advertising information
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




Opinion: Difficult to become a hacker? It's easier than you think

With Symantec's Web client for pcANYWHERE, you can hack away without really trying.

February 12, 1999
Web posted at: 6:41 p.m. EST (2341 GMT)

by Mark Gibbs

Network World Fusion

(IDG) -- Ever wonder how hard it is to become a hacker? I can tell you firsthand it's probably easier than you may think.

It all started when I was testing Symantec's Web clients for pcANYWHERE on my office network. I downloaded the software from Symantec's site and ran it. Wonder of wonders, it worked perfectly -- way cool and very impressive.

As I was about to leave for a conference I thought it would be useful if I could use pcANYWHERE to access my machines while I was away. So I decided to test it by dialing up an ISPand looping back to my office via my digital subscriber line connection.

Imagine my surprise when I ran the applet and was given a list of six pcANYWHERE clients of which only one was mine.

  Network World Fusion home page
  Free Network World Fusion newsletters
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at's bridges & routers page's hubs & switches page's network operating systems page's network management software page's personal news page
  Questions about computers? Let's editors help you
  Search in 12 languages
  Subscribe to's free daily newsletter for network experts
 News Radio
 * Fusion audio primers
 * Computerworld Minute

Aha! Let's see if anyone forgot to set a password on his or her copy. Lo and behold, there it was, 2 a.m. and one copy was unsecured. Suddenly I was observing the screen of someone else's machine! Wild.

The owner was in the process of using a speech recognition system to dictate a letter to his girlfriend (no, nothing very steamy), and there at the bottom of the screen was his name (we'll call him Ralph).

I think the reason I could see his name was that it was part of the training data loaded into the speech recognition system. I thought I should let him know he had a security problem, so I put the cursor in the window his spoken words were appearing in and typed "Yo, Ralph." Nothing. He did not notice. I tried changing windows to Notepad but the speech recognition system switched back to the first window.

So to get his attention, I switched to my word processor, typed a long message, copied it to my clipboard, copied my clipboard over to his clipboard, and pasted the message into his active window. This time he noticed. He immediately pulled the plug on his computer, and the connection vanished.

I felt bad. I'd freaked Ralph out, and there was no opportunity to explain. So how to find him? Well, I knew his IP address but that was not much use so I went searching. Luckily he had an unusual last name, which made life easier.

I went to several search engines, including InfoSeek and AltaVista, and I found lots of dud leads (dead links and near misses). But eventually I hit pay dirt. I found a Web site and discovered what Ralph looks like (he has a picture of himself eating lobster) and that he is a scriptwriter. Then I went to and found him there, too.

From Ralph's Web site I knew where he'd been on holiday and some other trivia of his life. From I had learned Ralph's street address, telephone number and e-mail address. It had taken me all of 15 minutes.

So trying to be a nice guy, I sent him e-mail explaining what had happened, that I hadn't done anything to his PC, and noting that he should password-protect his copy of pcANYWHERE.

Next day there was no reply, so I called him. We had a nonconversation.

I explained who I was ("Uh-huh," he said), I assured him that I wasn't a hacker, ("Uh-huh"), that I hadn't done anything to his PC ("Uh-huh"), and that he should secure his system ("Uh-huh"). I explained that a hacker could have had a field day ("Uh-huh") and, well, I hardly got a response. Ho-hum.

It was such a simple hole in his system and one that I could have exploited without him having a clue what was going on. On the other hand, he probably wouldn't have been of much interest to a real hacker. But what if Ralph had been your chief financial officer? That could lead to all sorts of infiltrations into your corporate network. Frightening.

I would never have guessed that being a hacker was so easy.

Related stories:
Latest Headlines

Today on CNN

Related stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

Enter keyword(s)   go    help


Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.