Ask Leo! by Leo A. Notenboom

Can hackers see data going to and from my computer?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Privacy

Summary: In some instances, it might be possible for hackers to see data going to and from one's computer. Sometimes it matters, but sometimes it doesn't.

I've heard that instant messages through AOL/Yahoo/MSN can be read by hackers that "sniff" the messages leaving my network. Is this true?

Yes.

It's actually true for all the data that comes and goes on your internet connection: web pages, emails, instant messaging conversations and more.

Most of the time it simply doesn't matter. Honest.

On the other hand, there are definitely times and situations when you really do need to be careful.

Data traveling on a network such as the internet can be seen by many other machines. Local machines connected via a hub, for example, all see the data being sent to and from all the other machines connected to the same hub. As the data travels across the internet, it actually travels across many devices each of which can "see" the data.

Sounds scary.

The good news is that's actually pretty hard to find data transmitted to and from a specific machine unless you're on the same network segment. For example, if you're connected to the internet via DSL, other machines sharing that DSL connection might watch your traffic, but random machines out on the internet would have an extremely difficult time tracking it down.

It's not something I worry about much at home.

However, there are scenarios that you should be very aware of.

"... if you're on the road you might simply wait until you're home to access sensitive sites like online banking or others."
  • Wireless access points operate much like a hub. Any wireless adapter within range can see all of the network traffic in the area. Visited any open (meaning not WPA-encrypted) wireless hotspots lately? Anyone in the coffee shop or library, or even just outside on the street or a nearby building, could be sniffing your traffic.

  • Hotel or other third-party provided internet connections are also vulnerable, since you have no idea what, or who, is sharing or watching your connection. It's possible that you're on a hub, and the room next door or down the hall could be watching your traffic, or it's possible that the hotel staff themselves are tapped into the internet traffic to and from all the rooms.

  • Landlord-provided internet connections, or those provided by or shared with a roommate or housemate fall into the same category: whomever set it up could very easily be watching the internet traffic going to and from the connection(s) that they provide you.

  • Your connection at work can also easily be monitored by your employer. In fact, the only difference between your employer and a hotel or landlord provided connection is that in most places the employer snooping on your use of their connection is legal, whereas the others typically are not.

So, what to do?

Aside from avoiding the situations listed above where this kind of eavesdropping is not only possible but often downright easy, the answer boils down to encryption of one form or another.

If you can, make sure that your own wireless hotspots are configured to use WPA2 encryption. (WPA if that's all that's available. There's no point in using WEP, as it is trivially cracked.) This way your wireless connection is secure. Even if someone does sniff and see your data going by, all they'll see is encrypted noise.

If, as in most of the examples above, you do not have control over the wireless connection, and have no control over the actual connection to the ISP, then additional steps are necessary.

As a start, if you're on the road you might simply wait until you're home to access sensitive sites like online banking or others.

In terms of technologies to help keep you secure, the list includes:

  • https (as opposed to http) connections are encrypted. Even traveling over unencrypted media like wired connections or open WiFi hotspots, the https protocol securely encrypts the data that is being sent to and from the web site being accessed. In addition, it also provides an additional level of security that the site you think you are connecting to is, in fact, that site. Not all sites support https (Ask Leo! is one such example) but sites that provide you with access to any potentially sensitive information - including your web-based email - should provide an https connection, or should be avoided.

  • Secure email connections should be used with your desktop email programs such as Outlook, Thunderbird, or any program on your computer that uses POP3/IMAP and SMTP. By default most email services have you configure your email connection for downloading your email using unencrypted protocols. Many now offer the ability to specify encrypted equivalents. If you're in any of the situations above, only encrypted protocols should be used.

  • VPNs or virtual private networks are technologies that can be used to secure your entire internet connection by creating an encrypted "tunnel" to a third party. All of your internet traffic goes to this trusted third party - encrypted - and from there it connects to the rest of the internet. All your internet traffic traveling between you and that third party is safe from sniffing by virtue of being encrypted.

    The "third party" might be your place of work, if they offer such a thing, and as noted above, if you trust them. Other alternatives include services like HotSpotVPN which are targeted at folks traveling a lot who make regular use of open public WiFi and other fundamentally unsecure internet connections.

In general, when people ask about the security of their data it falls into one of two broad categories:

Privacy and Security or folks who are concerned that they're being spied on. My general response is that most of us as individuals just aren't that interesting, and it is rarely anything to be concerned about.

Opportunistic Theft or situations where someone's looking not specifically for you or me, but rather for someone who's allowed their bank, email or other secure information to be available for stealing. By leaving information available out and available to thieves, you can become a victim.

The good news is that the advice and technologies above go a long way to addressing both issues. The bad news, of a sort, is that it's still your responsibility to make sure that you're secure and using them appropriately.

(This is an update to an article originally published in February, 2005.)

Related:

Helpful? Get new articles weekly by email in my FREE newsletter!

Your Name:
Your Email:


Why Subscribe?

Article C2290 - January 9, 2010

Was this article helpful? «Yes» «No»

Recent Comments
49 Comments

Hi Leo
Can a hacker see everything that is on your computer system like websites you've saved to your favorites?

Posted by: Tina at August 27, 2009 12:00 PM

I work from home and have access to an external system in a call center. I will like to know how much my boss can see on my computer while I'm working. For example, Office, internet, ...
Regards, Violetz

It all depends on that 'external system' and how you connect to it. Best case: no worries. Worst case: they can see everything. No way for me to know where on the spectrum you are with the information provided.
Leo
14-Nov-2009

Posted by: Violetz at November 14, 2009 4:01 AM

Hackers can take what ever they want. Stay away from blue areas ( Porn). Also Stay away from these dating games over the internet (Trouble). Use your computer / lap top for what you bought it for, sending emails to your friends and family. Turn off the internet while you are in your very privite Documents performing work or just writting letters. Also if you want to back up your computer (PC) get a USB port memory flash stick, what you do not see you not control. Do not give your documents, pictures or anything from your computer to any one; To keep for you in case your system crashes: If your system crashes, because you have the CD'S that came with your system, just reload and take the documents and family pictures from your flash stick, or CD's. You can do it if you try. Mark

Posted by: Mr.Mark Whitney Schultz at January 12, 2010 9:15 AM

My computer is owned by my husband's business and my email is
provided by his office. I know he reads my email which isn't exciting but I'd like to enjoy some privacy. Will I have to change my provider to get security?

That and you'll probably want your own computer as well.
Leo
14-Jan-2010

Posted by: Sara Jane Lubrano at January 12, 2010 10:48 AM

From time to time -- there is a need for my to enter my credit card when I purchase items from Tigerdirect or Amazon. When this occurs I get a message that says the page I am entering on is secure and when I leave that page it tells me I am going to a page that is NOT secure. Assuming I am careful to check for internal programs that "watch" the keys that I type -- can a hacker intercept and obtain my credit card number? I should add that I have an unencrypted router for my home network but do not have any "shared" folders other than the one entitled "public".

Posted by: Richard J. Lawrence at January 30, 2010 5:39 AM

Post a comment on "Can hackers see data going to and from my computer?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

  • Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.

  • Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.

  • Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

  • Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.

  • Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...


Question? Ask Leo!