Break-in consequences

Last revision October 21, 2008

At the least, a hacker break-in will ultimately require you to take inconvenient and time-consuming steps to remove changes he has made to your system and block further break-ins. At worst, the hacker will deliberately or accidentally destroy your files, resulting in catastrophic data loss if you do not have good data backups.

The "black hat" hacker sub-culture (those who try to break-in and take over computers belonging to others) was once motivated primarily by the "thrill" and "status" (among their peers) that comes with accumulating a large number of successful break-ins. Now they are part of a sophisticated criminal enterprise. They break into computers to "harvest" personal information and capture bank account passwords, which they sell to other criminals to steal your money or identity.

A secondary motivation is to control compromised computers and use them to attack other computers on the network, in a multiplier effect. Some hackers surreptitiously control tens of thousands of PCs on home and corporate networks, and "rent" them to spammers and extortionists.

Generally, a hacker is not malicious enough to want to erase or tamper with your data and documents, partly because he has more to gain by remaining unnoticed. But that does happen sometimes, perhaps by mistake.

The hacker's goal is to be able to control your computer. If he can break in to an account with privileges (such as the "administrator" privilege in Microsoft Windows), or exploit a bug that lets him write to privileged areas of the disk, then he will generally install a "back-door" program that lets him connect to your computer again at any time, even if you have turned off the network service he originally used.

Next, after a hacker has taken control of your computer, he will often use it to perform additional network scans to find other vulnerable computers. More rarely, he will use your computer in concert with others that he controls to launch a "denial of service" attack against other computers belonging to persons or organizations that he does not like. The idea is to send so many network packets at once to the victim computer that it is overwhelmed and cannot perform its normal network function.

Often, you will not discover that your computer has been compromised by a hacker until he decides to use it to scan or attack others. Then the Stanford Networking Group will notice the unusual pattern or quantity of network traffic coming from your computer. They will "quarantine" your computer in this case so that it cannot use the network. Now your computer ceases to function at all on the network. In order to get the quarantine lifted, you must generally prove that you have removed all traces of the hacker's control programs by completely erasing your computer hard disk and re-installing all software.

Comments or Questions?