Hackers want to take over your computer!

last revision August 10, 2004

For example, during the months of April and May, 2002, over 280 Windows PCs on campus running either NT, 2000, or XP, were compromised by hackers because these computers had Administrator accounts with no password. The default file sharing setup in these Windows versions lets anyone connect over the network and change any file if he knows the Administrator password, or if there is no password set.

In the first two weeks of August, 2003, more than 7,000 Windows PCs on campus were infected by "worm" programs that gave control of the PC to hackers! These "worms" were exploiting the new "RPC overflow" security bug that had just been discovered a few weeks earlier. A patch to fix the bug had been available from Microsoft for two weeks before the hacker attack. Yet thousands of campus computers were successfully compromised by hackers because their owners were not installing security patches regularly.

On average, a new hostile hacker scan of the Stanford network starts every 15 minutes! If you put your computer on the network with open accounts or other security bugs, it will be compromised within hours or even minutes. Unlike corporations with tight firewalls, Stanford's network is mostly open to the entire internet. Even the limited filtering of incoming traffic that Stanford does is only partially effective; a hacker who finds a way into one computer on the campus can then use it to launch attacks on others, even though the "perimeter" is supposedly secured. Stanford's relatively open network makes it easy for you to access any network service, but also makes it easy for hackers to scan our network for vulnerable computers and attack them.

Once a hacker gains access to your computer, he usually leaves "back-door" programs scattered around in the file system. These allow him to control your system remotely. The most common result is that the hacker uses your computer to attack other computers on the network. Then you are likely to find that your computer has ceased to function on the network, because the Stanford networking group will "quarantine" any computer that is attacking others, by blocking all access to the offending computer at the building network router.

Once your computer is compromised by a hacker, you usually have to completely wipe the disk and re-install Windows and all your software. That is a great waste of time. In addition, a malicious hacker can wipe out your important documents (this has happened here in Stanford Earth Sciences).

Comments or Questions?