Anatomy of a Hacker Attack
Phase 1 - Collecting Information
The experienced hacker will probably spend the most of his
effort collecting information, often called profiling. Once he has sufficient
information, the remainder of the attack may be relatively quick and easy. The
novice, however, will often skip phase one altogether and go straight for step
There is a lot of information that could be potentially
valuable to a hacker trying to gain access to a private computer network. The
design and layout of the network is always valuable. Where are the important
computers on the network? What kind of applications do they run? How is the
network wired? Where are the firewalls? How does it communicate with the rest of
the world? Information such as IP addresses, dial-up access numbers and so forth
are also valuable.
A second type of information that is often even more valuable
is related to social factors. What are the names of some of the employees of the
target? In a big company where all employees don't necessarily know each other,
the name of an employee and some social skill is often sufficient to gain access
to a login account. Using information about who knows who is potentially very
valuable. Organizational charts are also a gold mine for the would-be hacker.
In the first phase, the hacker typically does not have direct
contact with the company, or at least does not do anything unusual or
suspicious. Instead it is a matter of trying to gather bits and pieces of what
is already publicly known about the target.
Copyright © 2002 Abtrusion Security AB.
All rights reserved. This document may be reproduced provided that it is
reproduced in its entirety and that this copyright message is retained.