet service provider (ISP) is like a local road and ISPs are connected together using very high speed links like motorways

Packets

What holds it all together is a set of standard communications protocols. These control how the information is packaged, addressed and transmitted.

Information travels across the internet in packets. A packet is a chunk of data, for example a page of text or a bit of a picture, plus an address which tells the network where the data has to go.

Everything going over the Internet is broken down into packets: web pages, email, downloads, everything. Like cars on a road, packets share physical connections and travel in streams. Big data is broken down into a series of packets and reassembled at the destination.

Ports and addresses

Each computer on a network has a unique numerical ID, similar to a telephone number, which is called an IP address. These usually correspond to a recognisable internet address (e.g. getsafeonline.org.uk).

In addition, each computer that is connected to the Internet has a series of ‘ports’ that correspond to unique services that are accessible to outsiders over the Internet. For example port 80 is the one for web servers and port 25 is the port that is used to send email. Packets are addressed to a specific port at a specific IP address.

Firewalls

A firewall closes ports that are not actually in use. Even if an outsider knows or guesses your IP address, a firewall can stop them reaching your computer. Like a one-way door, it’ll let your communications out but stop other people coming in.

Why software is vulnerable

Software developers do not set out to write unsafe programs and operating systems. However, they are very large, complex systems – the result of thousands of person-years of work. This means that errors, or bugs, happen.

Often bugs don’t affect the operation of the software and aren’t detected until someone tries to exploit one as a vulnerability. It takes a vulnerability and malicious intent to create a security threat. This is why software companies cannot predict or prevent every possible threat.

The problem is that the bad guys are constantly trying to find news ways of breaking into computers, just as criminals are drawn to banks “because that’s where the money is.”

Consequently, there is a continual struggle between criminals exploiting vulnerabilities and developers seeking to close these loopholes down. It’s the same thing with locksmiths and burglars or alarm manufacturers and car thieves.

This is why software developers regularly release upgrades and patches which fix known vulnerabilities.

How hackers hack

Criminal hackers have different motivations – profit, mischievousness, vainglory – but they all work in similar ways. There are a number of basic moves, all of which are capable of infinite variation:

Spoofing. For example forging email messages.
Tampering. For example, altering data on computer disks once a network has been penetrated.
Repudiation. For example, buying something from an online auction and then failing to pay for it.
Information disclosure. Stealing credit cards or personal information from a website. Accessing confidential files on a stolen hard disk.
Denial of service. For example, flooding a network with unwanted traffic to slow it down or crash.
Elevation of privilege. For example, improperly gaining administrative privileges on a network or getting a back door into an otherwise secure computer.

Criminal hackers use software and the processing power of computers to help them:

A virus can spread spamming software to thousands of computers.
Passwords can be guessed using widely-available software.
Software can scan millions of IP addresses over the internet looking for vulnerable computers to attack.
Hacker websites contain downloadable tools that help them break into vulnerable computers and take control of them.