You’re not the Pentagon. Or Microsoft. Or NASA, Wells Fargo, AOL Time Warner, or Daimler Chrysler. You’re not even headquarters for a burger franchise.
No, you’re just part of a small- or medium-sized enterprise (SME), perhaps even a home-based business with enough employees to count on one hand. You may not even be thinking about network security. After all, there are a gajillion companies in the world larger and more affluent than yours, so they’d be more logical targets for a hacker, right? After all, what does your network have that any e-punk would want? Well, here are five reasons hackers want into your network, besides data…
- Hacking isn’t personal. The Internet is not a school yard. No one is going to push your network security around because you wear ugly glasses or momma packs your lunch with chocolate cake every day. Typically, you’ll be a random victim, the poor kid who happened to be on the wrong playground toy at the wrong time.
The first step in a hack attack is to test for vulnerability. This is usually done with a “scanner,” a commonly available application that queries thousands of arbitrary Internet addresses, hunting for any network with open ports through which a hacker can easily enter. Imagine a burglar sneaking down your street at 3:00 AM, trying every front door, looking for one that’s unlocked. If you get robbed, it’s not personal. You just made it easy — you didn’t lock your door.
- Hackers want your computing power. Once inside your network, the hacker has free reign, but odds are he didn’t come looking for credit card numbers, trade secrets, or incriminating pictures from last year’s besotted Christmas bash. Instead, the hacker can make use of much more plentiful, ubiquitous resources.
First among these are your CPU cycles, the processing horsepower in each computer on your network. With 15 PCs and a high-speed Net connection, Corporate Health Systems came to WatchGuard Technologies for help after persistent hacks had enslaved the company’s network for one purpose: to help the hacker win an encryption-cracking contest.
A WatchGuard network security appliance instantly solved Corporate Health Systems’ hacking problem. Just the same, being roped unknowingly into such “distributed computing” applications poses a serious risk to any company, in part because most such attacks keep a low enough profile as to be unnoticeable.
- Hackers want your connection bandwidth. Just as your CPU bandwidth can be commandeered for illicit processing tasks, your Internet connection bandwidth can be hijacked and used to damage other businesses. Distributed denial of service (DDoS) attacks involve numerous computers bombarding an Internet server with data, overloading it and causing the server to stall or crash. Hackers don’t want their exploits to point back at their own machines, so they enslave other computers, turning them into “zombies,” forcing them to attack in concert.
- Hackers want your (or your computer’s) identity. Hackers can abuse your identity in several ways. A hacker might use your machine as a relay, a bouncing-off point from which to probe for weaknesses in other networks: Some network admin notices unauthorized activity in the accounting files, works with the police to trace the intrusion back to your PC, and the hacker waltzes away with a smile. Similarly, the hacker would much rather have you do his port scanning than his own machine. You might also be one in a chain of relays.
If a hacker can learn your name and e-mail address — not a particularly hard feat — he’s at liberty to change his mail, news, and chat settings to impersonate you. He might send death threats to an ex-boss under your name. He might raid your contacts list and then pretend to be you while asking vendors for information about your order history, including the account numbers used to pay invoices. If the masked hacker slanders your competitors in a newsgroup, you could be faced with trying to clear yourself in court.
- Hackers will hack you just for the practice. Or you may become a guinea pig. Hackers stake their reputations on “owning,” or seizing control of, prestigious companies’ servers. But even established hackers begin as novices, and learning the ropes of deception and destruction inside your company’s humble network is as good a place to start as any.
Be sure to take advantage of network security solutions and protect yourself and network. There’s too much at risk in today’s business environment to ignore hackers.