How do computer hackers “get inside” a computer?
—D. IKAVUKA LA MIRADA, CALIF.
Julie J.C.H. Ryan, assistant professor at George Washington University and co-author of Defending Your Digital Assets Against Hackers, Crackers, Spies, and Thieves, explains:
Essentially, hackers get inside a computer system by taking advantage of software or hardware weaknesses that exist in every system. Before explaining how they do this, a few definitions are in order. The term “hacker” is fairly controversial: some use this word to describe those whose intrusions into computer systems push the boundaries of knowledge without causing intentional harm, whereas “crackers” want to wreak havoc. I prefer “unauthorized user” (UU) for anyone who engages in unsanctioned computer access. “Getting inside” can mean one of three things: accessing the information stored on a computer, surreptitiously using a machine's processing capabilities (to send spam, for instance) or capturing information being sent between systems.
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
So how does a UU get inside a computer? The easiest weakness to exploit is a poorly conceived password. Password-cracking programs can identify dictionary words, names and even common phrases within a matter of minutes. Many of these programs perform a “dictionary attack”: they take the encryption code used by the password system and encrypt every word in the dictionary. Then the UU plugs in the encrypted words until the password match is found. If a system has a complex password, the UU could try a “technical exploit,” which means using technical knowledge to break into a computer system (as opposed to nontechnical options such as stealing documentation about a system). This is more challenging, because the UU must first learn what kind of system the target is and what the system can do. A proficient UU can do this remotely by utilizing a hypertext transfer protocol (http) that gains World Wide Web access. Web pages usually record the browser being used. The UU could write a program that takes advantage of this procedure, making the Web page ask for even more information. With this knowledge in hand, the UU then writes a program that circumvents the protections in place in the system.
Although you cannot eliminate all possible weaknesses, you can take steps to protect against unauthorized access. Make sure you have the latest patches for your operating system and applications. Create a complex password with letters, numbers and symbolic characters. Consider installing a firewall program, which blocks unwanted Internet traffic. Make sure your antivirus software is up-to-date and check frequently for new virus definitions. Finally, back up your data, so you can recover important material if anything does happen.
Why do traffic jams sometimes seem to appear out of nowhere?
—H. SMITH, NEW YORK CITY
Benjamin Coifman, assistant professor of electrical and computer engineering at Ohio State University who studies traffic patterns, offers this answer:
Drivers encounter the end of the line in a traffic jam seemingly out of nowhere because the number of waiting cars could stretch several miles away from the original bottleneck. The bottleneck could have arisen because of an accident or because of features in the roadway, such as a sharp curve, where drivers must slow down. The difference between the bottleneck's capacity and the demand upstream determines how fast the line grows. The end of the line typically has the worst conditions because cars there suffer from accumulated delays caused by the original obstruction, especially since vehicles entering from ramps worsen the problem by occupying additional space. Speeds tend to improve as drivers progress, making it easy to miss the actual trouble site when you finally pass it.
For a complete text of these and other answers from scientists in diverse fields, visit www.sciam.com/askexpert