Helping people with computers... one answer at a time.
In some instances, it might be possible for hackers to see data going to and from one's computer. Sometimes it matters, but sometimes it doesn't.
I've heard that instant messages through AOL/Yahoo/MSN can be read by hackers that "sniff" the messages leaving my network. Is this true?
•
Yes.
It's actually true for all the data that comes and goes on your internet connection: web pages, emails, instant messaging conversations and more.
Most of the time it simply doesn't matter. Honest.
On the other hand, there are definitely times and situations when you really do need to be careful.
•
Data traveling on a network such as the internet can be seen by many other machines. Local machines connected via a hub, for example, all see the data being sent to and from all the other machines connected to the same hub. As the data travels across the internet, it actually travels across many devices each of which can "see" the data.
Sounds scary.
The good news is that's actually pretty hard to find data transmitted to and from a specific machine unless you're on the same network segment. For example, if you're connected to the internet via DSL, other machines sharing that DSL connection might watch your traffic, but random machines out on the internet would have an extremely difficult time tracking it down.
It's not something I worry about much at home.
However, there are scenarios that you should be very aware of.
-
Wireless access points operate much like a hub. Any wireless adapter within range can see all of the network traffic in the area. Visited any open (meaning not WPA-encrypted) wireless hotspots lately? Anyone in the coffee shop or library, or even just outside on the street or a nearby building, could be sniffing your traffic.
-
Hotel or other third-party provided internet connections are also vulnerable, since you have no idea what, or who, is sharing or watching your connection. It's possible that you're on a hub, and the room next door or down the hall could be watching your traffic, or it's possible that the hotel staff themselves are tapped into the internet traffic to and from all the rooms.
-
Landlord-provided internet connections, or those provided by or shared with a roommate or housemate fall into the same category: whomever set it up could very easily be watching the internet traffic going to and from the connection(s) that they provide you.
-
Your connection at work can also easily be monitored by your employer. In fact, the only difference between your employer and a hotel or landlord provided connection is that in most places the employer snooping on your use of their connection is legal, whereas the others typically are not.
So, what to do?
Aside from avoiding the situations listed above where this kind of eavesdropping is not only possible but often downright easy, the answer boils down to encryption of one form or another.
If you can, make sure that your own wireless hotspots are configured to use WPA2 encryption. (WPA if that's all that's available. There's no point in using WEP, as it is trivially cracked.) This way your wireless connection is secure. Even if someone does sniff and see your data going by, all they'll see is encrypted noise.
If, as in most of the examples above, you do not have control over the wireless connection, and have no control over the actual connection to the ISP, then additional steps are necessary.
As a start, if you're on the road you might simply wait until you're home to access sensitive sites like online banking or others.
In terms of technologies to help keep you secure, the list includes:
-
https (as opposed to http) connections are encrypted. Even traveling over unencrypted media like wired connections or open WiFi hotspots, the https protocol securely encrypts the data that is being sent to and from the web site being accessed. In addition, it also provides an additional level of security that the site you think you are connecting to is, in fact, that site. Not all sites support https (Ask Leo! is one such example) but sites that provide you with access to any potentially sensitive information - including your web-based email - should provide an https connection, or should be avoided.
-
Secure email connections should be used with your desktop email programs such as Outlook, Thunderbird, or any program on your computer that uses POP3/IMAP and SMTP. By default most email services have you configure your email connection for downloading your email using unencrypted protocols. Many now offer the ability to specify encrypted equivalents. If you're in any of the situations above, only encrypted protocols should be used.
-
VPNs or virtual private networks are technologies that can be used to secure your entire internet connection by creating an encrypted "tunnel" to a third party. All of your internet traffic goes to this trusted third party - encrypted - and from there it connects to the rest of the internet. All your internet traffic traveling between you and that third party is safe from sniffing by virtue of being encrypted.
The "third party" might be your place of work, if they offer such a thing, and as noted above, if you trust them. Other alternatives include services like HotSpotVPN which are targeted at folks traveling a lot who make regular use of open public WiFi and other fundamentally unsecure internet connections.
In general, when people ask about the security of their data it falls into one of two broad categories:
Privacy and Security or folks who are concerned that they're being spied on. My general response is that most of us as individuals just aren't that interesting, and it is rarely anything to be concerned about.
Opportunistic Theft or situations where someone's looking not specifically for you or me, but rather for someone who's allowed their bank, email or other secure information to be available for stealing. By leaving information available out and available to thieves, you can become a victim.
The good news is that the advice and technologies above go a long way to addressing both issues. The bad news, of a sort, is that it's still your responsibility to make sure that you're secure and using them appropriately.
(This is an update to an article originally published in February, 2005.)
Article C2290 - January 9, 2010 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
July 18, 2010 1:47 PM
Lately, my internet passwords are becoming scrambled. I am careful about what password I assign to an account, but what I get returned from them as "confirmation" is not what I type in. Can you explain what may be occurring and how to resolve this. Thank You.
October 15, 2010 10:37 PM
Don't completely let your guard down just because it may be hard for some hackers to spy on you, or maybe you might feel your not important enough... NOT TRUE!
Getting past our 2 firewalls, and our anti-virus software was just the tip of the ice burg for this Back-Door Trojan - Keystroke Virus that sat in all of our networked computers at work and stoled credit card numbers, passwords, social security card numbers, mothers maiden names,bank account numbers and worse.... for how long you ask? We actually have no idea, until we started getting charges to credit cards, paypal and more.
So, after five and a half weeks of changing passwords, canceling credit cards, bank account and .... well, you get the picture we dug ourselves out of the hole we were in.
We did find our security hole 6 months later, as an employee was terminated for viewing porn on a work computer.
Our lesson, never use a computer with valuable or sensitive information on it and communicate with the outside "World - Wide - Web"!
So be safe out there!
October 19, 2010 10:36 PM
could someone possibly write me at my email above and tell me if a hacker could see my data going to and from my computer? it is my private home computer. I sent an email to another email account (gmail) and it never got there. it had an attachment with very important information about my accounts. I've checked the address and I sent it to the correct email address but it never arrived. I am sick with worry. do I have reason to be worried and what can I do now. thanks.
November 8, 2010 6:55 AM
I have a wifi notebook. I share a router with my neighbor. He gave me the passcode. I've been noticing lately that my computer has been accessing his router, even though I am not on my computer. When I go out of town and take my computer with me, I notice his router has somehow been active on my computer. How is this all possible? And am I being hacked? About a month ago, I was recieving e-mail from old address books from a few of my deleted e-mail accounts.
December 23, 2010 8:10 AM
I beleive my computer has been hacked into by my ex husband. I also have vonage which works
off my high speed internet with Time Warner which means my phone is tapped also. He is helping some other people who I am In a high stakes law suit with so the information I write on my computer and say over the phone gets somehow to the opposing counsul. They also have illegally accessed my discover card pretending to be me and used my bank account to transfer almost $ 5,000.00 out of my checking account so the person or persons doing this have to know all of my personal information. I don't even know my own new checking account number because I don't want anyone to be able to do this again however, I know my computer is being hacked. Is there any way I get the hacker out and keep him out? I am desperate. Please HELP!!!!