I'm often asked by friends and associates why they should bother to protect their networks from intruders. The usual comment is, "Why would a hacker be interested in my network? No one is going to confuse my company with the Pentagon, General Motors or even Burger King."

Granted, there are plenty of big fish out there, but there are some good reasons why a hacker will come after you:

» You're an easy mark. Chances are your company doesn't have a multimillion-dollar IS budget. If you're just a small- to medium-size company with one network administrator (who has 24 other responsibilities), you may be vulnerable to a smart, determined hacker.

» Hackers may want to steal more than the obvious. Stories abound of bad guys breaking into networks and stealing credit card numbers or trade secrets. However, there may be other, more sinister motives for hacking a network, and this entails identity theft. He (and they are nearly always men) may want to use your systems as a relay to probe for weaknesses in other networks. In other words, a hacker could use your machine to scan other people's networks for weaknesses. By hijacking someone else's computer, authorities would be hard-pressed to trace the intrusion to the real culprit.

Identity theft has other ramifications. As master hacker Kevin Mitnick said in his recent book, "The Art of Deception," if a hacker can learn your name and e-mail address -- which is not particularly hard to do -- he's in a position to impersonate your e-mail, raid your contacts list, impersonate you at chat groups and even send nasty letters or death threats to your boss under your name. The possible litany of mischief is endless.

» Hackers may just want to get at your computing power. Once free to roam your network, don't assume a hacker is just interested in looking at your private correspondence.

Rather, they may want to leverage your CPU cycles, the raw processing power in your computers, for their own purposes. One company I heard of used a dozen or so PCs and a high-speed connection to win, of all things, an encryption-cracking contest. Although in the scheme of things this is relatively innocuous, criminals may have more malevolent uses for your CPU power (such as the next example).

» Hackers want your bandwidth. Your CPUs combined with your Internet bandwidth can be leveraged to create havoc with other servers. "Denial of service" or other similar types of attacks require large numbers of computers aiming a fusillade of data at servers and in effect, overloading them.

With a fire hose of data aimed at a system that can only handle a trickle of information, a server may be crippled and eventually crash. Hackers use other computers (unbeknownst to their users) to do the dirty work, turning them into zombies so that they can't be traced.

» Hacking isn't personal. Chances are the hacker doesn't know you and stumbles on your network in a random fashion. He probes for a vulnerable network with a "scanner," an application that can be downloaded free off the Internet. This seeks any network with open ports through which someone can enter. If you get hacked, it's not personal. It's as if you left your front door open and a burglar walked right in. Hackers can use computers of innocents (such as you) to create remote-controlled zombies for purposes such as perpetrating denial-of-service attacks. Such an attack occurred in February 2000 when a teenage e-punk used zombies belonging to dozens of small and home-based businesses to cripple Yahoo, eBay and CNN.

» Hackers will hack just for the hack of it. A hacker-in-training may be interested getting inside your network just because you're there or because he needs the practice.

Please be short and to the point, and respect the other voices in the discussion. You may edit and delete comments for up to three days after date of post. We reserve the right to edit or delete inappropriate comments. For more information read our site policies »

In order to comment, you must be logged in. Login | Register

Comment

Denotes required fields.

Help me with comments