How Secure is the Internet?

Paula Hawkins

January 2002

The Internet connects 300 million computer users in a maze of networks and connections. It enables us to have real-time conversations across the globe, to buy cheap CDs, to trade shares from our living rooms and to do many other innovative things. But the Internet can also expose us to the threat of fraud and to an invasion of privacy. Using it can also result in irreparable damage being wreaked upon our computer systems. Just how exposed to these dangers are we, and how may we protect ourselves?

Buying online

Millions of people – more than a quarter of the UK's adult population – bought something online in 2001, according to the Department of Trade and Industry. But although we are becoming more Internet aware, around 50% of people who buy online do worry about credit card fraud. Indeed, millions of consumers are under the impression that using a credit card on the Internet is a high risk way of shopping.

But in fact, you stand a far greater risk of falling victim to credit card fraud when you hand over your card in a restaurant, or read out your details over the phone. It's far easier to tap into a phone line than to download encrypted credit card details from a computer. According to the Association for Payment Clearing Services (APACS), the body which deals with credit card transactions, the most common way to steal credit card details is simply by taking the number from a discarded credit card slip.

Nonetheless, you should know who you are dealing with in cyberspace. So before you pay for anything on the Internet, do a background check. If you're buying something from a company you've never heard of before, do a little research. Find out where they're based, and telephone the firm to make sure it's bona fide. Check whether the firm has a security policy as well as terms and conditions. Print the conditions out as a record. Look for companies whose sites bear the TrustUK or WebTrader logos. These companies abide by codes of practice designed to protect the consumer.

Encryption

The way in which credit card details and other personal information is protected on the Internet is through codes. Sensitive information is encrypted or encoded, so that only a computer with a 'key' can decode and therefore access the data.

The key is the secret to unlocking the code. A very simple example of a key would be a code in which each letter in the alphabet is substituted by the one which is three letters away: so A becomes D, B becomes E and so on. The key here would be 'shift by three'.

There are various types of computer encryption, but the most common type used on the Internet is 'public key' encryption. Public key encryption uses a combination of a 'private key', known only to your computer, and a public key, which is given to other systems with which the computer wants to communicate securely. In order to decode a piece of information, a computer must have the public key as well as its own private key.

However, that's not to say that using your credit card on the Internet is risk-free. Not all sites are encrypted or secure. So before you reveal any sensitive information on the Internet, look for a small padlock or broken key symbol in a lower corner of the screen. This denotes that the site is encrypted.

The security of a website might also be indicated by its address. Web addresses that connect to web servers running secure software will begin https:// or shhtp://, instead of the usual http://. Developed by Netscape, https:// denotes a more secure site than those which begin http://. Similarly, shttp://, developed by Enterprise Integration Technologies, means the site is more secure than those with the standard address.

Hackers and crackers

Depending on your point of view, hackers are either devious criminals or pioneers of the electronic frontier. The first hackers were 1960s technology geeks who began to develop shortcuts ('hacks') in order to complete computing tasks as quickly as possible. Since then, the public image of the hacker has gone through numerous changes. In the 1970s they were activists, 'phreaking' phone companies (making free calls). In the 1980s, they became more glamorous: the film War Games showed the hacker bringing the world to the brink of war and getting the girl. But over the course of the last two decades, hackers have increasingly been cast as criminals, even terrorists, intent on stealing valuable data, spreading viruses and spreading technological havoc.

Hackers say that this isn't what they do. They claim to help the online security industry by finding vulnerabilities in systems and pointing them out. The real threat, they insist, isn't from hackers, but from crackers. Crackers are the ones who write viruses, break into secure systems and snoop around in people's private files.

Most personal computer users don't worry too much about the threat of hacking (or cracking). Yet if hackers can break into the most heavily guarded sites in cyberspace (Microsoft, the White House, the Pentagon and the FBI sites have all been hacked), they can certainly break into your home computer. Most people assume that no-one would want to hack their personal computer because there's nothing worth stealing there. However, personal correspondence and bank details could be exploited by a disreputable hacker. More likely though, is the threat of a hacker using your computer to launch an attack on a more high profile target.

Denial of Service attacks

Denial of Service (DoS) attacks are so-called because they lock legitimate users out of websites or networks – ie they are denied service. One such attack hit the headlines in February 2000. Some of the largest and most established websites were attacked and forced to temporarily shut down, including CNN, Amazon, eBay, Yahoo and Excite. The attacker was a 16-year-old Canadian known as 'mafiaboy'. He hacked into people's home computers in order to launch DoS attacks on the likes of Yahoo and Amazon. In September last year, Mafiaboy was sentenced to eight months in a youth detention centre after admitting his involvement.

In DoS attacks, a hacker will use a software tool called a scanner. This will allow them to find computers – usually home computers without security – which are vulnerable to break-in. The hacker will then download information onto those machines, placing them under his control. He can then use the machines to attack his main victim (CNN, Yahoo, etc) by sending out hundreds of thousands requests for information. The main victim's system cannot cope with the traffic and eventually shuts down.

Trojan horses

Another favourite hacker tool, Trojan horses, are programmes which provide back doors into computer systems. Trojans are usually disguised as games or videos, which are downloaded from the Internet. Once installed, they can wreak havoc from within. The most common Trojan trick is to replace the log-in message. Then, when the computer owner logs into their own system, they are in fact giving their username and password to the hacker, thus allowing the hacker access to the computer.

The most famous Trojan is known as Back Orifice, a programme developed by the Cult of the Dead Cow hacker group. Back Orifice is usually attached to an innocent file or programme, but once installed on your computer, it will email the hacker your unique Internet address, giving them control of your computer. The Cult of the Dead Cow is a hacker group which formed in the 1980s and gained notoriety with the release of Back Orifice. The group (whose real names are not known) claim that the programme was designed to demonstrate to the world how easy it would be to hack into Microsoft software.

Viruses

Viruses are computer programmes that are designed to self-replicate. Essentially, viruses are codes which are attached to other, legitimate programmes. If a programme is run, the virus attached to it is activated. It will load itself onto the hard drive of the computer and look around for another programme to infect. When that programme is run, the virus is reactivated, and so it spreads. This is usually done without the computer user noticing that anything is wrong. Indeed, many viruses are harmless.

Others, however, have 'payloads'. A payload is an action which the virus is programmed to carry out. Payloads range from mildly annoying (displaying insulting messages) to very damaging. Damaging payloads may delete files, reformat the computer's hard drive (wiping out all the information stored within it), or send files to strangers. The worst viruses can cause irreparable damage to your computer.

Conspiracy theories abound as to the origins of computer viruses. The popular image of the teenage hacker creating mayhem for their own amusement has been superseded. Now, there are two common views as to the origins of most viruses. One is that they are unleashed by terrorists or certain governments intent on damaging western economies. The other is that they are introduced by the manufacturers of anti-virus software who profit from the hysteria accompanying each new scare.

The first viruses were written in the 1980s. It's thought that Brain – the very first virus – was created by computer store owners in an attempt to deter software piracy. In the 1980s and early 1990s, there was relatively little inter-connection between home computers. Viruses could be transferred to home computers by floppy disk, but it took mass access to the Internet to make viruses the threat they are today.

In May 2000, a virus called the Love Bug infected computers across the globe. It appeared as an innocent looking email, bearing the subject heading ILOVEYOU. Once opened, the Love Bug forwarded itself to every email in the user's address book, stole passwords and overwrote image and audio files. Within days, it had spread around the world, disabling hundreds of thousands of operating systems.

Melissa was a predecessor of the Love Bug. It was a virus which hijacked the email system of a computer and copied itself to the first 50 addresses it found within. although the virus did not damage computers, the sheer volume of email created proved crippling for web servers and large corporations.

Super-viruses such as these wreak costly chaos. According to Californian research organization, Computer Economics, virus attacks cost businesses more than US$12 billion in 1999. Melissa alone is estimated to have caused around US$80 million worth of damage.

Hoaxes

Computer users are not just at risk from viruses, but also from the mere threat of viruses. Viruses hoaxes are becoming increasingly common and can be almost as costly as an actual virus attack. In 2001, an email circulated warning recipients that a certain file, SULFNBK.EXE, was infected with a virus and should be deleted if found. In fact, SULFNBK.EXE is a standard part of the Windows 98 operating system. Deleting it was not a major disaster, but there was nothing wrong with the file.

If you receive virus threats, take them with a pinch of salt. Don't take any action unless you are sure that the warning comes from an authoritative source.

Protection

According to Californian computer security specialists, McAfee, there are more than 57,000 virus threats active at the moment. Some experts estimate that around 10 new viruses are created each day. So how can the home computer user protect themselves against the plague?

According to McAfee, the first rule is never to open any files attached to an email which come from an unknown or suspicious source. Even if you get an email attachment from a known source, still be cautious. Many viruses spread themselves by hijacking the email accounts of users and forwarding themselves to everyone in that user's address book. So unless you're expecting an attachment from a friend, proceed with caution. Delete chain letters and junk mail without opening the files.

If you're downloading files from the Internet, check the security status of the website, find out if it has an anti-virus programme, and back up any important data. You can also purchase anti-virus software to protect you from bugs: it will screen incoming emails and downloaded files. However, since new viruses are being developed all the time, installing anti-virus software doesn't guarantee your computer immunity for long.

You cannot make your computer hacker-proof. The only way to keep it completely secure is to disconnect it from the Internet. But you can make it less vulnerable to attack by installing firewall software onto your machine. Firewalls are designed to protect computers from logins from the outside world – that is, the rest of cyberspace. A firewall will help prevent hackers from getting into your system, or, if it fails to do that, it may at least alert you to the presence of an intruder. Personal firewalls such as Sygate, Tiny and ZoneAlarm are available free and can be downloaded from the Internet.

Find out more

Channel 4 is not responsible for the content of third party sites

Websites

Hackers
www.hackers.com
One of the oldest and largest hacking sites on the web.

The Hackers Homepage
www.hackershomepage.com
The online hackers' catalogue.

Frontline
www.pbs.org/wgbh/pages/
frontline/shows/hackers/
A frontline (US television) report on hackers, including interviews with hackers, security experts and cryptographers.

The Greatest Hacks of All Times
www.wired.com/news/
technology/0,1282,41630,00.html
Describes major events in hacking history.

Vmyths
www.vmyths.com/
Information on viruses and hoaxes.

Firewalls
www.firewallguide.com
Provides a guide to personal firewalls and anti-virus software, with advice on which product to choose and where to find it.

How Stuff Works
www.howstuffworks.com/virus.htm
Explanation of how viruses, worms, Trojan horses and other computer nasties work.

Books

The Hacker Ethic by Pekka Himanen et al (Random House, 2001) £7.99
The theory of hacker culture.

A Short Course on Computer Viruses by Frederick B. Cohen (John Wiley & Sons, 1994) £32.50
A thorough account of virus research and the struggle to convince security experts that viruses posed a real threat to computer users everywhere.

Hackers: Heroes of the computer revolution by Steven Levy (Penguin, 2001) £7.99
The History of hacking from the late 1950s to the present day. Tells the tale of some of the brilliant, eccentric and often flawed pioneers of the technological frontier.