Since the dawn of the PC revolution in the 1980s, there’s been a counterculture among the technorati, a group of users with impressive skills who liked to show off. In computer programming, the concept of a “clever hack” is solving a computer problem with elegance and the cleanest solution. These people became known as hackers, and most of the software that drives the Internet is an accumulation of “clever hacks”.
With the advent of wide-spread Internet use, “hacking” has turned towards breaching security systems. More properly called “crackers”, these are the internet equivalent of vandals breaking into shops or smashing cars, just to prove that they can. In spite of Hollywood portrayals of them, most of the people who do cracking are asocial males in their late teens and early 20s, with the technical skills to hold down a job but lacking the social skills to generally get one. Cracking is very much a young man’s game, and like vandalism, shows a lot of the “late teenager” attitude of “the world sucks”.
Cracking, and security against cracking, has escalated into an arms race on the internet; every time new software updates come out, someone out there tries to find a way to bypass its security. No system can be made 100% secure if it’s on the internet, though there are lots of techniques you can use to reduce your risks.
First of all, let’s look at those risks. The most dangerous risk from internet cracking is identity theft. Identity theft is taking someone’s credit card number, security information, and social security number and establishing a false ID; it is the equivalent of letting random strangers use your credit card number to make purchases, and over the course of a year, it results in nearly 2 billion dollars of fraudulent transactions worldwide. Variations on identity theft abound, such as attempts to coax you to give out your bank account or mortgage account numbers, and so on.
The most common methods of identity theft rely on the weakest areas of security – human beings. People tend to use the same password for all their secure logins, and worse yet, make passwords that are books found in the dictionary. One of the easiest ways to crack a password, once you have the login name, is to write a computer program that will input a user name, and then try and feed in every single word in the dictionary at it. Just randomly capitalizing a letter in the middle of the password makes it more secure. Using a number instead of a letter (like “0” for “O”) makes it stronger. Using both numbers and non-letter characters (like “!” for “I”) makes it stronger still. Change your passwords for your financial websites every 3 months, regular as clockwork, just to be on the safe side.
Once you’re connected to a secure web site, its encryption is probably strong enough to prevent someone from randomly snooping on it – at least for the connection going from your ISP to where you’re going. If you’re on a public wireless network, however, that wireless connection probably isn’t encrypted. So, don’t do ANY kind of transaction in a wireless environment unless you’re sure there’s only one wireless network, and it’s encrypted.