This Article was Published Monday, January 31, 2000, in the San Jose Mercury News

Invaders target home PCs for attack

Mercury News Staff Writers

An Internet connection isn't just an on-ramp for the Web. It also can be a pathway into your home computer for hackers. And if your connection is always on, your home is a likely target.

The target usually isn't you or your data; it's the computer. Malevolent hackers are constantly searching for new computers from which to launch attacks on others while hiding their identities.

``They want to make you look like the bad guy, and they want to make it harder to find the real bad guy,'' said computer security expert William J. Orvis.

That risk is rising as consumers sign up in droves for home-oriented, high-speed service from telephone and cable companies, then build home networks linking a family's computers or launch amateur Web sites from the living room. And if consumers aren't careful, they could unwittingly open the door and lay out a welcome mat for hackers.

There is a relatively simple way to protect yourself: by installing an electronic ``firewall'' between your data and the Internet, as businesses routinely do. A number of business-oriented Internet providers are starting to offer firewall services, but the companies selling high-speed phone lines to consumers haven't followed suit.

Nobody knows how many home computers have been invaded by hackers, and their owners wouldn't necessarily know it if they were. But people who install hardware or software firewalls can see signs quickly of hackers on the prowl.

Jerry Asher of Berkeley, who has a high-speed digital subscriber line from Pacific Bell, said his firewall recently documented attacks from hackers with Internet addresses in North Korea, Germany and Serbia. The German hackers, for example, checked to see if Asher's computer had three different types of software that could be used to communicate with other computer networks, such as a corporate system.

``When DSL service is sold by Pac Bell, consumers are not made aware of possible security problems, including attacks or intrusions, and most consumers are not running firewalls,'' Asher said.

Darren Newell, a data security director for SBC Communications, Pacific Bell's parent company, said the firm soon plans to use its Web site to caution consumers about online security issues. But it doesn't tell customers who sign up for $49-a-month home DSL lines about the risks and how to avoid them.

Alan Jackson, whose company in England provides information electronically to businesses, put up a firewall after hearing customers talk about hacker attacks. In three days, he said, the firewall stopped seven electronic break-in attempts.

Orvis, a physicist on loan to the Energy Department's Computer Incident Advisory Capability at the Lawrence Livermore National Laboratory, where the computers are under daily assault from would-be intruders, said he's seen plenty of evidence that hackers break into home computers and use them to mount attacks on others.

The consequences for an innocent user whose hacked machine is being used to probe sensitive systems can be catastrophic.

``If we see an attack coming from somebody's home machine, we're going to ask your ISP to disconnect you,'' Orvis said. Those who get caught up in a serious security breach may find law enforcement authorities seizing their equipment and examining it to try to track down the hacker and develop evidence for a criminal prosecution.

The increased availability of technologies that encourage home users to leave their connections on all the time -- such as cable modems and DSL connections -- makes it even easier for black-hat hackers to break into a system. A self-described hacker who identified himself as ``alkali'' in an electronic interview said he is always searching for unsecured home systems with a high-speed connection, which he values because he can move data much more rapidly.

``Cable modems changed my life,'' he wrote.

But Orvis argues that it's not the speed of the connection that makes home users vulnerable but the length of time a user is connected.

``Hackers will beat on your machine when you're not there,'' he said. ``I've actually seen them do it to a machine with just a regular modem connection that was running for hours at a time.''

Jim Southworth, chief technical officer for the San Jose-based Internet service provider Concentric Network Corp., said a consumer's basic Microsoft Windows machine isn't as attractive to hackers as a PC running Unix or Linux software because it doesn't have as many tools to mount further attacks on the Internet. If properly configured, those machines are also relatively secure, Southworth and other security experts agreed.

But hackers can get access to even a basic PC or Mac through a variety of methods, such as e-mailing a program that inserts a hidden back door or exploiting openings designed for file or printer sharing.

Computer users can minimize their risk by turning the machine off when they aren't using it, turning off file- and print-sharing functions or using firewall software.

Redwood City-based Excite@Home, which provides high-speed Internet service over cable TV networks, already tells its installers to turn off the sharing functions, said Jay Rolls, vice president of network engineering. But in response to consumer worries, the company plans to announce today a suite of consumer-oriented Internet security products with Network Associates Inc. subsidiary

Internet security consultant John Navas of Dublin says the ``hysteria'' over security is ``way overdone.'' The only really vulnerable users, he said, are ones whose computers run some kind of service, such as hosting a Web site, or are set to share files across the Internet.

Still, ``I do recommend that the average person obtain a low-cost software firewall, install it and run it,'' Navas said. ``Not that I think it's essential, absolutely necessary . . . but hey, you wear seat belts.''