Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can hackers see data going to and from my computer?

Question:

I've heard that instant messages through AOL/Yahoo/MSN can be read by
hackers that "sniff" the messages leaving my network. Is this true?

Yes.

It's actually true for all the data that comes and goes on your internet
connection: web pages, emails, instant messaging conversations and more.

Most of the time it simply doesn't matter. Honest.

On the other hand, there are definitely times and situations when you really
do need to be careful.

]]>

Data traveling on a network such as the internet can be seen by many other machines. Local machines connected via a hub, for example, all see the data being sent to and from all the other machines connected to the same hub. As the data travels across the internet, it actually travels across many devices each of which can "see" the data.

Sounds scary.

The good news is that's actually pretty hard to find data transmitted to and from a specific machine unless you're on the same network segment. For example, if you're connected to the internet via DSL, other machines sharing that DSL connection might watch your traffic, but random machines out on the internet would have an extremely difficult time tracking it down.

It's not something I worry about much at home.

However, there are scenarios that you should be very aware of.

"... if you're on the road you might simply wait until you're home to access sensitive sites like online banking or others."
  • Wireless access points operate much like a hub. Any wireless adapter within range can see all of the network traffic in the area. Visited any open (meaning not WPA-encrypted) wireless hotspots lately? Anyone in the coffee shop or library, or even just outside on the street or a nearby building, could be sniffing your traffic.

  • Hotel or other third-party provided internet connections are also vulnerable, since you have no idea what, or who, is sharing or watching your connection. It's possible that you're on a hub, and the room next door or down the hall could be watching your traffic, or it's possible that the hotel staff themselves are tapped into the internet traffic to and from all the rooms.

  • Landlord-provided internet connections, or those provided by or shared with a roommate or housemate fall into the same category: whomever set it up could very easily be watching the internet traffic going to and from the connection(s) that they provide you.

  • Your connection at work can also easily be monitored by your employer. In fact, the only difference between your employer and a hotel or landlord provided connection is that in most places the employer snooping on your use of their connection is legal, whereas the others typically are not.

So, what to do?

Aside from avoiding the situations listed above where this kind of eavesdropping is not only possible but often downright easy, the answer boils down to encryption of one form or another.

If you can, make sure that your own wireless hotspots are configured to use WPA2 encryption. (WPA if that's all that's available. There's no point in using WEP, as it is trivially cracked.) This way your wireless connection is secure. Even if someone does sniff and see your data going by, all they'll see is encrypted noise.

If, as in most of the examples above, you do not have control over the wireless connection, and have no control over the actual connection to the ISP, then additional steps are necessary.

As a start, if you're on the road you might simply wait until you're home to access sensitive sites like online banking or others.

In terms of technologies to help keep you secure, the list includes:

  • https (as opposed to http) connections are encrypted. Even traveling over unencrypted media like wired connections or open WiFi hotspots, the https protocol securely encrypts the data that is being sent to and from the web site being accessed. In addition, it also provides an additional level of security that the site you think you are connecting to is, in fact, that site. Not all sites support https (Ask Leo! is one such example) but sites that provide you with access to any potentially sensitive information - including your web-based email - should provide an https connection, or should be avoided.

  • Secure email connections should be used with your desktop email programs such as Outlook, Thunderbird, or any program on your computer that uses POP3/IMAP and SMTP. By default most email services have you configure your email connection for downloading your email using unencrypted protocols. Many now offer the ability to specify encrypted equivalents. If you're in any of the situations above, only encrypted protocols should be used.

  • VPNs or virtual private networks are technologies that can be used to secure your entire internet connection by creating an encrypted "tunnel" to a third party. All of your internet traffic goes to this trusted third party - encrypted - and from there it connects to the rest of the internet. All your internet traffic traveling between you and that third party is safe from sniffing by virtue of being encrypted.

    The "third party" might be your place of work, if they offer such a thing, and as noted above, if you trust them. Other alternatives include services like HotSpotVPN which are targeted at folks traveling a lot who make regular use of open public WiFi and other fundamentally unsecure internet connections.

In general, when people ask about the security of their data it falls into one of two broad categories:

Privacy and Security or folks who are concerned that they're being spied on. My general response is that most of us as individuals just aren't that interesting, and it is rarely anything to be concerned about.

Opportunistic Theft or situations where someone's looking not specifically for you or me, but rather for someone who's allowed their bank, email or other secure information to be available for stealing. By leaving information available out and available to thieves, you can become a victim.

The good news is that the advice and technologies above go a long way to addressing both issues. The bad news, of a sort, is that it's still your responsibility to make sure that you're secure and using them appropriately.

(This is an update to an article originally published in February, 2005.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

55 comments on “Can hackers see data going to and from my computer?”

  1. MY EX EMPLOYER HAS HACKED INTO MY HOME COMPUTER AND PRINTED OFF EMAILS TO HIS OFFICE.
    HOW CAN HE GET AWAY WITH THIS, IS THIS NOT AGAINST THE LAW?
    THAT IS OPENING SOMEONE’S MAIL AS HE DID ME.
    THIS IS TERRIBLE ON HIS PART, HE IS A ROTTEN PERSON TO DO THIS, I WOULD NEVER DO THAT, HAS HE NOTHING BETTER TO DO? WE GOT INTO A FIGHT OVER IT AN I LOST MY JOB. HE PRINTED SOMETHING OFF MY COMOPUTER ON A SUNDAY, WHEN I DO NOT EVEN WORK.
    HE STOLE MY PASSWORD AND MONITORED ME FROM HIS OFFICE IS WHAT HE TOLD ME.

    Reply
  2. If you were on a LAN with your boss i could see this or on a wifi connect.
    If your on a basic 56k dial up i’d say its a trojan or some kind of remote monitoring software.
    If i were in your shoes (I wouldnt have been hired by the guy outta fear) Iwould pop in a Knoppix Live CD and go to town on his network and screw with his mind.
    Bosses are snoopy and it’s not right if he put some software on your HD to peek on you.

    Reply
  3. My business requires the emailing of some sinsitive information on a regular basis. I have spoken with my boss and co-workers about all of us using an encripted email system such as mailvault.com but no one seems to think there is a sigificant threat or danger out there to require these extra steps in security. Can you offer any data to help me to convice them that this IS a good idea?

    Reply
  4. I have been hacked and have optimum online dsl service. Is it possible for hackers to retrieve information from my computer even though I shut down?

    Reply
  5. I am an expert pc user and spend 60 hours a week on my machine and have never had this happen… I turned off my firewall to access a program on my old pc on the home network. I imported a file from c:folder\subfolder. I left the firewall off and left my machine for 7 hours. When I came back all files had disappeared from the folder and were not in the recycle bin. I am the admin account and logged off before I walked away but left the pc running with the firewall off. Did someone hack in and delete all my images. How can I trace down the files or evidence that I was hacked. Lucky for me what’s important is always transferred to cd or dvd and it was backed up.

    Reply
  6. Recent: While playing AOE on MSN zone, A hacker who didn’t want to lose was able to terminate my DSL connection? How? and what can I do to prevent this or track it?

    Reply
  7. leo: my daugher lives with me with have comcast internet–my daugher got on to iam and my space–my ex who lives 6 miles away got hold of her myspace info and iam–does this mean he has hacked into our computer @ home or is he using a software–at that point of him doing this–her passwords userid were changed

    is he hacking into our computer and my husband and my info and is this against the law

    thanks desparate

    Reply
  8. Hi,
    I read your information written above. I am in a office where 4 other people work and we all use same hub for connecting to internet. One guy is pretty smart and using linux. He said that he can see anyone`s data travelling through net. We are very scraed because of privacy of our emails, bank account etc. How can we stop him seeing that?

    Regards,
    tea

    Reply
  9. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Only use encrypted connections. https connections for webmail and
    banking for example.

    Leo
    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.6 (MingW32)

    iD8DBQFF70zpCMEe9B/8oqERAs7oAJ90RiXFbSG0Hx2ecDTFjROML1yizACcDa//
    JYex8E6D2matS4OPxMCSp1o=
    =CDJy
    —–END PGP SIGNATURE—–

    Reply
  10. Hi,

    I have Mcafee Security Center which has been sending me notifications that my name ( both first and last) are being requested when I visit various sites. It also has said my address is being sent, but just my city. It says my exact first and last names are being sent which makes me uneasy. How do I stop this besides just hitting reject all the time?

    Reply
  11. Are there ways for people on social networking sites (such as myspace) to obtain information about people visiting their site? Thanks for your help.

    Reply
  12. Fear not, dumb user!

    For parent who fear of child chatting with stranger, Child may chat to any stranger, for only one things that a child cannot reveal such information is a link to your place. Feed some fear to your child just how dangerous if involving to give information contact or in meeting can result to happen.

    Here’s CNN recording to catch predator;
    http://www.google.com/search?hl=en&q=site%3Acnn.com+predator+internet+transcript&btnG=Search
    =============

    Now for accounts that involve user/password on internet, such as IM, Mail, Myspace or whatsoever.. 1) You forgot to log off when you leave the computer in public such as at library, work, hotel, and other place of computer access to public. ‘hacker’ will play with your account, they may changed the password to keep the account for some reason, to check inside email and find the new other account you have created from any company that you registered (myspace, youtube, acme).. ‘hacker’ may as well go on myspace and click to “forgot password” by filling in email address and wait for popup in email browser.. So, created email account that come with 4 years or so, give hacker assuming that this person’s account have register many other site..

    —-

    To check if ‘hacker’ is nosy around on your network, This work in most LAN area, the outside of gateway(dsl,modem,cable) does possiable sniffing your datas at the endpoint of server or in route, ‘hackers’ can sniffing datas on the route point to find any interesting datas to use.

    To track them down, Type (Ctrl+R) to open the ‘Run dialog box’ and type ‘cmd.exe’ and enter to run console program… type ‘netstat -ab’ to show the ip address and the program running in your system if there’s any other program you find is linking from ip.. Those program is what give ‘hacker’ interest to play with. This program may be a trojan running that you have been exploited in the past..

    Start research on google.com to see what does this program is running, just to check if this is a trojan or not..

    Another one to check in your traceroute from your computer to a target computer, the target we’ll be using is google.com, on the console, you type ‘tracert google.com’ You will see what is hopping from your computer, it will show something like this,
    Your computer –> DSL –> ISP company –> route box –> misc box –> Google Server ….

    -========

    How to protect your datas,
    To talk on line, use ‘ssl’ to secure your line.
    To use file transfer, two things to use, encrypt the file by using this program http://www.truecrypt.org/downloads.php
    Or compress it into RAR or ZIP and set the password in it to protect files inside compression file…

    To surfing on browser, 2 things to protect, Use httpS on port 443,
    On google.com, Type in url ‘google.com:443’ This will redirect to ‘https://google.com’

    The second is probably not secure but it protect your identify if you don’t want other same ‘hacker’ on the route to sniff the same datas you sent to from point A to point B… You use Proxy
    http://www.google.com/search?hl=en&q=proxy+surf&btnG=Search

    ——-

    Fear about your identify, Well, it what you decided to say your name, address to the outside internet is already sitting there and kept as caching on other side of it.. You can’t tell that company to get rid of it.. IT ALREADY OUT THERE… In fact, your information is probably already out there since you have not as a user give out already.. You probably went to agency who work for he company is require to fill your information on their computer.. From that computer, they store information to the server database through the line on internet.. So it is already revealing to the network.. If you have the account to the bank, It is already out there on network.. If you use the library card, it is already out there, Your name, address, phone… If you have registering for a yellow book for your house phone number, it is already out on internet..

    Point being, Your identify, don’t spread more information that may led to “hacker’s interest” to take from your… Your name, address, phone number.. What can the ‘hacker’ use them for? Probably nothing.. maybe spaming your mail.. it is possiable.. http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=phone+book&spell=1
    ‘hacker’ can get their database of all person’s name and address and put in ‘hacker program to print’ all papers to sent it out..

    All of this seem to be pointless to me.. i guess All I could say to you is to start become a hacker and understand exactly what can hacker do. To be awareness of hacker’s tools can save you some idea just exactly what they use against to..

    Protect your box, Use Firewall/IDS/Proxy/Monitor/Sandbox

    Google it if you find such term you’re clueless

    Reply
  13. I have changed my password every two weeks and I still have a hacker getting into my computer and I know who it is and I can’t do nothing about it, so Leo can you please tell me what I can do about these people please?

    Reply
  14. Data traveling on a network such as the internet can be seen by many other machines. Local machines, connected via a hub, for example, all see the data being sent to and from all the other machines connected to the same hub. As the data travels the internet, it’s quite possible that other machines on the network can also see the data.

    Reply
  15. someone please answer my question. if i enter a chat room, can the administrator hack into my computer??
    i need to know. i broke one of the rules of the chat room and have been banned from the website…but i am anxious that the administrator may hack into my comp because i know he has hacked into the email accounts of some ppl there… please help me..

    Reply
  16. I notice you say use SSL but I find for instance when I use yahoo, hotmail and even Gmail only the sign in page is secure, when I navigate away from this page, I see that my information is no longer secure, so I was wondering is it safer if I use Outlook express that I see has an option to encrypt messages I am sending, and is the message going to be encrypted all the way until it reaches the sender?

    Reply
  17. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Actually GMail stays in secure mode if you go to it in secure mode.
    https://mail.google.com

    Encrypting a message is different, and requires that your recipient have the
    ability to decrypt it.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFHO8BUCMEe9B/8oqERAhXKAJ0Tp1KPgw8lkZVMGzjdG++peXKEWACeIN5J
    ygKs7BVx1jE9m73074mpmns=
    =KxGY
    —–END PGP SIGNATURE—–

    Reply
  18. can someone hack my computer and then send emails with IP address of my computer? In other words, can someone use my IP address from a distant computer after hacking my system?

    Reply
  19. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    That’s exactly what bots do – send email from your machine. Basically if your
    machine is infected or hacked, all bets are off – they can do anything.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFIFND1CMEe9B/8oqERAv48AKCGbGH1aGzd0P7K14QIeviUpSHjcwCdGSHT
    5tY3ReTgcb478Uqe8APedq8=
    =Q6uQ
    —–END PGP SIGNATURE—–

    Reply
  20. I have been talking to who I thought was a friend for the past 2 months and then he popped up and said that he wasnt really that person. He was just using his screen name and myspace. But this guy has been sending me my friends pics and information about his work in the military. Is that possible to really be able to have acess to someones whole computer like that?

    Reply
  21. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Absolutely. If your (real) friend was careless and somehow
    let his account information be stolen, this kind of thing
    could easily happen. And it does.

    That’s why people like me keep harping on keeping your
    computer secure, choosing good passwords, and all the other
    habits we should develop to stay safe.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFIdSGqCMEe9B/8oqERAvicAJ9j1x7DnTdS+nC9Gp0seLOTQnMtFQCfaBRg
    bdEUwNYI3ies3G3qQ/SI48M=
    =xS3K
    —–END PGP SIGNATURE—–

    Reply
  22. Hi Leo,
    I recieved an e-mail where I was selling something on online (Craiglist). By stupid of my part (sorry for the word)I gave the person my address and name. After I did that I noticed that it was an Scam. What the person can do with my name and address?
    thank you for your advise.
    Tony

    Reply
  23. Does a police officer or police dept. have access to hack into someone’s computer?

    Depends on where you live, but in short: yes, if they have evidence that a crime has been committed, and they get an order from the court.

    -Leo

    Reply
  24. Me and my roommate are sharing the wireless internet connection(secured WPA- personal).Can my room mate see what I am doing on the internet like I use Skype to talk to my girlfrn,so can he see what we are talking about and can he see the skype video too.If he can,how can I secure it from my roommate.

    Reply
  25. I would like to know if there is anyway to check my laptop to know if has a worm or something inside that allows somebody else outside there to receive all the moves I do in my laptop.
    There is a very small window that appears and dissapears at the bottom of my machine, where the bar of programs is and shows the applications that are open. This small window that shows and then disappear began to appear like 6 months ago and I am thinking that somebody installed, through an email I received, some kind of application that hacks my emails and also my internet moves.
    Is it possible that Norton Antivirus can capture that worm?
    Thank you.

    Reply
  26. Should I close my e mail before I go out surfing on the net, or does it matter one way or the other?

    I don’t. :-)

    – Leo
    09-Jan-2009
    Reply
  27. I’d like to copy and paste things from my Word docs. to, per example – a blog, but am wondering how safe my clipboard is. Can you tell me how attainable the info. saved to my clipboard may be? How much protection is needed?

    The clipboard is visible to any program running on your machine. Standard “make sure you’re scanning for spyware and viruses” rules apply.

    – Leo
    27-Jan-2009
    Reply
  28. Dear Leo…Well I’d like to know if there is any possible way for me to know If there is any kind of keylogger or any other spying software installed in my laptop for someone to be able to see everything I do and write?I’ve been trying to check all files and stuff but I know these programs are hard to detect because they aren’t actually visible…Plese help me, what can I do? is there any way for me to find out, and if there is, is there any way I can avoid them and uninstall them? I hope you can answer my question..thank you very much.

    Reply
  29. I have WIFI in my apartment and the whole building connects to the same wifi, which means that we all share the same Network Password. Is Is it possible for others to see my internet trafiic. I don’t mean the ISP. Can anybody else with access to the network intercept my yahoo webcam etc.

    As I understand it, yes, everyone that knows the password to the wireless network could, in theory, sniff all the traffic on it. (I could be wrong, I was unable to find a definitive yes or no myself, but based on what I’m reading my conclusion is that once an attacker has the password, they can see the traffic, so thus anyone who was given the password could see it as well.)

    – Leo
    17-May-2009
    Reply
  30. I use a wireless internet connection(secured WPA- personal) and noone other than me knows the password for it. Can anybody/ISP see what I am doing on the internet like I use Skype and Yahoo Msg to talk to my family oversea.Can they hear and see what I do on the skype/Yahoo video. If the answer is yes, can you please tell me how can I secure it from anyone/ISP to get an access to the same.

    Reply
  31. I work from home and have access to an external system in a call center. I will like to know how much my boss can see on my computer while I’m working. For example, Office, internet, …
    Regards, Violetz

    It all depends on that ‘external system’ and how you connect to it. Best case: no worries. Worst case: they can see everything. No way for me to know where on the spectrum you are with the information provided.

    Leo
    14-Nov-2009

    Reply
  32. Hackers can take what ever they want. Stay away from blue areas ( Porn). Also Stay away from these dating games over the internet (Trouble). Use your computer / lap top for what you bought it for, sending emails to your friends and family. Turn off the internet while you are in your very privite Documents performing work or just writting letters. Also if you want to back up your computer (PC) get a USB port memory flash stick, what you do not see you not control. Do not give your documents, pictures or anything from your computer to any one; To keep for you in case your system crashes: If your system crashes, because you have the CD’S that came with your system, just reload and take the documents and family pictures from your flash stick, or CD’s. You can do it if you try. Mark

    Reply
  33. My computer is owned by my husband’s business and my email is
    provided by his office. I know he reads my email which isn’t exciting but I’d like to enjoy some privacy. Will I have to change my provider to get security?

    That and you’ll probably want your own computer as well.

    Leo
    14-Jan-2010

    Reply
  34. From time to time — there is a need for my to enter my credit card when I purchase items from Tigerdirect or Amazon. When this occurs I get a message that says the page I am entering on is secure and when I leave that page it tells me I am going to a page that is NOT secure. Assuming I am careful to check for internal programs that “watch” the keys that I type — can a hacker intercept and obtain my credit card number? I should add that I have an unencrypted router for my home network but do not have any “shared” folders other than the one entitled “public”.

    Reply
  35. “you quote” “https (as opposed to http) connections are encrypted. Even traveling over unencrypted media like wired connections or open WiFi hotspots, the https protocol securely encrypts the data that is being sent to and from the web site being accessed. In addition, it also provides an additional level of security that the site you think you are connecting to is, in fact, that site. Not all sites support https (Ask Leo! is one such example) but sites that provide you with access to any potentially sensitive information – including your web-based email – should provide an https connection, or should be avoided.”

    what web based emails are https?
    thanks

    I have no idea overall. GMail, at least, can be configured to always be https, though.

    Leo
    01-Apr-2010

    Reply
  36. I’ve read your responses concerning outside access to your computer. How about this. Our system was Networked at one time so that more than one could be hooked up locally with the other.The “Administrator” who put it together, then later disconneced it might now be able to still access (from his home 30 miles away),files or my search history, e-mail? Can I do some type of check to see if he/it is still accessible to him?

    Reply
  37. if you’re connected to the internet via DSL, other machines sharing that DSL connection with roommate does he have access to watch your traffic or sites you visit? if yes what should we do to protect?

    Reply
  38. Lately, my internet passwords are becoming scrambled. I am careful about what password I assign to an account, but what I get returned from them as “confirmation” is not what I type in. Can you explain what may be occurring and how to resolve this. Thank You.

    Reply
  39. Don’t completely let your guard down just because it may be hard for some hackers to spy on you, or maybe you might feel your not important enough… NOT TRUE!

    Getting past our 2 firewalls, and our anti-virus software was just the tip of the ice burg for this Back-Door Trojan – Keystroke Virus that sat in all of our networked computers at work and stoled credit card numbers, passwords, social security card numbers, mothers maiden names,bank account numbers and worse…. for how long you ask? We actually have no idea, until we started getting charges to credit cards, paypal and more.

    So, after five and a half weeks of changing passwords, canceling credit cards, bank account and …. well, you get the picture we dug ourselves out of the hole we were in.

    We did find our security hole 6 months later, as an employee was terminated for viewing porn on a work computer.

    Our lesson, never use a computer with valuable or sensitive information on it and communicate with the outside “World – Wide – Web”!

    So be safe out there!

    Reply
  40. could someone possibly write me at my email above and tell me if a hacker could see my data going to and from my computer? it is my private home computer. I sent an email to another email account (gmail) and it never got there. it had an attachment with very important information about my accounts. I’ve checked the address and I sent it to the correct email address but it never arrived. I am sick with worry. do I have reason to be worried and what can I do now. thanks.

    Reply
  41. I have a wifi notebook. I share a router with my neighbor. He gave me the passcode. I’ve been noticing lately that my computer has been accessing his router, even though I am not on my computer. When I go out of town and take my computer with me, I notice his router has somehow been active on my computer. How is this all possible? And am I being hacked? About a month ago, I was recieving e-mail from old address books from a few of my deleted e-mail accounts.

    Reply
  42. I beleive my computer has been hacked into by my ex husband. I also have vonage which works
    off my high speed internet with Time Warner which means my phone is tapped also. He is helping some other people who I am In a high stakes law suit with so the information I write on my computer and say over the phone gets somehow to the opposing counsul. They also have illegally accessed my discover card pretending to be me and used my bank account to transfer almost $ 5,000.00 out of my checking account so the person or persons doing this have to know all of my personal information. I don’t even know my own new checking account number because I don’t want anyone to be able to do this again however, I know my computer is being hacked. Is there any way I get the hacker out and keep him out? I am desperate. Please HELP!!!!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.