Why Me?

We hope it’s pretty clear by now that Internet security is an important issue even for the rest of us. But you still may be wondering why. Why would someone want to attack your machine if it has no secret documents, no Web site to deface, no credit-card numbers to steal (we hope)? What possible benefit could someone gain from accessing or destroying data on your machine?

These are all good questions. And they have two sets of answers. First, you may have more important data on your machine than you think. (We’ll look at this issue in Chapter 3.) But even if you’re right about the lack of significant data on your machine (maybe all you do is play games), there is a second set of reasons why your machine is being attacked over the Net.

Here’s the key point to realize about most access attempts on your machine:


No one is specifically targeting your machine.


You’re right—pretty much no one cares about you in particular. Most hackers out there just want to break into any machine. Many are bored high-school or college students looking for a challenge. They want to be able to brag to their friends, “See? Look what I can do to this poor sucker’s machine. Am I not cool?” Others want to take over machines for more nefarious purposes.

Being cool used to mean having a powerful car or being on the football team. Now, to a subset of the younger generation, it means being able to wreak havoc at long distance and to leave your mark. Hacking is (sometimes quite literally) the digital version of graffiti.

Another key point to understand is exactly how those access attempts to your machine are being made:


Almost all havoc-wreaking is done through pre-built applications or scripts, or compromised Web sites.


The havoc-wreaker doesn’t need to be some geek who slaves away for nights on end on a specific application to go out and do his dirty work. He (and it usually is a he and a young he at that) simply needs to go to any of a variety of Web sites and download any of a variety of applications or scripts. A simple double-click after that, and the hacker (or “script kiddie,” as he’s often called) is on his way.

But how does a script kiddie happen to end up hacking your machine? Again, why you? Pretty much because your machine was there, and it was your turn. As you’ll see in Chapter 6, each machine on the Net has an address, just like a phone number. The hacker’s script either picks Internet addresses at random or goes through them sequentially. The script uses various techniques to see whether there’s a machine at that address and concentrates on address ranges that are more likely to have lots of vulnerable machines (such as the address ranges used by popular Internet providers). When the script finds a machine at a particular address, it moves on to try various built-in attacks against that machine. Those attacks usually are the ones that you’ll see if you’ve added any sort of logging or monitoring features to your machine (see the chapters on analyzing security threats and personal firewalls for ways to do this). If any attack is successful, the script alerts the hacker running it or logs the machine’s address to a file for future exploitation; otherwise, it moves on to the next address.

It may seem unlikely that of all the machines on the Net, yours is getting chosen at random so many times a day. After all, there are hundreds of millions of machines. But remember that the rate of attacks is increasing faster than the rate of new users. A few years ago, lots of new users were getting on the Net but not lots of new hackers. Now the hackers are catching up. So with all those hackers running all those automated tools (on faster computers and faster connections), they just happen to hit your machine many times a day! And if trends continue, the situation is just going to get worse.

Recently, hackers have also been focusing on creating malicious Web sites, which take advantage of flaws in Web browsers to attack and take over machines that visit those sites. The sites could be either ones put up specifically for that purpose, or ones compromised and taken over by a hacker. Either way, the hacker then entices you to go to the Web site (usually through an email message), and attacks your machine that way.