From ZDTV.COM's CHAOS THEORY http://zdtv.zdnet.com/zdtv/Site/StoryBody/0,1144,144-5,00.html SHOULD YOU FEAR HACKERS? by Ira Winkler BACKGROUND INFORMATION: Ira Winkler has stolen billions of dollars from corporations and banks-- then given it back. He's a hacker for hire, an expert in industrial espionage who's paid to probe corporate networks, identify holes, and find security flaws, as well as investigate crimes committed against companies and banks. ["One Trick Pony" is often used to describe Mr. Winkler. Seemingly, his one claim to fame was successfully penetrating ONE bank.] He's also an expert in finding cheap, practical solutions to your safety, digital crime, and general computing problems. Winkler, author of the book Corporate Espionage (Prima Publishing), first realized the vulnerability of large computer systems while working with the National Security Agency in the 1980s. Since then, first in the NSA and National Computer Security Association, now in private enterprise, he has worked to protect network and communications systems. Along the way, Winkler has also worked with the CIA and Defense Intelligence Agency, as well as performing information warfare studies for the Joint Chiefs of Staff. [Ask Mr. Winkler why he is no longer with the NCSA/ICSA.] With his extensive experience and knowledge, Ira Winkler is amply qualified to answer just about any question. He also writes "Spy Files," a weekly column that demystifies the digital underground. ============================================================================ Supposedly, hackers can think about a computer, take it over, and destroy it. They are the source of all the world's ills, and nobody is safe from their whims. They could crash the world economy if they wanted to. These teenaged geniuses cannot be stopped... At least that is what movies and the media seem to tell us. Thankfully, the reality is quite different. Let me say up front that individuals have very little to worry about from hackers. First, I think there is a misunderstanding about hackers themselves. Back in the early days of computing, the term hacker was originally coined to refer to people who were interested in computers. I guess hacker sounded better than computer nerd. These early hackers worked (or hacked) through many problems that they faced because of poor documentation. For the most part, these hackers weren't breaking into computer networks, they were using the computers that they had legal access to. The movie War Games, about a teenage hacker breaking into the Pentagon's computer network, changed all that. After War Games, more and more teenagers started using their computers to access systems without permission. For the most part, their actions were not malicious; primarily, they just wanted to learn about computers. Unfortunately, in the late 1980s, the media bastardized hacker-- and began using the term to describe people that break into computer systems without permission. The original hackers started using the term cracker to refer to these cyberspace vandals. And, as the Internet grew, computers became cheaper, and more how-to computer books were published, the ranks of these crackers grew and soon outnumbered the hackers. Currently, crackers make up a clear majority of what the public perceives as the hacker community. True hackers do not present any direct threat to anyone. They experiment on their own systems, and several who are very good find problems with software that is widely used by the public; this can actually make those products better. Some hackers, however, post the problem information on the Internet, and then the crackers start using it to break into systems. These crackers are not geniuses. I have often said that I could train a monkey to break into a computer in a few hours. After all, the information to do so is widely available on the Internet. It is easy to break into computers, the hard part is protecting them. [He can teach anyone how to break in, yet uses his claim to fame of hacking the bank to try to help distinguish his talent.] The good news is that the average user with only a PC that connects to an Internet Service Provider has little to worry about from crackers. Generally, if you tell your computer not to answer the telephone, besides through your fax program, nobody can connect to your computer. People cannot directly target you. Even when you are connected to the Internet via your ISP, your identity to the world is for the most part random and untraceable (basically you are the random modem at the ISP that you dialed into). With that said, you are vulnerable to some random attacks that you could stumble into. If you browse a malicious website and are running a vulnerable version of Java or Active-X, the website can damage your computer or steal your information. If you have a password that is easily guessed-- and most are-- a hacker may try random password guessing and log into your ISP as you. If you access your ISP from another account, such as a work or school account, over the Internet, hackers can capture your password as you log in. And, if a hacker can log onto your ISP with your password, they can access your personal account and pretend to be you, read your files, compromise your ISP as a whole, or destroy all of your information. There really is nothing that you can do about those attacks, but they are extremely rare. There is really very little to worry about. ["Nothing that you can do.."?! This is far from true.]