advertising information

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

Opinion: Difficult to become a hacker? It's easier than you think

With Symantec's Web client for pcANYWHERE, you can hack away without really trying.

February 12, 1999
Web posted at: 6:41 p.m. EST (2341 GMT)

by Mark Gibbs

From...
Network World Fusion

(IDG) -- Ever wonder how hard it is to become a hacker? I can tell you firsthand it's probably easier than you may think.

It all started when I was testing Symantec's Web clients for pcANYWHERE on my office network. I downloaded the software from Symantec's site and ran it. Wonder of wonders, it worked perfectly -- way cool and very impressive.

As I was about to leave for a conference I thought it would be useful if I could use pcANYWHERE to access my machines while I was away. So I decided to test it by dialing up an ISPand looping back to my office via my digital subscriber line connection.

Imagine my surprise when I ran the applet and was given a list of six pcANYWHERE clients of which only one was mine.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Network World Fusion home page
  Free Network World Fusion newsletters
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at IDG.net
    IDG.net's bridges & routers page
  IDG.net's hubs & switches page
    IDG.net's network operating systems page
  IDG.net's network management software page
  IDG.net's personal news page
  Questions about computers? Let IDG.net's editors help you
  Search IDG.net in 12 languages
  Subscribe to IDG.net's free daily newsletter for network experts
 News Radio
 * Fusion audio primers
 * Computerworld Minute
   

Aha! Let's see if anyone forgot to set a password on his or her copy. Lo and behold, there it was, 2 a.m. and one copy was unsecured. Suddenly I was observing the screen of someone else's machine! Wild.

The owner was in the process of using a speech recognition system to dictate a letter to his girlfriend (no, nothing very steamy), and there at the bottom of the screen was his name (we'll call him Ralph).

I think the reason I could see his name was that it was part of the training data loaded into the speech recognition system. I thought I should let him know he had a security problem, so I put the cursor in the window his spoken words were appearing in and typed "Yo, Ralph." Nothing. He did not notice. I tried changing windows to Notepad but the speech recognition system switched back to the first window.

So to get his attention, I switched to my word processor, typed a long message, copied it to my clipboard, copied my clipboard over to his clipboard, and pasted the message into his active window. This time he noticed. He immediately pulled the plug on his computer, and the connection vanished.

I felt bad. I'd freaked Ralph out, and there was no opportunity to explain. So how to find him? Well, I knew his IP address but that was not much use so I went searching. Luckily he had an unusual last name, which made life easier.

I went to several search engines, including InfoSeek and AltaVista, and I found lots of dud leads (dead links and near misses). But eventually I hit pay dirt. I found a Web site and discovered what Ralph looks like (he has a picture of himself eating lobster) and that he is a scriptwriter. Then I went to switchboard.com and found him there, too.

From Ralph's Web site I knew where he'd been on holiday and some other trivia of his life. From switchboard.com I had learned Ralph's street address, telephone number and e-mail address. It had taken me all of 15 minutes.

So trying to be a nice guy, I sent him e-mail explaining what had happened, that I hadn't done anything to his PC, and noting that he should password-protect his copy of pcANYWHERE.

Next day there was no reply, so I called him. We had a nonconversation.

I explained who I was ("Uh-huh," he said), I assured him that I wasn't a hacker, ("Uh-huh"), that I hadn't done anything to his PC ("Uh-huh"), and that he should secure his system ("Uh-huh"). I explained that a hacker could have had a field day ("Uh-huh") and, well, I hardly got a response. Ho-hum.

It was such a simple hole in his system and one that I could have exploited without him having a clue what was going on. On the other hand, he probably wouldn't have been of much interest to a real hacker. But what if Ralph had been your chief financial officer? That could lead to all sorts of infiltrations into your corporate network. Frightening.

I would never have guessed that being a hacker was so easy.

Related stories:
Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

SEARCH CNN.com
Enter keyword(s)   go    help

  
 

Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.