Definition of Computer Hijackby Josh Wepman
A computer hijack occurs when an attacker takes control of a computer system and exploits it. There are a number of ways computer hijacks can occur; most involve a network connection or physical access to the system and vulnerability in some part of the system.
Once the hacker takes control of a system, he has the capability to use it however he wants. Many attackers use hijacked computers to steal private data, to monitor user activity, and/or to launch further hijack attacks against other systems, according to the IT services team from University of California Santa Cruz.
Some hijackers (also called hackers or crackers) target specific individuals or corporations, using techniques such as social engineering or spear phishing. These methods involve specifically targeted attempts to get a certain user or group of users to install software or visit a site that exploits the system.
Other hijack attempts are widespread, not targeting any specific person or organization. Common tools for this type of hijack are spam e-mail, phishing and viruses embedded in e-mails or websites.
A computer hijack can be very costly. Purdue researcher Scott Ksander estimates that computer-based attacks account for 11.4 percent of all identity theft crimes in 2004. Computer crime is the fastest growing means for identity theft, Ksander writes.
The impact on an organization can be even worse. Theft of trade secrets, personnel information,and credit card numbers can cost millions of dollars in lost revenue. If a compromised computer is used to attack a different system, law enforcement could mistakenly believe that the owner of the system is to blame for the attack.
Identification and Prevention
Detecting a computer hijack is difficult, but there are many tools (both free and commercial) used to detect and respond to a threat. Personal and enterprise-level firewalls are a must to prevent unwanted network traffic. Virus scanners and spyware cleaners help remove unwanted or potentially harmful software from a computer system.
Recognizing phishing attacks, never opening unsolicited e-mail attachments and deleting spam are also great ways to reduce the risk of a computer hijack.
When a computer hijack is detected, the system owner must take immediate action. Disconnecting the computer from a network prevents the attacker from continued access to the machine. Administrators must then run virus scans and spyware detection software to thoroughly clean the computer system.
Risk analysis and re-education of employees are crucial response measures in the event of a corporate computer hijack, as the company can be held responsible for negligence for poorly trained employees.
Computer hijackers frequently take control of another machine and then use it to distribute malware or even host illegal data, such as child pornography. Law enforcement has a difficult time tracing attacks originating from a hijacked machine, as hackers often hide their tracks on a compromised computer.
Owners of a system that is hijacked can be held responsible legally for illegal activity even if they do not know about it. It is very important to respond quickly to a computer hijack to avoid felony prosecution under 18 U.S.C. Section 1030, which governs computer crimes.