.
October 16th, 2009
11:42 AM ET

Protecting your computer from online bad guys is no joke

David Gewirtz | BIO
AC360° Contributor
Editor-in-Chief, ZATZ Publishing

Every topic needs its own day or month, and I guess cybersecurity is no exception. This October is the sixth annual Cybersecurity Awareness Month sponsored by the Department of Homeland Security. And while it may seem silly for cybersecurity awareness to need its own month, there's nothing silly about keeping your computer secure.

Let me be very clear here: there are bad guys out there and they are trying to hurt you through your computer.

I know that seems melodramatic, but it's all too true. Cybercriminals, hackers, terrorists, and other malcontents (that sounds so "get off my lawn," doesn't it?) are constantly pushing the limits of Internet security. Most of the time, it's about making money. Sometimes, it's about breaking through security and gaining bragging rights. And, once in a while, it's about causing widespread chaos. No matter the motivation, it ain't good.

This is an arms race.

They'll find a way in, we'll create a new defense, they'll counter-program against the defense, and on and on and on. This is an arms race between security professionals and criminals. Fortunately, there's a lot you can do to defend yourself and your family, and once you've established the right mind-set, you'll be able to take some very basic precautions that'll go a long way to keeping you more secure.

So, let's talk about that mindset first. A lot of people I talk to tell me I'm worrying too much. They tell me they're not important enough to be attacked. They tell me that no one is going to go after them. They tell me that "just this once" there won't be a problem. They tell me that it's all a hoax.

It's not. Here's the thing: attacks are highly automated and easy to do. Every device on the Internet has a number, called an IP address, which consists of four sequences of up to three numbers, like 192.168.1.1. Each sequence ranges from 0 to 255, so the lowest number is 0.0.0.0 and the highest is 255.255.255.255.

All hackers have to do is dial through those sequences automatically, test each address, and see if there's any vulnerability. It's like having a telephone autodial all of the phone numbers in your exchange. It's a little time-consuming, but it's cheap and easy. That's what hackers do online. They also mine the Internet for published email addresses, Facebook names, Twitter names, and any other information they can find that'll help them get into your computer.

Once they get into your computer, there are a few things they can do.

The first is they can install some hidden software. This software can search your computer for credit card numbers, passwords, and bank accounts or hide, to someday be part of a mass of zombie computers performing a denial of service attack. See "Attack of the zombie computers" for more about what this is like.

Other bad things can happen to your computer as well, from other forms of malware, like viruses that can either steal your information or just cause your computer to break down. Spyware is often in place to send you to damaging Web pages or, once again, steal your information.

Sometimes, the software that runs on your computer is designed to hide, turning your computer into a storage resource for bad guys. Many home computers have been turned into unsuspecting servers, sharing everything from copyrighted materials to child porn amongst the scumbags of the world.

Instead of using your computer to host illegal data, a criminal might use a program running on your computer to send all your documents somewhere else. That's how the secret plans for the President's helicopter wound up on a computer in Iran. See "How the President's secret helicopter plans wound up in Iran".

Criminals can also sneak inside your computer's "routing table" and fool your computer into thinking it's going to one Web address, when instead it's going somewhere else. Imagine you're dialing a phone number (say 555-2222). If you thought, when dialing 555-2222 you were going to get your bank, but some hidden device instead dialed 555-9323, you'd think you were talking to your bank, but you might be talking to someone else.

This can happen on your computer as well. You might think you're going to your bank's Web site, say, but instead there's a program in your computer that intercepts those Web requests and channels you to a fake Web site that looks almost exactly like that of your bank. Obviously, what happens next is you type in your access information and the scammers get your banking information - and soon enough, your money.

The bottom line is this: cybersecurity is important and something you really should be paying attention to. If you don't, it'd be like giving your credit card to anyone you happen to meet, and telling them to just go ahead, run up a charge. On billing day, you're not going to be a happy camper.

Next time, I'll show you some easy ways you can protect yourself.

Follow David on Twitter at http://www.Twitter.com/DavidGewirtz.

Editor’s note: David Gewirtz is Editor-in-Chief, ZATZ Magazines, including OutlookPower Magazine. He is a leading Presidential scholar specializing in White House email. He is a member of FBI InfraGard, the Cyberterrorism Advisor for the International Association for Counterterrorism & Security Professionals, a columnist for The Journal of Counterterrorism and Homeland Security, and has been a guest commentator for the Nieman Watchdog of the Nieman Foundation for Journalism at Harvard University. He is a faculty member at the University of California, Berkeley extension, a recipient of the Sigma Xi Research Award in Engineering and was a candidate for the 2008 Pulitzer Prize in Letters.


Filed under: 360° Radar • David Gewirtz • Technology
soundoff (2 Responses)
  1. Kim

    Uh,Oh and thank-you ! Paid for the spy protection and all the bells and whistles that better be working. That's scary ! Windows security alerts on go ! Roger that ! Face book and twitter ? I don't know and is it okay over there ? Whatever, AC 360 and no bad guys !

    October 16, 2009 at 12:26 pm |
  2. Melissa

    Thank you for saying this.

    It never ceases to amaze me how little people understand about computers and the internet in an age where they are so prevalent that its impossible not to use them in the first world. Everything is based on computers and the internet, and you would think that most of the security measures are just simply common sense.

    The problem is that most people don't seem to have a clue that some emails are not good to open and some links should never be clicked on no matter what they say to you.

    And whats worse, once they begin to become educated, most of them seem to completely freak out about it. Its like finding out you could get hit by a car crossing the street and, instead of taking simple precautions like looking both ways and not crossing until there are no cars coming, you decide that you will never leave your house again.

    October 16, 2009 at 10:15 am |