January 1, 2005

3 min read

Google Logo Add Us On GoogleAdd SciAm

Ask the Experts

Join Our Community of Science Lovers!

How do computer hackers “get inside” a computer?
—D. IKAVUKA LA MIRADA, CALIF.

Julie J.C.H. Ryan, assistant professor at George Washington University and co-author of Defending Your Digital Assets Against Hackers, Crackers, Spies, and Thieves, explains:

Essentially, hackers get inside a computer system by taking advantage of software or hardware weaknesses that exist in every system. Before explaining how they do this, a few definitions are in order. The term “hacker” is fairly controversial: some use this word to describe those whose intrusions into computer systems push the boundaries of knowledge without causing intentional harm, whereas “crackers” want to wreak havoc. I prefer “unauthorized user” (UU) for anyone who engages in unsanctioned computer access. “Getting inside” can mean one of three things: accessing the information stored on a computer, surreptitiously using a machine's processing capabilities (to send spam, for instance) or capturing information being sent between systems.

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

So how does a UU get inside a computer? The easiest weakness to exploit is a poorly conceived password. Password-cracking programs can identify dictionary words, names and even common phrases within a matter of minutes. Many of these programs perform a “dictionary attack”: they take the encryption code used by the password system and encrypt every word in the dictionary. Then the UU plugs in the encrypted words until the password match is found. If a system has a complex password, the UU could try a “technical exploit,” which means using technical knowledge to break into a computer system (as opposed to nontechnical options such as stealing documentation about a system). This is more challenging, because the UU must first learn what kind of system the target is and what the system can do. A proficient UU can do this remotely by utilizing a hypertext transfer protocol (http) that gains World Wide Web access. Web pages usually record the browser being used. The UU could write a program that takes advantage of this procedure, making the Web page ask for even more information. With this knowledge in hand, the UU then writes a program that circumvents the protections in place in the system.

Although you cannot eliminate all possible weaknesses, you can take steps to protect against unauthorized access. Make sure you have the latest patches for your operating system and applications. Create a complex password with letters, numbers and symbolic characters. Consider installing a firewall program, which blocks unwanted Internet traffic. Make sure your antivirus software is up-to-date and check frequently for new virus definitions. Finally, back up your data, so you can recover important material if anything does happen.

Why do traffic jams sometimes seem to appear out of nowhere?
—H. SMITH, NEW YORK CITY

Benjamin Coifman, assistant professor of electrical and computer engineering at Ohio State University who studies traffic patterns, offers this answer:

Drivers encounter the end of the line in a traffic jam seemingly out of nowhere because the number of waiting cars could stretch several miles away from the original bottleneck. The bottleneck could have arisen because of an accident or because of features in the roadway, such as a sharp curve, where drivers must slow down. The difference between the bottleneck's capacity and the demand upstream determines how fast the line grows. The end of the line typically has the worst conditions because cars there suffer from accumulated delays caused by the original obstruction, especially since vehicles entering from ramps worsen the problem by occupying additional space. Speeds tend to improve as drivers progress, making it easy to miss the actual trouble site when you finally pass it.

For a complete text of these and other answers from scientists in diverse fields, visit www.sciam.com/askexpert

Scientific American Magazine Vol 292 Issue 1This article was published with the title “Ask the Experts” in Scientific American Magazine Vol. 292 No. 1 (), p. 104
doi:10.1038/scientificamerican0105-104
View This Issue

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American

Subscribe