hackers
homewho are hackers?the riskswho's responsibleprotecting yourselfinterviews

a hacker's tools of the trade

Here's a rundown of some of the most interesting and popular techniques that hackers use to break into or damage web sites and computers.

Denial of Service Attacks

Denial of service attacks are designed to lock out legitimate users from web sites or networks. Hackers run programs that repeatedly request information from the victim's computer until that computer is unable to answer any other requests. Hackers can run programs of automated scripts that barrage the victim computer or network so that it becomes unusable by legitimate users, or even has to be shut down.

Distributed denial of service attacks (DDoS) are automated attacks that run simultaneously from multiple computers. Hackers can plant Trojan horse programs on the computers of unsuspecting accomplices throughout the network or internet. At a given hour, all involved computers coordinate requests for information from the overloaded victim computer. Due to the numbers involved, such an attack can be very difficult to stop.

[In February 2000, a number of high-profile web sites including Yahoo, Amazon.com, and eBay were hit with a series of distributed denial of service attacks which rendered the sites useless for a short time over the course of two days.]

DNS spoofing

When you point your browser to randomsite.com, your computer will look up that entry in a massive directory called the Domain Name Service (DNS) database, and then send you to the appropriate site.

However, computers don't understand names, they understand numbers. The DNS database matches every name to a numerical address. Servers throughout the internet maintain a constantly updating database of these DNS entries. A DNS spoof occurs when a hacker alters a DNS entry on a server to redirect the browser to an alternate site. If a consumer wanting to visit randomsite.com gets sent instead to evilcompany.com, then business can be stolen. A hacker can also create a fake site that pretends to be randomsite.com. In this way evilcompany.com might steal passwords, personal data or even credit cards from the consumer. Such hacks are not yet very common.

packet sniffers

Like many hacker tools, packet sniffers were initially designed as a tool for system administrators to help debug networking problems. Essentially, they are devices which allow the user to intercept and interpret "packets" of information traversing a network. Any information shared among a network of computers--username/password pairs, email, files being transferred--gets translated into "packets," which are sent out across the network.

Most of the internet uses the Ethernet transmission protocol. When you send a packet out on the Ethernet, every machine on the network sees the packet. Every piece of data you send over the internet contains an Ethernet header, a sort of numerical address, to make sure that the right machine gets the right information. Each machine is supposed to pay attention only to packets with its own Ethernet address in the destination field. However, an Ethernet packet sniffer is software which allows a hacker, or network administrator, to "eavesdrop" by recording information on packets not addressed to his or her computer.

social engineering

Social engineering is a hacker term for deceiving or manipulating unwitting people into giving out information about a network or how to access it. A hacker may pose as an employee who forgot his or her password, or a software vendor asking for information about a network in order to determine what the company's software needs are. In testimony before Congress, ex-hacker Kevin Mitnick discussed some of his most successful social engineering exploits.

Trojan Horse Programs

Trojans horse programs are "back doors" into a computer system. A hacker may disguise a trojan as another program, video, or game, in order to trick a user into installing it on their system. Once a trojan is installed, a hacker could have access to all the files on a hard drive, a system's email, or even to create messages that pop up on the screen. Trojans are often used to enable even more serious attacks. By hiding programs to be run later, hackers might gain access to other networks, or run DDoS attacks. The simplest Trojan horse replaces the messages shown when a login is requested. Users think they are logging into the system, so they provide their usernames and passwords to a program that records the information for use by the hacker. The most famous Trojan horse to date is probably Back Orifice, which was developed by the hacker group known as Cult of the Dead Cow. Once installed, this program gives the user access and control over any computer running a Windows 95/98 operating system or later.

web Page Defacements

Web pages are simply computer files stored in directories on a server computer. If a hacker gains access to these files, he or she can replace or alter them in any way. The Republican National Committee, the CIA, and The New York Times are just three of the highly publicized web page defacements over the past few years.

Viruses and Worms

Worms and viruses are surreptitiously "self-replicating" programs that can spread exponentially throughout a network. Such programs are not by definition harmful: The first worm released on the internet, the Morris Worm, was not meant to do harm, it was merely an experiment by a Cornell University graduate student. However, it replicated itself so efficiently and took up so much memory and computing resources on the internet that many computers crashed, and system administrators across the country were forced to take their machines off the internet.

Modern-day virus writers often have malicious intent, however, and they use viruses and worms to spread destructive programs among unwitting hosts. A virus spreads by infecting another object on the computer system--a program file, a document, or the boot sector of a floppy disk. A worm can copy itself from computer to computer on a network without needing a file or other object. The most famous worm was the ILOVEYOU bug, which infected an estimated 45 million computers. It propagated itself by exploiting a weakness in the Microsoft Outlook email software, and emailing itself to every address stored in the Outlook address book on an infected computer.

home · who are hackers? · risks of the internet · who's responsible · how to be vigilant · interviews
discussion · video excerpts · synopsis · press · tapes · credits
FRONTLINE · wgbh · pbs online

some photos copyright ©2001 photodisc
web site copyright 1995-2014 WGBH educational foundation

SUPPORT PROVIDED BY

NEXT ON FRONTLINE

Solitary NationApril 22nd

FRONTLINE on

ShopPBS