YOU ARE HERE: LAT HomeCollections


Is Your PC a Hacker Tool? How to Test Security

February 14, 2000|LAWRENCE J. MAGID

I don't know who was responsible for last week's attacks on Yahoo, EBay, E-Trade and other popular Web sites, but there is a remote possibility that I could have been an unwitting accomplice. That's because I have a cable modem, which connects the PCs in my house to the Internet 24 hours a day. People with digital subscriber lines and businesses with high-speed dedicated lines could be in the same boat.

One possible explanation for the attacks is that an individual or a group of people used software to automatically plant malicious software on other people's computers, which, in turn, bombarded those sites with millions of bytes of information per second. Because my machines are on all the time, this could happen while I am sleeping.

Being a potential unwitting cohort in crime is bad enough, but what's more scary is that when you're connected to the Internet, there is also the risk that someone might be able to access data on your computer or know more about you than you care to disclose.

Users who dial into the Internet with standard modems aren't likely to pass on a hacker's instructions, but their privacy could still be jeopardized.

To find out if you're vulnerable, visit the Shields Up Web page at Run by Steve Gibson, head of Gibson Research Corp., the site tests your machine to see if your privacy or data security is at risk.

I tested my Windows PCs on Gibson's page and, until I installed some security software, they were "wide open."

To begin with, Gibson's Web page greeted me by name, which it inferred from information on my machine. So much for anonymity. If his Web site can figure out my name, so can any other site whose operator is determined to find out who is visiting. Next it told me that my printer, my hard drive and my floppy drive were accessible via the Internet.

I'm a bit of a cynic so I called Gibson to see just how much information he could really extract from my machine. I gave him my Internet protocol (IP) address and permission to hack and, less than a minute later, he told me what directories I have on my hard drive, the names of some of my files and then planted a text file on my hard drive. What's even scarier, he taught me how to do the same using some simple commands with software that's already on all Windows computers. In this case, I disclosed my IP address, but there are plenty of ways for hackers to get that information without your permission.

Minutes later, I was spying on a system myself. I couldn't get into just any machine but I was able to penetrate a friend's system after he gave me his IP address and permission. Once in, I was able to plant files, read the content of his files and copy them to my own PC. I'm not going to tell you how to do it, but--trust me--it's very easy. Fortunately, there are also easy ways to keep your machine from being invaded.

One method is to install software that creates a "firewall" around your machine. Symantec, which makes the popular Norton Utilities and Norton Anti-Virus software, publishes Norton Internet Security. This $59.95 program shields your PC from invaders by blocking unauthorized attempts to get into your system. After I installed it, Gibson's Shields Up Web page was unable to determine my name or anything else about me and neither his Web site nor the tricks he taught me were able to penetrate the program's defenses. In other words, it protected my privacy and the security of my files. The program also scans for viruses and can also be used to block advertising and protect your kids from sexually explicit and other inappropriate Web sites.

Black Ice from Network Ice ( is another product aimed at keeping hackers out of your computer. This $39.95 program, which works on Windows 95 and 98, scans all traffic between your PC and the Internet and blocks intruders. Both of these programs also have alert features that tell you if someone is trying to get in and they keep a log so you can find out if anyone tried to break in while you were away from your PC.

Norton Internet Security alerts you in "real time" so you can detect a potential intrusion as it happens. A small icon near the bottom of your screen flashes when it detects a potential problem. Zone Labs' ZoneAlarm 2.0, which you can download for free at, offers similar protection.

I'm running Black Ice on one machine and Norton Internet Security on another and, on several occasions during the last 48 hours, someone has "probed" each of my PCs. A probe doesn't mean that someone was peering into my files or planting a program on my hard drive, but it does mean that an effort was made to identify my machine and possibly to look for security holes. The scary thing about this is that users might not even know this is going on. It's possible for a hacker to plant software on your machine that can later be triggered to violate your privacy or use your machine as an unwitting "zombie" to attack other machines.

Los Angeles Times Articles