Naked eye

A prudish hacker caught me surfing porn and turned the image on my monitor, and my world, upside down.

Published December 22, 1999 5:00PM (EST)

I was working late one night, trolling softcore sites on the Net, when I fell victim to a priggish hacker.

Everybody has heard of hacks into government or corporate Web sites but, fool that I was, I didn't even know my PC was susceptible. Looking back, I can't believe I hadn't paid more attention to all the media hoopla over viruses -- and I can't understand why my Internet service provider didn't offer better warnings about the potential vulnerabilities of cable modems. Now some guy I know nothing about has explored my hard drive and learned who-knows-what about me; I feel violated, angry, afraid. I can't believe I have no recourse, no way to find this guy, no way to keep him out of other people's computers. Instead, I'm left looking both ways before I download anything and slinking through once familiar sites with a frightening sense of apprehension.

It all started when, trying to kick the tail-end of the flu, I'd stayed home from a Christmas party, fired up my computer and poured myself a glass of wine. I was researching a graduate school essay about women who are using the Web to promote a healthy sexuality and gender equality. So, I meandered through Bliss and its collection of erotica, poetry, comics and sex-positive essays falling under the description "Life beyond the mission position." The pages are full of overtly sensual text and images, but the site falls well short of gratuitous pornography.

I also thumbed through the Web pages at Danni's Hard Drive, where former stripper-turned-webmistress Danni Ashe promotes her brand of sexuality and the nude female form through a hugely successful e-commerce venture. The site is chock full of college girls flaunting their all-natural breasts, "amateur entrepreneurs" showing it all for the camera, and big-busted babes built of silicone. The text introducing these nude models is not the typical "XXX sluts want you to give it to them now!!!" Danni imbues the site with a friendly feel, as if she's a mutual friend of model and viewer, arranging a blind date. She and her girls give off the image of women who truly believe they are empowered by the site, which is something I wanted to discuss in my essay.

But as I was sifting through Danni's Hard Drive on Netscape Communicator 4.05, a revolting photo of a woman defecating on a guy's face suddenly popped up on the screen. This was definitely not what I was searching for. However, there was no delete box and I couldn't figure out how to get rid of it. I thought to myself, "Ha ha, another disturbingly amusing download trick from one of these sites." Yet it wouldn't go away. Then a small dialogue box sprang up, similar to a chat room interface or ICQ:

You can type in the top.

These were the first words I received from him. Still living in denial and naiveti, I thought it was just a bizarre program or advertisement I'd inadvertently grabbed.

I can't recall exactly what he typed next, but this was the gist of it:

I can see what you're doing. You're looking at all that porn. You'd better stop and pay attention to me. This is for real.

Incredulous in hindsight, I still thought the box would merely disappear. The words weren't specific enough for me to suspect that this was a live dialogue. Besides, the sites I'd been visiting weren't the stereotypical XXX sites. I wasn't some sleazy porn freak, I thought, trying to distinguish my academic viewing of nude feminists from someone else's masturbatory naked-lady viewing. As my defense was taking shape in my mind, this guy really got my attention by typing my Microsoft Network password into that scary little box.

I have the power, booboo69, and I will erase your hard drive if you don't stop looking at this smut. I can destroy all the data on your computer. Do you think you're smarter than me??!

He demonstrated to me what he was capable of unleashing by turning the image on my monitor upside-down and sending over a sound file with his voice on it -- complete with Australian accent. My very own deus ex machina. I never saw anything transferred to my computer, but suddenly it was speaking to me.

"Well, g'day. I'm your friendly hacker and I live in Australia. Doesn't it frighten the shit out of you that I can get into your computer and send you a sound wave like this? But don't worry, I won't do anything wrong. But you'd better be a good boy or a good girl and not look at any dirty pictures because if you do I'll know what you're doing and I can see it too. I'll catch up with you again. Have a nice day. Bye."

Fantastic, I thought. What were the odds that I'd attract a hacker on a morality kick? I frantically typed into the chat box, trying to explain the nature of my research to him, but he didn't care. Besides, like most anyone online, I've checked out a few sites -- and he could tell. I told him I was scared and asked him to go away. He said he had "copied files from my hard drive," although he didn't say which ones, and he told me he could see exactly what I was typing. By that point I was sweating buckets and shaking like a leaf -- and it wasn't the lingering flu or the wine. I was downright petrified.

I panicked and yanked out my cable modem connection. My mind was racing as I paced my apartment. How much had he seen? Did I care whether he read my graduate essays, especially the one about the psychology of hacking? Had I visited any sites that might come back to haunt me? What about my e-mail ... I was using Telnet to connect to a remote university server -- could he impersonate me and send messages to my friends and family? Could he find out where I live? And my brother also used that computer -- was his privacy in jeopardy too? Did using a cable modem make me more of a sitting duck?

Through discussions with some Net-savvy friends, I soon learned about hacking tools for "script kiddies," such as the Cult of the Dead Cow's Back Orifice 2000, which allows a hacker to take control of machines that run Windows -- executing applications, reading and transferring files, even restarting or locking up a computer. It gives its user more control of a remote Windows machine than the person at the keyboard has. I also discovered that Trojan horses are nasty beasts -- malicious, security-breaking programs disguised as something benign like a screensaver or a game. They run in the background so you don't know they're there -- until some hacker exploits them to take control of your computer.

I also became aware of the apparent fact that I make a more appetizing meal for hackers since I have a solely Windows environment. As the Back Orifice 2000 site puts it: "Being vulnerable to Trojan horse programs is an inherent flaw in the Windows architecture (by no means unique to it, of course), that software can be executed on a system without any form of user intervention, approval, or feedback. The features of Windows that keep the user from being overwhelmed with information regarding the workings of their computer, are the same features that allow Back Orifice 2000 to keep itself hidden from view."

Detective Bruce Headridge of my local Organized Crime Agency, a provincial policing group partly dedicated to cracking down on computer crime, told me that the hacker likely infected my machine by invisibly fastening a Trojan horse to an attachment file that I downloaded somewhere along the line. Or I might have picked up the Trojan horse elsewhere and the hacker pinged a random list of IP addresses until he came across my infected machine. (I get randomly hacked out of millions of users but can't win $10 in the lottery.)

Thanks to this experience, I now know that, in addition to being quick, my cable modem has a static IP address. Headridge explained that my logged-in address is always the same and if, like a typical user, I leave my computer on all the time, I am an easier target. It was a simple numbers game: Because I was permanently online, he said, my chances of being found by a hacker were higher than those of someone who dials in with a modem and has an always-changing IP address. Once he knew my IP address and a Trojan horse had opened the door for him, Headridge said, the hacker probably used Back Orifice 2000 to gain control of my computer.

Eventually, I discovered the Trojan horse by searching my hard drive. It was sitting there, like a festering, mocking tumor, and even my latest anti-virus program couldn't delete it. The anti-virus program I'm using, eSafe Desktop, recognizes the name of it is win32.Back Door.G6, though in Microsoft Windows Explorer, the name comes up as mtmtask, an executable file. The date stamp on it corresponds to when the hacker showed up, leaving me wondering how it got there and what to do with it. A security consultant at a store in town said if no anti-virus program will remove it, then reformatting my hard drive is the only solution -- not exactly something I was eager to do over the holidays.

Probably the worst part of this ordeal came when I realized I had only myself to blame. I am usually quite careless when I receive attachments like Elf Bowling or the addictive snowball fight game, opening them without scanning for viruses. But I don't think I'm the only one. Most of my friends and colleagues act similarly, all in the name of expediency. But e-mail attachments often have a long history to them, after traveling through cyberspace from user to user; I've now begun to think of them as a shared needle.

Today, I am arming myself with more technical knowledge in an effort to protect myself. I got brave, went online, installed the ConSeal Private Desktop which protects Windows users from Trojan horses with a personal firewall, and learned about all sorts of security measures. The hacker from down under had managed to disable my Norton anti-virus software and was audacious enough to instruct me to get a more recent version. Now I have five anti-hacking programs running on my computer -- the Guard Dog from McAfee barks when there is a security breach -- and I still feel like I need more. I'm worse than the guy who wears three condoms.

I did phone my ISP, Rogers Cable, which is one of Canada's largest cable television companies, and reported the incident. At first, I assumed the company could just block him somehow. But technical representatives told me that I needed to ascertain the hacker's IP address before they could stymie his attacks. They suggested that I purchase BLACKIce Defender, which silently monitors communications between your computer and the network. "I don't know what else you can do, man, but good luck," they encouraged. "I'm sure it'll all work out in the end." In spite of this sanguine and cavalier attitude, I was more than just a little reluctant to go online and poke around anti-hacking software sites when he could be there waiting for me. You just don't walk up to your enemy unarmed and kick him on the shin. (Subsequently, executives at Rogers have made a concerted effort to investigate the situation and the origins of the Trojan horse.)

I used to consider myself fairly well-informed about technology, but I was obviously only scratching the surface. Now, I'm paranoid about where I get my information; I question the source of a forwarded e-mail and I wonder who could be lurking online. I guess if any good came of this, it's that I got an education, but I can't pretend it's been fun. I only hope I've learned my lesson well enough and that I'll never again have to hear that unsettlingly calm Australian voice cutting in to tell me that I'm being watched. Sic 'im, Guard Dog.

By Daniel Sieberg

Daniel Sieberg is a writer living in Vancouver and a graduate student with the Sing Tao School of Journalism at the University of British Columbia.

MORE FROM Daniel Sieberg

Related Topics ------------------------------------------