AntiOnline Security Spotlight: How Hackers Pick Their Victims
Are you an easy target? Delve into the factors that motivate an attacker to breach your network's security.
Do attackers stalk their victims like sinister criminals out of a movie? Or do they instead cast a wide net and ensnare countless poor souls? Like many things in life, it depends...
If you're an average Joe/Jane, hackers won't typically make a concerted effort to rifle through your e-mails, family photos, recipes and letters to the editor. In cases where an average PC user is hacked, it's usually because of some off-the-shelf software used to probe the Internet at large or a trojan that left the door open.
On the other hand, if you're the administrator for a Fortune 500 company, then calculated hacking attempts are a given. Why? Because the information stored on such networks are of obvious worth.
But remember, an attacker isn't necessarily looking to pilfer data from a network. Many times, attacks come in the form of DoS assaults or Web site defacements aimed at embarrassing a company, disrupting business processes or for reasons known only to the attacker.
While the motivations may differ, the end result is the same: someone is victimized. In each case, there was an "in" for someone on the outside. This can range from unpatched systems and weak passwords to a worker with loose lips and predictable security habits. Those, and countless others, are the vulnerabilities that attackers look for and exploit.
So, if you have been wondering whether you are easy prey for a hacker (cracker really), ask yourself if you are truly taking every precaution to prevent becoming a victim.
Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.
Direct link to this week's spotlight thread:
embalmedlenin kicks of the discussion by asking about how hackers pick their victims and the tools they employ. knoledgesponge promptly points out that the proper term for evil keyboard jockeys is "crackers".
Proper Term: Crackerj3r elaborates...
These kinds of people usually just go for the easiest target, that simple. Most "hacking" nowadays is no more difficult than telnetting somewhere, or sending them a game in an email. IPs can be found by social engineering, IRC, direct connections and numerous other methods.
By one definition, most "breakins" are by Code Red, etc. Those programs just choose IP addresses at random, and then try to exploit them using the same exploit they used originally.And if you're not paranoid enough, Tigershark outlines the following nightmare scenario:
For a less automated approach, people scan random IPs and look for vulnerable hosts. Extortion crackers ("I have noticed some security holes on your network. It would be horrible if your accounting records were erased and your customers' credit card numbers were posted in IRC. Would you like to hire me as a security consultant?") use this kind of method.
On the other hand, some people pick their targets for non-technical reason (they've been paid to do corporate espionage, the victim is a spammer, they disagree with the victim's political opinions, they want to steal from the victim's customers, etc.). These are the ones you rarely hear about, and also the ones who are really dangerous.
With regard to the people who actually "chose" a specific target the reasons are myriad - political difference, hatred of a given race, creed, religion, etc. The motivations are too many to list.Join the discussion, but not before you a take a minute to review your own security habits!
The method is usually the same, (generally speaking). They need information, where the "enemy" is, what can I find out about them, etc. This is the footprinting phase and can take literally months if the chap is determined and wants/needs to do a good job. The reconnaissance can be very thorough and may include some social engineering to glean data that might not be publicly available. Slow and deliberate scanning of the available networks, careful taking apart of web sites etc. all figure into this.
By the time the person is ready to attack he knows exactly where he will attack, what OS, version, patch level, application and results. Then the attack takes place, usually in a few seconds. The "dirty work" gets done, web page defacement or whatever. Cleanup then takes place - delete logs, or better yet delete the log entries that apply to him leaving the rest intact and then leave...
What is AntiOnline?
AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on security hazards and how to protect your systems against them.
We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process. Stay tuned as Enterprise IT Planet spotlights the eye-opening discussions and expert participants that have helped make AO the "go to" online resource for network security.